From 42813da4bdb64f30f341550ca9cfd38aee2f6803 Mon Sep 17 00:00:00 2001
From: Ziping Sun <me@szp.io>
Date: Wed, 24 Jul 2024 00:51:37 +0800
Subject: [PATCH] fix(ci): update the fingerprint for GitHub token endpoint
 (#56)

---
 terraform/github-action/main.tf | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/terraform/github-action/main.tf b/terraform/github-action/main.tf
index 41087b2..9491ad6 100644
--- a/terraform/github-action/main.tf
+++ b/terraform/github-action/main.tf
@@ -39,9 +39,13 @@ module "kms" {
 ## -----------------------------------------------------------------------------
 ## GRANT ACCESS TO ALIYUN
 ## -----------------------------------------------------------------------------A
+data "tls_certificate" "github" {
+  url = "https://token.actions.githubusercontent.com/.well-known/openid-configuration"
+}
+
 resource "alicloud_ims_oidc_provider" "github" {
   issuer_url          = "https://token.actions.githubusercontent.com"
-  fingerprints        = ["1b511abead59c6ce207077c0bf0e0043b1382612"]
+  fingerprints        = [data.tls_certificate.github.certificates[0].sha1_fingerprint]
   issuance_limit_time = "12"
   oidc_provider_name  = "GitHub"
   client_ids          = ["sts.aliyuncs.com"]