The following example shows a sample GitLab Workflow YAML file that you can use to configure and test the OIDC integration in the JFrog Platform by providing configuration details and definitions.
After configuring your OIDC integration in the JFrog Platform, create and deploy the following snippet in your .gitlab-ci.yml workflow YAML file in GitLab:
Note
Make sure to replace the placeholders in <triangle brackets> with your own audience and JFrog Domain URL.
jf-cli-job:
stage: build
id_tokens:
JFROG_CLI_OIDC_EXCHANGE_TOKEN_ID:
aud: <AUDIENCE>
script:
- |
# Configure JFrog CLI
jf c add \
--url=$<JPD_URL> \
--oidc-provider-name=<PROVIDER_NAME> \
--interactive=false
# Ping Artifactory
jf rt ping
# Collect environment variables for the build
jf rt bce mybuild $CI_PIPELINE_ID
# Collect VCS details from git and add them to the build
jf rt bag mybuild $CI_PIPELINE_ID
# Publish build info
jf rt bp mybuild $CI_PIPELINE_IDAlternatively, you can use the following snippet with REST API commands:
Note
Make sure to replace the placeholders in <triangle brackets> with your own audience and JFrog Domain URL.
rest-api-job:
stage: build
id_tokens:
ID_TOKEN:
aud: <AUDIENCE>
script:
- |
ACCESS_TOKEN=$(curl -XPOST "${<JPD_URL>}/access/api/v1/oidc/token" -H
"Content-Type: application/json" -d "{\"grant_type\":
\"urn:ietf:params:oauth:grant-type:token-exchange\",
\"subject_token_type\":\"urn:ietf:params:oauth:token-type:id_token\",
\"subject_token\": \"$ID_TOKEN\", \"provider_name\": \"<PROVIDER_NAME>\"}" | jq .access_token | tr -d '"')
- |
curl -XPUT -H "Authorization: Bearer $ACCESS_TOKEN"
"${JPD_URL}/artifactory/gitlab-oidc-repo/oidc-upload-$(date +%Y%m%d%H%M%S)" -d "Content to upload"