Get OIDC Token #10

	name: Get OIDC Token
	on: workflow_dispatch # Manually trigger the workflow

	permissions:
	id-token: write # Required to fetch the OIDC token
	contents: read

	jobs:
	get-token:
	runs-on: ubuntu-latest
	steps:
	- name: Get OIDC Token
	id: oidc
	run: \|
	# Fetch the OIDC token with a custom audience
	TOKEN=$(curl -sLS "${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=//iam.googleapis.com/projects/599653580068/locations/global/workloadIdentityPools/substrate-sdk/providers/github-pool" \
	-H "User-Agent: actions/oidc-client" \
	-H "Authorization: Bearer ${ACTIONS_ID_TOKEN_REQUEST_TOKEN}" \
	\| jq -r '.value')

	# Save the token to an environment variable
	echo "OIDC_TOKEN<<EOF" >> $GITHUB_ENV
	echo "$TOKEN" >> $GITHUB_ENV
	echo "EOF" >> $GITHUB_ENV

	- name: Save Token to File
	run: \|
	echo "${{ env.OIDC_TOKEN }}" > token.txt

	- name: Upload Token
	uses: actions/upload-artifact@v4
	with:
	name: oidc-token
	path: token.txt

Provide feedback