From b76ce3f6123eacbc7370e4ee3b69495bdfe872bc Mon Sep 17 00:00:00 2001
From: nirpel-sys <nirpel@jfrog.com>
Date: Tue, 20 Jan 2026 11:48:54 +0200
Subject: [PATCH] Create main.yml with OIDC token

Signed-off-by: nirpel-sys <nirpel@jfrog.com>
---
 .github/workflows/main.yml | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 .github/workflows/main.yml

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
new file mode 100644
index 000000000..d94828947
--- /dev/null
+++ b/.github/workflows/main.yml
@@ -0,0 +1,23 @@
+jobs:
+  build-and-publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write  # MANDATORY: Required to request the JWT from GitHub
+    
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+
+      # Setup JFrog CLI using OIDC instead of Secrets
+      - name: Set up JFrog CLI
+        uses: jfrog/setup-jfrog-cli@v4
+        env:
+          JF_URL: ${{ secrets.JF_URL }} # Still need the URL, but no token needed!
+        with:
+          version: latest
+          oidc-provider-name: github-oidc-provider # Must match name in JFrog
+          oidc-audience: jfrog-github              # Must match audience in JFrog
+
+      - name: Run JFrog Command
+        run: jf rt ping # This now works without any manual JF_ACCESS_TOKEN