{"id":23130451,"url":"https://github.com/andreaso/gha-oidc-e2e-demo","last_synced_at":"2026-01-30T17:31:11.157Z","repository":{"id":267172509,"uuid":"896893417","full_name":"andreaso/gha-oidc-e2e-demo","owner":"andreaso","description":"End-to-end demo to illustrate how GitHub Actions' OIDC support works under the hood. ","archived":false,"fork":false,"pushed_at":"2024-12-01T15:11:59.000Z","size":4,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-10-10T22:44:47.897Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/andreaso.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-12-01T15:08:45.000Z","updated_at":"2024-12-01T20:27:10.000Z","dependencies_parsed_at":"2024-12-11T00:45:12.025Z","dependency_job_id":null,"html_url":"https://github.com/andreaso/gha-oidc-e2e-demo","commit_stats":null,"previous_names":["andreaso/gha-oidc-e2e-demo"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/andreaso/gha-oidc-e2e-demo","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreaso%2Fgha-oidc-e2e-demo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreaso%2Fgha-oidc-e2e-demo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreaso%2Fgha-oidc-e2e-demo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreaso%2Fgha-oidc-e2e-demo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/andreaso","download_url":"https://codeload.github.com/andreaso/gha-oidc-e2e-demo/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreaso%2Fgha-oidc-e2e-demo/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28916075,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-30T16:37:38.804Z","status":"ssl_error","status_checked_at":"2026-01-30T16:37:37.878Z","response_time":66,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-17T10:14:25.300Z","updated_at":"2026-01-30T17:31:11.136Z","avatar_url":"https://github.com/andreaso.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# GitHub Actions OIDC end-to-end demo\n\nThis is about [GitHub Actions' OIDC support][1]. In short it allows\nyou to authenticate your GitHub Actions jobs towards various cloud\nproviders using OIDC, rather than relying on long-lived service\naccount credentials.\n\nTo make it a bit more clear what's happening under the hood I put\ntogether an end-to-end demo workflow.\n\n* [oidc-auth-e2e-demo.yaml](.github/workflows/oidc-auth-e2e-demo.yaml)\n\nThat demo workflow is split into two parts. It starts off by showing\nwhat actually happens inside the GitHub Actions job without relying on\nthe usual abstractions. Then the workflow continues with an extremely\nsimplified simulation of what conceptually happens at the cloud\nprovider's side.\n\n\n## Usage\n\nHopefully simply reading the\n[oidc-auth-e2e-demo.yaml](.github/workflows/oidc-auth-e2e-demo.yaml)\ndemo workflow and the\n[verify_oidc_jwt.py](.github/helpers/verify_oidc_jwt.py) helper script\nwill provide a bit of helpful extra context.\n\nYet in case you decide to clone the repository to be able to muck\naround a bit yourself do note that you'll need to modify the\n`THAT_CLOUD_CONF_GH_ALLOWED_REPO` environment variable. At least\nassuming that you want to be starting off in a passing state.\n\n\n[1]: https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/about-security-hardening-with-openid-connect\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandreaso%2Fgha-oidc-e2e-demo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fandreaso%2Fgha-oidc-e2e-demo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandreaso%2Fgha-oidc-e2e-demo/lists"}