The action issues new Yandex Cloud IAM token and puts it in the output.
Table of Contents
This action can be used in your workflow as follows:
- name: Get Yandex Cloud IAM token
id: get-iam-token
uses: docker://ghcr.io/yc-actions/yc-iam-token-fed:1.0.0
with:
yc-sa-id: aje***GitHub JWT token will be used to authenticate the action. It will be exchanged for Yandex Cloud IAM token using the
service account ID provided in the yc-sa-id input.
| Name | Description |
|---|---|
yc-sa-id |
Service Account ID |
| Name | Description |
|---|---|
token |
Generated IAM token |
To perform this action, Service account and Workload identity federation is required. For setting up Workload identity federation please refer to the official YC tutorial. Lockbox-related steps could be ommited.
Kindly note that your workflow definition must include id-token permission in configuration root to use this action.
Otherwise, error failed to get ID token: missing ACTIONS_ID_TOKEN_REQUEST_URL in environment will be thrown.
name: Release
on:
push:
branches:
- master
permissions:
id-token: write # This is required for requesting Github OIDC token used for authentocation in YC.
jobs:
...For more details refer to the official Github documentation or to the blog post describing the action (in Russian).
This code is made available under the MIT license.