Skip to content

Grant GitHub Actions workflows access to OIDC token #3930

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 9, 2024
Merged

Grant GitHub Actions workflows access to OIDC token #3930

merged 1 commit into from
Jul 9, 2024

Conversation

jdno
Copy link
Member

@jdno jdno commented Jul 9, 2024

In #3909, new steps were added to the GitHub Actions workflows that upload the build artifacts to a new S3 bucket. Authentication is done using short-lived tokens that are provisioned using OIDC. This scheme requires additional permissions1, which have been granted to the workflows.

Footnotes

  1. https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings

@jdno
Grant GitHub Actions workflows access to OIDC token
5955449 
In rust-lang#3909, new steps were added to the GitHub Actions workflows that
upload the build artifacts to a new S3 bucket. Authentication is done
using short-lived tokens that are provisioned using OIDC. This scheme
requires additional permissions[^1], which have been granted to the
workflows.

[^1]: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings
rami3l
rami3l approved these changes Jul 9, 2024
View reviewed changes
Copy link
Member

@rami3l rami3l left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jdno Thanks, and please feel free to merge when you feel ready!

@jdno
Copy link
Member Author

jdno commented Jul 9, 2024

Sorry for breaking it in the first place! 😅

@jdno jdno added this pull request to the merge queue Jul 9, 2024
Merged via the queue into rust-lang:master with commit f268633 Jul 9, 2024
27 checks passed
@jdno jdno deleted the permissions-id-token branch July 9, 2024 12:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@djc djc djc approved these changes

@rami3l rami3l rami3l approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jdno @djc @rami3l