Ci-Cd

Migrating from Cloud Build to GitHub Actions with Workload Identity Federation

Migrating from Cloud Build to GitHub Actions with Workload Identity Federation This post documents the migration of pcioasis-payments CI/CD from Cloud Build to GitHub Actions using Workload Identity Federation (WIF). It is a concrete implementation record — specific project IDs, script names, and the exact ordering decisions we made — not a general tutorial. If you want the conceptual background on WIF, read Part 1 first. This post assumes you understand what WIF does and focuses on how we applied it. ...

June 23, 2026 · 12 min · Aya Ibrahim Mehjez

Replacing Static GCP Credentials in CI/CD with Workload Identity Federation

Replacing Static GCP Credentials in CI/CD with Workload Identity Federation Part 1 of 2 — Concepts and Architecture If your GitHub Actions workflows authenticate to GCP using a stored secret — a service account key JSON, a FIREBASE_TOKEN, or any other long-lived credential — you have a static credential problem. It doesn’t matter what format the credential is in. The issue is that it exists at rest, in GitHub, and was generated by a person who may no longer work there. ...

April 15, 2026 · 8 min · Kesten Broughton