You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/api/trusted-publishing.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,7 +9,7 @@ defined by the Open Source Security Foundation (OpenSSF) and implemented by vari
9
9
10
10
OIDC identity providers, CI services like GitHub Actions, can issue short-lived credentials, OIDC tokens, that Private Packagist
11
11
can verify came from the CI service. Organizations on Private Packagist can configure to trust a workflow in a repository to publish a package.
12
-
The workflow send an OIDC token to Private Packagist, where the token is matched against configured trusted publishers.
12
+
The workflow sends an OIDC token to Private Packagist, where the token is matched against configured trusted publishers.
13
13
If there is a match, Private Packagist will issue a short-lived API credential with limited scope.
14
14
The issued API credential is valid for 15 minutes and can only access endpoints required to publish the artifact.
15
15
@@ -34,14 +34,14 @@ Fill in the form fields to configure the publisher:
34
34
* Owner name: The GitHub user or organization name that owns the repository.
35
35
* Repository name: The name of the GitHub repository that contains the publishing workflow.
36
36
* Continuous integration file: The filename of the publishing workflow, e.g. `publish.yaml`. The file must exist in the `.github/workflows/` directory.
37
-
* Continuous integration environment name (optional): The name of the [GitHub Actions environment]((https://docs.github.com/en/actions/how-tos/deploy/configure-and-manage-deployments/manage-environments)) that the workflow uses.
37
+
* Continuous integration environment name (optional): The name of the [GitHub Actions environment](https://docs.github.com/en/actions/how-tos/deploy/configure-and-manage-deployments/manage-environments) that the workflow uses.
38
38
39
39
## Configure your CI/CD workflow
40
40
41
41
### GitHub Actions
42
42
43
-
Private Packagist provides a GitHub Action,[packagist/artifact-publish-github-action](https://github.com/packagist/artifact-publish-github-action),
44
-
that takes care of publishing the artifact for you. Just build the artifact and hand it over to the action. The action
43
+
Private Packagist provides a GitHub Action [packagist/artifact-publish-github-action](https://github.com/packagist/artifact-publish-github-action),
44
+
that takes care of publishing the artifact for you. Just build the artifact and hand its path over to the action. The action
45
45
requires the `id-token: write` permission to generate OIDC tokens, more info about this in [GitHub's OIDC documentation](https://docs.github.com/en/actions/concepts/security/openid-connect).
0 commit comments