cdk-pipelines-github icon indicating copy to clipboard operation
cdk-pipelines-github copied to clipboard

Published 20 hours ago verified publisher icon cdklabs

Allow access to `permissions` property of GitHubActionStep's in pre/post

Open jsadoski-rockhall opened this issue 2 years ago • 1 comments

#304 is a great feature, however, it doesn't not provide a surface to control the permissions property emitted for the job. This means that the job emitted cannot be provided with the id-token: write permission and cannot authenticate with AWS using the GitHub identity provider.

Either access to the permissions property of the GitHubActionStep or the ability to pass id-token: write as a boolean would make GitHubActionStep's much more useful in pre/post deploy steps.

Taking a look over #304, I think the change should be fairly trivial? Provided I have time, I may be able to open a PR.

jsadoski-rockhall avatar Sep 25 '23 15:09 jsadoski-rockhall

Please open a PR! This library is basically exclusively open source contributions at this point. I think access to permissions makes the most sense, but that's just my initial opinion.

kaizencc avatar Oct 12 '23 17:10 kaizencc