diff --git a/.github/workflows/oidc-test.yml b/.github/workflows/oidc-test.yml
index ab0033685..3928fa183 100644
--- a/.github/workflows/oidc-test.yml
+++ b/.github/workflows/oidc-test.yml
@@ -33,42 +33,32 @@ jobs:
# Generating a unique name for the Integration Configuration that will be created in the following step
- name: Generate unique OIDC config name
shell: bash
- run: echo "OIDC_CONFIG_NAME=oidc-integration-test-config-$(date +%Y%m%d%H%M%S)" >> $GITHUB_ENV
+ run: echo "OIDC_PROVIDER_NAME=oidc-integration-test-provider-$(date +%Y%m%d%H%M%S)" >> $GITHUB_ENV
- name: Create OpenID Connect integration
shell: bash
run: |
curl -X POST "${{ secrets.JFROG_PLATFORM_URL }}/access/api/v1/oidc" -H "Content-Type: application/json" -H "Authorization: Bearer ${{ secrets.JFROG_PLATFORM_RT_TOKEN }}" -d '{
- "name": "${{ env.OIDC_CONFIG_NAME }}",
+ "name": "${{ env.OIDC_PROVIDER_NAME }}",
"issuer_url": "https://token.actions.githubusercontent.com/",
"provider_type": "GitHub",
"description": "This is a test configuration created for OIDC-Access integration test" }'
- - name: Set subject
- shell: bash
- run: |
- if [[ $GITHUB_EVENT_NAME == 'pull_request_target' ]]; then
- echo "SUB=repo:${{ github.repository_owner }}/setup-jfrog-cli:pull_request" >> "$GITHUB_ENV"
- else
- echo "SUB=repo:${{ github.repository_owner }}/setup-jfrog-cli:ref:${{ github.ref }}" >> "$GITHUB_ENV"
- fi
-
- name: Create OIDC integration Identity Mapping
shell: bash
run: |
- curl -X POST ${{ secrets.JFROG_PLATFORM_URL }}/access/api/v1/oidc/${{ env.OIDC_CONFIG_NAME }}/identity_mappings \
+ curl -X POST ${{ secrets.JFROG_PLATFORM_URL }}/access/api/v1/oidc/${{ env.OIDC_PROVIDER_NAME }}/identity_mappings \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer ${{ secrets.JFROG_PLATFORM_RT_TOKEN }}' \
-d '{
"name": "oidc-test-identity-mapping",
"priority": "1",
"claims": {
- "sub": "${{ env.SUB }}",
- "iss": "https://token.actions.githubusercontent.com"
+ "repository": "${{ github.repository_owner }}/setup-jfrog-cli"
},
"token_spec": {
- "scope": "applied-permissions/admin",
- "expires_in": 60
+ "scope": "applied-permissions/groups:readers",
+ "expires_in": 30
}
}'
@@ -77,7 +67,7 @@ jobs:
env:
JF_URL: ${{ secrets.JFROG_PLATFORM_URL }}
with:
- oidc-provider-name: ${{ env.OIDC_CONFIG_NAME }}
+ oidc-provider-name: ${{ env.OIDC_PROVIDER_NAME }}
- name: Test JFrog CLI
run: |
@@ -88,4 +78,4 @@ jobs:
shell: bash
if: always()
run: |
- curl -X DELETE ${{ secrets.JFROG_PLATFORM_URL }}/access/api/v1/oidc/${{ env.OIDC_CONFIG_NAME }} -H 'Authorization: Bearer ${{ secrets.JFROG_PLATFORM_RT_TOKEN }}'
+ curl -X DELETE ${{ secrets.JFROG_PLATFORM_URL }}/access/api/v1/oidc/${{ env.OIDC_PROVIDER_NAME }} -H 'Authorization: Bearer ${{ secrets.JFROG_PLATFORM_RT_TOKEN }}'
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 000000000..7cd0fc530
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,16 @@
+# 📖 Guidelines
+
+- If the existing tests do not already cover your changes, please add tests.
+- Please run `npm run format` for formatting the code before submitting the pull request.
+
+# ⚒️ Developing the Action code
+
+## Build the code
+
+If you'd like to help us develop and enhance this Action, this section is for you.
+
+To build and run the Action tests, run
+
+```bash
+npm i && npm t
+```
diff --git a/README.md b/README.md
index 54800d38f..eb4f64932 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-[](#readme)
+[](#readme)
@@ -9,46 +9,69 @@
-This GitHub Action downloads, installs and configures JFrog CLI, so that it can be used as part of the workflow.
+## Table of Contents
+
+- [Overview](#overview)
+- [Usage](#usage)
+- [Authorization](#authorization)
+- [Setting the build name and build number when publishing build-info to Artifactory](#setting-the-build-name-and-build-number-when-publishing-build-info-to-artifactory)
+- [Setting JFrog CLI version](#setting-jfrog-cli-version)
+- [Downloading JFrog CLI from Artifactory](#downloading-jfrog-cli-from-artifactory)
+- [Set up a FREE JFrog Environment in the Cloud](#set-up-a-free-jfrog-environment-in-the-cloud)
+- [Example projects](#example-projects)
+- [Contributions](#contributions)
+- [References](#references)
+
+## Overview
+
+This GitHub Action downloads, installs and configures [JFrog CLI](https://docs.jfrog-applications.jfrog.io/jfrog-applications/jfrog-cli), so that it can be used as part of the workflow.
Additionally, the Action incorporates the following features when utilizing JFrog CLI to interact with the JFrog Platform:
-* Two distinct methods are available for authenticating with the JFrog Platform. Explore more details [here](#authorization)
-* There's no need to add the *build name* and *build number* options and arguments to commands which accept them.
-All build related operations will be automatically recorded with the *Workflow Name* as build name and *Run Number* as build number.
-# Usage
-## General
+- Two distinct methods are available for authenticating with the JFrog Platform. Explore more details [here](#authorization)
+- There's no need to add the _build name_ and _build number_ options and arguments to commands which accept them.
+ All build related operations will be automatically recorded with the _Workflow Name_ as build name and _Run Number_ as build number.
+
+## Usage
```yml
- uses: jfrog/setup-jfrog-cli@v3
- run: jf --version
```
-# Authorization
+
+## Authorization
+
JFrog CLI operates in conjunction with the JFrog Platform. In order to facilitate this connection, certain connection details of the JFrog Platform must be provided.
There exist two methods to provide these details, and you only need to choose **one** method:
-* The connection details of the JFrog platform can be stored as secrets. Read more about it [here](#storing-jfrog-connection-details-as-secrets).
-* The connection details of the JFrog platform can be auto-generated using OpenID Connect protocol. Read more about it [here](#connect-using-openid-connect).
+
+ Connecting to JFrog using secrets
+
+### General
+You can choose one of the following two methods to set the connection details to the JFrog Platform as secrets:
+
+* [Storing the connection details using separate environment variables](#storing-the-connection-details-using-separate-environment-variables)
+* [Storing the connection details using single Config Token](#storing-the-connection-details-using-single-config-token)
+
+### Storing the connection details using separate environment variables
-## Storing JFrog connection details as secrets
The connection details of the JFrog platform used by JFrog CLI can be stored as secrets.
You can use one of the following two methods to define and store the JFrog Platform connection details as secrets.
-1. [Storing the connection details using separate environment variables](#Storing-the-connection-details-using-separate-environment-variables).
-2. [Storing the connection details using single Config Token](#Storing-the-connection-details-using-single-Config-Token).
-### Storing the connection details using separate environment variables
You can set the connection details to your JFrog Platform by using one of the following environment variables combinations:
+
1. JF_URL (no authentication)
2. JF_URL + JF_USER + JF_PASSWORD (basic authentication)
3. JF_URL + JF_ACCESS_TOKEN (authentication using a JFrog Access Token)
You can use these environment variables in your workflow as follows:
+
```yml
- uses: jfrog/setup-jfrog-cli@v3
env:
- # JFrog platform url (for example: https://acme.jfrog.io)
+ # JFrog platform url (for example: https://acme.jfrog.io)
JF_URL: ${{ secrets.JF_URL }}
-
+
# Basic authentication credentials
JF_USER: ${{ secrets.JF_USER }}
JF_PASSWORD: ${{ secrets.JF_PASSWORD }}
@@ -59,198 +82,218 @@ You can use these environment variables in your workflow as follows:
jf rt ping
```
-| Important: If both Config Token(JF_ENV_*) and separate environment variables(JF_URL, ...) are provided, the default config will be the Config Token. To make the above separate environment variables as the default config use ```jf c use setup-jfrog-cli-server``` |
-|----------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Important: If both Config Token(`JF_ENV_*`) and separate environment variables(`JF_URL`, ...) are provided, the default config will be the Config Token. To make the above separate environment variables as the default config use `jf c use setup-jfrog-cli-server` |
+| --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
### Storing the connection details using single Config Token
-1. Make sure JFrog CLI is installed on your local machine by running ```jf -v```.
-2. Configure the details of the JFrog platform by running ```jf c add```.
-3. Export the details of the JFrog platform you configured, using the server ID you chose. Do this by running ```jf c export ```.
+
+1. Make sure JFrog CLI is installed on your local machine by running `jf -v`.
+2. Configure the details of the JFrog platform by running `jf c add`.
+3. Export the details of the JFrog platform you configured, using the server ID you chose. Do this by running `jf c export `.
4. Copy the generated Config Token to the clipboard and save it as a secret on GitHub.
To use the saved JFrog platform configuration in the workflow, all you need to do it to expose the secret to the workflow.
-The secret should be exposed as an environment variable with the *JF_ENV_* prefix.
+The secret should be exposed as an environment variable with the _JF*ENV*_ prefix.
Here's how you do this:
+
```yml
- uses: jfrog/setup-jfrog-cli@v3
env:
- JF_ENV_1: ${{ secrets.JF_SECRET_ENV_1 }}
+ JF_ENV_1: ${{ secrets.JF_SECRET_ENV_1 }}
- run: |
- # Ping the server
- jf rt ping
+ # Ping the server
+ jf rt ping
```
-As you can see in the example above, we created a secret named *JF_SECRET_ENV_1* and exposed it to the workflow
-as the *JF_ENV_1* environment variable. That's it - the ping command will now ping the configured Artifactory server.
+
+As you can see in the example above, we created a secret named _JF_SECRET_ENV_1_ and exposed it to the workflow
+as the _JF_ENV_1_ environment variable. That's it - the ping command will now ping the configured Artifactory server.
If you have multiple Config Tokens as secrets, you can use all of them in the workflow as follows:
+
```yml
- uses: jfrog/setup-jfrog-cli@v3
env:
- JF_ENV_1: ${{ secrets.JF_SECRET_ENV_1 }}
- JF_ENV_2: ${{ secrets.JF_SECRET_ENV_2 }}
+ JF_ENV_1: ${{ secrets.JF_SECRET_ENV_1 }}
+ JF_ENV_2: ${{ secrets.JF_SECRET_ENV_2 }}
- run: |
- # Set the JFrog configuration to use by providing the server ID (configured by the 'jf c add' command).
- jf c use local-1
- # Ping local-1 Artifactory server
- jf rt ping
- # Now use the second sever configuration exposed to the Action.
- jf c use local-2
- # Ping local-2 Artifactory server
- jf rt ping
+ # Set the utilized JFrog configuration by providing the server ID (configured by the 'jf c add' command).
+ jf c use local-1
+ # Ping local-1 Artifactory server
+ jf rt ping
+ # Now use the second sever configuration exposed to the Action.
+ jf c use local-2
+ # Ping local-2 Artifactory server
+ jf rt ping
```
-| Important: When exposing more than one JFrog configuration to the Action, you should always add the ```jf c use``` command to specify the server to use. |
-|----------------------------------------------------------------------------------------------------------------------------------------------------------|
-## Connect using OpenID Connect
-The sensitive connection details, such as the access token used by JFrog CLI on the JFrog platform, can be automatically generated by the action instead of storing it as a secret in GitHub.
+| Important: When exposing more than one JFrog configuration to the Action, you should always add the `jf c use` command to specify the server to use. |
+| ---------------------------------------------------------------------------------------------------------------------------------------------------- |
+
+
+
+
+ Connecting to JFrog using OIDC (OpenID Connect)
+
+### General
+The sensitive connection details, such as the access token used by JFrog CLI on the JFrog platform, can be automatically generated by the action instead of storing it as a secret in GitHub.
This is made possible by leveraging the OpenID-Connect (OIDC) protocol. This protocol can authenticate the workflow issuer and supply a valid access token, requiring only the JF_URL environment variable.
To utilize the OIDC protocol, follow these steps:
-### Platform configuration (To be performed once):
-1. **[Configure an OIDC Integration](https://jfrog.com/help/r/jfrog-platform-administration-documentation/configure-an-oidc-integration)**: This phase sets an integration between the Action to the JFrog platform.
+
+### JFrog Platform configuration
+
+1. **Configure an OIDC Integration**: This phase sets an integration between GitHub Actions to the JFrog platform.
+ 1. Navigate to the Administration tab In the JFrog Platform UI
+ 2. Click `General` | `Manage Integrations`
+ 3. Click `New Integration` | `OpenID Connect`:
+ 
+ 4. Configure the OIDC integration:
+ 
| NOTE: |
-|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| The value specified as the 'Provider Name' should be used as the oidc-provider-name input in [Workflow configuration step 2](#workflowstep2) below. |
| The 'Audience' field does not represent the 'aud' claim for insertion into the identity-mapping in [Platform configuration step 2](#platformstep2) below. Only the claims included in the Claims Json created during step 2 will be validated. |
-2. **[Configure an identity mapping](https://jfrog.com/help/r/jfrog-platform-administration-documentation/configure-identity-mappings)**: This phase generates a reference token for authenticating against the JFrog platform. It involves defining the necessary details to enable server authentication of the action issuer and granting the issuer an appropriate access token.
-You have the flexibility to define any valid list of claims required for request authentication. You can check a list of the possible claims [here](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#understanding-the-oidc-token).
-Example Claims JSON:
- ```json
- {
- "sub": "repo:my-user-name/project1:ref:refs/heads/main",
- "aud": "https://github.com/my-user-name",
- "ref": "refs/heads/main",
- "repository": "my-user-name/project1",
- "iss": "https://token.actions.githubusercontent.com"
- }
- ```
-### Workflow configuration (To be performed per workflow):
-1. **Set required permissions**: In the course of the protocol's execution, it's imperative to acquire a JSON Web Token (JWT) from GitHub's OIDC provider. To request this token, it's essential to configure the specified permission in the workflow file:
- ```yml
- permissions:
- id-token: write
- ```
-
-
-2. **Pass the 'oidc-provider-name' input to the Action (Required)**: The 'oidc-provider-name' parameter designates the OIDC configuration whose one of its identity mapping should align with the generated JWT claims. This input needs to align with the 'Provider Name' value established within the OIDC configuration in the JFrog Platform.
-3. **Pass the 'oidc-audience' input to the Action (Optional)**: The 'oidc-audience' input defines the intended recipients of an ID token (JWT), ensuring access is restricted to authorized recipients for the cloud (Artifactory). By default, it contains the URL of the GitHub repository owner.
-This value, if transmitted, will be used as an argument in core.getIDToken(), which generates the JWT. It enforces a condition, allowing only workflows within the designated repository/organization to access the cloud role. Read more about it [here](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#customizing-the-audience-value).
+2. **Configure an identity mapping**: This phase sets an integration between a particular GitHub repository to the JFrog platform.
+
+ An identity mapping is a configuration object utilized by the JFrog Platform to associate incoming OIDC claims with particular selected fields. These fields might include `repository`, `actor`, `workflow`, and others.
+ To configure the identity mapping, click on the identity mapping created in section 1 and then click on `Add Identity Mapping`. Fill in priority 1 and fill out all required fields:
+ 
+
+ You have the flexibility to define any valid list of claims required for request authentication. You can check a list of the possible claims [here](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#understanding-the-oidc-token).
+ Example Claims JSON:
+
+ ```json
+ {
+ "repository": "repository-owner/repository-name"
+ }
+ ```
+
+### Workflow configuration
+
+1. **Set required permissions**: In the course of the protocol's execution, it's imperative to acquire a JSON Web Token (JWT) from GitHub's OIDC provider. To request this token, it's essential to configure the specified permission in the workflow file:
```yml
- - name: Install JFrog CLI
- uses: jfrog/setup-jfrog-cli@v3
- env:
- JF_URL: ${{ secrets.JF_URL }}
- with:
- oidc-provider-name:
- oidc-audience:
+ permissions:
+ id-token: write
```
+
+
+2. **Pass the 'oidc-provider-name' input to the Action (Required)**: The 'oidc-provider-name' parameter designates the OIDC configuration whose one of its identity mapping should align with the generated JWT claims. This input needs to align with the 'Provider Name' value established within the OIDC configuration in the JFrog Platform.
+3. **Pass the 'oidc-audience' input to the Action (Optional)**: The 'oidc-audience' input defines the intended recipients of an ID token (JWT), ensuring access is restricted to authorized recipients for the JFrog Platform. By default, it contains the URL of the GitHub repository owner. It enforces a condition, allowing only workflows within the designated repository/organization to request an access token. Read more about it [here](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#customizing-the-audience-value).
+
+Example step utilizing OpenID Connect:
+
+```yml
+- uses: jfrog/setup-jfrog-cli@v3
+ env:
+ JF_URL: ${{ secrets.JF_URL }}
+ with:
+ oidc-provider-name: setup-jfrog-cli
+```
+
+
+
## Setting the build name and build number when publishing build-info to Artifactory
+
The Action automatically sets the following environment variables:
-*JFROG_CLI_BUILD_NAME* and *JFROG_CLI_BUILD_NUMBER* with the workflow name and run number respectively.
+_JFROG_CLI_BUILD_NAME_ and _JFROG_CLI_BUILD_NUMBER_ with the workflow name and run number respectively.
You therefore don't need to specify the build name and build number on any of the build related JFrog CLI commands.
In the following example, all downloaded files are registered as dependencies of the build and all uploaded files
-are registered as the build artifacts.
+are registered as the build artifacts.
+
```yml
- run: |
- jf rt dl artifacts/
- jf rt u aether artifacts/
- jf rt bp
+ jf rt dl artifacts/
+ jf rt u aether artifacts/
+ jf rt bp
```
## Setting JFrog CLI version
-By default, the JFrog CLI version set in [action.yml](https://github.com/jfrog/setup-jfrog-cli/blob/master/action.yml) is used. To set a specific version, add the *version* input as follows:
+
+By default, the JFrog CLI version set in [action.yml](https://github.com/jfrog/setup-jfrog-cli/blob/master/action.yml) is used. To set a specific version, add the _version_ input as follows:
```yml
- uses: jfrog/setup-jfrog-cli@v3
with:
- version: X.Y.Z
+ version: X.Y.Z
```
-It is also possible to set the latest JFrog CLI version by adding the *version* input as follows:
+It is also possible to set the latest JFrog CLI version by adding the _version_ input as follows:
```yml
- uses: jfrog/setup-jfrog-cli@v3
with:
- version: latest
+ version: latest
```
| Important: Only JFrog CLI versions 1.29.0 or above are supported. |
-| --- |
+| ----------------------------------------------------------------- |
## Downloading JFrog CLI from Artifactory
+
If your agent has no Internet access, you can configure the workflow to download JFrog CLI from a [remote repository](https://www.jfrog.com/confluence/display/JFROG/Remote+Repositories) in your JFrog Artifactory, which is configured to proxy the official download URL.
Here's how you do this:
1. Create a remote repository in Artifactory. Name the repository jfrog-cli-remote and set its URL to https://releases.jfrog.io/artifactory/jfrog-cli/
-2. Set *download-repository* input to jfrog-cli-remote:
+2. Set _download-repository_ input to jfrog-cli-remote:
+
```yml
- uses: jfrog/setup-jfrog-cli@v3
env:
- # JFrog platform url (for example: https://acme.jfrog.io)
- JF_URL: ${{ secrets.JF_URL }}
-
- # Basic authentication credentials
- JF_USER: ${{ secrets.JF_USER }}
- JF_PASSWORD: ${{ secrets.JF_PASSWORD }}
-
- # JFrog platform access token (if JF_USER and JF_PASSWORD are not provided)
- # JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }}
-
- # Same can be achieved with a Config Token using JF_ENV_1 environment variable
- # JF_ENV_1: ${{ secrets.JF_SECRET_ENV_1 }}
+ # JFrog platform url (for example: https://acme.jfrog.io)
+ JF_URL: ${{ secrets.JF_URL }}
+
+ # Basic authentication credentials
+ JF_USER: ${{ secrets.JF_USER }}
+ JF_PASSWORD: ${{ secrets.JF_PASSWORD }}
+
+ # JFrog platform access token (if JF_USER and JF_PASSWORD are not provided)
+ # JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }}
+
+ # Same can be achieved with a Config Token using JF_ENV_1 environment variable
+ # JF_ENV_1: ${{ secrets.JF_SECRET_ENV_1 }}
with:
- download-repository: jfrog-cli-remote
+ download-repository: jfrog-cli-remote
```
-* See instructions for configuring the JFrog connection details under [Storing JFrog connection details as secrets](#storing-jfrog-connection-details-as-secrets).
-
+- See instructions for configuring the JFrog connection details under [Storing JFrog connection details as secrets](#storing-jfrog-connection-details-as-secrets).
## Set up a FREE JFrog Environment in the Cloud
+
Need a FREE JFrog environment in the cloud to use with this GitHub Action? Just run one of the following commands in your terminal. The commands will do the following:
1. Install JFrog CLI on your machine.
2. Create a FREE JFrog environment in the cloud for you.
**MacOS and Linux using cUrl**
+
```
curl -fL "https://getcli.jfrog.io?setup" | sh
```
**Windows using PowerShell**
+
```
powershell "Start-Process -Wait -Verb RunAs powershell '-NoProfile iwr https://releases.jfrog.io/artifactory/jfrog-cli/v2-jf/[RELEASE]/jfrog-cli-windows-amd64/jf.exe -OutFile $env:SYSTEMROOT\system32\jf.exe'" ; jf setup
```
## Example projects
-To help you get started, you can use [these](https://github.com/jfrog/project-examples/tree/master/github-action-examples) sample projects on GitHub.
-# Developing the Action code
-## Build the code
-If you'd like to help us develop and enhance this Action, this section is for you.
-
-To build and run the Action tests, run
-```bash
-npm i && npm t
-```
+To help you get started, you can use [these](https://github.com/jfrog/project-examples/tree/master/github-action-examples) sample projects on GitHub.
-## Code contributions
-We welcome code contributions through pull requests.
+## Contributions
-Please help us enhance and improve this Action.
-### Pull requests guidelines
-- If the existing tests do not already cover your changes, please add tests.
-- Please run `npm run format` for formatting the code before submitting the pull request.
+We welcome pull requests from the community. To help us improve this project, please read our [Contribution](./CONTRIBUTING.md#-guidelines) guide.
-# License
-This Action is licensed under the [Apache License 2.0](https://github.com/jfrog/setup-jfrog-cli/blob/master/LICENSE).
+## References
-# References
-- [JFrog CLI Documentation](https://www.jfrog.com/confluence/display/CLI/JFrog+CLI)
-- [GitHub Actions Documentation](https://help.github.com/en/categories/automating-your-workflow-with-github-actions)
+- [JFrog CLI Documentation](https://docs.jfrog-applications.jfrog.io/jfrog-applications/jfrog-cli)
+- [GitHub Actions Documentation](https://docs.github.com/en/actions)
+- [Security hardening for GitHub Actions](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions)
+- [Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)
diff --git a/images/configure_oidc_integration.png b/images/configure_oidc_integration.png
new file mode 100644
index 000000000..fe27ac883
Binary files /dev/null and b/images/configure_oidc_integration.png differ
diff --git a/images/identity_mapping.png b/images/identity_mapping.png
new file mode 100644
index 000000000..effb47662
Binary files /dev/null and b/images/identity_mapping.png differ
diff --git a/images/new_oidc_integration.png b/images/new_oidc_integration.png
new file mode 100644
index 000000000..e03473597
Binary files /dev/null and b/images/new_oidc_integration.png differ
diff --git a/readme_image.png b/images/readme_image.png
similarity index 100%
rename from readme_image.png
rename to images/readme_image.png