From 92772f936c8fbc4f669268ecfa211685530cf6ee Mon Sep 17 00:00:00 2001
From: Eric Maydeck <126706864+emaydeck-mozilla@users.noreply.github.com>
Date: Wed, 4 Sep 2024 15:58:40 -0600
Subject: [PATCH] fix: using google_project_number for OIDC authentication
 (#763)

I was not passing in a necessary parameter for OIDC authentication. It
turns out the orb differentiates between the project ID (project to make
changes against) and project number (OIDC Workload Identity
authorization).
---
 .circleci/config.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 92259ac1..c594f1fc 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -12,7 +12,7 @@
 # These environment variables are necessary to authenticate with GCP and upload images to GAR
 # GCP_GAR_PROJECT_ID - GCP project ID for GAR repo
 # GCP_GAR_REPO - Name of GAR repo
-# GCP_OIDC_PROJECT_ID - GCP project ID for Workload Identity Pool/Provider
+# GCP_OIDC_PROJECT_NUMBER - GCP project number for Workload Identity Pool/Provider
 # GCP_OIDC_SERVICE_ACCOUNT_EMAIL - GCP service account email
 # GCP_OIDC_WIP_ID - GCP Workload Identity Pool ID
 # GCP_OIDC_WIP_PROVIDER_ID - GCP Workload Identity Pool Provider ID
@@ -429,7 +429,8 @@ jobs:
       # https://circleci.com/developer/orbs/orb/circleci/gcp-gcr#commands-gcr-auth
       - gcp-gcr/gcr-auth:
           gcp_cred_config_file_path: ~/gcp_cred_config.json
-          google-project-id: GCP_OIDC_PROJECT_ID
+          google-project-id: GCP_GAR_PROJECT_ID
+          google_project_number: GCP_OIDC_PROJECT_NUMBER
           registry-url: <<parameters.registry-url>>
           service_account_email: GCP_OIDC_SERVICE_ACCOUNT_EMAIL
           use_oidc: true