# =====================================================================================================================
# === GCP Auth template variant
# =====================================================================================================================
variables:
  TBC_GCP_AUTH_PROVIDER: "$CI_REGISTRY/to-be-continuous/tools/gcp-auth-provider:main"
  GCP_OIDC_AUD: "$CI_SERVER_URL"

.docker-base:
  services:
    - name: "$TBC_TRACKING_IMAGE"
      command: ["--service", "docker", "5.2.2"]
    - name: "$TBC_GCP_AUTH_PROVIDER"
      alias: "gcp-auth-provider"
  variables:
    #  have to be explicitly declared in the YAML to be exported to the service
    GCP_JWT: $GCP_JWT
    DOCKER_REGISTRY_SNAPSHOT_USER: oauth2accesstoken
    DOCKER_REGISTRY_RELEASE_USER: oauth2accesstoken
    DOCKER_REGISTRY_SNAPSHOT_PASSWORD: '@url@http://gcp-auth-provider/token?envType=snapshot'
    DOCKER_REGISTRY_RELEASE_PASSWORD: '@url@http://gcp-auth-provider/token?envType=release'
  id_tokens:
    GCP_JWT:
      aud: "$GCP_OIDC_AUD"