From cc2b148b11bb9ed07d03f8df94e8868a3e21f275 Mon Sep 17 00:00:00 2001 From: Ryosuke Nakayama Date: Tue, 7 Jan 2025 05:53:58 +0900 Subject: [PATCH] List required OIDC endpoints for Google Cloud Platform (#53760) Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> Co-authored-by: Sunbrye Ly <56200261+sunbrye@users.noreply.github.com> --- ...figuring-openid-connect-in-google-cloud-platform.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-google-cloud-platform.md b/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-google-cloud-platform.md index 9839084bd9..cbf49af87b 100644 --- a/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-google-cloud-platform.md +++ b/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-google-cloud-platform.md @@ -29,6 +29,16 @@ This guide gives an overview of how to configure GCP to trust {% data variables. {% data reusables.actions.oidc-on-ghecom %} +{% ifversion ghes %} +{% data reusables.actions.oidc-endpoints %} + + + > [!NOTE] + > Google Cloud Platform does not have fixed IP ranges defined for these endpoints. + +* Make sure that the value of the issuer claim that's included with the JSON Web Token (JWT) is set to a publicly routable URL. For more information, see [AUTOTITLE](/enterprise-server@latest/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect). +{% endif %} + ## Adding a Google Cloud Workload Identity Provider To configure the OIDC identity provider in GCP, you will need to perform the following configuration. For instructions on making these changes, refer to [the GCP documentation](https://github.com/google-github-actions/auth).