Skip to content
OIDC Integration Test

local test #41

Sign in to view logs

local test

local test #41

Workflow file for this run

.github/workflows/oidc-integration-test.yml at a8703c2
name: OIDC Integration Test
# This workflow tests the setup-jfrog-cli GitHub Action's OpenID Connect integration across OSes and CLI versions.
# It ensures backward compatibility with older CLI versions and validates step outputs and connectivity.
on:
push:
branches:
- "**"
pull_request_target:
types: [ labeled ]
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}-${{ github.ref }}
cancel-in-progress: true
permissions:
id-token: write
contents: read
jobs:
generate-platform-oidc-integration:
strategy:
matrix:
include:
- audience_id: default
audience_value: ''
- audience_id: test
audience_value: 'test-audience'
- audience_id: github-default
audience_value: 'https://github.com/eyaldelarea'
runs-on: ubuntu-latest
steps:
- name: Create OpenID Connect integration
shell: bash
run: |
curl -X POST "${{ secrets.JFROG_PLATFORM_URL }}/access/api/v1/oidc" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer ${{ secrets.JFROG_PLATFORM_RT_TOKEN }}" \
-d '{
"name": "oidc-integration-${{ matrix.audience_id }}-${{ github.run_id }}",
"issuer_url": "https://token.actions.githubusercontent.com",
"provider_type": "GitHub",
"audience": "${{ matrix.audience_value }}",
"enable_permissive_configuration": true,
"description": "Temp integration for testing OIDC with audience value: ${{ matrix.audience_value }}"
}'
- name: Create OIDC Identity Mapping
shell: bash
run: |
curl -X POST "${{ secrets.JFROG_PLATFORM_URL }}/access/api/v1/oidc/oidc-integration-${{ matrix.audience_id }}-${{ github.run_id }}/identity_mappings" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer ${{ secrets.JFROG_PLATFORM_RT_TOKEN }}" \
-d '{
"name": "oidc-test-mapping",
"priority": 1,
"claims": {
"repository": "${{ github.repository_owner }}/setup-jfrog-cli"
},
"token_spec": {
"scope": "applied-permissions/groups:readers",
"expires_in": 10
}
}'
oidc-test:
needs: generate-platform-oidc-integration
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu
cli-version: '2.74.1'
audience_id: default
audience_value: ''
- os: ubuntu
cli-version: '2.75.0'
audience_id: test
audience_value: 'test-audience'
- os: ubuntu
cli-version: latest
audience_id: github-default
audience_value: ''
runs-on: ${{ matrix.os }}-latest
env:
JFROG_CLI_LOG_LEVEL: DEBUG
steps:
- name: Checkout Repository
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Setup JFrog CLI
id: setup-jfrog-cli
uses: ./
env:
JF_URL: ${{ secrets.JFROG_PLATFORM_URL }}
with:
version: ${{ matrix.cli-version }}
oidc-provider-name: oidc-integration-${{ matrix.audience_id }}-${{ github.run_id }}
oidc-audience: ${{ matrix.audience_value }}
- name: Test JFrog CLI connectivity
run: jf rt ping
- name: Validate user output
shell: bash
run: test -n "${{ steps.setup-jfrog-cli.outputs.oidc-user }}"
- name: Validate token output
shell: bash
run: test -n "${{ steps.setup-jfrog-cli.outputs.oidc-token }}"
# cleanup-oidc-integration:
# needs: oidc-test
# if: always()
# strategy:
# matrix:
# include:
# - audience_id: default
# - audience_id: test
# - audience_id: github-default
# runs-on: ubuntu-latest
# steps:
# - name: Delete OIDC integration
# shell: bash
# run: |
# curl -X DELETE "${{ secrets.JFROG_PLATFORM_URL }}/access/api/v1/oidc/oidc-integration-${{ matrix.audience_id }}-${{ github.run_id }}" \
# -H "Authorization: Bearer ${{ secrets.JFROG_PLATFORM_RT_TOKEN }}"