GitHub Actions OIDC Delivery

GitHub Actions OIDC is used to avoid long-lived cloud deployment credentials in repository secrets.

Why it matters

OIDC-based delivery aligns with modern platform security patterns by reducing static credential exposure and supporting controlled workflow-driven deployment.

Reviewer focus

• Workflow separation by platform root.
• Plan/review/apply discipline.
• Evidence folders for validation.
• No routine local Terraform apply as the normal delivery path.

Source links

• GitHub workflows
• Release 2 Terraform CI workflow
• Release 2 Terraform apply workflow
• P0 evidence