From 2caae9e34b263103f914ee8e3c8ebaaa23000034 Mon Sep 17 00:00:00 2001 From: Gabriel Radureau Date: Fri, 4 Oct 2024 17:32:16 +0200 Subject: [PATCH] add jwtGiteaOIDC input --- action.yml | 3 +++ dist/index.js | 6 +++++- docker-compose.yml | 44 ++++++++++++++++++++++---------------------- src/auth.js | 6 +++++- 4 files changed, 35 insertions(+), 24 deletions(-) diff --git a/action.yml b/action.yml index e3d2855..4c3b2c9 100644 --- a/action.yml +++ b/action.yml @@ -82,6 +82,9 @@ inputs: jwtGithubAudience: description: 'Identifies the recipient ("aud" claim) that the JWT is intended for' required: false + jwtGiteaOIDC: + description: 'JWT obtained from a Gitea OIDC App' + required: false jwtTtl: description: 'Time in seconds, after which token expires' required: false diff --git a/dist/index.js b/dist/index.js index b3453f7..f9a44bf 100644 --- a/dist/index.js +++ b/dist/index.js @@ -18798,8 +18798,12 @@ async function retrieveToken(method, client) { const keyPassword = core.getInput('jwtKeyPassword', { required: false }); const tokenTtl = core.getInput('jwtTtl', { required: false }) || '3600'; // 1 hour const githubAudience = core.getInput('jwtGithubAudience', { required: false }); + const jwtGiteaOIDC = core.getInput('jwtGiteaOIDC', { required: false }); - if (!privateKey) { + if (jwtGiteaOIDC) { + jwt = jwtGiteaOIDC + } + else if (!privateKey) { jwt = await core.getIDToken(githubAudience) } else { jwt = generateJwt(privateKey, keyPassword, Number(tokenTtl)); diff --git a/docker-compose.yml b/docker-compose.yml index 6a8ee52..7e180d7 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -8,26 +8,26 @@ services: ports: - 8200:8200 privileged: true - vault-enterprise: - image: hashicorp/vault-enterprise:latest - environment: - VAULT_DEV_ROOT_TOKEN_ID: testtoken - VAULT_LICENSE: ${VAULT_LICENSE_CI} - ports: - - 8200:8200 - privileged: true - vault-tls: - image: hashicorp/vault:latest - hostname: vault-tls - environment: - VAULT_CAPATH: /etc/vault/ca.crt - ports: - - 8200:8200 - privileged: true - volumes: - - ${PWD}/integrationTests/e2e-tls/configs:/etc/vault - - vault-data:/var/lib/vault:rw - entrypoint: vault server -config=/etc/vault/config.hcl + # vault-enterprise: + # image: hashicorp/vault-enterprise:latest + # environment: + # VAULT_DEV_ROOT_TOKEN_ID: testtoken + # VAULT_LICENSE: ${VAULT_LICENSE_CI} + # ports: + # - 8200:8200 + # privileged: true + # vault-tls: + # image: hashicorp/vault:latest + # hostname: vault-tls + # environment: + # VAULT_CAPATH: /etc/vault/ca.crt + # ports: + # - 8200:8200 + # privileged: true + # volumes: + # - ${PWD}/integrationTests/e2e-tls/configs:/etc/vault + # - vault-data:/var/lib/vault:rw + # entrypoint: vault server -config=/etc/vault/config.hcl -volumes: - vault-data: +# volumes: +# vault-data: diff --git a/src/auth.js b/src/auth.js index 630ad1e..69198d6 100644 --- a/src/auth.js +++ b/src/auth.js @@ -33,8 +33,12 @@ async function retrieveToken(method, client) { const keyPassword = core.getInput('jwtKeyPassword', { required: false }); const tokenTtl = core.getInput('jwtTtl', { required: false }) || '3600'; // 1 hour const githubAudience = core.getInput('jwtGithubAudience', { required: false }); + const jwtGiteaOIDC = core.getInput('jwtGiteaOIDC', { required: false }); - if (!privateKey) { + if (jwtGiteaOIDC) { + jwt = jwtGiteaOIDC + } + else if (!privateKey) { jwt = await core.getIDToken(githubAudience) } else { jwt = generateJwt(privateKey, keyPassword, Number(tokenTtl));