Compare commits

...

55 Commits

Author SHA1 Message Date
Thomas Boop 4eaf5d56fb fix release notes 2021-09-28 10:00:54 -04:00
Thomas Boop 0a588c33a3 update for merging into main 2021-09-28 08:53:32 -04:00
Thomas Boop 8360baed2c beta release of 1.6.0 for oidc preview (#894) 2021-08-26 13:01:14 -04:00
Tingluo Huang 5c3e1c231d Merge pull request #893 from actions/users/tihuang/oidcupdate
react to OIDC service change.
2021-08-26 09:27:16 -07:00
TingluoHuang fe8d95a8fc lint 2021-08-25 21:53:12 -04:00
TingluoHuang b2c6bee10a encoding. 2021-08-25 17:35:01 -04:00
TingluoHuang eb88fce3c0 lint 2021-08-25 17:02:45 -04:00
TingluoHuang a7aa89a929 lint 2021-08-25 16:54:45 -04:00
TingluoHuang d7dd89f52b react to service changes. 2021-08-25 16:47:39 -04:00
Tingluo Huang 3da67ac4cb Merge pull request #887 from souravchanduka/main-oidc-client
Added OIDC client functionality in core package
2021-08-25 13:14:28 -07:00
Sourav Chanduka 0bab3623f4 eslint fix 2021-08-23 18:49:15 +05:30
Sourav Chanduka af75719a1e Merge branch 'main-oidc-client' of https://github.com/souravchanduka/toolkit into main-oidc-client 2021-08-23 10:51:29 +05:30
Sourav Chanduka d9212ff45b Addressed minor comments 2021-08-23 10:49:53 +05:30
Sourav Chanduka 2b58973dac Merge branch 'main' into main-oidc-client 2021-08-19 13:43:18 +05:30
Sourav Chanduka 4631854e0f version updated 2021-08-19 10:52:15 +05:30
Sourav Chanduka 09e9478907 comments resolved 2021-08-19 10:49:39 +05:30
Sourav Chanduka 1f8d7b5a64 default aud parameter 2021-08-18 16:53:54 +05:30
Sourav Chanduka 1c03cd3284 audience can be undefined 2021-08-18 14:38:04 +05:30
Sourav Chanduka 1162975200 removed whitespaces 2021-08-18 07:53:23 +05:30
Sourav Chanduka 3ceb264e9b readme updated 2021-08-18 07:51:22 +05:30
Sourav Chanduka 619566e5b8 Merge branch 'main' into main-oidc-client 2021-08-18 07:25:05 +05:30
Sourav Chanduka 547e30cada addressed comments 2021-08-18 07:22:04 +05:30
Sourav Chanduka 22e5d95310 addressed comments 2021-08-17 09:32:42 +05:30
Sourav Chanduka 1c86c4c890 payload updated 2021-08-16 14:29:58 +05:30
Sourav Chanduka c7ec4073b7 resolved comments 2021-08-16 12:46:17 +05:30
Sourav Chanduka d0f4aae179 Error Message updated 2021-08-12 16:14:22 +05:30
Sourav Chanduka dac801e6b9 error message updated 2021-08-12 12:11:34 +05:30
Sourav Chanduka 33891d9aef addressed comments 2021-08-12 10:07:18 +05:30
Sourav Chanduka cca2b1808b Addressed Comments 2021-08-11 03:50:43 +05:30
Sourav Chanduka 5d9c674092 comments resolved 2021-08-10 15:36:13 +05:30
Sourav Chanduka aa1968c9e9 async call fix 2021-08-10 11:05:53 +05:30
Sourav Chanduka f55900670f Resolved Comments 2021-08-09 06:36:02 +05:30
Sourav Chanduka 0a94a783ee README.md updated 2021-08-04 09:55:33 +05:30
Sourav Chanduka 9c6e7d8265 Moved oidc functionality to actions/core 2021-08-04 09:24:51 +05:30
Sourav Chanduka 5afccaa9db removed whitespaces 2021-07-29 12:48:27 +05:30
Sourav Chanduka 0c1cb726c3 Resolved Comments 2021-07-29 12:17:22 +05:30
Sourav Chanduka ff90431d27 Update README.md 2021-07-28 15:56:10 +05:30
Sourav Chanduka a2adaa856b Readme updated 2021-07-28 15:54:05 +05:30
Sourav Chanduka 662a937248 Resolved comments 2021-07-28 15:41:37 +05:30
Sourav Chanduka 330dc0b5b8 Updated Readme 2021-07-28 14:01:17 +05:30
Sourav Chanduka 58dfa1c4ac readme modified 2021-07-27 09:47:27 +05:30
Sourav Chanduka 456cf5a97f package.json updated 2021-07-27 08:47:54 +05:30
Sourav Chanduka 7965cc3c7d null ref fix 2021-07-27 06:27:07 +05:30
Sourav Chanduka f541fb1ac9 version update 2021-07-26 17:39:54 +05:30
Sourav Chanduka a6114b695e version updated 2021-07-26 17:35:50 +05:30
Sourav Chanduka 885469e8ce updated version 2021-07-26 17:34:51 +05:30
Sourav Chanduka 962ff70002 updated readme 2021-07-26 15:50:36 +05:30
Sourav Chanduka 8071504f3c added dist folder 2021-07-26 15:47:48 +05:30
Sourav Chanduka 9df74283c2 package.json modified 2021-07-20 17:43:22 +05:30
Sourav Chanduka 4831d7a53b removed unnecesary files 2021-07-20 17:41:02 +05:30
Sourav Chanduka 53a752919b Resolved issues 2021-07-20 15:56:28 +05:30
Sourav Chanduka c45ad60078 require added 2021-07-20 12:08:25 +05:30
Sourav Chanduka f7330892f1 oidc client changes 2021-07-20 08:58:34 +05:30
Sourav Chanduka 1322acbcca Comments Resolved 2021-07-12 08:37:14 +05:30
Sourav Chanduka bdacfc4c65 Inital draft of OIDC Client 2021-07-01 08:11:28 +05:30
8 changed files with 22247 additions and 29 deletions
+22033 -26
View File
File diff suppressed because it is too large Load Diff
+48
View File
@@ -257,3 +257,51 @@ var pid = core.getState("pidToKill");
process.kill(pid);
```
#### OIDC Token
You can use these methods to interact with the GitHub OIDC provider and get a JWT ID token which would help to get access token from third party cloud providers.
**Method Name**: getIDToken()
**Inputs**
audience : optional
**Outputs**
A [JWT](https://jwt.io/) ID Token
In action's `main.ts`:
```js
const core = require('@actions/core');
async function getIDTokenAction(): Promise<void> {
const audience = core.getInput('audience', {required: false})
const id_token1 = await core.getIDToken() // ID Token with default audience
const id_token2 = await core.getIDToken(audience) // ID token with custom audience
// this id_token can be used to get access token from third party cloud providers
}
getIDTokenAction()
```
In action's `actions.yml`:
```yaml
name: 'GetIDToken'
description: 'Get ID token from Github OIDC provider'
inputs:
audience:
description: 'Audience for which the ID token is intended for'
required: false
outputs:
id_token1:
description: 'ID token obtained from OIDC provider'
id_token2:
description: 'ID token obtained from OIDC provider'
runs:
using: 'node12'
main: 'dist/index.js'
```
+4
View File
@@ -1,5 +1,9 @@
# @actions/core Releases
### 1.6.0
- [Added OIDC Client function `getIDToken`](https://github.com/actions/toolkit/pull/919)
- [Added `file` parameter to `AnnotationProperties`](https://github.com/actions/toolkit/pull/896)
### 1.5.0
- [Added support for notice annotations and more annotation fields](https://github.com/actions/toolkit/pull/855)
+18
View File
@@ -2,6 +2,7 @@ import * as fs from 'fs'
import * as os from 'os'
import * as path from 'path'
import * as core from '../src/core'
import {HttpClient} from '@actions/http-client'
import {toCommandProperties} from '../src/utils'
/* eslint-disable @typescript-eslint/unbound-method */
@@ -434,3 +435,20 @@ function verifyFileCommand(command: string, expectedContents: string): void {
fs.unlinkSync(filePath)
}
}
function getTokenEndPoint(): string {
return 'https://vstoken.actions.githubusercontent.com/.well-known/openid-configuration'
}
describe('oidc-client-tests', () => {
it('Get Http Client', async () => {
const http = new HttpClient('actions/oidc-client')
expect(http).toBeDefined()
})
it('HTTP get request to get token endpoint', async () => {
const http = new HttpClient('actions/oidc-client')
const res = await http.get(getTokenEndPoint())
expect(res.message.statusCode).toBe(200)
})
})
+50 -2
View File
@@ -1,14 +1,62 @@
{
"name": "@actions/core",
"version": "1.4.0",
"lockfileVersion": 1,
"version": "1.6.0",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "@actions/core",
"version": "1.6.0",
"license": "MIT",
"dependencies": {
"@actions/http-client": "^1.0.11"
},
"devDependencies": {
"@types/node": "^12.0.2"
}
},
"node_modules/@actions/http-client": {
"version": "1.0.11",
"resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-1.0.11.tgz",
"integrity": "sha512-VRYHGQV1rqnROJqdMvGUbY/Kn8vriQe/F9HR2AlYHzmKuM/p3kjNuXhmdBfcVgsvRWTz5C5XW5xvndZrVBuAYg==",
"dependencies": {
"tunnel": "0.0.6"
}
},
"node_modules/@types/node": {
"version": "12.0.2",
"resolved": "https://registry.npmjs.org/@types/node/-/node-12.0.2.tgz",
"integrity": "sha512-5tabW/i+9mhrfEOUcLDu2xBPsHJ+X5Orqy9FKpale3SjDA17j5AEpYq5vfy3oAeAHGcvANRCO3NV3d2D6q3NiA==",
"dev": true
},
"node_modules/tunnel": {
"version": "0.0.6",
"resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
"integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg==",
"engines": {
"node": ">=0.6.11 <=0.7.0 || >=0.7.3"
}
}
},
"dependencies": {
"@actions/http-client": {
"version": "1.0.11",
"resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-1.0.11.tgz",
"integrity": "sha512-VRYHGQV1rqnROJqdMvGUbY/Kn8vriQe/F9HR2AlYHzmKuM/p3kjNuXhmdBfcVgsvRWTz5C5XW5xvndZrVBuAYg==",
"requires": {
"tunnel": "0.0.6"
}
},
"@types/node": {
"version": "12.0.2",
"resolved": "https://registry.npmjs.org/@types/node/-/node-12.0.2.tgz",
"integrity": "sha512-5tabW/i+9mhrfEOUcLDu2xBPsHJ+X5Orqy9FKpale3SjDA17j5AEpYq5vfy3oAeAHGcvANRCO3NV3d2D6q3NiA==",
"dev": true
},
"tunnel": {
"version": "0.0.6",
"resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
"integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg=="
}
}
}
+4 -1
View File
@@ -1,6 +1,6 @@
{
"name": "@actions/core",
"version": "1.5.0",
"version": "1.6.0",
"description": "Actions core lib",
"keywords": [
"github",
@@ -35,6 +35,9 @@
"bugs": {
"url": "https://github.com/actions/toolkit/issues"
},
"dependencies": {
"@actions/http-client": "^1.0.11"
},
"devDependencies": {
"@types/node": "^12.0.2"
}
+6
View File
@@ -5,6 +5,8 @@ import {toCommandProperties, toCommandValue} from './utils'
import * as os from 'os'
import * as path from 'path'
import {OidcClient} from './oidc-utils'
/**
* Interface for getInput options
*/
@@ -348,3 +350,7 @@ export function saveState(name: string, value: any): void {
export function getState(name: string): string {
return process.env[`STATE_${name}`] || ''
}
export async function getIDToken(aud?: string): Promise<string> {
return await OidcClient.getIDToken(aud)
}
+84
View File
@@ -0,0 +1,84 @@
/* eslint-disable @typescript-eslint/no-extraneous-class */
import * as actions_http_client from '@actions/http-client'
import {IRequestOptions} from '@actions/http-client/interfaces'
import {HttpClient} from '@actions/http-client'
import {BearerCredentialHandler} from '@actions/http-client/auth'
import {debug, setSecret} from './core'
interface TokenResponse {
value?: string
}
export class OidcClient {
private static createHttpClient(
allowRetry = true,
maxRetry = 10
): actions_http_client.HttpClient {
const requestOptions: IRequestOptions = {
allowRetries: allowRetry,
maxRetries: maxRetry
}
return new HttpClient(
'actions/oidc-client',
[new BearerCredentialHandler(OidcClient.getRequestToken())],
requestOptions
)
}
private static getRequestToken(): string {
const token = process.env['ACTIONS_ID_TOKEN_REQUEST_TOKEN']
if (!token) {
throw new Error(
'Unable to get ACTIONS_ID_TOKEN_REQUEST_TOKEN env variable'
)
}
return token
}
private static getIDTokenUrl(): string {
const runtimeUrl = process.env['ACTIONS_ID_TOKEN_REQUEST_URL']
if (!runtimeUrl) {
throw new Error('Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable')
}
return runtimeUrl
}
private static async getCall(id_token_url: string): Promise<string> {
const httpclient = OidcClient.createHttpClient()
const res = await httpclient
.getJson<TokenResponse>(id_token_url)
.catch(error => {
throw new Error(
`Failed to get ID Token. \n
Error Code : ${error.statusCode}\n
Error Message: ${error.result.message}`
)
})
const id_token = res.result?.value
if (!id_token) {
throw new Error('Response json body do not have ID Token field')
}
return id_token
}
static async getIDToken(audience?: string): Promise<string> {
try {
// New ID Token is requested from action service
let id_token_url: string = OidcClient.getIDTokenUrl()
if (audience) {
const encodedAudience = encodeURIComponent(audience)
id_token_url = `${id_token_url}&audience=${encodedAudience}`
}
debug(`ID token url is ${id_token_url}`)
const id_token = await OidcClient.getCall(id_token_url)
setSecret(id_token)
return id_token
} catch (error) {
throw new Error(`Error message: ${error.message}`)
}
}
}