Add --audience-claim for GCR Receivers

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2026-04-10 22:20:05 +00:00 · 2026-04-10 12:34:26 +03:00 · 2026-04-10 12:34:26 +03:00 · c601a212f6
commit c601a212f6
parent 02734f28ba
5 changed files with 42 additions and 16 deletions
--- a/pkg/manifestgen/sourcesecret/options.go
+++ b/pkg/manifestgen/sourcesecret/options.go
@ -90,10 +90,11 @@ type Options struct {
 	GitHubAppBaseURL           string

 	// Receiver options
-	ReceiverType string
-	Token        string
-	Hostname     string
-	EmailClaim   string
+	ReceiverType  string
+	Token         string
+	Hostname      string
+	EmailClaim    string
+	AudienceClaim string
 }

 type VerificationCrt struct {
--- a/pkg/manifestgen/sourcesecret/sourcesecret.go
+++ b/pkg/manifestgen/sourcesecret/sourcesecret.go
@ -306,7 +306,11 @@ func GenerateReceiver(options Options) (*manifestgen.Manifest, error) {
 			return nil, fmt.Errorf("email-claim is required for gcr receiver type")
 		}
 		secret.StringData[EmailSecretKey] = options.EmailClaim
-		secret.StringData[AudienceSecretKey] = webhookURL
+		if options.AudienceClaim != "" {
+			secret.StringData[AudienceSecretKey] = options.AudienceClaim
+		} else {
+			secret.StringData[AudienceSecretKey] = webhookURL
+		}
 	}

 	return secretToManifest(secret, options)