Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/CODEOWNERS
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
* @riptideslabs/devs
12 changes: 12 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
name: CI

on:
push:
pull_request:

jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: raven-actions/actionlint@v2
8 changes: 8 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,14 @@

GitHub Action to install the [Riptides](https://riptides.io) daemon and join a control plane from a GitHub Actions runner. Authentication uses GitHub Actions OIDC, no join tokens or long-lived credentials required.

## What is Riptides?

Riptides is a zero-trust networking layer that runs as a kernel module on your hosts. For CI pipelines it solves two problems:

**Secure secret injection** — instead of storing cloud credentials, API keys, or service tokens in GitHub secrets, Riptides gives the runner a verified SPIFFE workload identity and enforces your policy at the network layer. Your CI job calls AWS, S3, internal APIs, or any other service exactly as it would in production — credentials are injected transparently based on the runner's identity, without ever touching a secret.

**Connection visibility** — every outbound and inbound TCP connection made during a CI job is tracked with full workload identity context: which workflow, which repository, which actor made the call, and whether it was allowed or denied by policy. This gives you the same traffic observability and access control in CI that you have across the rest of your fleet.

## Prerequisites

1. A Riptides control plane with a `GitHubActionsVerifier` configured for your repository owner:
Expand Down
5 changes: 3 additions & 2 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,5 +27,6 @@ runs:
DAEMON_VERSION: ${{ inputs.version }}
run: |
curl -fsSL https://docs.riptides.io/install.sh | sudo -E bash -s -- \
--control-plane "${{ inputs.controlplane-url }}" \
--github-actions "${{ inputs.audience }}"
--controlplane-url "${{ inputs.controlplane-url }}" \
--plugin GitHubActions \
--github-actions-audience "${{ inputs.audience }}"
Loading