Skip to content

Update Security CLI to v1.4.1 (#718) #3

Update Security CLI to v1.4.1 (#718)

Update Security CLI to v1.4.1 (#718) #3

Workflow file for this run

name: "OIDC Test"
on:
push:
pull_request_target:
types: [ labeled ]
permissions:
contents: write
pull-requests: write
security-events: write
id-token: write
jobs:
oidc-test:
if: contains(github.event.pull_request.labels.*.name, 'safe to test') || github.event_name == 'push'
name: OIDC-Access integration test (${{ matrix.os }})
strategy:
fail-fast: false
matrix:
os: [ ubuntu, windows, macos ]
runs-on: ${{ matrix.os }}-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: 1.22.x
cache: false
# Generating a unique name for the Integration Configuration that will be created in the following step
- name: Generate unique OIDC config name
shell: bash
run: echo "OIDC_PROVIDER_NAME=oidc-integration-test-provider-$(date +%Y%m%d%H%M%S)" >> $GITHUB_ENV
- name: Create OpenID Connect integration
shell: bash
run: |
curl -X POST "${{ secrets.PLATFORM_URL }}/access/api/v1/oidc" -H "Content-Type: application/json" -H "Authorization: Bearer ${{ secrets.PLATFORM_ADMIN_TOKEN }}" -d '{
"name": "${{ env.OIDC_PROVIDER_NAME }}",
"issuer_url": "https://token.actions.githubusercontent.com",
"provider_type": "GitHub",
"description": "This is a test configuration created for OIDC-Access integration test" }'
- name: Create OIDC integration Identity Mapping
shell: bash
run: |
curl -X POST ${{ secrets.PLATFORM_URL }}/access/api/v1/oidc/${{ env.OIDC_PROVIDER_NAME }}/identity_mappings \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer ${{ secrets.PLATFORM_ADMIN_TOKEN }}' \
-d '{
"name": "oidc-test-identity-mapping",
"priority": "1",
"claims": {
"repository": "${{ github.repository_owner }}/frogbot"
},
"token_spec": {
"username": "admin",
"scope": "applied-permissions/admin",
"audience": "*@*",
"expires_in": 300
}
}'
# Running frogbot with the OIDC integration
- name: Run Frogbot
uses: ./
env:
ACTIONS_STEP_DEBUG: true
JF_URL: ${{ secrets.PLATFORM_URL }}
JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
JF_GIT_BASE_BRANCH: ${{ matrix.branch }}
JF_WORKING_DIR: ./testdata/projects/noIssuesProject
JF_FAIL: "FALSE"
with:
oidc-provider-name: ${{ env.OIDC_PROVIDER_NAME }}
# Removing the OIDC integration will remove the Identity Mapping as well
- name: Delete OIDC integration
shell: bash
if: always()
run: |
curl -X DELETE ${{ secrets.PLATFORM_URL }}/access/api/v1/oidc/${{ env.OIDC_PROVIDER_NAME }} -H 'Authorization: Bearer ${{ secrets.PLATFORM_ADMIN_TOKEN }}'