From 1f3c2ebcbdaad4c6c661144e60291803b66b3f65 Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Thu, 3 Jul 2025 09:12:38 -0700 Subject: [PATCH 01/10] add marketplace branding --- action.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/action.yml b/action.yml index 447267b..2e05c70 100644 --- a/action.yml +++ b/action.yml @@ -1,5 +1,8 @@ name: 'OIDC Debugger' description: 'Print the GitHub Actions OIDC claims.' +branding: + icon: 'activity' + color: 'red' inputs: audience: description: 'The audience to use when requesting the JWT. Your Github server URL and repository owner (e.g. https://github.com/github).' From 2a1690ec055e35e76cf1a4dfbf4c7bd17a42dd61 Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Thu, 3 Jul 2025 09:13:26 -0700 Subject: [PATCH 02/10] add a go version file --- .go-version | 1 + 1 file changed, 1 insertion(+) create mode 100644 .go-version diff --git a/.go-version b/.go-version new file mode 100644 index 0000000..2f4320f --- /dev/null +++ b/.go-version @@ -0,0 +1 @@ +1.24.4 From a1fef54a6f872cdeee2587076d7571e94caee6b1 Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Thu, 3 Jul 2025 09:15:37 -0700 Subject: [PATCH 03/10] use the same go version in development as in our test suite --- .github/workflows/main.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index d1c99de..697b191 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -15,5 +15,12 @@ jobs: steps: - name: git checkout uses: actions/checkout@v4 + + - name: setup go + uses: actions/setup-go@v5 + with: + go-version-file: 'go.mod' + cache: true + - name: run oidc-debug.go run: go run cmd/oidc-debug.go -audience "https://github.com/github" From cfe0bc8adc4aae5ef79ba20a234cbab4aeffed93 Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Thu, 3 Jul 2025 09:16:32 -0700 Subject: [PATCH 04/10] add a release script --- script/release | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100755 script/release diff --git a/script/release b/script/release new file mode 100755 index 0000000..6db306c --- /dev/null +++ b/script/release @@ -0,0 +1,32 @@ +#!/bin/bash + +# Usage: +# script/release + +# COLORS +OFF='\033[0m' +RED='\033[0;31m' +GREEN='\033[0;32m' +BLUE='\033[0;34m' + +latest_tag=$(git describe --tags $(git rev-list --tags --max-count=1)) +echo -e "The latest release tag is: ${BLUE}${latest_tag}${OFF}" +read -p 'New Release Tag (vX.X.X format): ' new_tag + +# Updated regex to allow one or more digits in each segment +tag_regex='^v[0-9]+\.[0-9]+\.[0-9]+$' +echo "$new_tag" | grep -E -q $tag_regex + +if [[ $? -ne 0 ]]; then + echo -e "${RED}ERROR${OFF} - Tag: $new_tag is not valid. Please use vX.X.X format." + exit 1 +fi + +git tag -a $new_tag -m "$new_tag Release" + +echo -e "${GREEN}OK${OFF} - Tagged: $new_tag" + +git push --tags + +echo -e "${GREEN}OK${OFF} - Tags pushed to remote!" +echo -e "${GREEN}DONE${OFF}" From 953d71bf0c16cf0cb2f7c38902425853f18e7e1d Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Thu, 3 Jul 2025 09:19:34 -0700 Subject: [PATCH 05/10] update Go version from 1.18 to 1.24 in go.mod --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index d2272be..44a98b0 100644 --- a/go.mod +++ b/go.mod @@ -1,5 +1,5 @@ module github.com/github/actions-oidc-debugger -go 1.18 +go 1.24 require github.com/golang-jwt/jwt/v5 v5.2.2 From 45d948948aec8085e7f5a953c535328b009024eb Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Thu, 3 Jul 2025 09:21:53 -0700 Subject: [PATCH 06/10] pin docker to an exact sha for stability --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index f8d0369..0a66222 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:latest +FROM alpine:3.22.0@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715 RUN apk add --no-cache go COPY . . From 90a509b69a54339847c76e2874313cd40a675388 Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Thu, 3 Jul 2025 09:30:10 -0700 Subject: [PATCH 07/10] update Dockerfile to install Go version from .go-version file --- Dockerfile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 0a66222..430f3dd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,8 @@ FROM alpine:3.22.0@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715 -RUN apk add --no-cache go + +COPY .go-version .go-version + +RUN apk add --no-cache go=$(cat .go-version)-r0 COPY . . From aa17d83f355d7bbb1afe37da1b81df054118afb9 Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Thu, 3 Jul 2025 09:32:26 -0700 Subject: [PATCH 08/10] add .dockerignore to exclude unnecessary files from Docker context --- .dockerignore | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 .dockerignore diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..1f4cac1 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,11 @@ +.devcontainer/ +.github/ +.git/ +script/ +action.yml +Dockerfile +LICENSE +README.md +tmp/ +.vscode/ +docs/ From aa1986735a8f996158a9826506d04c56b2cd4773 Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Thu, 3 Jul 2025 09:36:07 -0700 Subject: [PATCH 09/10] update docs --- README.md | 46 ++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 44 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 0d81570..ef8abf4 100644 --- a/README.md +++ b/README.md @@ -4,11 +4,14 @@ This action requests a JWT and prints the claims included within the JWT receive ## How to use this Action -Here's an example of how to use that action: +Here's an example of how to use this action: ```yaml -on: [pull_request] +name: Test Debugger Action +on: + pull_request: + workflow_dispatch: jobs: oidc_debug_test: @@ -23,3 +26,42 @@ jobs: with: audience: '${{ github.server_url }}/${{ github.repository_owner }}' ``` + +The resulting output in your Actions log will look something like this: + +```json +{ + "actor": "GrantBirki", + "actor_id": "23362539", + "aud": "https://github.com/github", + "base_ref": "main", + "enterprise": "github", + "enterprise_id": "11468", + "event_name": "pull_request", + "exp": 1751581975, + "head_ref": "release-setup", + "iat": 1751560375, + "iss": "https://token.actions.githubusercontent.com", + "job_workflow_ref": "github/actions-oidc-debugger/.github/workflows/action-test.yml@refs/pull/27/merge", + "job_workflow_sha": "7f93a73b8273af5d35fcd70661704c1cadc57054", + "jti": "4a576b35-ff09-41c5-af2c-ca62dd89b76a", + "nbf": 1751560075, + "ref": "refs/pull/27/merge", + "ref_protected": "false", + "ref_type": "branch", + "repository": "github/actions-oidc-debugger", + "repository_id": "487920697", + "repository_owner": "github", + "repository_owner_id": "9919", + "repository_visibility": "public", + "run_attempt": "1", + "run_id": "16055869479", + "run_number": "33", + "runner_environment": "github-hosted", + "sha": "7f93a73b8273af5d35fcd70661704c1cadc57054", + "sub": "repo:github/actions-oidc-debugger:pull_request", + "workflow": "Test Debugger Action", + "workflow_ref": "github/actions-oidc-debugger/.github/workflows/action-test.yml@refs/pull/27/merge", + "workflow_sha": "7f93a73b8273af5d35fcd70661704c1cadc57054" +} +``` From 5482bb8a8e47c7633a1c4ea1cd5613cb5f2c4800 Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Thu, 3 Jul 2025 09:37:37 -0700 Subject: [PATCH 10/10] more docs --- README.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/README.md b/README.md index ef8abf4..de2f117 100644 --- a/README.md +++ b/README.md @@ -65,3 +65,19 @@ The resulting output in your Actions log will look something like this: "workflow_sha": "7f93a73b8273af5d35fcd70661704c1cadc57054" } ``` + +## Maintainers + +Here is the general flow for developing this Action and releasing a new version: + +### Bootstrapping + +This assumes you have `goenv` installed and the version listed in the `.go-version` file is installed as well. + +```bash +go mod vendor && go mod tidy && go mod verify +``` + +### Releasing + +Please run `script/release` and publish a new release on GitHub from the resulting tag.