The following example shows an additional sample GitHub Actions YAML file that you can create and deploy in GitHub Actions after you configure OIDC integration in the JFrog Platform.
name: oidc-poc on: push: branches: - '*' jobs: auth: permissions: contents: read id-token: write runs-on: ubuntu-latest steps: - name: Get id token run: | ID_TOKEN=$(curl -sLS -H "User-Agent: actions/oidc-client" -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \ "${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=jfrog-github" | jq .value | tr -d '"') echo "ID_TOKEN=${ID_TOKEN}" >> $GITHUB_ENV - name: Exchange token with access env: ID_TOKEN: ${{ env.ID_TOKEN }} POC_URL: ${{ vars.POC_URL }} run: | ACCESS_TOKEN=$(curl -XPOST "${POC_URL}/token" -d "{\"grant_type\": \"urn:ietf:params:oauth:grant-type:token-exchange\", \"subject_token_type\":\"urn:ietf:params:oauth:token-type:access_token\", \"subject_token\": \"$ID_TOKEN\", \"provider_name\": \"github-oidc\"}" | jq .access_token | tr -d '"') echo "ACCESS_TOKEN=${ACCESS_TOKEN}" >> $GITHUB_ENV - name: Checkout uses: actions/checkout@v2 - name: Build run: | make build - name: Deploy to artifactory env: ID_TOKEN: ${{ env.ACCESS_TOKEN }} POC_URL: ${{ vars.POC_URL }} run: | curl -H "Authorization: Bearer $ACCESS_TOKEN" -T oidc-poc "${POC_URL}/artifactory/access-oidc-poc/oidc-poc-$(date +%Y%m%d%H%M%S)"