Skip to content
upload-cloud

GitHub Action

setup-cf

v1.0.1 Latest version

setup-cf

upload-cloud

setup-cf

Setup Cloud Foundry CLI environment

Installation

Copy and paste the following snippet into your .yml file.

              

- name: setup-cf

uses: vchrisb/[email protected]

Learn more about this action in vchrisb/setup-cf

Choose a version

setup-cf

This action provides the following functionality for GitHub Actions users:

  • Installing a version of Cloud Foundry CLI and adding it to the PATH
  • Authenticating to the Cloud Foundry API using different grant types:
    • Password
    • Client Credentials
    • Client Credentials with JWT
    • JWT Bearer Token Grant
  • Target Org and Space

Basic usage

See action.yml

steps:
- uses: actions/checkout@v4
- uses: vchrisb/setup-cf@v1
  with:
    api: ${{ secrets.CF_API }}
    username: ${{ secrets.CF_USERNAME }}
    password: ${{ secrets.CF_PASSWORD }}
    org: test
    space: dev
- name: run cf command
  run: cf apps

Parameter

  • api
    • Url of the cloud controller api
    • required
  • audience
    • audience for requesting the Github id_token used for JWT Bearer Token Grant
    • required
    • default: uaa
  • client_id
    • client id for client_credentals or jwt-bearer
  • client_secret
    • client secret for client_credentals or jwt-bearer
  • grant_type
    • grant type for access
    • required
    • default: password
    • valid values:
      • password
      • client_credentals
      • private_key_jwt
      • jwt-bearer
  • jwt
    • jwt for usage with private_key_jwt or jwt-bearer. If none is specified for jwt-bearer, a Github id_token will be requested
  • username
    • username for password grant
  • password
    • password for password grant
  • org
    • Cloud Foundry organization name
  • space
    • Cloud Foundry space name
  • version
    • cf cli version
    • required
    • default: 8.8.3

Advanced

setup UAA for JWT Bearer Token Grant

Add the Github OIDC provider using non existing credentials and use e.g. the repository_owner claimm as the user_name:

uaa curl /identity-providers -X POST -H "Content-Type: application/json" -d '{"type": "oidc1.0", "name": "Github", "originKey": "github", "config": {"discoveryUrl": "https://token.actions.githubusercontent.com/.well-known/openid-configuration", "scopes": ["read:user", "user:email"], "linkText": "Login with Github", "showLinkText": false, "addShadowUserOnLogin": true, "clientAuthInBody": true, "relyingPartyId": "uaa", "relyingPartySecret": "uaa", "addShadowUserOnLogin": true, "attributeMappings" : {"given_name": "repository_owner", "family_name": "repository_owner_id", "user_name": "repository_owner"}}}'

The sub can't be used for the user_name, as it includes unsupported characters like / and :.

UAA client required for authentication:

uaa curl /oauth/clients -X POST -H "Content-Type: application/json" -d '{"client_id" : "jwt-bearer-client", "client_secret" : "secret", "access_token_validity": 1800,  "authorities" : [ "uaa.resource" ], "authorized_grant_types" : [ "urn:ietf:params:oauth:grant-type:jwt-bearer" ], "scope": ["openid", "cloud_controller.read"], "allowedproviders" : [ "github" ], "name" : "JWT Bearer Client"}'

Developmet

update action

npm i -g @vercel/ncc
npm run format
npm run build