Release Setup and Improved Maintainability

.dockerignore

@@ -0,0 +1,11 @@
+.devcontainer/
+.github/
+.git/
+script/
+action.yml
+Dockerfile
+LICENSE
+README.md
+tmp/
+.vscode/
+docs/

.github/workflows/main.yml

@@ -15,5 +15,12 @@ jobs:
     steps:
       - name: git checkout
         uses: actions/checkout@v4
+
+      - name: setup go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+          cache: true
+
       - name: run oidc-debug.go
         run: go run cmd/oidc-debug.go -audience "https://github.com/github"

.go-version

@@ -0,0 +1 @@
+1.24.4

Dockerfile

@@ -1,5 +1,8 @@
-FROM alpine:latest
-RUN apk add --no-cache go
+FROM alpine:3.22.0@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
+
+COPY .go-version .go-version
+
+RUN apk add --no-cache go=$(cat .go-version)-r0
 
 COPY . .
 

README.md

@@ -4,11 +4,14 @@ This action requests a JWT and prints the claims included within the JWT receive
 
 ## How to use this Action
 
-Here's an example of how to use that action:
+Here's an example of how to use this action:
 
 ```yaml
 
-on: [pull_request]
+name: Test Debugger Action
+on: 
+  pull_request:
+  workflow_dispatch:
 
 jobs:
   oidc_debug_test:
@@ -23,3 +26,58 @@ jobs:
         with:
           audience: '${{ github.server_url }}/${{ github.repository_owner }}'
 ```
+
+The resulting output in your Actions log will look something like this:
+
+```json
+{
+  "actor": "GrantBirki",
+  "actor_id": "23362539",
+  "aud": "https://github.com/github",
+  "base_ref": "main",
+  "enterprise": "github",
+  "enterprise_id": "11468",
+  "event_name": "pull_request",
+  "exp": 1751581975,
+  "head_ref": "release-setup",
+  "iat": 1751560375,
+  "iss": "https://token.actions.githubusercontent.com",
+  "job_workflow_ref": "github/actions-oidc-debugger/.github/workflows/action-test.yml@refs/pull/27/merge",
+  "job_workflow_sha": "7f93a73b8273af5d35fcd70661704c1cadc57054",
+  "jti": "4a576b35-ff09-41c5-af2c-ca62dd89b76a",
+  "nbf": 1751560075,
+  "ref": "refs/pull/27/merge",
+  "ref_protected": "false",
+  "ref_type": "branch",
+  "repository": "github/actions-oidc-debugger",
+  "repository_id": "487920697",
+  "repository_owner": "github",
+  "repository_owner_id": "9919",
+  "repository_visibility": "public",
+  "run_attempt": "1",
+  "run_id": "16055869479",
+  "run_number": "33",
+  "runner_environment": "github-hosted",
+  "sha": "7f93a73b8273af5d35fcd70661704c1cadc57054",
+  "sub": "repo:github/actions-oidc-debugger:pull_request",
+  "workflow": "Test Debugger Action",
+  "workflow_ref": "github/actions-oidc-debugger/.github/workflows/action-test.yml@refs/pull/27/merge",
+  "workflow_sha": "7f93a73b8273af5d35fcd70661704c1cadc57054"
+}
+```
+
+## Maintainers
+
+Here is the general flow for developing this Action and releasing a new version:
+
+### Bootstrapping
+
+This assumes you have `goenv` installed and the version listed in the `.go-version` file is installed as well.
+
+```bash
+go mod vendor && go mod tidy && go mod verify
+```
+
+### Releasing
+
+Please run `script/release` and publish a new release on GitHub from the resulting tag.

action.yml

@@ -1,5 +1,8 @@
 name: 'OIDC Debugger'
 description: 'Print the GitHub Actions OIDC claims.'
+branding:
+  icon: 'activity'
+  color: 'red'
 inputs:
   audience:
     description: 'The audience to use when requesting the JWT. Your Github server URL and repository owner (e.g. https://github.com/github).'

go.mod

@@ -1,5 +1,5 @@
 module github.com/github/actions-oidc-debugger
 
-go 1.18
+go 1.24
 
 require github.com/golang-jwt/jwt/v5 v5.2.2

script/release

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+# Usage:
+# script/release
+
+# COLORS
+OFF='\033[0m'
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+BLUE='\033[0;34m'
+
+latest_tag=$(git describe --tags $(git rev-list --tags --max-count=1))
+echo -e "The latest release tag is: ${BLUE}${latest_tag}${OFF}"
+read -p 'New Release Tag (vX.X.X format): ' new_tag
+
+# Updated regex to allow one or more digits in each segment
+tag_regex='^v[0-9]+\.[0-9]+\.[0-9]+$'
+echo "$new_tag" | grep -E -q $tag_regex
+
+if [[ $? -ne 0 ]]; then
+  echo -e "${RED}ERROR${OFF} - Tag: $new_tag is not valid. Please use vX.X.X format."
+  exit 1
+fi
+
+git tag -a $new_tag -m "$new_tag Release"
+
+echo -e "${GREEN}OK${OFF} - Tagged: $new_tag"
+
+git push --tags
+
+echo -e "${GREEN}OK${OFF} - Tags pushed to remote!"
+echo -e "${GREEN}DONE${OFF}"