REST-API-Endpunkte für GitHub Actions OIDC

Informationen zu GitHub Actions OIDC

Sie können die REST-API verwenden, um eine Anpassungsvorlage für einen OpenID Connect (OIDC)-Antragstelleranspruch abzufragen und zu verwalten. Weitere Informationen findest du unter Informationen zur Sicherheitshärtung mit OpenID Connect.

Set the GitHub Actions OIDC custom issuer policy for an enterprise

Sets the GitHub Actions OpenID Connect (OIDC) custom issuer policy for an enterprise.

OAuth app tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint.

Differenzierte Zugriffstoken für "Set the GitHub Actions OIDC custom issuer policy for an enterprise"

Dieser Endpunkt funktioniert mit den folgenden Tokentypen.:

Das Token muss einen der folgenden Berechtigungssätze aufweisen.:

enterprise_administration:write

Parameter für „Set the GitHub Actions OIDC custom issuer policy for an enterprise“

Header
Name, type, BESCHREIBUNG
`accept` string Setting to `application/vnd.github+json` is recommended.

Pfadparameter
Name, type, BESCHREIBUNG
`enterprise` string Erforderlich The slug version of the enterprise name. You can also substitute this value with the enterprise id.

Textparameter
Name, type, BESCHREIBUNG
`include_enterprise_slug` boolean Whether the enterprise customer requested a custom issuer URL.

HTTP-Antwortstatuscodes für „Set the GitHub Actions OIDC custom issuer policy for an enterprise“

Statuscode	BESCHREIBUNG
`204`	No Content

Codebeispiele für „Set the GitHub Actions OIDC custom issuer policy for an enterprise“

Beispiel für eine Anfrage

put/enterprises/{enterprise}/actions/oidc/customization/issuer

curl -L \
  -X PUT \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/enterprises/ENTERPRISE/actions/oidc/customization/issuer \
  -d '{"include_enterprise_slug":true}'

Response

Status: 204

Get the customization template for an OIDC subject claim for an organization

Gets the customization template for an OpenID Connect (OIDC) subject claim.

OAuth app tokens and personal access tokens (classic) need the read:org scope to use this endpoint.

Differenzierte Zugriffstoken für "Get the customization template for an OIDC subject claim for an organization"

Dieser Endpunkt funktioniert mit den folgenden Tokentypen.:

Das Token muss einen der folgenden Berechtigungssätze aufweisen.:

organization_administration:read

Parameter für „Get the customization template for an OIDC subject claim for an organization“

Header
Name, type, BESCHREIBUNG
`accept` string Setting to `application/vnd.github+json` is recommended.

Pfadparameter
Name, type, BESCHREIBUNG
`org` string Erforderlich The organization name. The name is not case sensitive.

HTTP-Antwortstatuscodes für „Get the customization template for an OIDC subject claim for an organization“

Statuscode	BESCHREIBUNG
`200`	A JSON serialized template for OIDC subject claim customization

Codebeispiele für „Get the customization template for an OIDC subject claim for an organization“

Beispiel für eine Anfrage

get/orgs/{org}/actions/oidc/customization/sub

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/actions/oidc/customization/sub

A JSON serialized template for OIDC subject claim customization

Status: 200

{
  "include_claim_keys": [
    "repo",
    "context"
  ]
}

Set the customization template for an OIDC subject claim for an organization

Creates or updates the customization template for an OpenID Connect (OIDC) subject claim.

OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.

Differenzierte Zugriffstoken für "Set the customization template for an OIDC subject claim for an organization"

Dieser Endpunkt funktioniert mit den folgenden Tokentypen.:

Das Token muss einen der folgenden Berechtigungssätze aufweisen.:

organization_administration:write

Parameter für „Set the customization template for an OIDC subject claim for an organization“

Header
Name, type, BESCHREIBUNG
`accept` string Setting to `application/vnd.github+json` is recommended.

Pfadparameter
Name, type, BESCHREIBUNG
`org` string Erforderlich The organization name. The name is not case sensitive.

Textparameter
Name, type, BESCHREIBUNG
`include_claim_keys` array of strings Erforderlich Array of unique strings. Each claim key can only contain alphanumeric characters and underscores.

HTTP-Antwortstatuscodes für „Set the customization template for an OIDC subject claim for an organization“

Statuscode	BESCHREIBUNG
`201`	Empty response
`403`	Forbidden
`404`	Resource not found

Codebeispiele für „Set the customization template for an OIDC subject claim for an organization“

Beispiel für eine Anfrage

put/orgs/{org}/actions/oidc/customization/sub

curl -L \
  -X PUT \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/actions/oidc/customization/sub \
  -d '{"include_claim_keys":["repo","context"]}'

Empty response

Status: 201

Get the customization template for an OIDC subject claim for a repository

Gets the customization template for an OpenID Connect (OIDC) subject claim.

OAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint.

Differenzierte Zugriffstoken für "Get the customization template for an OIDC subject claim for a repository"

Dieser Endpunkt funktioniert mit den folgenden Tokentypen.:

Das Token muss einen der folgenden Berechtigungssätze aufweisen.:

actions:read

Dieser Endpunkt kann ohne Authentifizierung oder die zuvor erwähnten Berechtigungen verwendet werden, wenn nur öffentliche Ressourcen angefordert werden.

Parameter für „Get the customization template for an OIDC subject claim for a repository“

Header
Name, type, BESCHREIBUNG
`accept` string Setting to `application/vnd.github+json` is recommended.

Pfadparameter
Name, type, BESCHREIBUNG
`owner` string Erforderlich The account owner of the repository. The name is not case sensitive.
`repo` string Erforderlich The name of the repository without the `.git` extension. The name is not case sensitive.

HTTP-Antwortstatuscodes für „Get the customization template for an OIDC subject claim for a repository“

Statuscode	BESCHREIBUNG
`200`	Status response
`400`	Bad Request
`404`	Resource not found

Codebeispiele für „Get the customization template for an OIDC subject claim for a repository“

Beispiel für eine Anfrage

get/repos/{owner}/{repo}/actions/oidc/customization/sub

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/repos/OWNER/REPO/actions/oidc/customization/sub

Status response

Status: 200

{
  "use_default": false,
  "include_claim_keys": [
    "repo",
    "context"
  ]
}

Set the customization template for an OIDC subject claim for a repository

Sets the customization template and opt-in or opt-out flag for an OpenID Connect (OIDC) subject claim for a repository.

OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint.

Differenzierte Zugriffstoken für "Set the customization template for an OIDC subject claim for a repository"

Dieser Endpunkt funktioniert mit den folgenden Tokentypen.:

Das Token muss einen der folgenden Berechtigungssätze aufweisen.:

actions:write

Parameter für „Set the customization template for an OIDC subject claim for a repository“

Header
Name, type, BESCHREIBUNG
`accept` string Setting to `application/vnd.github+json` is recommended.

Pfadparameter
Name, type, BESCHREIBUNG
`owner` string Erforderlich The account owner of the repository. The name is not case sensitive.
`repo` string Erforderlich The name of the repository without the `.git` extension. The name is not case sensitive.

Textparameter
Name, type, BESCHREIBUNG
`use_default` boolean Erforderlich Whether to use the default template or not. If `true`, the `include_claim_keys` field is ignored.
`include_claim_keys` array of strings Array of unique strings. Each claim key can only contain alphanumeric characters and underscores.

HTTP-Antwortstatuscodes für „Set the customization template for an OIDC subject claim for a repository“

Statuscode	BESCHREIBUNG
`201`	Empty response
`400`	Bad Request
`404`	Resource not found
`422`	Validation failed, or the endpoint has been spammed.

Codebeispiele für „Set the customization template for an OIDC subject claim for a repository“

Beispiel für eine Anfrage

put/repos/{owner}/{repo}/actions/oidc/customization/sub

curl -L \
  -X PUT \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/repos/OWNER/REPO/actions/oidc/customization/sub \
  -d '{"use_default":false,"include_claim_keys":["repo","context"]}'

Empty response

Status: 201