You're viewing an older version of this GitHub Action. Do you want to see the latest version instead?
GitHub Action
setup-cf
v1.0.0
This action provides the following functionality for GitHub Actions users:
- Installing a version of Cloud Foundry CLI and adding it to the PATH
- Authenticating to the Cloud Foundry API using different grant types:
- Password
- Client Credentials
- Client Credentials with JWT
- JWT Bearer Token Grant
- Target Org and Space
See action.yml
steps:
- uses: actions/checkout@v4
- uses: vchrisb/setup-cf@v1
with:
api: ${{ secrets.CF_API }}
username: ${{ secrets.CF_USERNAME }}
password: ${{ secrets.CF_PASSWORD }}
org: test
space: dev
- name: run cf command
run: cf apps
api
- Url of the cloud controller api
- required
audience
- audience for requesting the Github
id_token
used for JWT Bearer Token Grant - required
- default:
uaa
- audience for requesting the Github
client_id
- client id for
client_credentals
orjwt-bearer
- client id for
client_secret
- client secret for
client_credentals
orjwt-bearer
- client secret for
grant_type
- grant type for access
- required
- default:
password
- valid values:
password
client_credentals
private_key_jwt
jwt-bearer
jwt
- jwt for usage with
private_key_jwt
orjwt-bearer
. If none is specified forjwt-bearer
, a Githubid_token
will be requested
- jwt for usage with
username
- username for
password
grant
- username for
password
- password for
password
grant
- password for
org
- Cloud Foundry organization name
space
- Cloud Foundry space name
version
- cf cli version
- required
- default:
8.8.3
Add the Github OIDC provider using non existing credentials and use e.g. the repository_owner
claimm as the user_name
:
uaa curl /identity-providers -X POST -H "Content-Type: application/json" -d '{"type": "oidc1.0", "name": "Github", "originKey": "github", "config": {"discoveryUrl": "https://token.actions.githubusercontent.com/.well-known/openid-configuration", "scopes": ["read:user", "user:email"], "linkText": "Login with Github", "showLinkText": false, "addShadowUserOnLogin": true, "clientAuthInBody": true, "relyingPartyId": "uaa", "relyingPartySecret": "uaa", "addShadowUserOnLogin": true, "attributeMappings" : {"given_name": "repository_owner", "family_name": "repository_owner_id", "user_name": "repository_owner"}}}'
The
sub
can't be used for theuser_name
, as it includes unsupported characters like/
and:
.
UAA client required for authentication:
uaa curl /oauth/clients -X POST -H "Content-Type: application/json" -d '{"client_id" : "jwt-bearer-client", "client_secret" : "secret", "access_token_validity": 1800, "authorities" : [ "uaa.resource" ], "authorized_grant_types" : [ "urn:ietf:params:oauth:grant-type:jwt-bearer" ], "scope": ["openid", "cloud_controller.read"], "allowedproviders" : [ "github" ], "name" : "JWT Bearer Client"}'
npm i -g @vercel/ncc
npm run lint
npm run build