Merge pull request #2570 from IABTechLab/bmz-UID2-7146-restrict-deployment-role

UID2-7146: Switch GCP workflows to dedicated service accounts

Author: BehnamMozafari

.github/workflows/publish-gcp-oidc-enclave-docker.yaml

@@ -113,7 +113,7 @@ jobs:
         with:
           token_format: access_token
           workload_identity_provider: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER_ID }}
-          service_account: ${{ vars.GCP_SERVICE_ACCOUNT }}
+          service_account: ${{ vars.GCP_PUBLISH_SERVICE_ACCOUNT }}
           access_token_lifetime: 300s
 
       - name: Log in to the GCP Registry

.github/workflows/run-e2e-tests-on-operator.yaml

@@ -132,7 +132,7 @@ jobs:
       optout_branch: ${{ fromJson(inputs.branch).optout }}
       admin_branch: ${{ fromJson(inputs.branch).admin }}
       gcp_workload_identity_provider_id: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER_ID }}
-      gcp_service_account: ${{ vars.GCP_SERVICE_ACCOUNT }}
+      gcp_service_account: ${{ vars.GCP_E2E_SERVICE_ACCOUNT }}
       gcp_project: ${{ vars.GCP_PROJECT }}
       aws_region: ${{ fromJson(inputs.aws).region }}
       aws_ami: ${{ fromJson(inputs.aws).ami }}