This action will generate a JWT for a custom audience. It replaces a script like:
- name: get oidc token
run: |
OIDC_TOKEN=$(curl -sLS "${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=cicd.tremolo.dev" -H "User-Agent: actions/oidc-client" -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN")
JWT=$(echo $OIDC_TOKEN | jq -j '.value')
echo "JWT=$JWT" >> $GITHUB_ENVIn addition to creating the JWT for your audience, it registers the JWT as a GitHub action secret to reduce the risk that it is leaked via logs.
The value of the JWT aud claim. This audience should be validated by the receiver of the token.
The name of the environment variable to store the generated JWT into. This environment variable is marked as a secret.
There are no outputs.
- name: get oidc token
uses: tremolosecurity/[email protected]
with:
audience: "cicd.tremolo.dev"
environmentVariableName: "JWT"