Support keyless signing when CI config is located in another project
In order to expand support for keyless signing, we should populate the ci_config_ref_uri
and ci_config_sha
ID token claims when the project's CI configuration is located in another project on the same GitLab instance.
See:
-
ProjectConfig
: https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/project_config/external_project.rb - Example implementation: Refactor ci_config claims to use ClaimMapper (!128408 - merged)
- This reverted MR: Add pipeline_ref and pipeline_sha claims to Ci:... (!117923 - merged)
Edited by Alishan Ladhani