Namespace integrates with GitHub's OIDC provider to allow easy access to a Namespace workspace from GitHub action jobs.
For this, you need to enable your job or workflow to request
GitHub's OIDC JWT ID tokens
id-token: write permissions, which allows your job/workflow to request OIDC JWT ID tokens.
Install the Namespace GitHub application.
- Open the Dashboard.
- On the Federation page, click on Connect Organization under Associated GitHub organizations section.
- In the pop-up window, select the organization to which you want to install the Namespace app.
- Finally, choose if you want to install the app to all repositories or just a selection.
id-token: write permissions to your workflow
To allow GitHub Actions to authenticate with Namespace.
Namespace-managed GitHub Runners don't need
id-token: write permissions. They are already authenticated with Namespace.
You can add the permission at the workflow level:
name: Example workflow permissions: id-token: write
In this case, all the jobs within the workflow may use Namespace.
If you need to authorize only a single job, set the permission within that job. For example:
name: Example workflow jobs: example_job: permissions: id-token: write
After granting these permissions, simply use the
namespacelabs/nscloud-setup action to get access to Namespace.