From a11123d768e6037e63b42ad4b9cec942ba523a29 Mon Sep 17 00:00:00 2001
From: Mario Minardi <mminardi@shaw.ca>
Date: Wed, 21 Jan 2026 16:06:09 -0700
Subject: [PATCH] use image with jq already installed

Signed-off-by: Mario Minardi <mminardi@shaw.ca>
---
 .../.forgejo/workflows/test.yml                | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/actions/example-id-tokens/.forgejo/workflows/test.yml b/actions/example-id-tokens/.forgejo/workflows/test.yml
index 4b9c91b4..31c49156 100644
--- a/actions/example-id-tokens/.forgejo/workflows/test.yml
+++ b/actions/example-id-tokens/.forgejo/workflows/test.yml
@@ -2,30 +2,30 @@ on: [push]
 
 env:
     JWT_CLI_VERSION: 6.2.0 # renovate: datasource=github-releases depName=jwt-cli packageName=mike-engel/jwt-cli
-    JQ_VERSION: jq-1.8.1 # renovate: datasource=github-releases depName=jq packageName=jqlang/jq
 
 jobs:
     generation-allowed:
         enable-openid-connect: true
         runs-on: docker
+        container:
+            image: data.forgejo.org/oci/ci:1
         steps:
-            - run: curl -L -o jq https://github.com/jqlang/jq/releases/download/${{ env.JQ_VERSION }}/jq-linux-amd64 && chmod a+x ./jq
             - run: curl -L -o jwt-linux.tar.gz https://github.com/mike-engel/jwt-cli/releases/download/${{ env.JWT_CLI_VERSION }}/jwt-linux-musl.tar.gz && tar -xvzf ./jwt-linux.tar.gz && chmod a+x ./jwt
             - name: validate token generation works
               run: |
-                  RAW_JWT=$(curl -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=exampleAudience" | ./jq -r ".value")
+                  RAW_JWT=$(curl -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=exampleAudience" | jq -r ".value")
                   if [[ -z "RAW_JWT" ]]; then
                     echo "Error: RAW_JWT should be set"
                     exit 1
                   fi
 
-                  DECODED_JWT_BODY=$(echo $RAW_JWT | ./jq -R 'split(".") | .[1] | @base64d | fromjson')
+                  DECODED_JWT_BODY=$(echo $RAW_JWT | jq -R 'split(".") | .[1] | @base64d | fromjson')
                   if [[ -z "$DECODED_JWT_BODY" ]]; then
                     echo "Error: DECODED_JWT_BODY should be set"
                     exit 1
                   fi
 
-                  ISS=$(echo $DECODED_JWT_BODY | ./jq -r '.iss')
+                  ISS=$(echo $DECODED_JWT_BODY | jq -r '.iss')
                   if [[ -z "$ISS" ]]; then
                     echo "Error: ISS should be set"
                     exit 1
@@ -41,10 +41,10 @@ jobs:
                   # Verify that the JWT decodes with the JWKS data
                   ./jwt decode -S @./jwks.json -A RS256 $RAW_JWT || (echo "Error: failed signature validation" && exit 1)
 
-                  WORKFLOW=$(echo $DECODED_JWT_BODY | ./jq -r '.workflow')
-                  AUD=$(echo $DECODED_JWT_BODY | ./jq -r '.aud')
-                  EVENT_NAME=$(echo $DECODED_JWT_BODY | ./jq -r '.event_name')
-                  SUB=$(echo $DECODED_JWT_BODY | ./jq -r '.sub')
+                  WORKFLOW=$(echo $DECODED_JWT_BODY | jq -r '.workflow')
+                  AUD=$(echo $DECODED_JWT_BODY | jq -r '.aud')
+                  EVENT_NAME=$(echo $DECODED_JWT_BODY | jq -r '.event_name')
+                  SUB=$(echo $DECODED_JWT_BODY | jq -r '.sub')
                   if [[ "$WORKFLOW" != "test.yml" ]]; then
                     echo "Error: WORKFLOW should be test.yml but is $WORKFLOW"
                     exit 1