{"id":30047304,"url":"https://github.com/rgl/github-octo-sts-playground","last_synced_at":"2025-08-07T09:38:57.302Z","repository":{"id":307830555,"uuid":"1030821774","full_name":"rgl/github-octo-sts-playground","owner":"rgl","description":"My Octo STS playground","archived":false,"fork":false,"pushed_at":"2025-08-02T12:16:30.000Z","size":1,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-08-02T14:16:54.905Z","etag":null,"topics":["github","octo-sts","oidc"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rgl.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-08-02T11:55:16.000Z","updated_at":"2025-08-02T12:16:03.000Z","dependencies_parsed_at":"2025-08-02T14:17:27.227Z","dependency_job_id":"d36e9fa8-9874-43d6-a9a5-98398f428f9a","html_url":"https://github.com/rgl/github-octo-sts-playground","commit_stats":null,"previous_names":["rgl/github-octo-sts-playground"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/rgl/github-octo-sts-playground","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rgl%2Fgithub-octo-sts-playground","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rgl%2Fgithub-octo-sts-playground/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rgl%2Fgithub-octo-sts-playground/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rgl%2Fgithub-octo-sts-playground/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rgl","download_url":"https://codeload.github.com/rgl/github-octo-sts-playground/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rgl%2Fgithub-octo-sts-playground/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":269235744,"owners_count":24383225,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-07T02:00:09.698Z","response_time":73,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["github","octo-sts","oidc"],"created_at":"2025-08-07T09:38:54.237Z","updated_at":"2025-08-07T09:38:57.294Z","avatar_url":"https://github.com/rgl.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# About\n\nMy [Octo STS](https://github.com/octo-sts/app) playground.\n\nThis uses the [Octo STS GitHub App](https://github.com/octo-sts) and the [octo-sts/action GitHub Action](https://github.com/octo-sts/action) to request a token for accessing the [rgl-example/github-octo-sts-example](https://github.com/rgl-example/github-octo-sts-example) repository.\n\n# Usage\n\nInstall the [Octo STS GitHub App](https://github.com/apps/octo-sts) in your target GitHub Organization.\n\nModify your GitHub Actions Workflow to use the [octo-sts/action](https://github.com/octo-sts/action) to create a token for a target repository, like in the [test workflow](.github/workflows/test.yml).\n\nUse the created token to access the target repository.\n\n# Notes\n\n* The Octo STS GitHub App service is hosted at https://octo-sts.dev.\n  * It is currently hosted in GCP in the `us-central1` region of the USA.\n    * That is defined in the [Octo STS infrastructure code](https://github.com/octo-sts/app/blob/main/iac/terraform.tfvars).\n* The Octo STS GitHub App creates a GitHub Token from a GitHub Actions Workflow OIDC ID Token and a security policy stored in a `.sts.yaml` file inside the target repository, e.g., at [rgl-example/github-octo-sts-example/.github/chainguard/playground.sts.yaml](https://github.com/rgl-example/github-octo-sts-example/blob/main/.github/chainguard/playground.sts.yaml).\n  * The security profile can use some of the OIDC ID Token claims, e.g., `sub` (aka `subject`), which contains the repository name and git ref, something like `repo:rgl/github-octo-sts-playground:ref:refs/heads/main`.\n    * You can see a full example of a GitHub Actions Workflow ID Token JWT at https://github.com/rgl/github-actions-validate-jwt.\n* The created GitHub Token is an [Octo STS GitHub App installation access token](https://docs.github.com/en/rest/apps/apps?apiVersion=2022-11-28#create-an-installation-access-token-for-an-app).\n\n# Alternatives\n\n* [qoomon/actions--access-token](https://github.com/qoomon/actions--access-token).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frgl%2Fgithub-octo-sts-playground","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frgl%2Fgithub-octo-sts-playground","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frgl%2Fgithub-octo-sts-playground/lists"}