The actions token needs to be verifiable either as a JWT via JWK endpoint or an API method that returns token specific data such as repo name, org, and pipeline information
Agreed. I asked for a similar thing a little while ago - might be of interest. Need a way to authenticate to AWS beyond IAM users
@aidansteele, maybe, you bring up the same point, so thanks for that! However it is clear from the post that the product manager of Actions is focused on the wrong thing, and clearly does not understand the need to have this. Instead he is saying things like “approval workflows”. Such a shame, we’ll it’s why for everything not open source we use GitLab, because they have already figured this out.
I think everyone found your post: AWS federation comes to GitHub Actions | Aidan Steele’s blog (usually about AWS)