Add function Get-GitHubActionsOidcToken

Author: hugoalh

README.md

@@ -55,6 +55,7 @@ Import-Module -Name 'hugoalh.GitHubActionsToolkit' -Scope 'Local'
 - `Exit-GitHubActionsLogGroup`
 - `Get-GitHubActionsInput`
 - `Get-GitHubActionsIsDebug`
+- `Get-GitHubActionsOidcToken`
 - `Get-GitHubActionsState`
 - `Get-GitHubActionsStepSummary`
 - `Get-GitHubActionsWebhookEventPayload`

hugoalh.GitHubActionsToolkit/hugoalh.GitHubActionsToolkit.psd1

@@ -74,6 +74,7 @@
 		'Exit-GitHubActionsLogGroup',
 		'Get-GitHubActionsInput',
 		'Get-GitHubActionsIsDebug',
+		'Get-GitHubActionsOidcToken',
 		'Get-GitHubActionsState',
 		'Get-GitHubActionsStepSummary',
 		'Get-GitHubActionsWebhookEventPayload',
@@ -181,6 +182,7 @@
 		'Get-GHActionsEvent',
 		'Get-GHActionsInput',
 		'Get-GHActionsIsDebug',
+		'Get-GHActionsOidcToken',
 		'Get-GHActionsPayload',
 		'Get-GHActionsState',
 		'Get-GHActionsStepSummary',

hugoalh.GitHubActionsToolkit/hugoalh.GitHubActionsToolkit.psm1

@@ -668,6 +668,55 @@ function Get-GitHubActionsIsDebug {
 Set-Alias -Name 'Get-GHActionsIsDebug' -Value 'Get-GitHubActionsIsDebug' -Option 'ReadOnly' -Scope 'Local'
 <#
 .SYNOPSIS
+GitHub Actions - Get OIDC Token
+.DESCRIPTION
+Interact with the GitHub OIDC provider and get a JWT ID token which would help to get access token from third party cloud providers.
+.PARAMETER Audience
+Audience.
+.OUTPUTS
+String
+#>
+function Get-GitHubActionsOidcToken {
+	[CmdletBinding(HelpUri = 'https://github.com/hugoalh-studio/ghactions-toolkit-powershell/wiki/api_function_get-githubactionsoidctoken#Get-GitHubActionsOidcToken')]
+	[OutputType([string])]
+	param (
+		[Parameter(Position = 0)][AllowNull()][string]$Audience
+	)
+	[string]$OidcTokenRequestToken = $env:ACTIONS_ID_TOKEN_REQUEST_TOKEN
+	[string]$OidcTokenRequestURL = $env:ACTIONS_ID_TOKEN_REQUEST_URL
+	if (
+		$null -eq $OidcTokenRequestToken -or
+		$OidcTokenRequestToken.Length -eq 0
+	) {
+		return Write-Error -Message 'Unable to get GitHub Actions OIDC token request token!' -Category 'ResourceUnavailable'
+	}
+	Add-GitHubActionsSecretMask -Value $OidcTokenRequestToken
+	if (
+		$null -eq $OidcTokenRequestURL -or
+		$OidcTokenRequestURL.Length -eq 0
+	) {
+		return Write-Error -Message 'Unable to get GitHub Actions OIDC token request URL!' -Category 'ResourceUnavailable'
+	}
+	if ($null -ne $Audience -and $Audience.Length -gt 0) {
+		Add-GitHubActionsSecretMask -Value $Audience
+		[string]$AudienceEncode = [System.Web.HttpUtility]::UrlEncode($Audience)
+		Add-GitHubActionsSecretMask -Value $AudienceEncode
+		$OidcTokenRequestURL += "&audience=$AudienceEncode"
+	}
+	try {
+		[pscustomobject]$Response = Invoke-WebRequest -Uri $OidcTokenRequestURL -UseBasicParsing -UserAgent 'actions/oidc-client' -Headers @{
+			Authorization = "Bearer $OidcTokenRequestToken"
+		} -MaximumRedirection 1 -MaximumRetryCount 10 -RetryIntervalSec 10 -Method 'Get'
+		[ValidateNotNullOrEmpty()][string]$OidcToken = (ConvertFrom-Json -InputObject $Response.Content -Depth 100).value
+		Add-GitHubActionsSecretMask -Value $OidcToken
+		return $OidcToken
+	} catch {
+		return Write-Error @_
+	}
+}
+Set-Alias -Name 'Get-GHActionsOidcToken' -Value 'Get-GitHubActionsOidcToken' -Option 'ReadOnly' -Scope 'Local'
+<#
+.SYNOPSIS
 GitHub Actions - Get State
 .DESCRIPTION
 Get state.
@@ -1341,6 +1390,7 @@ Export-ModuleMember -Function @(
 	'Exit-GitHubActionsLogGroup',
 	'Get-GitHubActionsInput',
 	'Get-GitHubActionsIsDebug',
+	'Get-GitHubActionsOidcToken,'
 	'Get-GitHubActionsState',
 	'Get-GitHubActionsStepSummary',
 	'Get-GitHubActionsWebhookEventPayload',
@@ -1439,6 +1489,7 @@ Export-ModuleMember -Function @(
 	'Get-GHActionsEvent',
 	'Get-GHActionsInput',
 	'Get-GHActionsIsDebug',
+	'Get-GHActionsOidcToken',
 	'Get-GHActionsPayload',
 	'Get-GHActionsState',
 	'Get-GHActionsStepSummary',