-
Notifications
You must be signed in to change notification settings - Fork 0
/
action.yaml
52 lines (48 loc) · 1.54 KB
/
action.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
---
name: Vault OIDC SSH certificate
description: Use OIDC authentication to get SSH client certificates from Vault
author: Andreas Olsson
inputs:
vault_server:
description: URL of the Vault server
required: true
oidc_backend_path:
description: Path to Vault's GitHub configured JWT/OIDC backend
required: true
oidc_role:
description: Name of the Vault server OIDC role to use
required: true
ssh_backend_path:
description: Path to Vault's SSH CA backend
required: true
ssh_role:
description: Name of the Vault server SSH certificate role to use
required: true
jwt_audience:
description: Custom JWT audience. Defaults to the vault_server hostname
required: false
outputs:
cert_path:
description: Full path to the generated SSH certificate
value: ${{ steps.run_action.outputs.cert_path }}
key_path:
description: Full path to the corresponding private SSH key
value: ${{ steps.run_action.outputs.key_path }}
runs:
using: composite
steps:
- name: Run Action
id: run_action
shell: python
run: |
import vault_oidc_ssh_cert_action
vault_oidc_ssh_cert_action.run()
env:
PYTHONPATH: ${{ github.action_path }}
JWT_AUDIENCE: ${{ inputs.jwt_audience }}
OIDC_BACKEND_PATH: ${{ inputs.oidc_backend_path }}
OIDC_ROLE: ${{ inputs.oidc_role }}
SSH_BACKEND_PATH: ${{ inputs.ssh_backend_path }}
SSH_ROLE: ${{ inputs.ssh_role }}
VAULT_SERVER: ${{ inputs.vault_server }}
TMPDIR: ${{ runner.temp }}