Update single-token.yml #10
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - dev | |
| - multi-oidc | |
| - single-token | |
| pull_request: | |
| branches: | |
| - main | |
| permissions: | |
| actions: read # for detecting the Github Actions environment. | |
| id-token: write # for creating OIDC tokens for signing. | |
| packages: write #package for uploading attestation. | |
| contents: read | |
| jobs: | |
| build-publish-maven: | |
| runs-on: ubuntu-latest | |
| env: | |
| DOCKER_REPO: 'optum-main-docker-virtual' | |
| IMAGE_NAME: 'my-very-cool-image-from-edge:${{ github.run_number }}' | |
| JF_URL: https://${{ vars.JF_URL }}/ | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| JFROG_PLATFORM_REPO: 'optum-main-maven-virtual' | |
| JF_PROJECT: optum-main | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| - name: Setup JFrog CLI | |
| id: setup-cli | |
| uses: jfrog/setup-jfrog-cli@v4 | |
| env: | |
| JF_URL: https://psazuse.jfrog.io/ | |
| with: | |
| #oidc-provider-name: github-oidc-edge-group | |
| #oidc-audience: jfrog-github-edge-group-aud | |
| oidc-provider-name: optum-main-oidc | |
| oidc-audience: optum-main-aud | |
| - name: Get id token | |
| run: | | |
| ID_TOKEN=$(curl -sLS -H "User-Agent: actions/oidc-client" -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \ | |
| "${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=optum-main-aud" | jq .value | tr -d '"') | |
| echo "ID_TOKEN=${ID_TOKEN}" >> $GITHUB_ENV | |
| - name: Exchange token with access | |
| env: | |
| ID_TOKEN: ${{env.ID_TOKEN}} | |
| JFROG_PLATFORM_URL: psazuse.jfrog.io | |
| run: | | |
| ACCESS_TOKEN=$(curl -XPOST -H "Content-Type: application/json" "https://psazuse.jfrog.io/access/api/v1/oidc/token" -d "{\"grant_type\": \"urn:ietf:params:oauth:grant-type:token-exchange\", \"subject_token_type\":\"urn:ietf:params:oauth:token-type:id_token\", \"subject_token\": \"${ID_TOKEN}\", \"provider_name\": \"optum-main-oidc\", \"project_key\": \"\"}" | jq .access_token | tr -d '"') | |
| echo "ACCESS_TOKEN=${ACCESS_TOKEN}" >> $GITHUB_ENV | |
| echo "ACCESS_TOKEN=${ACCESS_TOKEN}" | |
| - name: Configure JFrog CLI | |
| run: | | |
| jf config add setup-jfrog-cli-server-on-edge --url https://psazeuwedge.jfrog.io --access-token ${{ secrets.JFROG_ACCESS_TOKEN }} --interactive=false | |
| jf rt ping | |
| jf config show | |
| - name: Configure Maven | |
| # run: jf mvnc --repo-deploy-releases $JFROG_PLATFORM_REPO --repo-deploy-snapshots $JFROG_PLATFORM_REPO --repo-resolve-releases $JFROG_PLATFORM_REPO --repo-resolve-snapshots $JFROG_PLATFORM_REPO | |
| #run: jf mvnc --repo-resolve-releases optum-main-maven-smart-repo --repo-resolve-snapshots optum-main-maven-smart-repo | |
| run: jf mvnc --repo-resolve-releases optum-main-smart-virtual --repo-resolve-snapshots optum-main-smart-virtual | |
| - name: Build and Upload JAR to Artifactory | |
| env: | |
| JF_URL: https://psazeuwedge.jfrog.io/ | |
| JF_PROJECT: "" | |
| run: | | |
| jf config use setup-jfrog-cli-server-on-edge | |
| jf config show | |
| jf mvn clean compile package | |