Skip to content

Generating and using a JWT in a composite action #26309

Discussion options

You must be logged in to vote
TheYoctoJester:

Just a small follow-up - how does this compare to the output strategy that you mentioned? Up-/downsides?

Writing to GITHUB_ENV will make the token available to everything running in all later steps, including outside the composite action. Considering you’re handling an authentication token I’d consider that a security risk.

Well, and there’s the potential that something in the calling workflow also defined a JWT environment variable before and expects it to be available later.

Replies: 3 comments

Comment options

You must be logged in to vote
0 replies
Comment options

You must be logged in to vote
0 replies
Comment options

You must be logged in to vote
0 replies
Answer selected
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
2 participants