Skip to content

Use GitHub OIDC Federation Service in prepare.yaml workflow#1529

Merged
8R0WNI3 merged 4 commits intomasterfrom
8R0WNI3-prepare
Mar 27, 2026
Merged

Use GitHub OIDC Federation Service in prepare.yaml workflow#1529
8R0WNI3 merged 4 commits intomasterfrom
8R0WNI3-prepare

Conversation

@8R0WNI3
Copy link
Copy Markdown
Member

@8R0WNI3 8R0WNI3 commented Feb 23, 2026

Release note:

@gardener-prow
Copy link
Copy Markdown

gardener-prow bot commented Feb 23, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign 8r0wni3 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@gardener-prow gardener-prow bot added do-not-merge/needs-kind Indicates a PR lacks a `kind/foo` label and requires one. cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Feb 23, 2026
@8R0WNI3
Copy link
Copy Markdown
Member Author

8R0WNI3 commented Feb 23, 2026

/hold until all usages of the prepare.yaml workflow set the (now) required id-token: write permission

@gardener-prow gardener-prow bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Feb 23, 2026
@8R0WNI3 8R0WNI3 added reviewed/do-not-merge Has no approval for merging as it may break things, be of poor quality or have (ext.) dependencies kind/cleanup Something that is not needed anymore and can be cleaned up and removed do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. labels Feb 23, 2026
@gardener-prow gardener-prow bot removed the do-not-merge/needs-kind Indicates a PR lacks a `kind/foo` label and requires one. label Feb 23, 2026
@gardener-prow gardener-prow bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Feb 23, 2026
8R0WNI3 added a commit to gardener/gardener-extension-provider-aws that referenced this pull request Feb 23, 2026
@8R0WNI3
fix: Add (currently) still required pull-requests: write permission
9a6aa2f 
Required to remove `ok-to-test` labels from PRs until
gardener/cc-utils#1529 is merged.

Signed-off-by: Jonas Brand (8R0WNI3) <j.brand@sap.com>
8R0WNI3 added a commit to gardener/gardener-extension-provider-openstack that referenced this pull request Feb 23, 2026
@8R0WNI3
fix: Add (currently) still required pull-requests: write permission
02ab031 
Required to remove `ok-to-test` labels from PRs until
gardener/cc-utils#1529 is merged.

Signed-off-by: Jonas Brand (8R0WNI3) <j.brand@sap.com>
This was referenced Feb 23, 2026
Merged
Merged
gardener-prow bot pushed a commit to gardener/gardener-extension-provider-aws that referenced this pull request Feb 23, 2026
@8R0WNI3
fix: Add (currently) still required pull-requests: write permission (
c246b59 
…#1709)

Required to remove `ok-to-test` labels from PRs until
gardener/cc-utils#1529 is merged.

Signed-off-by: Jonas Brand (8R0WNI3) <j.brand@sap.com>
8R0WNI3 added a commit to gardener/diki-operator that referenced this pull request Feb 25, 2026
@8R0WNI3
Prepare switch to GitHub OIDC Federation Service
655119d 
See gardener/cc-utils#1529 for reference.

Signed-off-by: Jonas Brand (8R0WNI3) <j.brand@sap.com>
gardener-prow bot pushed a commit to gardener/diki-operator that referenced this pull request Feb 25, 2026
@8R0WNI3
Adjust GitHub-Actions permissions and secrets (#25)
5a45afc 
* Prepare switch to GitHub OIDC Federation Service

See gardener/cc-utils#1529 for reference.

Signed-off-by: Jonas Brand (8R0WNI3) <j.brand@sap.com>

* Drop unnecessarily granted privileges/secrets

Signed-off-by: Jonas Brand (8R0WNI3) <j.brand@sap.com>

* Consistently pass-in secrets to `build.yaml` workflow

Signed-off-by: Jonas Brand (8R0WNI3) <j.brand@sap.com>

---------

Signed-off-by: Jonas Brand (8R0WNI3) <j.brand@sap.com>
@kevin-lacoo kevin-lacoo mentioned this pull request Feb 26, 2026
Merged
@gardener-ci-robot
Copy link
Copy Markdown

gardener-ci-robot commented Mar 25, 2026

The Gardener project currently lacks enough active contributors to adequately respond to all PRs.
This bot triages PRs according to the following rules:

  • After 30d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 14d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Mark this PR as active with /lifecycle active
  • Mark this PR as fresh with /remove-lifecycle stale
  • Mark this PR as rotten with /lifecycle rotten
  • Close this PR with /close

/lifecycle stale

@gardener-prow gardener-prow bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Mar 25, 2026
@8R0WNI3
Copy link
Copy Markdown
Member Author

8R0WNI3 commented Mar 25, 2026

/lifecycle active

@gardener-prow gardener-prow bot added lifecycle/active Indicates that an issue or PR is actively being worked on by a contributor. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Mar 25, 2026
8R0WNI3 added 4 commits March 27, 2026 07:18
@8R0WNI3
Use GitHub OIDC Federation Service in prepare.yaml workflow
c76bebd 
Signed-off-by: Jonas Brand (8R0WNI3) <j.brand@sap.com>
@8R0WNI3
Always export GitHub token in trusted-checkout action
6a65b5e 
Signed-off-by: Jonas Brand (8R0WNI3) <j.brand@sap.com>
@8R0WNI3
Use exported token for PR label removal
f97415a 
Signed-off-by: Jonas Brand (8R0WNI3) <j.brand@sap.com>
@8R0WNI3
Enforce request of pull-requests: write permission for label removal
6a5d415 
Signed-off-by: Jonas Brand (8R0WNI3) <j.brand@sap.com>
@8R0WNI3
Copy link
Copy Markdown
Member Author

8R0WNI3 commented Mar 27, 2026

/unhold

@8R0WNI3 8R0WNI3 merged commit 192423d into master Mar 27, 2026
17 of 18 checks passed
@8R0WNI3 8R0WNI3 deleted the 8R0WNI3-prepare branch March 27, 2026 10:25
gardener-prow bot pushed a commit to gardener/gardener-extension-provider-openstack that referenced this pull request Apr 13, 2026
@8R0WNI3
fix: Add (currently) still required pull-requests: write permission (
ac378ec 
…#1283)

Required to remove `ok-to-test` labels from PRs until
gardener/cc-utils#1529 is merged.

Signed-off-by: Jonas Brand (8R0WNI3) <j.brand@sap.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ccwienk ccwienk Awaiting requested review from ccwienk ccwienk is a code owner

@zkdev zkdev Awaiting requested review from zkdev zkdev is a code owner

@TuanAnh17N TuanAnh17N Awaiting requested review from TuanAnh17N TuanAnh17N is a code owner

Assignees

No one assigned

Labels

cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. kind/cleanup Something that is not needed anymore and can be cleaned up lifecycle/active Indicates that an issue or PR is actively being worked on by a contributor. reviewed/do-not-merge Has no approval for merging as it may break things, be of poor quality or have (ext.) dependencies size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@8R0WNI3 @gardener-ci-robot