This Client Workload identification method is specifically designed for GitLab Jobs deployments.
The GitLab ID Token Ref Path identification method allows you to identify GitLab jobs based on the triggering branch or tag name. Aembit utilizes the ref_path claim within the OIDC token issued by GitLab.
Combine this method with additional Client Workload identification methods, such as project path for repository identification.
Applicable Deployment Type
Section titled “Applicable Deployment Type”This method is suitable for GitLab-based CI/CD Workflow deployments.
Configuration
Section titled “Configuration”Aembit Cloud
Section titled “Aembit Cloud”- Create a new Client Workload.
- Choose GitLab ID Token Ref Path for client identification.
- Construct a ref path manually using the format specified below and use it in the Value field.
- Format -
refs/{type}/{name}, where{type}can be eitherheadsfor branches ortagsfor tags, and{name}is the branch name or tag name used in the reference. - Example - refs/heads/feature-branch-1
Finding the GitLab ID Token Ref Path:
Section titled “Finding the GitLab ID Token Ref Path:”You can reconstruct ref path claim as follows:
- Determine ref type: Identify whether the workflow was triggered by a branch (then ref_type is heads) or a tag (ref_type is tags).
- Get the ref: Find the specific branch name (e.g., main) or tag name (e.g., v1.1.5).Check your workflow configuration or, if accessible, the GitLab UI for triggering event details.
- Combine the information: Assemble the ref path using the format:
refs/{type}/{name}.
Alternatively, you can inspect the GitLab OIDC token to extract the ref_path claim. For further details, please contact Aembit.