Skip to content
You're viewing an older version of this GitHub Action. Do you want to see the latest version instead?
upload-cloud

GitHub Action

setup-cf

v0.0.3

setup-cf

upload-cloud

setup-cf

Setup Cloud Foundry CLI environment

Installation

Copy and paste the following snippet into your .yml file.

 
              
- name: setup-cf

              
  uses: vchrisb/[email protected]
Learn more about this action in vchrisb/setup-cf

Choose a version

setup-cf

This action provides the following functionality for GitHub Actions users:

  • Installing a version of Cloud Foundry CLI and adding it to the PATH
  • Authenticating to the Cloud Foundry API using different grant types:
    • Password
    • Client Credentials
    • Client Credentials with JWT
    • JWT Bearer Token Grant
  • Target Org and Space
  • Run a cf command

Basic usage

See action.yml

steps:
- uses: actions/checkout@v4
- uses: vchrisb/setup-cf@v0
  with:
    api: ${{ secrets.CF_API }}
    username: ${{ secrets.CF_USERNAME }}
    password: ${{ secrets.CF_PASSWORD }}
    org: test
    space: dev
    command: push --strategy rolling
- name: run command with shell
  run: cf apps

Parameter

  • api
    • Url of the cloud controller api
    • required
  • audience
    • audience for requesting the Github id_token used for JWT Bearer Token Grant
    • required
    • default: uaa
  • client_id
    • client id for client_credentals or jwt-bearer
  • client_secret
    • client secret for client_credentals or jwt-bearer
  • command
    • run optionally a cf command
  • grant_type
    • grant type for access
    • required
    • default: password
    • valid values:
      • password
      • client_credentals
      • private_key_jwt
      • jwt-bearer
  • jwt
    • jwt for usage with private_key_jwt or jwt-bearer. If none is specified for jwt-bearer, a Github id_token will be requested
  • username
    • username for password grant
  • password
    • password for password
  • org
    • organization name
  • space
    • space name
  • version
    • cf cli version
    • required
    • default: 8.7.10

Advanced

setup UAA for JWT Bearer Token Grant

Add the Github OIDC provider using non existing credentials and use e.g. the repository_owner claimm as the user_name:

uaa curl /identity-providers -X POST -H "Content-Type: application/json" -d '{"type": "oidc1.0", "name": "Github", "originKey": "github", "config": {"discoveryUrl": "https://token.actions.githubusercontent.com/.well-known/openid-configuration", "scopes": ["read:user", "user:email"], "linkText": "Login with Github", "showLinkText": false, "addShadowUserOnLogin": true, "clientAuthInBody": true, "relyingPartyId": "uaa", "relyingPartySecret": "uaa", "addShadowUserOnLogin": true, "attributeMappings" : {"given_name": "repository_owner", "family_name": "repository_owner_id", "user_name": "repository_owner"}}}'

The sub can't be used for the user_name, as it includes unsupported characters like / and :.

UAA client required for authentication:

uaa curl /oauth/clients -X POST -H "Content-Type: application/json" -d '{"client_id" : "jwt-bearer-client", "client_secret" : "secret", "access_token_validity": 1800,  "authorities" : [ "uaa.resource" ], "authorized_grant_types" : [ "urn:ietf:params:oauth:grant-type:jwt-bearer" ], "scope": ["openid", "cloud_controller.read"], "allowedproviders" : [ "github" ], "name" : "JWT Bearer Client"}'

Developmet

update action

npm i -g @vercel/ncc
npm run lint
npm run build