diff --git a/package-lock.json b/package-lock.json index b80d63e..534b0d4 100644 --- a/package-lock.json +++ b/package-lock.json @@ -14,6 +14,9 @@ "@types/node": "^24.2.0", "@vercel/ncc": "^0.36.1", "typescript": "^5.9.2" + }, + "engines": { + "node": ">=24" } }, "node_modules/@actions/core": { diff --git a/src/index.ts b/src/index.ts index e300f2e..cdce83e 100644 --- a/src/index.ts +++ b/src/index.ts @@ -7,11 +7,7 @@ async function run(): Promise { const nugetTokenServiceUrl: string = core.getInput('token-service-url') || 'https://www.nuget.org/api/v2/token'; const nugetAudience: string = core.getInput('audience') || 'https://www.nuget.org'; - // Get OIDC environment values - const oidcRequestToken: string | undefined = process.env['ACTIONS_ID_TOKEN_REQUEST_TOKEN']; - const oidcRequestUrl: string | undefined = process.env['ACTIONS_ID_TOKEN_REQUEST_URL']; - - if (!oidcRequestToken && !oidcRequestUrl) { + if (!process.env['ACTIONS_ID_TOKEN_REQUEST_TOKEN']) { throw new Error( 'GitHub OIDC is not available. Ensure your workflow has the required permissions:\n' + ' permissions:\n' + @@ -20,41 +16,7 @@ async function run(): Promise { ); } - if (!oidcRequestToken) { - throw new Error( - 'ACTIONS_ID_TOKEN_REQUEST_TOKEN is missing. Ensure your workflow has:\n' + - ' permissions:\n' + - ' id-token: write' - ); - } - - if (!oidcRequestUrl) { - throw new Error( - 'ACTIONS_ID_TOKEN_REQUEST_URL is missing. Ensure your workflow has:\n' + - ' permissions:\n' + - ' id-token: write' - ); - } - - // Mask OIDC tokens - core.setSecret(oidcRequestToken); - - const tokenUrl: string = `${oidcRequestUrl}&audience=${encodeURIComponent(nugetAudience)}`; - - const http: httpm.HttpClient = new httpm.HttpClient(); - const tokenResponse = await http.getJson<{ value?: string }>(tokenUrl, { - Authorization: `Bearer ${oidcRequestToken}`, - }); - - if (!tokenResponse.result || !tokenResponse.result.value) { - throw new Error( - `Failed to retrieve OIDC token from GitHub (HTTP ${tokenResponse.statusCode}). ` + - 'Verify that the audience is correct and that the token service URL is reachable.' - ); - } - - const oidcToken: string = tokenResponse.result.value; - core.setSecret(oidcToken); + const oidcToken: string = await core.getIDToken(nugetAudience); // Build the request body const body: string = JSON.stringify({