githubactions

package

v0.0.0-...-5c79d48 Latest Latest Go to latest Published: Feb 15, 2024 License: AGPL-3.0 Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/juser0719/teleport

Documentation ¶

Index ¶

Constants
type IDTokenClaims
- func (c *IDTokenClaims) JoinAuditAttributes() (map[string]interface{}, error)
type IDTokenSource
- func NewIDTokenSource() *IDTokenSource
- func (ip *IDTokenSource) GetIDToken(ctx context.Context) (string, error)
type IDTokenValidator
- func NewIDTokenValidator(cfg IDTokenValidatorConfig) *IDTokenValidator
- func (id *IDTokenValidator) Validate(ctx context.Context, GHESHost string, enterpriseSlug string, token string) (*IDTokenClaims, error)
type IDTokenValidatorConfig

Constants ¶

View Source

const DefaultIssuerHost = "token.actions.githubusercontent.com"

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type IDTokenClaims ¶

type IDTokenClaims struct {
	// Sub also known as Subject is a string that roughly uniquely indentifies
	// the workload. The format of this varies depending on the type of
	// github action run.
	Sub string `json:"sub"`
	// The personal account that initiated the workflow run.
	Actor string `json:"actor"`
	// The ID of personal account that initiated the workflow run.
	ActorID string `json:"actor_id"`
	// The target branch of the pull request in a workflow run.
	BaseRef string `json:"base_ref"`
	// The name of the environment used by the job.
	Environment string `json:"environment"`
	// The name of the event that triggered the workflow run.
	EventName string `json:"event_name"`
	// The source branch of the pull request in a workflow run.
	HeadRef string `json:"head_ref"`
	// This is the ref path to the reusable workflow used by this job.
	JobWorkflowRef string `json:"job_workflow_ref"`
	// The git ref that triggered the workflow run.
	Ref string `json:"ref"`
	// The type of ref, for example: "branch".
	RefType string `json:"ref_type"`
	// The visibility of the repository where the workflow is running. Accepts the following values: internal, private, or public.
	RepositoryVisibility string `json:"repository_visibility"`
	// The repository from where the workflow is running.
	// This includes the name of the owner e.g `gravitational/teleport`
	Repository string `json:"repository"`
	// The ID of the repository from where the workflow is running.
	RepositoryID string `json:"repository_id"`
	// The name of the organization in which the repository is stored.
	RepositoryOwner string `json:"repository_owner"`
	// The ID of the organization in which the repository is stored.
	RepositoryOwnerID string `json:"repository_owner_id"`
	// The ID of the workflow run that triggered the workflow.
	RunID string `json:"run_id"`
	// The number of times this workflow has been run.
	RunNumber string `json:"run_number"`
	// The number of times this workflow run has been retried.
	RunAttempt string `json:"run_attempt"`
	// SHA is the commit SHA that triggered the workflow run.
	SHA string `json:"sha"`
	// The name of the workflow.
	Workflow string `json:"workflow"`
}

IDTokenClaims is the structure of claims contained within a Github issued ID token.

See the following for the structure: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#understanding-the-oidc-token

func (*IDTokenClaims) JoinAuditAttributes ¶

func (c *IDTokenClaims) JoinAuditAttributes() (map[string]interface{}, error)

JoinAuditAttributes returns a series of attributes that can be inserted into audit events related to a specific join.

type IDTokenSource ¶

type IDTokenSource struct {
	// contains filtered or unexported fields
}

IDTokenSource allows a GitHub ID token to be fetched whilst executing within the context of a GitHub actions workflow.

func NewIDTokenSource ¶

func NewIDTokenSource() *IDTokenSource

func (*IDTokenSource) GetIDToken ¶

func (ip *IDTokenSource) GetIDToken(ctx context.Context) (string, error)

GetIDToken utilizes values set in the environment and the GitHub API to fetch a GitHub issued IDToken.

type IDTokenValidator ¶

type IDTokenValidator struct {
	IDTokenValidatorConfig
}

func NewIDTokenValidator ¶

func NewIDTokenValidator(cfg IDTokenValidatorConfig) *IDTokenValidator

func (*IDTokenValidator) Validate ¶

func (id *IDTokenValidator) Validate(
	ctx context.Context, GHESHost string, enterpriseSlug string, token string,
) (*IDTokenClaims, error)

type IDTokenValidatorConfig ¶

type IDTokenValidatorConfig struct {
	// Clock is used by the validator when checking expiry and issuer times of
	// tokens. If omitted, a real clock will be used.
	Clock clockwork.Clock
	// GitHubIssuerHost is the host of the Issuer for tokens issued by
	// GitHub's cloud hosted version. If no GHESHost override is provided to
	// the call to Validate, then this will be used as the host.
	GitHubIssuerHost string
	// contains filtered or unexported fields
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL