Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(aws-auth): add workflow_ref claim #227

Merged
merged 3 commits into from
Aug 29, 2024
Merged

feat(aws-auth): add workflow_ref claim #227

merged 3 commits into from
Aug 29, 2024

Conversation

guicaulada
Copy link
Contributor

@guicaulada guicaulada commented Aug 29, 2024
edited
Loading

This is needed by some workflows, for example in case I want to use a reusable workflow I can already use the job_workflow_ref claim, but if I want to also control where the job_workflow_ref is triggered from, for example a specific workflow running when certain tags are pushed, I would need the workflow_ref to the workflow that triggered the job_workflow_ref.

@guicaulada guicaulada requested a review from a team as a code owner August 29, 2024 19:59
@guicaulada guicaulada changed the title Add workflow_ref principal tag to GHA OIDC Add workflow_ref claim to aws-auth Aug 29, 2024
@guicaulada guicaulada changed the title Add workflow_ref claim to aws-auth feat(aws-auth): Add workflow_ref claim Aug 29, 2024
@guicaulada guicaulada changed the title feat(aws-auth): Add workflow_ref claim feat(aws-auth): add workflow_ref claim Aug 29, 2024
nafisat2
nafisat2 approved these changes Aug 29, 2024
View reviewed changes
Copy link
Contributor

@nafisat2 nafisat2 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you also update the README with workflow_ref?

shared-workflows/actions/aws-auth/README.md

Line 42 in aee5ab9

| `pass-claims` | String | `, `-separated list of [GitHub Actions claims](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#understanding-the-oidc-token) (session tags) to make available to `role-arn`. Currently supported claims (default): `"repository_owner, repository_name, job_workflow_ref, event_name"` [^2] |

@guicaulada guicaulada added this pull request to the merge queue Aug 29, 2024
Merged via the queue into main with commit c0e3298 Aug 29, 2024
7 checks passed
@guicaulada guicaulada deleted the gc/gh-oidc-workflow-ref branch August 29, 2024 20:53
@github-actions github-actions bot mentioned this pull request Aug 29, 2024
Closed
This was referenced Sep 25, 2024
Closed
Closed
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nafisat2 nafisat2 nafisat2 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@guicaulada @nafisat2