When invoking attestProvenance there is an optional issuer parameter to defaults to the URL for OIDC issuer in the primary GitHub tenant ("https://token.actions.githubusercontent.com"). When running in a different tenant, the caller must derive and pass-in the correct issuer value so that the retrieved OIDC token can be properly validated.
It would be more convenient to the caller, if the default issuer was derived automatically from the current execution context.
When invoking
attestProvenancethere is an optionalissuerparameter to defaults to the URL for OIDC issuer in the primary GitHub tenant ("https://token.actions.githubusercontent.com"). When running in a different tenant, the caller must derive and pass-in the correct issuer value so that the retrieved OIDC token can be properly validated.It would be more convenient to the caller, if the default issuer was derived automatically from the current execution context.