Infograb logo
GitHub Actions

이 문서는 GitHub Actions 및 Machine ID에 대한 참조 역할을 합니다. GitHub Actions를 사용하는 방법에 대한 심층 가이드와 GitHub 참여 방법을 사용할 때 사용 가능한 구성 옵션에 대한 전체 설명을 찾을 수 있습니다.

가이드

Machine ID 및 GitHub Actions 사용에 대한 단계별 가이드를 읽을 수 있습니다:

GitHub 참여 토큰

token 리소스는 Teleport 클러스터에 참여하는 데 허용되는 규칙을 설정합니다. 참여하는 클라이언트는 사용하고자 하는 token을 지정해야 하며, 그들의 참여 요청에 포함된 정보는 Auth Server에 의해 token에 포함된 규칙과 비교되어 수락 여부가 결정됩니다.

다음 스니펫은 Machine ID와 함께 GitHub 참여에 사용될 때 token 리소스에서 사용할 수 있는 모든 옵션을 보여줍니다:

kind: token
version: v2
metadata:
  # name identifies the token. When configuring a bot or node to join using this
  # token, this name should be specified.
  name: github-token
spec:
  # For Machine ID and GitHub joining, roles will always be "Bot" and
  # join_method will always be "github".
  roles: [Bot]
  join_method: github

  # bot_name specifies the name of the bot that this token will grant access to
  # when it is used.
  bot_name: github-demo

  github:
    # enterprise_server_host allows joining from GitHub Actions workflows in a
    # GitHub Enterprise Server instance. For normal situations, where you are
    # using github.com, this option should be omitted. If you are using GHES,
    # this value should be configured to the hostname of your GHES instance.
    enterprise_server_host: ghes.example.com

    # enterprise_slug allows the slug of a GitHub Enterprise organisation to be
    # included in the expected issuer of the OIDC tokens. This is for
    # compatibility with the include_enterprise_slug option in GHE.
    #
    # This field should be set to the slug of your Github Enterprise organization if this is enabled. If
    # this is not enabled, then this field must be left empty. This field cannot
    # be specified if `enterprise_server_host` is specified.
    #
    # See https://docs.github.com/en/enterprise-cloud@latest/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#customizing-the-issuer-value-for-an-enterprise
    # for more information about customized issuer values.
    enterprise_slug: slug

    # allow is an array of rule configurations for what GitHub Actions workflows
    # should be allowed to join. All options configured within one allow entry
    # must be satisfied for the GitHub Actions run to be allowed to join. Where
    # multiple allow entries are specified, any run which satisfies all of the
    # options within a single entry will be allowed to join.
    #
    # An allow entry must include at least one of:
    # - repository
    # - repository_owner
    # - sub
    allow:
      - # repository is a fully qualified (e.g. including the owner) name of a
        # GitHub repository.
        repository: gravitational/teleport
        # repository_owner is the name of an organization or user that a
        # repository belongs to.
        repository_owner: gravitational
        # workflow is the exact name of a workflow as configured in the GitHub 
        # Action workflow YAML file.
        workflow: my-workflow
        # environment is the environment associated with the GitHub Actions run.
        # If no environment is configured for the GitHub Actions run, this will
        # be empty.
        environment: production
        # actor is the GitHub username that caused the GitHub Actions run,
        # whether by committing or by directly despatching the workflow.
        actor: octocat
        # ref is the git ref that triggered the action run.
        ref: ref/heads/main
        # ref_type is the type of the git ref that triggered the action run.
        ref_type: branch
        # sub is a concatenated string of various attributes of the workflow 
        # run. GitHub explains the format of this string at:
        # https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#example-subject-claims
        sub: repo:gravitational/example-repo:environment:production

GitHub Actions 헬퍼

우리는 Teleport Machine ID 및 GitHub Actions를 활용할 때 워크플로에서 사용할 수 있는 일련의 기성 GitHub Actions를 제공합니다.

이 개별 작업에 대한 자세한 정보는 그들의 GitHub 리포지토리에서 찾을 수 있습니다:

이 작업들을 사용할 때 문제가 발생하면, 그들의 소스 리포지토리에 문제를 제기해 주세요: https://github.com/teleport-actions/root.

Teleport 원문 보기