chore: remove debugging not working

.github/workflows/image.yml

@@ -24,19 +24,6 @@ jobs:
           workload_identity_provider: projects/791837997629/locations/global/workloadIdentityPools/github-actions-pool/providers/gha-id-pool-provider
           service_account: [email protected]
 
-      - name: Checkout actions-oidc-debugger
-        uses: actions/checkout@v3
-        with:
-          repository: github/actions-oidc-debugger
-          ref: main
-          token: ${{ secrets.your-checkout-token }}
-          path: ./.github/actions/actions-oidc-debugger
-
-      - name: Debug OIDC Claims
-        uses: ./.github/actions/actions-oidc-debugger
-        with:
-          audience: '${{ github.server_url }}/${{ github.repository_owner }}'
-
       - name: "Auth to AR"
         run: gcloud auth configure-docker us-east4-docker.pkg.dev
 

infra/terraform.tfstate

@@ -1,7 +1,7 @@
 {
   "version": 4,
   "terraform_version": "1.5.7",
-  "serial": 21,
+  "serial": 27,
   "lineage": "4a1c9a21-273f-eb61-c0df-063b6c0474b9",
   "outputs": {},
   "resources": [
@@ -83,7 +83,7 @@
           "schema_version": 0,
           "attributes": {
             "condition": [],
-            "etag": "BwYjp/01eCc=",
+            "etag": "BwYjqu6m1Us=",
             "id": "791837997629/roles/artifactregistry.writer/serviceAccount:[email protected]",
             "member": "serviceAccount:[email protected]",
             "project": "791837997629",
@@ -97,6 +97,30 @@
         }
       ]
     },
+    {
+      "mode": "managed",
+      "type": "google_project_iam_member",
+      "name": "allow_token_creation",
+      "provider": "provider[\"registry.terraform.io/hashicorp/google\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "condition": [],
+            "etag": "BwYjqu6m1Us=",
+            "id": "791837997629/roles/iam.serviceAccountTokenCreator/serviceAccount:[email protected]",
+            "member": "serviceAccount:[email protected]",
+            "project": "791837997629",
+            "role": "roles/iam.serviceAccountTokenCreator"
+          },
+          "sensitive_attributes": [],
+          "private": "bnVsbA==",
+          "dependencies": [
+            "google_service_account.github_cicd_service_account"
+          ]
+        }
+      ]
+    },
     {
       "mode": "managed",
       "type": "google_service_account",
@@ -134,7 +158,7 @@
           "schema_version": 0,
           "attributes": {
             "condition": [],
-            "etag": "BwYjp/lxD5Y=",
+            "etag": "BwYjqvJgLNs=",
             "id": "projects/surface-420608/serviceAccounts/[email protected]/roles/iam.workloadIdentityUser/principalSet://iam.googleapis.com/projects/791837997629/locations/global/workloadIdentityPools/github-actions-pool/attribute.repository/stabledata/*",
             "member": "principalSet://iam.googleapis.com/projects/791837997629/locations/global/workloadIdentityPools/github-actions-pool/attribute.repository/stabledata/*",
             "role": "roles/iam.workloadIdentityUser",

infra/terraform.tfstate.backup

@@ -1,7 +1,7 @@
 {
   "version": 4,
   "terraform_version": "1.5.7",
-  "serial": 19,
+  "serial": 25,
   "lineage": "4a1c9a21-273f-eb61-c0df-063b6c0474b9",
   "outputs": {},
   "resources": [
@@ -40,6 +40,7 @@
           "attributes": {
             "attribute_condition": "assertion.repository_owner == 'stabledata'",
             "attribute_mapping": {
+              "attribute.aud": "assertion.aud",
               "attribute.repository": "assertion.repository",
               "google.subject": "assertion.sub"
             },
@@ -96,6 +97,30 @@
         }
       ]
     },
+    {
+      "mode": "managed",
+      "type": "google_project_iam_member",
+      "name": "allow_token_creation",
+      "provider": "provider[\"registry.terraform.io/hashicorp/google\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "condition": [],
+            "etag": "BwYjqu6m1Us=",
+            "id": "791837997629/roles/iam.serviceAccountTokenCreator/serviceAccount:[email protected]",
+            "member": "serviceAccount:[email protected]",
+            "project": "791837997629",
+            "role": "roles/iam.serviceAccountTokenCreator"
+          },
+          "sensitive_attributes": [],
+          "private": "bnVsbA==",
+          "dependencies": [
+            "google_service_account.github_cicd_service_account"
+          ]
+        }
+      ]
+    },
     {
       "mode": "managed",
       "type": "google_service_account",
@@ -122,31 +147,6 @@
           "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDB9fQ=="
         }
       ]
-    },
-    {
-      "mode": "managed",
-      "type": "google_service_account_iam_member",
-      "name": "allow_github_to_impersonate",
-      "provider": "provider[\"registry.terraform.io/hashicorp/google\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "condition": [],
-            "etag": "BwYjp/lxD5Y=",
-            "id": "projects/surface-420608/serviceAccounts/[email protected]/roles/iam.workloadIdentityUser/principalSet://iam.googleapis.com/projects/791837997629/locations/global/workloadIdentityPools/github-actions-pool/attribute.repository/stabledata/*",
-            "member": "principalSet://iam.googleapis.com/projects/791837997629/locations/global/workloadIdentityPools/github-actions-pool/attribute.repository/stabledata/*",
-            "role": "roles/iam.workloadIdentityUser",
-            "service_account_id": "projects/surface-420608/serviceAccounts/[email protected]"
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA==",
-          "dependencies": [
-            "google_iam_workload_identity_pool.github_actions_pool",
-            "google_service_account.github_cicd_service_account"
-          ]
-        }
-      ]
     }
   ],
   "check_results": null