File tree Expand file tree Collapse file tree 1 file changed +37
-1
lines changed
actions/get-vault-secrets Expand file tree Collapse file tree 1 file changed +37
-1
lines changed Original file line number Diff line number Diff line change 6464 VAULT_INSTANCE : ${{ inputs.vault_instance }}
6565 with :
6666 script : |
67- const jwt = await core.getIDToken(`vault-github-actions-grafana-${process.env.VAULT_INSTANCE}`);
67+ let jwt;
68+ try {
69+ jwt = await core.getIDToken(`vault-github-actions-grafana-${process.env.VAULT_INSTANCE}`);
70+ } catch (error) {
71+ core.setFailed(`❌ Failed to get OIDC token: ${error.message}`);
72+
73+ // Provide helpful suggestions
74+ core.error(`
75+ 🔧 OIDC Token Error - How to Fix:
76+
77+ This error typically occurs when your workflow lacks proper permissions for OIDC token generation.
78+
79+ ✅ Solution 1 - Add workflow-level permissions:
80+ Add this to the top of your workflow YAML file:
81+
82+ permissions:
83+ id-token: write
84+ contents: read
85+
86+ ✅ Solution 2 - Add job-level permissions:
87+ Add this to your specific job:
88+
89+ jobs:
90+ your-job-name:
91+ permissions:
92+ id-token: write
93+ contents: read
94+
95+ ✅ Solution 3 - Verify repository configuration:
96+ - Ensure your repository has OIDC enabled
97+ - Check that the Vault OIDC provider is configured for your repository
98+
99+ 📚 More info: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect
100+ `);
101+ return;
102+ }
103+
68104 core.setSecret(jwt);
69105 core.setOutput("github-jwt",jwt);
70106
You can’t perform that action at this time.
0 commit comments