All contributors have signed the CLA ✍️ ✅
_{Posted by the CLA Assistant Lite bot.}

I have read the CLA Document and I hereby sign the CLA

@sverdlov93 could you please take a look at this PR and tell me what you think?

@RobiNino could you please take a look?

Hey @pavelzw,

Thank you for opening this pull request!

I believe a better approach to achieve your goal is to export the OIDC token as an environment variable, which can then be utilized throughout the rest of your workflow.

Make sure to use clear and descriptive names for the variables and ensure they are cleared during the post-action phase to avoid any security risks.

Hey @EyalDelarea, thanks for your response!

I believe a better approach to achieve your goal is to export the OIDC token as an environment variable, which can then be utilized throughout the rest of your workflow

As mentioned in #209 (comment), I don't think that exporting the env variables is a good idea. I would prefer to just keep the output of the oidc credentials as it is right now (just using core.setOutput, see below[1])

I could use the oidc outputs in the following way:

- uses: jfrog/setup-jfrog-cli@v4
  id: artifactory
  with:
    oidc-provider-name: ${{ vars.ARTIFACTORY_OIDC_PROVIDER }}
    oidc-audience: ${{ vars.ARTIFACTORY_OIDC_AUDIENCE }}
    oidc-only: true
  env:
    JF_URL: ${{ vars.ARTIFACTORY_URL }}
- uses: prefix-dev/[email protected]
  with:
    auth-host: ${{ vars.ARTIFACTORY_URL }}
    auth-username: ${{ steps.artifactory.outputs.oidc-user }}
    auth-password: ${{ steps.artifactory.outputs.oidc-token }}
# OIDC credentials are not leaked to subsequent steps
- run: some-other-tool

I'm happy to add some additional documentation if you wish.

[1]:

@EyalDelarea i just rebased on the latest master and fixed all conflicts, let me know what you think!