feat: allow for authentication via OIDC token (#1330)

* fix: allow for oidc token * chore(docs): update docs with use_oidc argument * Update action.yml Co-authored-by: Cristian Le <github@lecris.me> * chore(release): 4.2.0 --------- Co-authored-by: Cristian Le <github@lecris.me>
2026-02-11 12:51:37 +00:00 · 2024-04-03 15:41:48 -07:00
parent 3a20752bdd
commit d820d60619
10 changed files with 351 additions and 279 deletions
--- a/src/buildExec.ts
+++ b/src/buildExec.ts
@@ -3,6 +3,7 @@
 import * as core from '@actions/core';
 import * as github from '@actions/github';

+import {setFailure} from './helpers';

 const context = github.context;

@@ -17,15 +18,36 @@ const isTrue = (variable) => {
  );
 };

+const getToken = async () => {
+  let token = core.getInput('token');
+  let url = core.getInput('url');
+  const useOIDC = isTrue(core.getInput('use_oidc'));

-const buildCommitExec = () => {
+  if (useOIDC) {
+    if (!url) {
+      url = 'https://codecov.io';
+    }
+    try {
+      token = await core.getIDToken(url);
+      return token;
+    } catch (err) {
+      setFailure(
+          `Codecov: Failed to get OIDC token with url: ${url}. ${err.message}`,
+          true,
+      );
+    }
+  }
+  return token;
+};
+
+const buildCommitExec = async () => {
  const commitParent = core.getInput('commit_parent');
  const gitService = core.getInput('git_service');
  const overrideBranch = core.getInput('override_branch');
  const overrideCommit = core.getInput('override_commit');
  const overridePr = core.getInput('override_pr');
  const slug = core.getInput('slug');
-  const token = core.getInput('token');
+  const token = await getToken();
  const failCi = isTrue(core.getInput('fail_ci_if_error'));
  const workingDir = core.getInput('working-directory');

@@ -101,12 +123,12 @@ const buildGeneralExec = () => {
  return {args, verbose};
 };

-const buildReportExec = () => {
+const buildReportExec = async () => {
  const gitService = core.getInput('git_service');
  const overrideCommit = core.getInput('override_commit');
  const overridePr = core.getInput('override_pr');
  const slug = core.getInput('slug');
-  const token = core.getInput('token');
+  const token = await getToken();
  const failCi = isTrue(core.getInput('fail_ci_if_error'));
  const workingDir = core.getInput('working-directory');

@@ -158,7 +180,7 @@ const buildReportExec = () => {
  return {reportExecArgs, reportOptions, reportCommand};
 };

-const buildUploadExec = () => {
+const buildUploadExec = async () => {
  const disableFileFixes = isTrue(core.getInput('disable_file_fixes'));
  const disableSafeDirectory = isTrue(core.getInput('disable_safe_directory'));
  const disableSearch = isTrue(core.getInput('disable_search'));
@@ -185,7 +207,7 @@ const buildUploadExec = () => {
  const rootDir = core.getInput('root_dir');
  const searchDir = core.getInput('directory');
  const slug = core.getInput('slug');
-  const token = core.getInput('token');
+  const token = await getToken();
  let uploaderVersion = core.getInput('version');
  const useLegacyUploadEndpoint = isTrue(
      core.getInput('use_legacy_upload_endpoint'),