Additional Sample Workflow YAML

JFrog Platform Administration Documentation

Content Type
Administration / Platform
ft:sourceType
Paligo

The following example shows an additional sample GitHub Actions YAML file that you can create and deploy in GitHub Actions after you configure OIDC integration in the JFrog Platform.

name: oidc-poc
on:
  push:
    branches:
      - '*'
jobs:
  auth:
    permissions:
      contents: read
      id-token: write

    runs-on: ubuntu-latest
    steps:
      - name: Get id token
        run: |
          ID_TOKEN=$(curl -sLS -H "User-Agent: actions/oidc-client" -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
          "${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=jfrog-github" | jq .value | tr -d '"')
          echo "ID_TOKEN=${ID_TOKEN}" >> $GITHUB_ENV
      - name: Exchange token with access
        env:
          ID_TOKEN: ${{ env.ID_TOKEN }}
          POC_URL: ${{ vars.POC_URL }}
        run: |
          ACCESS_TOKEN=$(curl -XPOST "${POC_URL}/token" -d "{\"grant_type\": \"urn:ietf:params:oauth:grant-type:token-exchange\", \"subject_token_type\":\"urn:ietf:params:oauth:token-type:access_token\", \"subject_token\": \"$ID_TOKEN\", \"provider_name\": \"github-oidc\"}" | jq .access_token | tr -d '"')
          echo "ACCESS_TOKEN=${ACCESS_TOKEN}" >> $GITHUB_ENV
      - name: Checkout
        uses: actions/checkout@v2
      - name: Build
        run: |
          make build
      - name: Deploy to artifactory
        env:
          ID_TOKEN: ${{ env.ACCESS_TOKEN }}
          POC_URL: ${{ vars.POC_URL }}
        run: |
          curl -H "Authorization: Bearer $ACCESS_TOKEN" -T oidc-poc "${POC_URL}/artifactory/access-oidc-poc/oidc-poc-$(date +%Y%m%d%H%M%S)"