[](https://badge.fury.io/js/@pahud%2Fcdk-github-oidc)
[](https://badge.fury.io/py/pahud-cdk-github-oidc)
[](https://github.com/pahud/cdk-github-oidc/actions/workflows/release.yml)
# cdk-github-oidc
Inspired by [aripalo/aws-cdk-github-oidc](https://github.com/aripalo/aws-cdk-github-oidc), this construct library allows you to create a `Github OpenID Connect Identity Provider` trust relationship with the `Provider` construct as well as federated IAM roles for one or multiple Github repositories.
This construct is still in `experimental` stage and may have breaking changes. However, we aim to make this library as simple as possible.
## Sample
```python
import { Provider } from '@pahud/cdk-github-oidc';
// create a new provider
const provider = new Provider(stack, 'GithubOpenIdConnectProvider')
// create an IAM role from this provider
provider.createRole('demo-role',
// sharing this role across multiple repositories
[
{ owner: 'octo-org', repo: 'first-repo' },
{ owner: 'octo-org', repo: 'second-repo' },
{ owner: 'octo-org', repo: 'third-repo' },
]
)
```
## Import the provider
Each AWS account can only have one GitHub OIDC identity provider. To import the existing one, use `Provider.fromAccount()`:
```python
// import the provider
const provider = Provider.fromAccount(stack, 'GithubOpenIdConnectProvider')
// create a iam role from the imported provider
provider.createRole(...)
```
## Workflow sample
```yaml
name: demo
on:
workflow_dispatch: {}
jobs:
deploy:
name: Upload to Amazon S3
runs-on: ubuntu-latest
env:
AWS_REGION: us-east-1
permissions:
id-token: write # needed to interact with GitHub's OIDC Token endpoint.
contents: read
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@master
with:
role-to-assume: ${{ secrets.AWS_ROLE_ARN_TO_ASSUME }}
aws-region: ${{ env.AWS_REGION }}
- name: Sync files to S3
run: |
aws s3 sync ./ s3://${{ secrets.AWS_BUCKET }}
```
## Projects using this library
* [pahud/gitpod-workspace](https://github.com/pahud/gitpod-workspace)
* [pahud/github-codespace](https://github.com/pahud/github-codespace)
* [pahud/vscode](https://github.com/pahud/vscode)
## Reference
* [Configuring OpenID Connect in Amazon Web Services](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services) from GitHub Docs
* [aripalo/aws-cdk-github-oidc](https://github.com/aripalo/aws-cdk-github-oidc) by [Ari Palo](https://github.com/aripalo)
Raw data
{
"_id": null,
"home_page": "https://github.com/pahud/cdk-github-oidc.git",
"name": "pahud-cdk-github-oidc",
"maintainer": "",
"docs_url": null,
"requires_python": "~=3.7",
"maintainer_email": "",
"keywords": "",
"author": "Pahud Hsieh<pahudnet@gmail.com>",
"author_email": "",
"download_url": "https://files.pythonhosted.org/packages/40/98/daeab18afc22b956f4bb7b0e9035b404899c10d7f55702b76257f88c808f/pahud-cdk-github-oidc-0.0.387.tar.gz",
"platform": null,
"description": "[](https://badge.fury.io/js/@pahud%2Fcdk-github-oidc)\n[](https://badge.fury.io/py/pahud-cdk-github-oidc)\n[](https://github.com/pahud/cdk-github-oidc/actions/workflows/release.yml)\n\n\n\n# cdk-github-oidc\n\nInspired by [aripalo/aws-cdk-github-oidc](https://github.com/aripalo/aws-cdk-github-oidc), this construct library allows you to create a `Github OpenID Connect Identity Provider` trust relationship with the `Provider` construct as well as federated IAM roles for one or multiple Github repositories.\n\nThis construct is still in `experimental` stage and may have breaking changes. However, we aim to make this library as simple as possible.\n\n## Sample\n\n```python\nimport { Provider } from '@pahud/cdk-github-oidc';\n\n// create a new provider\nconst provider = new Provider(stack, 'GithubOpenIdConnectProvider')\n// create an IAM role from this provider\nprovider.createRole('demo-role',\n // sharing this role across multiple repositories\n [\n { owner: 'octo-org', repo: 'first-repo' },\n { owner: 'octo-org', repo: 'second-repo' },\n { owner: 'octo-org', repo: 'third-repo' },\n ]\n)\n```\n\n## Import the provider\n\nEach AWS account can only have one GitHub OIDC identity provider. To import the existing one, use `Provider.fromAccount()`:\n\n```python\n// import the provider\nconst provider = Provider.fromAccount(stack, 'GithubOpenIdConnectProvider')\n// create a iam role from the imported provider\nprovider.createRole(...)\n```\n\n## Workflow sample\n\n```yaml\nname: demo\non:\n workflow_dispatch: {}\njobs:\n deploy:\n name: Upload to Amazon S3\n runs-on: ubuntu-latest\n env:\n AWS_REGION: us-east-1\n permissions:\n id-token: write # needed to interact with GitHub's OIDC Token endpoint.\n contents: read\n steps:\n - name: Checkout\n uses: actions/checkout@v2\n\n - name: Configure AWS credentials\n uses: aws-actions/configure-aws-credentials@master\n with:\n role-to-assume: ${{ secrets.AWS_ROLE_ARN_TO_ASSUME }}\n aws-region: ${{ env.AWS_REGION }}\n\n - name: Sync files to S3\n run: |\n aws s3 sync ./ s3://${{ secrets.AWS_BUCKET }}\n```\n\n## Projects using this library\n\n* [pahud/gitpod-workspace](https://github.com/pahud/gitpod-workspace)\n* [pahud/github-codespace](https://github.com/pahud/github-codespace)\n* [pahud/vscode](https://github.com/pahud/vscode)\n\n## Reference\n\n* [Configuring OpenID Connect in Amazon Web Services](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services) from GitHub Docs\n* [aripalo/aws-cdk-github-oidc](https://github.com/aripalo/aws-cdk-github-oidc) by [Ari Palo](https://github.com/aripalo)\n",
"bugtrack_url": null,
"license": "Apache-2.0",
"summary": "CDK construct library for Github OpenID Connect Identity Provider",
"version": "0.0.387",
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "7a5e550957bf7fadd44ba18e03fce521172894fcb0904810193abd4bde5fe0ab",
"md5": "0cc5d9e7e4bfb6a5f23ffb4c170ed88d",
"sha256": "0ff7a3881cfb0eb747658b0cc119dc63df40beb44d038613b66cf82fe9d070ba"
},
"downloads": -1,
"filename": "pahud_cdk_github_oidc-0.0.387-py3-none-any.whl",
"has_sig": false,
"md5_digest": "0cc5d9e7e4bfb6a5f23ffb4c170ed88d",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "~=3.7",
"size": 34709,
"upload_time": "2023-03-21T00:15:36",
"upload_time_iso_8601": "2023-03-21T00:15:36.901314Z",
"url": "https://files.pythonhosted.org/packages/7a/5e/550957bf7fadd44ba18e03fce521172894fcb0904810193abd4bde5fe0ab/pahud_cdk_github_oidc-0.0.387-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "4098daeab18afc22b956f4bb7b0e9035b404899c10d7f55702b76257f88c808f",
"md5": "3299caaea48041d2ee19ba2bfbbb5076",
"sha256": "0667036a51d1c5242090ce9fab88ccdb62cdcc41896f65bc03d8da174387f11c"
},
"downloads": -1,
"filename": "pahud-cdk-github-oidc-0.0.387.tar.gz",
"has_sig": false,
"md5_digest": "3299caaea48041d2ee19ba2bfbbb5076",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "~=3.7",
"size": 36307,
"upload_time": "2023-03-21T00:15:39",
"upload_time_iso_8601": "2023-03-21T00:15:39.117681Z",
"url": "https://files.pythonhosted.org/packages/40/98/daeab18afc22b956f4bb7b0e9035b404899c10d7f55702b76257f88c808f/pahud-cdk-github-oidc-0.0.387.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-03-21 00:15:39",
"github": true,
"gitlab": false,
"bitbucket": false,
"github_user": "pahud",
"github_project": "cdk-github-oidc.git",
"lcname": "pahud-cdk-github-oidc"
}
JSON
