Skip to content

refactor!: Pass OIDCSubjectClaimCustomTemplate by value in the OIDC subject-claim Set methods#4340

Open
JamBalaya56562 wants to merge 2 commits into
google:masterfrom
JamBalaya56562:refactor/3644-oidc-value-params
Open

refactor!: Pass OIDCSubjectClaimCustomTemplate by value in the OIDC subject-claim Set methods#4340
JamBalaya56562 wants to merge 2 commits into
google:masterfrom
JamBalaya56562:refactor/3644-oidc-value-params

Conversation

@JamBalaya56562

Copy link
Copy Markdown
Contributor

This continues the #3644 value-parameter refactor for the Actions OIDC subject-claim customization methods.

Pass the request body by value (refactor!)

  • Actions.SetOrgOIDCSubjectClaimCustomTemplate and Actions.SetRepoOIDCSubjectClaimCustomTemplate now take OIDCSubjectClaimCustomTemplate by value instead of by pointer, along with the shared setOIDCSubjectClaimCustomTemplate helper.
  • Renamed the SetRepoOIDCSubjectClaimCustomTemplate body parameter from template to body.
  • Removed OIDCSubjectClaimCustomTemplate from the paramcheck body-allowed-pointer-types allowlist in .golangci.yml.

The type stays shared between the Get* (response) and Set* (request) methods, matching existing by-value shared types such as RepositoryRuleset and CodeSecurityConfiguration.

Add two missing OpenAPI fields (feat)

  • UseImmutableSubject (use_immutable_subject) — present in both the org and repo request bodies and responses.
  • SubClaimPrefix (sub_claim_prefix) — returned by the repository-level GET response.

Both are optional, so this part is non-breaking. Accessors regenerated.

Towards #3644

@gmlewis gmlewis added NeedsReview PR is awaiting a review before merging. Breaking API Change PR will require a bump to the major version num in next release. Look here to see the change(s). labels Jun 29, 2026
@codecov

codecov Bot commented Jun 29, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.51%. Comparing base (7584692) to head (2b59582).

Additional details and impacted files
@@           Coverage Diff           @@
##           master    #4340   +/-   ##
=======================================
  Coverage   97.51%   97.51%           
=======================================
  Files         193      193           
  Lines       19519    19519           
=======================================
  Hits        19033    19033           
  Misses        269      269           
  Partials      217      217           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@gmlewis gmlewis left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you, @JamBalaya56562!
LGTM.
Awaiting second LGTM+Approval from any other contributor to this repo before merging.

cc: @stevehipwell - @alexandear - @Not-Dhananjay-Mishra

… subject-claim Set methods

BREAKING CHANGE: `Actions.SetOrgOIDCSubjectClaimCustomTemplate` and `Actions.SetRepoOIDCSubjectClaimCustomTemplate` now take `OIDCSubjectClaimCustomTemplate` by value instead of by pointer.
…ectClaimCustomTemplate`

The Actions OIDC subject-claim customization schema includes two fields that were missing from `OIDCSubjectClaimCustomTemplate`:

- `use_immutable_subject` (*bool): present in the org and repo request bodies and responses; opts in to the immutable, repository-ID-based OIDC `sub` claim format.
- `sub_claim_prefix` (*string): the current `sub` claim prefix, returned by the repository GET response.

Both are optional, so the change is non-breaking. Regenerate the accessors.
@JamBalaya56562 JamBalaya56562 force-pushed the refactor/3644-oidc-value-params branch from 2b272ae to 2b59582 Compare July 2, 2026 21:30
@JamBalaya56562 JamBalaya56562 requested a review from gmlewis July 2, 2026 21:31
@gmlewis

gmlewis commented Jul 2, 2026

Copy link
Copy Markdown
Collaborator

@JamBalaya56562 - please don't use force-push in this repo when possible (as explained in CONTRIBUTING.md) because it makes it challenging for reviewers to see what actually changed since their last code review. It also doesn't help to get the tests started, as GitHub forces me to manually approve every time it needs to rerun the validation tests.

@JamBalaya56562

Copy link
Copy Markdown
Contributor Author

Apologies, @gmlewis — you're right, and I'm sorry for the force-push. I've read the note in CONTRIBUTING.md and I'll avoid force-pushing on this repo from now on.

For context on what the force-push was for: the branch had developed a merge conflict with the latest master. The conflict was confined to the two generated files (github/github-accessors.go and github/github-accessors_test.go), caused by other recently-merged PRs that added accessors. I resolved it by regenerating those files with gen-accessors, so the only difference from the version you reviewed is master's current generated output plus the two new OIDC accessors (GetUseImmutableSubject / GetSubClaimPrefix). The hand-written code — actions_oidc.go, its tests, and the .golangci.yml allowlist removal — is unchanged from your review.

Going forward, to keep the review history intact, I'll resolve conflicts by merging master into the branch and pushing normally instead of rebasing and force-pushing (since the PR is squash-and-merged, the extra commit won't matter). Sorry again for the extra manual test-approval churn this caused.

@gmlewis

gmlewis commented Jul 2, 2026

Copy link
Copy Markdown
Collaborator

OK, no problem, @JamBalaya56562 - if the force-push is necessary, then absolutely go ahead and use it.
This is not a hard-and-fast rule... just a preference.
Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Breaking API Change PR will require a bump to the major version num in next release. Look here to see the change(s). NeedsReview PR is awaiting a review before merging.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants