Sample GitHub Actions Integration

JFrog Platform Administration Documentation

ft:sourceType
Paligo

The following example shows a sample GitHub Actions YAML file that you need to create and deploy in GitHub Actions after you configure OIDC integration in the JFrog Platform.

You can also view a live sample on GitHub.

name: oidc-poc
on:
  push:
    branches:
      - '*'
jobs:
  auth:
    permissions:
      contents: read
      id-token: write

    runs-on: ubuntu-latest
    steps:
      - name: Get id token
        run: |
          ID_TOKEN=$(curl -sLS -H "User-Agent: actions/oidc-client" -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
          "${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=jfrog-github" | jq .value | tr -d '"')
          echo "ID_TOKEN=${ID_TOKEN}" >> $GITHUB_ENV
      - name: Exchange token with access
        env:
          ID_TOKEN: ${{ env.ID_TOKEN }}
          POC_URL: ${{ vars.POC_URL }}
        run: |
          ACCESS_TOKEN=$(curl -XPOST "${POC_URL}/token" -d "{\"grant_type\": \"urn:ietf:params:oauth:grant-type:token-exchange\", \"subject_token_type\":\"urn:ietf:params:oauth:token-type:access_token\", \"subject_token\": \"$ID_TOKEN\", \"provider_name\": \"github-oidc\"}" | jq .access_token | tr -d '"')
          echo "ACCESS_TOKEN=${ACCESS_TOKEN}" >> $GITHUB_ENV
      - name: Checkout
        uses: actions/checkout@v2
      - name: Build
        run: |
          make build
      - name: Deploy to artifactory
        env:
          ID_TOKEN: ${{ env.ACCESS_TOKEN }}
          POC_URL: ${{ vars.POC_URL }}
        run: |
          curl -H "Authorization: Bearer $ACCESS_TOKEN" -T oidc-poc "${POC_URL}/artifactory/access-oidc-poc/oidc-poc-$(date +%Y%m%d%H%M%S)"