GitHub Actions

Namespace integrates with GitHub's OIDC provider to allow easy access to a Namespace workspace from GitHub action jobs. For this, you need to enable your job or workflow to request GitHub's OIDC JWT ID tokens by adding id-token: write permissions, which allows your job/workflow to request OIDC JWT ID tokens.

Prerequisites

Install the Namespace GitHub application.

  1. Open the Dashboard.
  2. On the Federation page, click on Connect Organization under Associated GitHub organizations section.
  3. In the pop-up window, select the organization to which you want to install the Namespace app.
  4. Finally, choose if you want to install the app to all repositories or just a selection.

Grant id-token: write permissions to your workflow

To allow GitHub Actions to authenticate with Namespace.

Namespace-managed GitHub Runners don't need id-token: write permissions. They are already authenticated with Namespace.

Details

You can add the permission at the workflow level:

name: Example workflow
permissions:
  id-token: write

In this case, all the jobs within the workflow may use Namespace.

If you need to authorize only a single job, set the permission within that job. For example:

name: Example workflow
jobs:
  example_job:
    permissions:
      id-token: write

After granting these permissions, simply use the namespacelabs/nscloud-setup action to get access to Namespace.