A Chinese developer shares a practical CI/CD pattern: using GitHub Actions OIDC to authenticate with Alibaba Cloud OSS for distributing desktop application installers. The motivation is to bypass slow GitHub Releases downloads in China by hosting artifacts on Alibaba Cloud. The key innovation is leveraging OIDC tokens instead of static access keys, which reduces security risks and simplifies credential rotation. The post walks through configuring OIDC trust between GitHub and Alibaba Cloud, then using the aliyun-cli action to upload artifacts. This approach is especially valuable for teams targeting Chinese users, as it ensures faster, more reliable updates. While the example is specific to Alibaba Cloud, the OIDC pattern is transferable to other cloud providers. For overseas developers, this highlights a common pain point in global software distribution and a practical solution using modern authentication methods.
Learn how to use OIDC in GitHub Actions to securely sync build artifacts to Alibaba Cloud OSS, avoiding hardcoded secrets and improving download speeds in China.