From ace2832432148ba96406c7b78986cda087abbd58 Mon Sep 17 00:00:00 2001 From: Dan Lorenc Date: Sat, 11 Sep 2021 08:31:33 -0500 Subject: [PATCH] Add GitHub OIDC to Fulcio Signed-off-by: Dan Lorenc --- config/fulcio-config.yaml | 5 +++++ .../config.yaml | 18 ++++++++++++++++++ 2 files changed, 23 insertions(+) create mode 100644 federation/vstoken.actions.githubusercontent.com/config.yaml diff --git a/config/fulcio-config.yaml b/config/fulcio-config.yaml index 497a40290..3afe13eac 100644 --- a/config/fulcio-config.yaml +++ b/config/fulcio-config.yaml @@ -31,6 +31,11 @@ data: "IssuerURL": "https://oidc.dlorenc.dev", "ClientID": "sigstore", "Type": "spiffe" + }, + "https://vstoken.actions.githubusercontent.com": { + "IssuerURL": "https://vstoken.actions.githubusercontent.com", + "ClientID": "sigstore", + "Type": "github-workflow" } } } diff --git a/federation/vstoken.actions.githubusercontent.com/config.yaml b/federation/vstoken.actions.githubusercontent.com/config.yaml new file mode 100644 index 000000000..9bb889067 --- /dev/null +++ b/federation/vstoken.actions.githubusercontent.com/config.yaml @@ -0,0 +1,18 @@ +# Copyright 2021 The Sigstore Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +url: https://vstoken.actions.githubusercontent.com +contact: support@sigstore.dev +description: "github actions OIDC auth" +type: "github-workflow"