From f5c3f7820b59f6b90c330c12f06ffc4ef52fc37e Mon Sep 17 00:00:00 2001 From: Mario Minardi Date: Mon, 19 Jan 2026 08:40:56 -0700 Subject: [PATCH] fix subject assertion and extract jwt-cli version to env var Signed-off-by: Mario Minardi --- actions/example-id-tokens/.forgejo/workflows/test.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/actions/example-id-tokens/.forgejo/workflows/test.yml b/actions/example-id-tokens/.forgejo/workflows/test.yml index 65e0f0b8..0d37000a 100644 --- a/actions/example-id-tokens/.forgejo/workflows/test.yml +++ b/actions/example-id-tokens/.forgejo/workflows/test.yml @@ -1,11 +1,15 @@ on: [push] + +env: + JWT_CLI_VERSION: 6.2.0 # renovate: datasource=github-releases depName=jwt-cli packageName=mike-engel/jwt-cli + jobs: generation-allowed: enable-openid-connect: true runs-on: docker steps: - run: curl -L -o jq https://github.com/jqlang/jq/releases/latest/download/jq-linux-amd64 && chmod a+x ./jq - - run: curl -L -o jwt-linux.tar.gz https://github.com/mike-engel/jwt-cli/releases/download/6.2.0/jwt-linux-musl.tar.gz && tar -xvzf ./jwt-linux.tar.gz && chmod a+x ./jwt + - run: curl -L -o jwt-linux.tar.gz https://github.com/mike-engel/jwt-cli/releases/download/${{ env.JWT_CLI_VERSION }}/jwt-linux-musl.tar.gz && tar -xvzf ./jwt-linux.tar.gz && chmod a+x ./jwt - name: validate token generation works run: | RAW_JWT=$(curl -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=exampleAudience" | ./jq -r ".value") @@ -53,7 +57,7 @@ jobs: exit 1 fi if [[ "$SUB" != "repo:root/example-id-tokens:ref:refs/head/master" ]]; then - echo "Error: SUB should be repo:root/example-id-tokens:ref:refs/head/master but is $SUB" + echo "Error: SUB should be repo:root/example-id-tokens:ref:refs/head/main but is $SUB" exit 1 fi