Upgrade notice
GitHub Actions OIDC tokens are still under active development and subject to change.
In this release, the aud parameter defaults to the Google Cloud Workload Identity Provider ID. This is the default value that Google Cloud expects, so you no longer need to customize the --allowed-audiences field. The README instructions have been updated to reflect this.
If you were using v0.3.0 or earlier, you had to configure the "allowed audiences" on the Google Cloud Workload Identity Provider to be the static value of "sigstore". Setting that value to "sigstore" was a temporary workaround until GitHub rolled out configurable audiences. Now that GitHub has rolled out customizable audiences, v0.3.1+ changed the defaults. If you have an existing installation, you must revert the allowed audiences back to the default value on the Google Cloud Workload Identity Provider:
gcloud iam workload-identity-pools providers update-oidc "my-provider" \
--location="global" \
--workload-identity-pool="my-pool" \
--allowed-audiences=""What's Changed
- Update references to google now by @sethvargo in #8
- Create CODEOWNERS by @sethvargo in #11
- Update README.md by @sethvargo in #14
- Fix typo by @yfuruyama in #13
- Add read permission to examples in the Readme by @hazcod in #18
- docs: remove unnecessary steps and update examples by @bgdanix in #15
- Add issue/pr templates, note test failures likely by @sethvargo in #19
- Upgrade actions/core to release version by @sethvargo in #21
- Clean up a few typescript warnings by @sethvargo in #25
- Default audience to the WIF provider ID by @sethvargo in #23
New Contributors
Full Changelog: v0.3.0...v0.3.1
