Add guide for using Octopus Deploy's OIDC authentication during a GitHub Action Workflow

[zentron]

Why:

As per discussions, we are looking for Octopus Deploy's OIDC guide to be included alongside other 3rd party vendor guides.

What's being changed (if available, include any code snippets, screenshots, or gifs):

Additional page of content outlining how to use OIDC with Octopus Deploy to authenticate during a GitHub Action Workflow. The formatting is duplicated from the other existing guides.

Check off the following:

• A subject matter expert (SME) has reviewed the technical accuracy of the content in this PR. In most cases, the author can be the SME. Open source contributions may require a SME review from GitHub staff.
• The changes in this PR meet the docs fundamentals that are required for all content.
• All CI checks are passing.

[welcome]

Thanks for opening this pull request! A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.

[github-actions]

Thanks for submitting a PR to the GitHub Docs project!

In order to review and merge PRs most efficiently, we require that all PRs grant maintainer edit access before we review them. For information on how to do this, see the documentation.

[github-actions]

Automatically generated comment ℹ️

This comment is automatically generated and will be overwritten every time changes are committed to this branch.

The table contains an overview of files in the content directory that have been changed in this pull request. It's provided to make it easy to review your changes on the staging site. Please note that changes to the data directory will not show up in this table.

---

Content directory changes

You may find it useful to copy this table into the pull request summary. There you can edit it to share links to important articles or changes and to give a high-level overview of how the changes in your pull request support the overall goals of the pull request.

Source	Preview	Production	What Changed
New file: actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-octopus-deploy.md	fpt ghec	fpt ghec
actions/security-for-github-actions/security-hardening-your-deployments/index.md	fpt ghec ghes@ 3.15 3.14 3.13 3.12 3.11 3.10	fpt ghec ghes@ 3.15 3.14 3.13 3.12 3.11 3.10

---

fpt: Free, Pro, Team
ghec: GitHub Enterprise Cloud
ghes: GitHub Enterprise Server

[nguyenalex836]

@zentron Thanks so much for opening a PR! I'll get this triaged for review ✨

As per discussions

Do you by chance have a link where we can view these discussions? 💛

[zentron]

@nguyenalex836 apologies this was direct correspondence with Bekah Whittle from inside the GitHub team.

[github-actions]

Thanks for opening a pull request! We've triaged this issue for technical review by a subject matter expert 👀

[nguyenalex836]

@zentron No problem at all! We'll ask the SMEs on this topic to weigh on this, and will provide feedback regarding best next steps as soon as we hear back 💛

[subatoi]

Hello 👋 I'm afraid we haven't heard anything internally about this. As we only document GitHub products, features, tools, and extensions (we may also mention or link to third-party tools to demonstrate how a feature works) we do not accept pull requests to document third-party tools or integrations unless they were codeveloped with GitHub.

For this reason, we will be closing this PR. If you would like to update our docs with content outside of third-party tools or integrations, feel free to open another PR or issue 💛

[colinbowern]

@subatoi can we re-examine this? JFrog is already in the docs, which is similar to Octopus - partnership at the leadership levels, commitments and integrations.

[Sharra-writes]

@colinbowern I can find the relevant Actions team and see if someone will give me a definitive answer this time, but there are no guarantees.

[colinbowern]

@Sharra-writes any luck?

[subatoi]

@zentron @colinbowern 👋 It's been confirmed internally today that we're good to merge this. Apologies that this was stuck in an unusual place for such a long time.

The only difficulty is going to be resolving the conflicts—it's generally awkward to fix (and push to) a contributor's branch/PR that's got to this state and in this case the Actions docs have changed significantly since this PR was initially raised. It'd be easier for me to open a new branch on our internal repo with the same changes and then merge that. Since @zentron's commits contain a public email address I can also add you as a co-committer, if you wish. I hope that'll be OK?

[zentron]

Thanks @subatoi .

Yes please, do what you need to do to get the content merged, I don't mind missing the git attribution. Please reach out if you need any clarification or I can help move things forward.

[Fanu3kp]

Thanks for the update @subatoi 🙌

That approach sounds good to me. Please feel free to open a new internal branch with the same changes and proceed with the merge in whatever way is easiest on your side.

[subatoi]

@zentron @colinbowern This is now live at https://docs.github.com/en/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-octopus-deploy 😄 — I had to make some very minimal changes such as adding a disclaimer to the workflow as per our docs requirements, but it's otherwise identical to your PR, and I was able to add attribution for zentron that should show up when the repository sync happens next and commits show up on this repo.

Apologies again about this being stuck in such a strange place for so long.

I'm going to go ahead and close this PR, but if you have any concerns about the publication, please let us know here (even though it'll be closed). cc @Sharra-writes