Skip to content

bdellegrazie/gha-jfrog-oidc

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

110 Commits
.devcontainer
.devcontainer
 
 
.github
.github
 
 
.licenses/npm
.licenses/npm
 
 
.vscode
.vscode
 
 
__fixtures__
__fixtures__
 
 
__tests__
__tests__
 
 
badges
badges
 
 
dist
dist
 
 
script
script
 
 
src
src
 
 
.env.example
.env.example
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
.licensed.yml
.licensed.yml
 
 
.markdown-lint.yml
.markdown-lint.yml
 
 
.node-version
.node-version
 
 
.prettierignore
.prettierignore
 
 
.prettierrc.yml
.prettierrc.yml
 
 
.yaml-lint.yml
.yaml-lint.yml
 
 
CODEOWNERS
CODEOWNERS
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
RELEASING.md
RELEASING.md
 
 
action.yml
action.yml
 
 
actionlint.yml
actionlint.yml
 
 
eslint.config.mjs
eslint.config.mjs
 
 
jest.config.js
jest.config.js
 
 
mise.toml
mise.toml
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
rollup.config.ts
rollup.config.ts
 
 
tsconfig.base.json
tsconfig.base.json
 
 
tsconfig.eslint.json
tsconfig.eslint.json
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

JFrog OIDC GitHub Action

GitHub Super-Linter CI Check dist/ CodeQL Coverage

This GitHub Action sets up OIDC based authentication with a JFrog installation. The token can be used as a Bearer token for authentication by the Jfrog CLI, cURL or other tooling. Basic authentication is not possible as there is no username.

Preparation

In JFrog configure:

In GitHub Actions, set secrets or variables representing the audience, provider and URL.

Usage

Use the action as follows:

permissions:
  contents: read
  id-token: write
steps:
  - name: Checkout
    id: checkout
    uses: actions/checkout@v4

  - name: JFrog Access Token
    id: jfrog
    uses: bdellegrazie/gha-jfrog-oidc@v1
    with:
      audience: ${{ secrets.JFROG_OIDC_AUDIENCE }}
      provider: ${{ secrets.JFROG_OIDC_PROVIDER }}
      url: ${{ secrets.JFROG_OIDC_URL }}

  - name: Retrieve Artifact
    id: retrieve
    run: |
      curl -fsSL\
       --max-time 60\
       --header 'authorization: Bearer ${{ steps.jfrog.outputs.token }}'\
       "${JFROG_OIDC_URL}/artifactory/<path_to_artifact>"

Dependency License Management

This template includes a GitHub Actions workflow, licensed.yml, that uses Licensed to check for dependencies with missing or non-compliant licenses. This workflow is initially disabled. To enable the workflow, follow the below steps.

  1. Open licensed.yml

  2. Uncomment the following lines:

    # pull_request:
#   branches:
#     - main
# push:
#   branches:
#     - main

  3. Save and commit the changes

Once complete, this workflow will run any time a pull request is created or changes pushed directly to main. If the workflow detects any dependencies with missing or non-compliant licenses, it will fail the workflow and provide details on the issue(s) found.

Updating Licenses

Whenever you install or update dependencies, you can use the Licensed CLI to update the licenses database. To install Licensed, see the project's Readme.

To update the cached licenses, run the following command:

licensed cache

To check the status of cached licenses, run the following command:

licensed status

About

Github Action to OIDC Authenticate to Artifactory

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 6

v2.0.4 Latest
Dec 9, 2025
+ 5 releases

Packages

 
 
 

Contributors

Languages