Update JFrog GitHub OIDC setup docs #37596
Conversation
|
Thanks for opening this pull request! A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines. |
github-actions
bot
added
the
triage
How to review these changes 👓Thank you for your contribution. To review these changes, choose one of the following options: A Hubber will need to deploy your changes internally to review. Table of review linksNote: Please update the URL for your staging server or codespace. The table shows the files in the
Key: fpt: Free, Pro, Team; ghec: GitHub Enterprise Cloud; ghes: GitHub Enterprise Server 🤖 This comment is automatically generated. |
… into update_jfrog_docs
|
@EyalDelarea Thanks for opening a PR! 🎉 It looks like this is still a draft. Could you ping me when this is ready? Then, I'll get it up for review ⚡ |
...or-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-jfrog.md
Outdated
Show resolved
Hide resolved
...or-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-jfrog.md
Show resolved
Hide resolved
...or-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-jfrog.md
Show resolved
Hide resolved
...or-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-jfrog.md
Outdated
Show resolved
Hide resolved
|
Thanks! I'll get this triaged now. |
Sharra-writes
added
content
|
Thanks for opening a pull request! We've triaged this issue for technical review by a subject matter expert 👀 |
|
Hey @Sharra-writes, |
|
@EyalDelarea If this isn't ready to merge yet, then leaving it as a draft would probably be better. My job will be looking for technical confirmation internally, and I probably can't get confirmation on changes that haven't been made yet! 😆 |
|
@Sharra-writes, |
...or-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-jfrog.md
Show resolved
Hide resolved
...or-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-jfrog.md
Show resolved
Hide resolved
|
Hey @Sharra-writes. The PR is ready for review 👍 |
|
@EyalDelarea Thanks! I'll start looking for an SME to review. 👍 |
...or-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-jfrog.md
Outdated
Show resolved
Hide resolved
...or-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-jfrog.md
Outdated
Show resolved
Hide resolved
… into update_jfrog_docs
Sharra-writes
added
waiting for review
There was a problem hiding this comment.
👋 Thank you for raising this and thanks for your patience
I've raised a few comments and questions, and once we've resolved things there won't be any problem with merging this. With a couple of exceptions, almost all of my review comments are related to the GitHub or Microsoft style guides, so if you'd like us to explain any of them then just let us know. Thank you
| ### Example: Using OIDC Credentials in Other Steps |
There was a problem hiding this comment.
| ### Example: Using OIDC Credentials in Other Steps | |
| ### Using OIDC Credentials in other steps |
| password: ${{ steps.setup-jfrog-cli.outputs.oidc-token }} | ||
| ``` | ||
| ## Further Reading |
There was a problem hiding this comment.
| ## Further Reading | |
| ## Further reading |
| ## Further Reading | ||
| - [JFrog OpenID Connect Integration](https://jfrog.com/help/r/jfrog-platform-administration-documentation/openid-connect-integration) |
There was a problem hiding this comment.
| - [JFrog OpenID Connect Integration](https://jfrog.com/help/r/jfrog-platform-administration-documentation/openid-connect-integration) | |
| - [OpenID Connect Integration](https://jfrog.com/help/r/jfrog-platform-administration-documentation/openid-connect-integration) in the JFrog documentation |
| ## Further Reading | ||
| - [JFrog OpenID Connect Integration](https://jfrog.com/help/r/jfrog-platform-administration-documentation/openid-connect-integration) | ||
| - [Configure Identity Mappings](https://jfrog.com/help/r/jfrog-platform-administration-documentation/identity-mappings) |
There was a problem hiding this comment.
| - [Configure Identity Mappings](https://jfrog.com/help/r/jfrog-platform-administration-documentation/identity-mappings) | |
| - [Identity Mappings](https://jfrog.com/help/r/jfrog-platform-administration-documentation/identity-mappings) in the JFrog documentation |
| - [JFrog OpenID Connect Integration](https://jfrog.com/help/r/jfrog-platform-administration-documentation/openid-connect-integration) | ||
| - [Configure Identity Mappings](https://jfrog.com/help/r/jfrog-platform-administration-documentation/identity-mappings) | ||
| - [GitHub Docs: About Security Hardening with OIDC](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect) |
There was a problem hiding this comment.
| - [GitHub Docs: About Security Hardening with OIDC](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect) | |
| - [AUTOTITLE](actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect) |
| @@ -47,59 +47,52 @@ To use OIDC with JFrog, establish a trust relationship between {% data variables | |||
|
|
|||
| ## Updating your {% data variables.product.prodname_actions %} workflow | |||
|
|
|||
| Once you establish a trust relationship between {% data variables.product.prodname_actions %} and the JFrog platform, you can update your {% data variables.product.prodname_actions %} workflow file. | |||
| ### Example: Authenticating with JFrog using OIDC | |||
There was a problem hiding this comment.
| ### Example: Authenticating with JFrog using OIDC | |
| ### Authenticating with JFrog using OIDC |
| env: | ||
| OIDC_AUDIENCE: 'YOUR_AUDIENCE' | ||
| steps: | ||
| - name: Setup JFrog CLI with OIDC |
There was a problem hiding this comment.
| - name: Setup JFrog CLI with OIDC | |
| - name: Set up JFrog CLI with OIDC |
| > [!TIP] | ||
| > When OIDC authentication is used, the `setup-jfrog-cli` action automatically provides `oidc-user` and `oidc-token` as step outputs. | ||
| > These can be used for other integrations that require authentication with JFrog. | ||
| > To reference these outputs, ensure the step has an explicit `id` defined (e.g., `id: setup-jfrog-cli`). |
There was a problem hiding this comment.
| > To reference these outputs, ensure the step has an explicit `id` defined (e.g., `id: setup-jfrog-cli`). | |
| > To reference these outputs, ensure the step has an explicit `id` defined (for example `id: setup-jfrog-cli`). |
| ### Example: Using OIDC Credentials in Other Steps |
There was a problem hiding this comment.
Is there a bit of extra context you could add here, just to set the scene for the example?
| @@ -47,59 +47,52 @@ To use OIDC with JFrog, establish a trust relationship between {% data variables | |||
|
|
|||
| ## Updating your {% data variables.product.prodname_actions %} workflow | |||
|
|
|||
| Once you establish a trust relationship between {% data variables.product.prodname_actions %} and the JFrog platform, you can update your {% data variables.product.prodname_actions %} workflow file. | |||
There was a problem hiding this comment.
Is this information not accurate any more? It seems to add a nice bridge between the H2 and the H3
Why:
This change updates the JFrog OIDC integration guide to reflect a recent improvement in the
jfrog/setup-jfrog-cliGitHub Action. The action now supports seamless OIDC authentication out of the box, removing the need for users to manually exchange tokens via REST API calls.What's being changed (if available, include any code snippets, screenshots, or gifs):
curl.jfrog/setup-jfrog-cli@v4withoidc-provider-nameandoidc-audienceinputs.permissionsblock (id-token: write) to the YAML example to ensure OIDC works as expected.Check off the following: