Skip to content

OPS-1526: Minor updates README and core input. #15

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
apujari-aembit merged 3 commits into from
Dec 29, 2025
Merged

OPS-1526: Minor updates README and core input. #15

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
98283d6
(feat): GitHub markdowns to emphasize critical information
apujari-aembit Dec 29, 2025
2297589
(feat): flag to trim whitespace.
apujari-aembit Dec 29, 2025
825c2c3
(lint): linting...
apujari-aembit Dec 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 7 additions & 4 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,16 @@
## Overview
This action retrieves temporary credentials from Aembit for use in your GitHub workflows. It enables secure, secretless access to external systems like cloud providers or APIs by dynamically fetching scoped credentials at runtime. This helps improves security within CI/CD pipelines.

**Note: this is an alpha release, it is not yet officially supported.**
> [!CAUTION]
> This is an alpha release, it is not yet officially supported.

## Requirements

### Workflow Permissions

This Action retrieves an OIDC token for your workflow from GitHub to attest its
identity with Aembit. Your workflow must have the following permission for it to work.
> [!IMPORTANT]
> This Action retrieves an OIDC token for your workflow from GitHub to attest its
> identity with Aembit. Your workflow must have the following permission for it to work.

```yaml
permissions:
Expand Down Expand Up @@ -113,7 +115,8 @@ outputs:
aws-session-token: '****'
```

<b>Note:</b> All the outputs generated by this action are GitHub masked secrets.
> [!NOTE]
> All the outputs generated by this action are GitHub masked secrets.

## Troubleshooting

Expand Down
1 change: 1 addition & 0 deletions __test__/main.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,7 @@ describe("run", () => {
// Verify inputs are read
expect(core.getInput).toHaveBeenCalledWith("client-id", {
required: true,
trimWhitespace: true,
});
expect(core.getInput).toHaveBeenCalledWith("domain");
expect(core.getInput).toHaveBeenCalledWith("server-host");
Expand Down
9 changes: 6 additions & 3 deletions dist/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54916,7 +54916,10 @@ function run() {
return __awaiter(this, void 0, void 0, function* () {
try {
// Read inputs for action (defined in action.yml file)
const clientId = core.getInput("client-id", { required: true });
const clientId = core.getInput("client-id", {
required: true,
trimWhitespace: true,
});
const domain = core.getInput("domain");
const serverHost = core.getInput("server-host");
const serverPort = core.getInput("server-port");
Expand Down Expand Up @@ -54974,8 +54977,8 @@ function validateClientId(clientId) {
if (clientIdComponents[4] !== "github_idtoken") {
throw new Error("Client ID does not appear to be of type GitHub ID token.");
}
const id = clientIdComponents[5].trim();
if (!(0, uuid_1.validate)(id) || (0, uuid_1.version)(id) !== 4) {
if (!(0, uuid_1.validate)(clientIdComponents[5]) ||
(0, uuid_1.version)(clientIdComponents[5]) !== 4) {
throw new Error("Not a valid token.");
}
return;
Expand Down
3 changes: 2 additions & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@
"@vitest/coverage-v8": "^4.0.15",
"msw": "^2.12.4",
"typescript": "^5.9.3",
"vitest": "^4.0.15"
"vitest": "^4.0.15",
"yaml": "^2.8.2"
}
}
5 changes: 4 additions & 1 deletion src/main.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,10 @@ import {
async function run(): Promise<void> {
try {
// Read inputs for action (defined in action.yml file)
const clientId: string = core.getInput("client-id", { required: true });
const clientId: string = core.getInput("client-id", {
required: true,
trimWhitespace: true,
});
const domain: string = core.getInput("domain");
const serverHost: string = core.getInput("server-host");
const serverPort: string = core.getInput("server-port");
Expand Down
6 changes: 4 additions & 2 deletions src/validate.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,10 @@ function validateClientId(clientId: string) {
throw new Error("Client ID does not appear to be of type GitHub ID token.");
}

const id = clientIdComponents[5].trim();
if (!validateUUID(id) || uuidVersion(id) !== 4) {
if (
!validateUUID(clientIdComponents[5]) ||
uuidVersion(clientIdComponents[5]) !== 4
) {
throw new Error("Not a valid token.");
}

Expand Down
5 changes: 5 additions & 0 deletions yarn.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2750,6 +2750,11 @@ yaml@^1.10.0:
resolved "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz"
integrity sha512-r3vXyErRCYJ7wg28yvBY5VSoAF8ZvlcW9/BwUzEtUsjvX/DKs24dIkuwjtuprwJJHsbyUbLApepYTR1BN4uHrg==

yaml@^2.8.2:
version "2.8.2"
resolved "https://registry.yarnpkg.com/yaml/-/yaml-2.8.2.tgz#5694f25eca0ce9c3e7a9d9e00ce0ddabbd9e35c5"
integrity sha512-mplynKqc1C2hTVYxd0PU2xQAc22TI1vShAYGksCCfxbn/dFwnHTNi1bvYsBTkhdUNtGIf5xNOg938rrSSYvS9A==

yargs-parser@^21.1.1:
version "21.1.1"
resolved "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz"
Expand Down