From 05648e2f8f9f8e2a848df5fc6202286352346fcf Mon Sep 17 00:00:00 2001
From: Matt Moore <mattmoor@chainguard.dev>
Date: Fri, 17 May 2024 19:40:41 -0700
Subject: [PATCH] Allow the action to customize the domain.

This allows folks to host their own instance of Octo STS.

Signed-off-by: Matt Moore <mattmoor@chainguard.dev>
---
 README.md  | 2 +-
 action.yml | 5 +++++
 index.js   | 5 +++--
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index da5473c..9ca9793 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-# `octo-sts-action`
+# `octo-sts/action`
 
 This action federates the GitHub Actions identity token for a Github App token
 according to the Trust Policy in the target organization or repository.
diff --git a/action.yml b/action.yml
index c3c9039..a0949ad 100644
--- a/action.yml
+++ b/action.yml
@@ -8,6 +8,11 @@ description: |
   organization or repository.
 
 inputs:
+  domain:
+    description: |
+      The domain of the Octo STS instance to use to federate.
+    default: octo-sts.dev
+
   scope:
     description: |
       The org/repo of the repository to which to request access.
diff --git a/index.js b/index.js
index 1e5998f..3e03860 100644
--- a/index.js
+++ b/index.js
@@ -8,6 +8,7 @@ if (!actionsToken || !actionsUrl) {
 
 const scope = process.env.INPUT_SCOPE;
 const identity = process.env.INPUT_IDENTITY;
+const domain = process.env.INPUT_DOMAIN;
 
 if (!scope || !identity) {
     console.log(`::error::Missing required inputs 'scope' and 'identity'`);
@@ -37,9 +38,9 @@ async function fetchWithRetry(url, options = {}, retries = 3, initialDelay = 100
 (async function main() {
     // You can use await inside this function block
     try {
-        const res = await fetchWithRetry(`${actionsUrl}&audience=octo-sts.dev`, { headers: { 'Authorization': `Bearer ${actionsToken}` } }, 5);
+        const res = await fetchWithRetry(`${actionsUrl}&audience=${domain}`, { headers: { 'Authorization': `Bearer ${actionsToken}` } }, 5);
         const json = await res.json();
-        const res2 = await fetchWithRetry(`https://octo-sts.dev/sts/exchange?scope=${scope}&identity=${identity}`, { headers: { 'Authorization': `Bearer ${json.value}` } });
+        const res2 = await fetchWithRetry(`https://${domain}/sts/exchange?scope=${scope}&identity=${identity}`, { headers: { 'Authorization': `Bearer ${json.value}` } });
         const json2 = await res2.json();
 
         if (!json2.token) { console.log(`::error::${json2.message}`); process.exit(1); }