Auto-detect OIDC/vault actions in safe-outputs steps and add id-token:write permission

[Copilot]

Enterprise environments use OIDC-based secret managers (AWS Secrets Manager, Azure Key Vault, HashiCorp Vault, etc.) via GitHub Actions steps in safe-outputs.steps. The safe-outputs job was missing id-token: write, causing OIDC authentication to fail silently.

Changes

• Auto-detection: ComputePermissionsForSafeOutputs now scans safe-outputs.steps for known OIDC/vault actions and automatically adds id-token: write to the safe-outputs job permissions
• Known actions detected: aws-actions/configure-aws-credentials, azure/login, google-github-actions/auth, hashicorp/vault-action, cyberark/conjur-action
• Explicit override: New id-token field on safe-outputs allows overriding auto-detection:
  • id-token: write — always add the permission (even if no vault action is detected)
  • id-token: none — suppress auto-detection (opt-out)
• JSON schema updated: pkg/parser/schemas/main_workflow_schema.json now includes the id-token field in the safe-outputs object definition, enabling IDE autocomplete and schema validation

safe-outputs:
  id-token: write   # explicit opt-in
  steps:
    - uses: aws-actions/configure-aws-credentials@v4  # also triggers auto-detection
      with:
        role-to-assume: arn:aws:iam::123456789:role/my-role
        aws-region: us-east-1

Original prompt

Update the compiler to automatically detect secret vault/OIDC actions in safe-outputs.steps and add the id-token:write permission to the safe-outputs job.

See #18542 for list.

Also add optional front matter field to safe output to enable this permission.

safe-outputs:
  id-token: write | none

To overwrite the behavior

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[pelikhan]

@copilot update main JSON schema

[Copilot]

@copilot update main JSON schema

Done in e2ee8c9. Added id-token field to the safe-outputs object in pkg/parser/schemas/main_workflow_schema.json with enum: ["write", "none"] and a description explaining auto-detection behavior.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
• https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v3
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha get --local ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet http.https://gitbash e6b16e63fbb8fe3d-c (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -unreachable=false /tmp/go-build4190851934/b072/vet.cfg /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha json ]; then \ cp .github/aw/actions-lock.json -p (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha -unreachable=false /tmp/go-build4190851934/b012/vet.cfg 0851934/b248/vet.cfg (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v8
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -unreachable=false /tmp/go-build4190851934/b015/vet.cfg 0851934/b244/vet.cfg (http block)
• https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha o actions/setup-cli/install.sh..." (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha (http block)
• https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[Copilot]

Pull request overview

Adds automatic id-token: write permission handling for the safe-outputs job when user-provided safe-outputs.steps include known OIDC/vault credential actions, with an explicit safe-outputs.id-token override and schema support.

Changes:

• Auto-detects known OIDC/vault actions in safe-outputs.steps and adds id-token: write to computed safe-outputs job permissions.
• Adds safe-outputs.id-token: write|none override parsing to force-enable or opt out of auto-detection.
• Extends the main workflow JSON schema to include the new safe-outputs.id-token field and adds unit tests for detection/permission computation.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
pkg/workflow/safe_outputs_permissions.go	Adds OIDC/vault action detection from steps and conditionally sets id-token: write.
pkg/workflow/safe_outputs_permissions_test.go	Adds tests for step detection and permission computation around id-token.
pkg/workflow/safe_outputs_config.go	Parses new safe-outputs.id-token override from frontmatter.
pkg/workflow/compiler_types.go	Extends SafeOutputsConfig with IDToken override field.
pkg/parser/schemas/main_workflow_schema.json	Updates schema so safe-outputs.id-token is validated/autocompleted.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

stepsRequireIDToken duplicates action-ref parsing logic that already exists in this package (extractActionRepo in pkg/workflow/action_pins.go). Reusing the shared helper would reduce drift and keep behavior consistent across features that inspect uses: strings (e.g., handling of refs without @).

Suggested change

	// Strip the @version suffix before matching
	actionRef, _, _ := strings.Cut(uses, "@")
	// Use shared helper to extract the action repository from the uses: string
	actionRef := extractActionRepo(uses)
	if actionRef == "" {
	continue
	}

[Copilot]

The new safe-outputs.id-token parsing logic isn’t covered by tests that exercise extractSafeOutputsConfig. Adding a focused test for accepted values ("write"/"none") and for ignoring invalid values would help prevent regressions in config parsing.