GitHub Actions OIDC

使用 REST API 与 GitHub Actions 中 OIDC 使用者声明的 JWT 交互。

关于 GitHub Actions OIDC

你可以使用 REST API 为 OpenID Connect (OIDC) 主题声明查询与管理自定义模板。有关详细信息，请参阅“关于使用 OpenID Connect 进行安全强化”。

Get the customization template for an OIDC subject claim for an organization

Gets the customization template for an OpenID Connect (OIDC) subject claim. You must authenticate using an access token with the read:org scope to use this endpoint. GitHub Apps must have the organization_administration:write permission to use this endpoint.

“Get the customization template for an OIDC subject claim for an organization”的参数

标头
名称, 类型, 说明
`accept` string Setting to `application/vnd.github+json` is recommended.

路径参数
名称, 类型, 说明
`org` string 必须 The organization name. The name is not case sensitive.

“Get the customization template for an OIDC subject claim for an organization”的 HTTP 响应状态代码

状态代码	说明
`200`	A JSON serialized template for OIDC subject claim customization

“Get the customization template for an OIDC subject claim for an organization”的示例代码

get/orgs/{org}/actions/oidc/customization/sub

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/actions/oidc/customization/sub

A JSON serialized template for OIDC subject claim customization

Status: 200

{
  "include_claim_keys": [
    "repo",
    "context"
  ]
}

Set the customization template for an OIDC subject claim for an organization

适用于 GitHub Apps

Creates or updates the customization template for an OpenID Connect (OIDC) subject claim. You must authenticate using an access token with the write:org scope to use this endpoint. GitHub Apps must have the admin:org permission to use this endpoint.

“Set the customization template for an OIDC subject claim for an organization”的参数

标头
名称, 类型, 说明
`accept` string Setting to `application/vnd.github+json` is recommended.

路径参数
名称, 类型, 说明
`org` string 必须 The organization name. The name is not case sensitive.

正文参数
名称, 类型, 说明
`include_claim_keys` array of strings 必须 Array of unique strings. Each claim key can only contain alphanumeric characters and underscores.

“Set the customization template for an OIDC subject claim for an organization”的 HTTP 响应状态代码

状态代码	说明
`201`	Empty response
`403`	Forbidden
`404`	Resource not found

“Set the customization template for an OIDC subject claim for an organization”的示例代码

put/orgs/{org}/actions/oidc/customization/sub

curl -L \
  -X PUT \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/actions/oidc/customization/sub \
  -d '{"include_claim_keys":["repo","context"]}'

Empty response

Status: 201

Get the customization template for an OIDC subject claim for a repository

适用于 GitHub Apps

Gets the customization template for an OpenID Connect (OIDC) subject claim. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the organization_administration:read permission to use this endpoint.

“Get the customization template for an OIDC subject claim for a repository”的参数

标头
名称, 类型, 说明
`accept` string Setting to `application/vnd.github+json` is recommended.

路径参数
名称, 类型, 说明
`owner` string 必须 The account owner of the repository. The name is not case sensitive.
`repo` string 必须 The name of the repository without the `.git` extension. The name is not case sensitive.

“Get the customization template for an OIDC subject claim for a repository”的 HTTP 响应状态代码

状态代码	说明
`200`	Status response
`400`	Bad Request
`404`	Resource not found

“Get the customization template for an OIDC subject claim for a repository”的示例代码

get/repos/{owner}/{repo}/actions/oidc/customization/sub

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/repos/OWNER/REPO/actions/oidc/customization/sub

Status response

Status: 200

{
  "use_default": false,
  "include_claim_keys": [
    "repo",
    "context"
  ]
}

Set the customization template for an OIDC subject claim for a repository

适用于 GitHub Apps

Sets the customization template and opt-in or opt-out flag for an OpenID Connect (OIDC) subject claim for a repository. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the actions:write permission to use this endpoint.

“Set the customization template for an OIDC subject claim for a repository”的参数

标头
名称, 类型, 说明
`accept` string Setting to `application/vnd.github+json` is recommended.

路径参数
名称, 类型, 说明
`owner` string 必须 The account owner of the repository. The name is not case sensitive.
`repo` string 必须 The name of the repository without the `.git` extension. The name is not case sensitive.

正文参数
名称, 类型, 说明
`use_default` boolean 必须 Whether to use the default template or not. If `true`, the `include_claim_keys` field is ignored.
`include_claim_keys` array of strings Array of unique strings. Each claim key can only contain alphanumeric characters and underscores.

“Set the customization template for an OIDC subject claim for a repository”的 HTTP 响应状态代码

状态代码	说明
`201`	Empty response
`400`	Bad Request
`404`	Resource not found
`422`	Validation failed, or the endpoint has been spammed.

“Set the customization template for an OIDC subject claim for a repository”的示例代码

put/repos/{owner}/{repo}/actions/oidc/customization/sub

curl -L \
  -X PUT \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/repos/OWNER/REPO/actions/oidc/customization/sub \
  -d '{"use_default":false,"include_claim_keys":["repo","context"]}'

Empty response

Status: 201