github
diff --git a/‎__tests__/proxy-integration.test.ts‎
Lines changed: 57 additions & 4 deletions b/‎__tests__/proxy-integration.test.ts‎
Lines changed: 57 additions & 4 deletions
diff --git a/‎dist/main/index.js‎
Lines changed: 5 additions & 3 deletions b/‎dist/main/index.js‎
Lines changed: 5 additions & 3 deletions
diff --git a/‎dist/main/index.js.map‎
Lines changed: 1 addition & 1 deletion b/‎dist/main/index.js.map‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/proxy.ts‎
Lines changed: 7 additions & 5 deletions b/‎src/proxy.ts‎
Lines changed: 7 additions & 5 deletions
@@ -1,12 +1,12 @@
+import {spawnSync} from 'child_process'
 import Docker from 'dockerode'
+import fs from 'fs'
+import path from 'path'
 import {Credential} from '../src/api-client'
-import {ImageService} from '../src/image-service'
 import {PROXY_IMAGE_NAME} from '../src/docker-tags'
+import {ImageService} from '../src/image-service'
 import {ProxyBuilder} from '../src/proxy'
 import {integration, removeDanglingUpdaterContainers} from './helpers'
-import {spawnSync} from 'child_process'
-import fs from 'fs'
-import path from 'path'
 
 integration('ProxyBuilder', () => {
   const docker = new Docker()
@@ -182,4 +182,57 @@ integration('ProxyBuilder', () => {
     const output = proc.stdout.toString().trim()
     expect(output).toEqual(url)
   })
+
+  jest.setTimeout(20000)
+  it('forwards OIDC token request URL if configured', async () => {
+    const url =
+      'https://vstoken.actions.githubusercontent.com/_apis/distributedtask/hubs/build/plans/123/jobs/456/oidctoken'
+    process.env.ACTIONS_ID_TOKEN_REQUEST_URL = url
+
+    const proxy = await builder.run(
+      jobId,
+      jobToken,
+      dependabotApiUrl,
+      credentials
+    )
+    await proxy.container.start()
+
+    const id = proxy.container.id
+    const proc = spawnSync('docker', [
+      'exec',
+      id,
+      'printenv',
+      'ACTIONS_ID_TOKEN_REQUEST_URL'
+    ])
+    const output = proc.stdout.toString().trim()
+    expect(output).toEqual(url)
+
+    await proxy.shutdown()
+  })
+
+  jest.setTimeout(20000)
+  it('forwards OIDC token request token if configured', async () => {
+    const token = 'e30='
+    process.env.ACTIONS_ID_TOKEN_REQUEST_TOKEN = token
+
+    const proxy = await builder.run(
+      jobId,
+      jobToken,
+      dependabotApiUrl,
+      credentials
+    )
+    await proxy.container.start()
+
+    const id = proxy.container.id
+    const proc = spawnSync('docker', [
+      'exec',
+      id,
+      'printenv',
+      'ACTIONS_ID_TOKEN_REQUEST_TOKEN'
+    ])
+    const output = proc.stdout.toString().trim()
+    expect(output).toEqual(token)
+
+    await proxy.shutdown()
+  })
 })
@@ -1,11 +1,11 @@
-import fs from 'fs'
 import * as core from '@actions/core'
 import Docker, {Container, Network} from 'dockerode'
+import fs from 'fs'
+import {md, pki} from 'node-forge'
+import {Credential} from './api-client'
 import {CertificateAuthority, ProxyConfig} from './config-types'
 import {ContainerService} from './container-service'
-import {Credential} from './api-client'
-import {pki, md} from 'node-forge'
-import {outStream, errStream} from './utils'
+import {errStream, outStream} from './utils'
 
 const KEY_SIZE = 2048
 const KEY_EXPIRY_YEARS = 2
@@ -234,7 +234,9 @@ export class ProxyBuilder {
         `JOB_ID=${jobId}`,
         `JOB_TOKEN=${jobToken}`,
         `PROXY_CACHE=${this.cachedMode ? 'true' : 'false'}`,
-        `DEPENDABOT_API_URL=${dependabotApiUrl}`
+        `DEPENDABOT_API_URL=${dependabotApiUrl}`,
+        `ACTIONS_ID_TOKEN_REQUEST_TOKEN=${process.env.ACTIONS_ID_TOKEN_REQUEST_TOKEN || ''}`,
+        `ACTIONS_ID_TOKEN_REQUEST_URL=${process.env.ACTIONS_ID_TOKEN_REQUEST_URL || ''}`
       ],
       Entrypoint: [
         'sh',