Extract shared OIDC JSON helpers and ForDevOps wrapper#110
Open
Extract shared OIDC JSON helpers and ForDevOps wrapper#110
Conversation
There was a problem hiding this comment.
Pull request overview
Refactors the OIDC providers to remove duplicated JSON request boilerplate and consolidates the common “ForDevOps” token-fetch/exchange flow into shared helpers.
Changes:
- Added
buildJSONRequestandexecuteRequesthelpers and refactored JFrog, Cloudsmith, and GCP flows to use them. - Introduced
getAccessTokenForDevOpswrapper and updated the provider-specificGet*AccessTokenForDevOpsfunctions to delegate to it. - Added unit tests covering the new helpers and wrapper behavior.
Show a summary per file
| File | Description |
|---|---|
| internal/oidc/actions_oidc.go | Adds shared JSON request/execution helpers and a shared ForDevOps wrapper; refactors multiple providers to use the helpers. |
| internal/oidc/actions_oidc_test.go | Adds focused tests for the new helper functions and shared wrapper logic. |
Copilot's findings
- Files reviewed: 2/2 changed files
- Comments generated: 2
kbukum1
force-pushed
the
extract-oidc-json-helpers
branch
from
e2810c3 to
6fde8fc
Compare
kbukum1
force-pushed
the
extract-oidc-json-helpers
branch
2 times, most recently
from
87145b6 to
10ce848
Compare
Extract buildJSONRequest/executeRequest helpers to eliminate repeated HTTP boilerplate across OIDC token exchange functions. Refactor JFrog, Cloudsmith, and GCP providers to use the new helpers. Extract getAccessTokenForDevOps to consolidate the identical OIDC configuration check, GitHub token fetch, and provider token exchange pattern shared by all 5 ForDevOps wrappers. Azure and AWS are intentionally not refactored for JSON helpers: Azure uses form-encoded requests, AWS uses form-encoded + SigV4 signing. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
kbukum1
force-pushed
the
extract-oidc-json-helpers
branch
from
10ce848 to
b4cbb48
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Extract shared OIDC JSON helpers and ForDevOps wrapper
Follow-up from #108 — eliminates duplicated HTTP boilerplate and token exchange patterns across OIDC providers.
Changes
buildJSONRequest/executeRequesthelpers:buildJSONRequestsets onlyContent-TypeandUser-Agent(minimal); callers add provider-specific headers (e.g.,Accept,Authorization) between build and executegetAccessTokenForDevOpswrapper:Get*AccessTokenForDevOpsfunctions now delegate to this shared helpergetGitHubTokenfunction (Azure uses fixed-audienceGetTokenForAzureADExchange, others useGetToken(ctx, audience)) and aexchangeTokenfunctionTests added
TestBuildJSONRequest— headers, body, custom header addition, invalid URLTestExecuteRequest— success, non-200 status, connection failureTestGetAccessTokenForDevOps— OIDC not configured, token fetch failure, exchange failure with provider name, success with token passthroughAll existing tests continue to pass unchanged.