githubactions

package

v0.0.0-...-f927bc5 Latest Latest Go to latest Published: Jan 30, 2025 License: AGPL-3.0 Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/VersoriumX/teleport

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type IDTokenClaims
- func (c *IDTokenClaims) JoinAuditAttributes() (map[string]interface{}, error)
type IDTokenSource
- func NewIDTokenSource() *IDTokenSource
- func (ip *IDTokenSource) GetIDToken(ctx context.Context) (string, error)
type IDTokenValidator
- func NewIDTokenValidator(cfg IDTokenValidatorConfig) *IDTokenValidator
- func (id *IDTokenValidator) Validate(ctx context.Context, GHESHost string, enterpriseSlug string, token string) (*IDTokenClaims, error)
type IDTokenValidatorConfig

Constants ¶

View Source

const DefaultIssuerHost = "token.actions.githubusercontent.com"

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type IDTokenClaims ¶

type IDTokenClaims struct {
	// Sub also known as Subject is a string that roughly uniquely indentifies
	// the workload. The format of this varies depending on the type of
	// github action run.
	Sub string `json:"sub"`
	// The personal account that initiated the workflow run.
	Actor string `json:"actor"`
	// The ID of personal account that initiated the workflow run.
	ActorID string `json:"actor_id"`
	// The target branch of the pull request in a workflow run.
	BaseRef string `json:"base_ref"`
	// The name of the environment used by the job.
	Environment string `json:"environment"`
	// The name of the event that triggered the workflow run.
	EventName string `json:"event_name"`
	// The source branch of the pull request in a workflow run.
	HeadRef string `json:"head_ref"`
	// This is the ref path to the reusable workflow used by this job.
	JobWorkflowRef string `json:"job_workflow_ref"`
	// The git ref that triggered the workflow run.
	Ref string `json:"ref"`
	// The type of ref, for example: "branch".
	RefType string `json:"ref_type"`
	// The visibility of the repository where the workflow is running. Accepts the following values: internal, private, or public.
	RepositoryVisibility string `json:"repository_visibility"`
	// The repository from where the workflow is running.
	// This includes the name of the owner e.g `gravitational/teleport`
	Repository string `json:"repository"`
	// The ID of the repository from where the workflow is running.
	RepositoryID string `json:"repository_id"`
	// The name of the organization in which the repository is stored.
	RepositoryOwner string `json:"repository_owner"`
	// The ID of the organization in which the repository is stored.
	RepositoryOwnerID string `json:"repository_owner_id"`
	// The ID of the workflow run that triggered the workflow.
	RunID string `json:"run_id"`
	// The number of times this workflow has been run.
	RunNumber string `json:"run_number"`
	// The number of times this workflow run has been retried.
	RunAttempt string `json:"run_attempt"`
	// SHA is the commit SHA that triggered the workflow run.
	SHA string `json:"sha"`
	// The name of the workflow.
	Workflow string `json:"workflow"`
}

IDTokenClaims is the structure of claims contained within a Github issued ID token.

See the following for the structure: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#understanding-the-oidc-token

func (*IDTokenClaims) JoinAuditAttributes ¶

func (c *IDTokenClaims) JoinAuditAttributes() (map[string]interface{}, error)

JoinAuditAttributes returns a series of attributes that can be inserted into audit events related to a specific join.

type IDTokenSource ¶

type IDTokenSource struct {
	// contains filtered or unexported fields
}

IDTokenSource allows a GitHub ID token to be fetched whilst executing within the context of a GitHub actions workflow.

func NewIDTokenSource ¶

func NewIDTokenSource() *IDTokenSource

func (*IDTokenSource) GetIDToken ¶

func (ip *IDTokenSource) GetIDToken(ctx context.Context) (string, error)

GetIDToken utilizes values set in the environment and the GitHub API to fetch a GitHub issued IDToken.

type IDTokenValidator ¶

type IDTokenValidator struct {
	IDTokenValidatorConfig
}

func NewIDTokenValidator ¶

func NewIDTokenValidator(cfg IDTokenValidatorConfig) *IDTokenValidator

func (*IDTokenValidator) Validate ¶

func (id *IDTokenValidator) Validate(
	ctx context.Context, GHESHost string, enterpriseSlug string, token string,
) (*IDTokenClaims, error)

type IDTokenValidatorConfig ¶

type IDTokenValidatorConfig struct {
	// Clock is used by the validator when checking expiry and issuer times of
	// tokens. If omitted, a real clock will be used.
	Clock clockwork.Clock
	// GitHubIssuerHost is the host of the Issuer for tokens issued by
	// GitHub's cloud hosted version. If no GHESHost override is provided to
	// the call to Validate, then this will be used as the host.
	GitHubIssuerHost string
	// contains filtered or unexported fields
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL