Connections#25336
Conversation
Introduce a new Enterprise > Security section for Docker OIDC, positioned between Enforce sign-in and Roles and permissions. Adds overview, connection management, and rulesets/subject claims pages, including GitHub Actions workflow setup and Admin Console management guidance. Also adds a Docker OIDC card to the Security landing page and registers the feature in summary.yaml for summary-bar metadata.
Correct links and wording, align login-action with repo convention, and update the Security grid icon.
✅ Deploy Preview for docsdocker ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
docker-agent
left a comment
There was a problem hiding this comment.
Assessment: 🟡 NEEDS ATTENTION
New Docker OIDC documentation is well-structured and technically clear. One high-severity inconsistency between the prose and the rendered summary-bar subscription badge needs resolution before merge, plus several medium style issues.
|
|
||
| Docker OIDC creates a trust relationship between GitHub and Docker so you don’t have to maintain long-lived credentials. When you create an OIDC connection, Docker and GitHub exchange short-lived tokens that still grant fine-grained access to your Docker resources. | ||
|
|
||
| Docker OIDC is available for organizations with Docker Core subscriptions. You receive 10 OIDC connections out of the box. To upgrade your subscription, see [Change your subscription](/manuals/subscription/change.md). |
There was a problem hiding this comment.
[HIGH] Subscription plan contradiction: prose says "Docker Core" but summary-bar will render "Business"
The page text at line 14 states "Docker OIDC is available for organizations with Docker Core subscriptions" and the Prerequisites list repeats "A Docker Core subscription". However, data/summary.yaml registers this feature with subscription: [Business]. The {{< summary-bar feature_name="Docker OIDC" >}} shortcode on line 10 reads from summary.yaml at render time, so the page will display a "Business" badge at the top while the body text says "Docker Core". One of these must be corrected to match the other — whichever subscription tier is correct for this feature.
|
|
||
| {{< summary-bar feature_name="Docker OIDC" >}} | ||
|
|
||
| Rulesets and subject claims define what actions your GitHub workflows can take with your Docker resources. This doc overviews how configuring rulesets and subject claims affects authorized behaviors. |
There was a problem hiding this comment.
[MEDIUM] "This doc overviews" — "overview" used awkwardly as a verb
"This doc overviews how configuring rulesets…" is grammatically informal. "Overview" as a verb is non-standard. Consider: "This page explains how rulesets and subject claims control authorized behaviors." or just cut the sentence — the heading already establishes the page's scope.
|
|
||
| ## Resources | ||
|
|
||
| Docker Hub repositories are currently supported as resources. Resources define what Docker resources a workflow can access when a ruleset matches. You specify resources per ruleset, alongside the scopes that determine the level of access granted. |
There was a problem hiding this comment.
[MEDIUM] "currently" — violates style guide rule to write timelessly
Docker's style guide says to avoid "currently" and "as of this writing" because the docs describe the product as it is today. Replace with a timeless statement: "Only Docker Hub repositories are supported as resources."
|
|
||
| Docker OIDC creates a trust relationship between GitHub and Docker so you don’t have to maintain long-lived credentials. When you create an OIDC connection, Docker and GitHub exchange short-lived tokens that still grant fine-grained access to your Docker resources. | ||
|
|
||
| Docker OIDC is available for organizations with Docker Core subscriptions. You receive 10 OIDC connections out of the box. To upgrade your subscription, see [Change your subscription](/manuals/subscription/change.md). |
There was a problem hiding this comment.
[MEDIUM] "out of the box" — informal idiom, prefer direct language
Docker style discourages idiomatic phrases. "You receive 10 OIDC connections out of the box" could be rewritten as "Your subscription includes 10 OIDC connections" or simply "10 OIDC connections are included with your subscription."
|
|
||
| Each ruleset contains the following fields: | ||
|
|
||
| - **Label**: A name for the ruleset. |
There was a problem hiding this comment.
[MEDIUM] Bold used for conceptual list labels — may not qualify as UI elements
STYLE.md reserves bold exclusively for UI elements (buttons, menus, field labels). **Label**, **Rules**, **Resources**, and **Scopes** appear in a conceptual definition list. If these are the exact names of labeled fields in the Admin Console form UI, bold is correct. If they're conceptual terms describing what a ruleset contains, bold should be removed and the list rewritten as plain prose bullets.
| ## What’s next | ||
|
|
||
| - [Create an OIDC connection](/manuals/enterprise/security/docker-oidc/create-manage.md) | ||
| - Refer to [Docker OIDC rulesets](/manuals/enterprise/security/docker-oidc/rulesets-claims.md). |
There was a problem hiding this comment.
[MEDIUM] "Refer to" as a link lead-in — use direct link text instead
Docker style recommends direct link text rather than indirect constructions. Replace:
- Refer to [Docker OIDC rulesets](/manuals/enterprise/security/docker-oidc/rulesets-claims.md).
With:
- [Docker OIDC rulesets and subject claims](/manuals/enterprise/security/docker-oidc/rulesets-claims.md)
|
|
||
| {{< summary-bar feature_name="Docker OIDC" >}} | ||
|
|
||
| You can create new OIDC connections or manage existing ones from Admin Console in Docker Home. Establishing an OIDC connection occurs in two phases. First, you create the OIDC connection in the admin console, then you configure your GitHub Actions workflow YAML file. |
There was a problem hiding this comment.
[MEDIUM] Inconsistent capitalization: "Admin Console" vs "admin console" in the same paragraph
The introductory paragraph uses "Admin Console" (capitalized, first instance) and "admin console" (lowercase) two sentences later. Docker products and named UI sections should be capitalized consistently throughout. Since "Admin Console" appears to be the proper name of a product section, capitalize both uses.
Draft PR