Add claims to ID token to support Fulcio integration
In order to add GitLab as a IdP to Fulcio, we need to add some additional claims to our ID token. The following claims should be added:
| Field | Description |
|---|---|
ci_config_ref_uri |
Fully qualified reference to the pipeline definition, defaults to .gitlab-ci.yml. May point to an arbitrary HTTP remote depending on project configuration. |
ci_config_sha |
Git commit SHA for the pipeline_ref (only populated when pipeline_ref is local to the GitLab instance). |
runner_id |
ID of the runner. |
runner_environment |
The type of runner used by the job. May be one of gitlab-hosted or self-hosted. |
sha |
The commit revision the project is built for. |
See #388517 (comment 1342881271) for more context.
-
Consolidate id token claims documentation - !117322 (merged) -
Add runner_id,runner_environment, andsha- !116867 (merged) -
Add ci_config_ref_urifor repository config source - !122373 (merged) -
Add ci_config_shafor repository config source - !124647 (merged)
Edited by Alishan Ladhani