To configure a JWT role that support wildcard in bound parameter that matches the action comes from one specific Github repository. Among all three bound parameters, only bound_claims parameter supports wildcards.
In order to make wild card in bound_claims effective, bound_claims_type will also need to be set "glob", so that * will match any number of characters. As for bound_sub, the bound_sub must be explicit matches of the literal string value configured for those parameters within the auth method in Vault.
Example Vault JWT role configuration:
vault write auth/jwt/role/test-role \
name="test-role" \
role_type="jwt" \
bound_claims={"test-workflow": "repo:test-Github/test-repo*"} \
bound_claims_type="glob" \
token_policies="test-policy"
Additional information
https://developer.hashicorp.com/vault/docs/auth/jwt#jwt-authentication
https://www.vaultproject.io/docs/auth/jwt#bound-claims
https://www.vaultproject.io/api/auth/jwt#bound_claims_type
https://developer.hashicorp.com/vault/api-docs/auth/jwt#bound_subject