Build time Semantics using a build plugin


I would like to develop a build plugin that can gather build time metadata about the build process as run on netlify infra (so IS_LOCAL = false). This is typically called Workload Identity. I can then see details such as which account built a site etc.

There is environment variables , but there are no guarantees these were generated on netlify (e.g. there is no signed token).

Ideally I would be able to use the oauth2 API, but I don’t know how i can authenticate when already within netlify build servers.

Hope that makes sense, still trying to form my thoughts around this, so any leads are appreciated.


Hi, @lukehinds. The first question I have is this:

  • What build data do you want to gather?

I ask because the information might already be collected. If so, you could just call the API itself (which does require authentication) to get the information.

Regarding confirming a script is running in the build environment or not, there is an environment variable named NETLIFY which will be set to true when running on Netlify.