Pass GitHub run attempt ID to OIDC exchange

jacobwgillespie · jacobwgillespie · commit e224adfe662c · 2025-03-11T23:37:25.000Z
diff --git a/pkg/oidc/actionspublic/exchange.go b/pkg/oidc/actionspublic/exchange.go
@@ -19,6 +19,7 @@ func RetrieveToken(ctx context.Context, audience string) (string, error) {
 	runID := os.Getenv("GITHUB_RUN_ID")
 	eventName := os.Getenv("GITHUB_EVENT_NAME")
 	eventPath := os.Getenv("GITHUB_EVENT_PATH")
+	attempt := os.Getenv("GITHUB_RUN_ATTEMPT")
 
 	// Skip if not running in a GitHub Actions environment
 	if runID == "" || eventName == "" || eventPath == "" {
@@ -58,6 +59,7 @@ func RetrieveToken(ctx context.Context, audience string) (string, error) {
 		EventName: eventName,
 		Repo:      payload.Repository.FullName,
 		RunID:     runID,
+		Attempt:   attempt,
 	})
 	if err != nil {
 		return "", err
diff --git a/pkg/oidc/actionspublic/types.go b/pkg/oidc/actionspublic/types.go
@@ -27,6 +27,7 @@ type ClaimRequest struct {
 	EventName string `json:"eventName"`
 	Repo      string `json:"repo"`
 	RunID     string `json:"runID"`
+	Attempt   string `json:"attempt"`
 }
 
 type ChallengeResponse struct {

Original file line number	Diff line number	Diff line change
`@@ -27,6 +27,7 @@ type ClaimRequest struct {`
`27`	`27`	EventName string `json:"eventName"`
`28`	`28`	Repo string `json:"repo"`
`29`	`29`	RunID string `json:"runID"`
	`30`	+ Attempt string `json:"attempt"`
`30`	`31`	`}`
`31`	`32`
`32`	`33`	`type ChallengeResponse struct {`