Skip to content

Fix Workflow Access to id-token for OIDC Auth#1170

Merged
mkbhanda merged 4 commits intoopea-project:mainfrom
opea-aws-proserve:workflow-aws-access
Jan 18, 2025
Merged

Fix Workflow Access to id-token for OIDC Auth#1170
mkbhanda merged 4 commits intoopea-project:mainfrom
opea-aws-proserve:workflow-aws-access

Conversation

@jonminkin97
Copy link
Copy Markdown
Contributor

@jonminkin97 jonminkin97 commented Jan 17, 2025

Description

Add required permissions to the Github Workflow to allow Github's OIDC provider to create a JWT to perform authentication.

Issues

n/a

Type of change

List the type of change like below. Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)

Tests

Created a test action in a private repository.

jonminkin97 and others added 4 commits January 17, 2025 00:40
@jonminkin97
Enable AWS access when testing microservices
b656073 
Signed-off-by: Jonathan Minkin <minkinj@amazon.com>
@jonminkin97
Merge branch 'main' into workflow-aws-access
54da746
@jonminkin97
Merge remote-tracking branch 'upstream/main' into workflow-aws-access
81c4711 
Signed-off-by: Jonathan Minkin <minkinj@amazon.com>
@jonminkin97
Add id-token permissions to workflow to allow OIDC auth
1a4f854 
Signed-off-by: Jonathan Minkin <minkinj@amazon.com>
@srinarayan-srikanthan
Copy link
Copy Markdown
Collaborator

srinarayan-srikanthan commented Jan 17, 2025

@mkbhanda or @tomlenth can you review and approve please

ashahba
ashahba approved these changes Jan 17, 2025
View reviewed changes
Copy link
Copy Markdown
Collaborator

@ashahba ashahba left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

mkbhanda
mkbhanda approved these changes Jan 18, 2025
View reviewed changes
Copy link
Copy Markdown
Collaborator

@mkbhanda mkbhanda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mkbhanda mkbhanda merged commit b0abbde into opea-project:main Jan 18, 2025
@chensuyue
Copy link
Copy Markdown
Collaborator

chensuyue commented Jan 19, 2025

This PR break the microservice CI, I have to revert this PR first.
https://github.com/opea-project/GenAIComps/actions/runs/12837108233/job/35800128887

Invalid workflow file: .github/workflows/pr-microservice-test.yml#L27
The workflow is not valid. .github/workflows/pr-microservice-test.yml (Line: 27, Col: 3): Error calling workflow 'opea-project/GenAIComps/.github/workflows/_get-test-matrix.yml@b0abbde'. The workflow is requesting 'actions: read, attestations: read, checks: read, deployments: read, discussions: read, issues: read, packages: read, pages: read, pull-requests: read, repository-projects: read, statuses: read, security-events: read', but is only allowed 'actions: none, attestations: none, check[...]

chensuyue added a commit that referenced this pull request Jan 19, 2025
@chensuyue
Revert "Fix Workflow Access to id-token for OIDC Auth (#1170)"
a43de57 
This reverts commit b0abbde.
@chensuyue chensuyue mentioned this pull request Jan 19, 2025
Merged
4 tasks
chensuyue added a commit that referenced this pull request Jan 19, 2025
@chensuyue
Revert "Fix Workflow Access to id-token for OIDC Auth (#1170)" (#1173)
01d9e54 
This reverts commit b0abbde to recover the CI test. 

Signed-off-by: chensuyue <suyue.chen@intel.com>
smguggen pushed a commit to opea-aws-proserve/GenAIComps that referenced this pull request Jan 23, 2025
@jonminkin97 @smguggen
Fix Workflow Access to id-token for OIDC Auth (opea-project#1170)
9360c0b 
* Enable AWS access when testing microservices

Signed-off-by: Jonathan Minkin <minkinj@amazon.com>

* Add id-token permissions to workflow to allow OIDC auth

Signed-off-by: Jonathan Minkin <minkinj@amazon.com>

---------

Signed-off-by: Jonathan Minkin <minkinj@amazon.com>
smguggen pushed a commit to opea-aws-proserve/GenAIComps that referenced this pull request Jan 23, 2025
@chensuyue @smguggen
Revert "Fix Workflow Access to id-token for OIDC Auth (opea-project#1170
5f17459 
)" (opea-project#1173)

This reverts commit b0abbde to recover the CI test. 

Signed-off-by: chensuyue <suyue.chen@intel.com>
madison-evans pushed a commit to SAPD-Intel/GenAIComps that referenced this pull request May 12, 2025
@jonminkin97
Fix Workflow Access to id-token for OIDC Auth (opea-project#1170)
01d12e1 
* Enable AWS access when testing microservices

Signed-off-by: Jonathan Minkin <minkinj@amazon.com>

* Add id-token permissions to workflow to allow OIDC auth

Signed-off-by: Jonathan Minkin <minkinj@amazon.com>

---------

Signed-off-by: Jonathan Minkin <minkinj@amazon.com>
madison-evans pushed a commit to SAPD-Intel/GenAIComps that referenced this pull request May 12, 2025
@chensuyue
Revert "Fix Workflow Access to id-token for OIDC Auth (opea-project#1170
2cf1e32 
)" (opea-project#1173)

This reverts commit 01d12e1 to recover the CI test. 

Signed-off-by: chensuyue <suyue.chen@intel.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mkbhanda mkbhanda mkbhanda approved these changes

@ashahba ashahba ashahba approved these changes

@chensuyue chensuyue Awaiting requested review from chensuyue chensuyue is a code owner

@ZePan110 ZePan110 Awaiting requested review from ZePan110 ZePan110 is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@jonminkin97 @srinarayan-srikanthan @chensuyue @mkbhanda @ashahba