GitHub Actions
To validate GitHub Actions ID Tokens, add the github issuer to the server’s configuration.
issuers: github: issuer: https://token.actions.githubusercontent.com jwks_uri: https://token.actions.githubusercontent.com/.well-known/jwksExport variables in a workflow
The GitHub Action ezoidc/actions/env can be used to export environment variables in a GitHub Actions workflow job.
jobs: build: runs-on: ubuntu-latest permissions: id-token: write # required steps: - uses: ezoidc/actions/env@v1 with: audience: https://test.ezoidc.dev - run: | echo $EZOIDC_WELCOMEVariables that have the redact property unset or set to true will be redacted in the GitHub Actions logs using the add-mask command.
Claims
claims.actor = "demo-user"claims.actor_id = "1001"claims.base_ref = "refs/heads/main"claims.check_run_id = "90000001"claims.event_name = "workflow_dispatch"claims.head_ref = "feature/add-oidc-claims"claims.job_workflow_ref = "demo-org/shared/.github/workflows/reusable.yml@refs/heads/main"claims.job_workflow_sha = "c9ed89cf4dacf01feb527c42a26e0a8920d14c61"claims.ref = "refs/heads/main"claims.ref_protected = "true"claims.ref_type = "branch"claims.repository = "demo-org/demo-repo"claims.repository_id = "424242"claims.repository_owner = "demo-org"claims.repository_owner_id = "2020"claims.repository_visibility = "private"claims.run_attempt = "1"claims.run_id = "22259804324"claims.run_number = "42"claims.runner_environment = "github-hosted"claims.sha = "c040cae0f0dc81641728557b80f09cfa23b83fe5"claims.sub = "repo:demo-org/demo-repo:ref:refs/heads/main"claims.workflow = ".github/workflows/ci.yml"claims.workflow_ref = "demo-org/demo-repo/.github/workflows/ci.yml@refs/heads/main"claims.workflow_sha = "c040cae0f0dc81641728557b80f09cfa23b83fe5"