Full release of actions/core 1.6.0 with oidc behavior (#919)

* OIDC Client for actions/core Co-authored-by: Sourav Chanduka <souravchanduka37@gmail.com> Co-authored-by: Sourav Chanduka <souravchanduka@users.noreply.github.com> Co-authored-by: Tingluo Huang <tingluohuang@github.com>
2026-04-01 03:53:14 +08:00 · 2021-09-28 12:55:21 -04:00
parent 60145e408c
commit 27f76dfe1a
8 changed files with 22247 additions and 29 deletions
--- a/packages/core/src/oidc-utils.ts
+++ b/packages/core/src/oidc-utils.ts
@@ -0,0 +1,84 @@
+/* eslint-disable @typescript-eslint/no-extraneous-class */
+import * as actions_http_client from '@actions/http-client'
+import {IRequestOptions} from '@actions/http-client/interfaces'
+import {HttpClient} from '@actions/http-client'
+import {BearerCredentialHandler} from '@actions/http-client/auth'
+import {debug, setSecret} from './core'
+interface TokenResponse {
+  value?: string
+}
+
+export class OidcClient {
+  private static createHttpClient(
+    allowRetry = true,
+    maxRetry = 10
+  ): actions_http_client.HttpClient {
+    const requestOptions: IRequestOptions = {
+      allowRetries: allowRetry,
+      maxRetries: maxRetry
+    }
+
+    return new HttpClient(
+      'actions/oidc-client',
+      [new BearerCredentialHandler(OidcClient.getRequestToken())],
+      requestOptions
+    )
+  }
+
+  private static getRequestToken(): string {
+    const token = process.env['ACTIONS_ID_TOKEN_REQUEST_TOKEN']
+    if (!token) {
+      throw new Error(
+        'Unable to get ACTIONS_ID_TOKEN_REQUEST_TOKEN env variable'
+      )
+    }
+    return token
+  }
+
+  private static getIDTokenUrl(): string {
+    const runtimeUrl = process.env['ACTIONS_ID_TOKEN_REQUEST_URL']
+    if (!runtimeUrl) {
+      throw new Error('Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable')
+    }
+    return runtimeUrl
+  }
+
+  private static async getCall(id_token_url: string): Promise<string> {
+    const httpclient = OidcClient.createHttpClient()
+
+    const res = await httpclient
+      .getJson<TokenResponse>(id_token_url)
+      .catch(error => {
+        throw new Error(
+          `Failed to get ID Token. \n 
+        Error Code : ${error.statusCode}\n 
+        Error Message: ${error.result.message}`
+        )
+      })
+
+    const id_token = res.result?.value
+    if (!id_token) {
+      throw new Error('Response json body do not have ID Token field')
+    }
+    return id_token
+  }
+
+  static async getIDToken(audience?: string): Promise<string> {
+    try {
+      // New ID Token is requested from action service
+      let id_token_url: string = OidcClient.getIDTokenUrl()
+      if (audience) {
+        const encodedAudience = encodeURIComponent(audience)
+        id_token_url = `${id_token_url}&audience=${encodedAudience}`
+      }
+
+      debug(`ID token url is ${id_token_url}`)
+
+      const id_token = await OidcClient.getCall(id_token_url)
+      setSecret(id_token)
+      return id_token
+    } catch (error) {
+      throw new Error(`Error message: ${error.message}`)
+    }
+  }
+}