Skip to content

Update JFrog GitHub OIDC setup docs #37596

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 10 commits into
base: main
Choose a base branch
from
Open

Update JFrog GitHub OIDC setup docs #37596

wants to merge 10 commits into from
+25 −43

Conversation

EyalDelarea
Copy link

@EyalDelarea EyalDelarea commented Apr 17, 2025
edited
Loading

Why:

This change updates the JFrog OIDC integration guide to reflect a recent improvement in the jfrog/setup-jfrog-cli GitHub Action. The action now supports seamless OIDC authentication out of the box, removing the need for users to manually exchange tokens via REST API calls.

What's being changed (if available, include any code snippets, screenshots, or gifs):

  • Removed outdated examples that manually exchange the GitHub OIDC token using curl.
  • Added a simplified and secure example using jfrog/setup-jfrog-cli@v4 with oidc-provider-name and oidc-audience inputs.
  • Clarified that no manual token exchange is required when using the JFrog CLI.
  • Added a permissions block (id-token: write) to the YAML example to ensure OIDC works as expected.
  • Included a new “Security Best Practices” section and a “Further Reading” section linking to the JFrog CLI’s manual token exchange command for advanced use cases.

Check off the following:

@welcome Welcome
Copy link

welcome bot commented Apr 17, 2025

Thanks for opening this pull request! A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.

@github-actions github-actions bot added the triage Do not begin working on this issue until triaged by the team label Apr 17, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Apr 17, 2025
edited
Loading

How to review these changes 👓

Thank you for your contribution. To review these changes, choose one of the following options:

A Hubber will need to deploy your changes internally to review.

Table of review links

⚠️ Warning: Our review server is experiencing latency issues.

The table shows the files in the content directory that were changed in this pull request. This helps you review your changes on the review server. Changes to the data directory are not included in this table.

Source Review Production What Changed
actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-jfrog.md fpt
ghec
 fpt
ghec

Key: fpt: Free, Pro, Team; ghec: GitHub Enterprise Cloud; ghes: GitHub Enterprise Server

🤖 This comment is automatically generated.

@Sharra-writes
Copy link
Contributor

@EyalDelarea Thanks for opening a PR! 🎉

It looks like this is still a draft. Could you ping me when this is ready? Then, I'll get it up for review ⚡

MikaLJF
MikaLJF reviewed Apr 20, 2025
View reviewed changes
Copy link

@MikaLJF MikaLJF left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks great! I left a couple comments, please take a look and let me know what you think

@EyalDelarea EyalDelarea marked this pull request as ready for review April 21, 2025 06:24
@Milanhe92 Milanhe92 mentioned this pull request Apr 21, 2025
Open
3 tasks
@Sharra-writes
Copy link
Contributor

Thanks! I'll get this triaged now.

@Sharra-writes Sharra-writes added content This issue or pull request belongs to the Docs Content team needs SME This proposal needs review from a subject matter expert and removed triage Do not begin working on this issue until triaged by the team labels Apr 21, 2025
@github-actions GitHub Actions
Copy link
Contributor

Thanks for opening a pull request! We've triaged this issue for technical review by a subject matter expert 👀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MikaLJF MikaLJF MikaLJF left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
content This issue or pull request belongs to the Docs Content team needs SME This proposal needs review from a subject matter expert
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@EyalDelarea @Sharra-writes @MikaLJF