fix subject assertion and extract jwt-cli version to env var

Signed-off-by: Mario Minardi <mminardi@shaw.ca>
2026-01-19 08:40:56 -07:00 · 2026-01-19 08:40:56 -07:00 · f5c3f7820b
commit f5c3f7820b
parent cc4d44e986
1 changed files with 6 additions and 2 deletions
--- a/actions/example-id-tokens/.forgejo/workflows/test.yml
+++ b/actions/example-id-tokens/.forgejo/workflows/test.yml
@ -1,11 +1,15 @@
 on: [push]
+
+env:
+    JWT_CLI_VERSION: 6.2.0 # renovate: datasource=github-releases depName=jwt-cli packageName=mike-engel/jwt-cli
+
 jobs:
    generation-allowed:
        enable-openid-connect: true
        runs-on: docker
        steps:
            - run: curl -L -o jq https://github.com/jqlang/jq/releases/latest/download/jq-linux-amd64 && chmod a+x ./jq
-            - run: curl -L -o jwt-linux.tar.gz https://github.com/mike-engel/jwt-cli/releases/download/6.2.0/jwt-linux-musl.tar.gz && tar -xvzf ./jwt-linux.tar.gz && chmod a+x ./jwt
+            - run: curl -L -o jwt-linux.tar.gz https://github.com/mike-engel/jwt-cli/releases/download/${{ env.JWT_CLI_VERSION }}/jwt-linux-musl.tar.gz && tar -xvzf ./jwt-linux.tar.gz && chmod a+x ./jwt
            - name: validate token generation works
              run: |
                  RAW_JWT=$(curl -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=exampleAudience" | ./jq -r ".value")
@ -53,7 +57,7 @@ jobs:
                    exit 1
                  fi
                  if [[ "$SUB" != "repo:root/example-id-tokens:ref:refs/head/master" ]]; then
-                    echo "Error: SUB should be repo:root/example-id-tokens:ref:refs/head/master but is $SUB"
+                    echo "Error: SUB should be repo:root/example-id-tokens:ref:refs/head/main but is $SUB"
                    exit 1
                  fi