try again

irvingpop · irvingpop · commit a837e587ee1f · 2026-01-25T11:38:23.000-08:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -202,15 +202,22 @@ jobs:
           echo "ref=${{ github.ref }}"
           echo "event=${{ github.event_name }}"
           echo "head=${{ github.event.pull_request.head.repo.full_name }}"
+          if [ -z "$ACTIONS_ID_TOKEN_REQUEST_URL" ] || [ -z "$ACTIONS_ID_TOKEN_REQUEST_TOKEN" ]; then
+            echo "OIDC env missing"
+            exit 0
+          fi
           token_json=$(curl -sS -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
             "${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=sts.amazonaws.com" || true)
-          if [ -z "$token_json" ]; then
+          if [ -z "$token_json" ] || [ "$token_json" = "null" ]; then
             echo "OIDC token missing"
             exit 0
           fi
-          python - <<'PY'
-          import base64,json,sys
-          token_json = sys.stdin.read()
+          OIDC_TOKEN_JSON="$token_json" python - <<'PY'
+          import base64,json,os,sys
+          token_json = os.environ.get("OIDC_TOKEN_JSON","")
+          if not token_json:
+              print("OIDC token missing")
+              sys.exit(0)
           token = json.loads(token_json).get("value","")
           if not token:
               print("OIDC token missing")
@@ -221,7 +228,6 @@ jobs:
           print(f"oidc.aud={data.get('aud')}")
           print(f"oidc.sub={data.get('sub')}")
           PY
-          <<<"$token_json"
 
       - name: Determine Docker tag
         id: docker-tag
