The following example shows an additional sample GitHub Actions YAML file that you can create and deploy in GitHub Actions after you configure OIDC integration in the JFrog Platform.
name: oidc-poc
on:
push:
branches:
- '*'
jobs:
auth:
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
- name: Get id token
run: |
ID_TOKEN=$(curl -sLS -H "User-Agent: actions/oidc-client" -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
"${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=jfrog-github" | jq .value | tr -d '"')
echo "ID_TOKEN=${ID_TOKEN}" >> $GITHUB_ENV
echo "::add-mask::$ACCESS_TOKEN"
- name: Exchange token with access
env:
ID_TOKEN: ${{ env.ID_TOKEN }}
POC_URL: ${{ vars.POC_URL }}
run: |
ACCESS_TOKEN=$(curl -XPOST "${POC_URL}/token" -d "{\"grant_type\": \"urn:ietf:params:oauth:grant-type:token-exchange\", \"subject_token_type\":\"urn:ietf:params:oauth:token-type:id_token\", \"subject_token\": \"$ID_TOKEN\", \"provider_name\": \"github-oidc\"}" | jq .access_token | tr -d '"')
echo "ACCESS_TOKEN=${ACCESS_TOKEN}" >> $GITHUB_ENV
- name: Checkout
uses: actions/checkout@v2
- name: Build
run: |
make build
- name: Deploy to artifactory
env:
ID_TOKEN: ${{ env.ACCESS_TOKEN }}
POC_URL: ${{ vars.POC_URL }}
run: |
curl -H "Authorization: Bearer $ACCESS_TOKEN" -T oidc-poc "${POC_URL}/artifactory/access-oidc-poc/oidc-poc-$(date +%Y%m%d%H%M%S)"