Skip to content

Add `ref_path` to CI job JWTs

Brian Williams requested to merge bwill/add-source-ref-path-to-ci-jwt into master

What does this MR do and why?

Describe in detail what your merge request does and why.

Add ref_path with the fully qualified ref to CI job JWTs in order to avoid ambiguity. Branches and tags might have the same name, which would result in a collision when trying to use only the ref field. For example, if both a tag and branch exist named v0.0.1, we'd have these fields:

  • Branch: { ref: 'v0.0.1', ref_path: 'refs/heads/v0.0.1' }
  • Tag: { ref: 'v0.0.1', ref_path: 'refs/tags/v0.0.1' }

Related to: https://github.com/sigstore/fulcio/pull/983#discussion_r1179831312

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Brian Williams

Merge request reports

Loading