Add runner_id, runner_environment and sha claims to CI JWT V2
What does this MR do and why?
Add runner_id, runner_environment and sha as custom claims in the CI JWT to support Map GitLab OIDC token claims to Fulcio OIDs. See discussion in Define GitLab OIDC claims for Fulcio integration (#388517 - closed) for more context.
| Field | Description |
|---|---|
runner_id |
ID of the runner. |
runner_environment |
The type of runner used by the job. May be one of gitlab-hosted or self-hosted. |
sha |
The commit revision the project is built for. |
Related to Add claims to ID token to support Fulcio integr... (#404722 - closed)
Screenshots or screen recordings
Sample payload:
{:namespace_id=>"1",
:namespace_path=>"root",
:project_id=>"28",
:project_path=>"root/scan-execution-policies",
:user_id=>"1",
:user_login=>"root",
:user_email=>"admin@example.com",
:pipeline_id=>"455",
:pipeline_source=>"security_orchestration_policy",
:job_id=>"1123",
:ref=>"main",
:ref_type=>"branch",
:ref_protected=>"true",
:runner_id=>1,
:runner_environment=>"self-hosted",
:sha=>"714a629c0b401fdce83e847fc9589983fc6f46bc",
:jti=>"63ab75f4-2606-4f0e-a500-86f90ab13a85",
:iss=>"http://gitlab.localdev:3000",
:iat=>1681423928,
:nbf=>1681423923,
:exp=>1681427528,
:sub=>"project_path:root/scan-execution-policies:ref_type:branch:ref:main",
:aud=>"http://gitlab.localdev:3000"}MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Alishan Ladhani