You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The action is currently incompatible with any organisation belonging to a GitHub Enterprise Cloud instance that has followed the hardening guidance to customize the issuer value:
Error: Failed to get ID token: unexpected "iss" claim value
With the GitHub Actions OIDC Custom Issuer Policy enabled (i.e. include_enterprise_slug=true), the Enterprise Cloud issuer becomes https://token.actions.githubusercontent.com/${enterpriseSlug}.
Ideally, the action would dynamically retrieve the correct enterpriseSlug given the runtime context; alternatively it should support an optional enterpriseSlug input parameter to be suffixed to the calculated issuer.
The text was updated successfully, but these errors were encountered:
I don't think there is a good way to determine whether the issuer customization is enabled for a given account, so will probably end-up with an include_enterprise_slug input param.
This should be resolved with the v1.4.3 release. We didn't end-up adding a new input parameter -- it should just work whether or not you have customized the issuer URL for your organization.
The action is currently incompatible with any organisation belonging to a GitHub Enterprise Cloud instance that has followed the hardening guidance to customize the issuer value:
With the GitHub Actions OIDC Custom Issuer Policy enabled (i.e.
include_enterprise_slug=true
), the Enterprise Cloud issuer becomeshttps://token.actions.githubusercontent.com/${enterpriseSlug}
.Ideally, the action would dynamically retrieve the correct
enterpriseSlug
given the runtime context; alternatively it should support an optionalenterpriseSlug
input parameter to be suffixed to the calculated issuer.The text was updated successfully, but these errors were encountered: