In this use case, deployments from feature branches are configured to resolve against a group assignment rather than a specific user. This ensures that commits made to development branches deploy artifacts under a limited-permission group while still maintaining traceability through the Artifact properties added in the workflow.
An identity mapping named all-dev-branch-commits was created with the following parameters:
{
"name": "all-dev-branch-commits",
"provider_name": "jeremyl-frog",
"claims": {
"ref": "refs/heads/*"
},
"token_spec": {
"scope": "applied-permissions/groups:frog-company-devs"
},
"priority": 2
}
The Wildcard ( * ) in the claim ("ref": "refs/heads/*") will match the identity mapping to Commits that are triggered from any Branch.
On the Artifactory side, a group named frog-company-devs was created and granted developer-level permissions to the dev repository. After running the workflow, deployments from any branch other than main (explained in the Note on priority below) now appear as deployed by a token with the format (token:<provider>/<actor>). It's expected that the actor is already associated with the frog-company-devs group.