Skip to content

Commit

Permalink
build: Use OIDC for Azure
Browse files Browse the repository at this point in the history
  • Loading branch information
@jachym-tousek-keboola
jachym-tousek-keboola committed Nov 20, 2024
1 parent d6fb63d commit 06a5c33
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 1 deletion.
9 changes: 8 additions & 1 deletion .github/workflows/push.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ concurrency: ci
env:
AZURE_TENANT_ID: 9b85ee6f-4fb0-4a46-8cb7-4dcc6b262a89
AZURE_CLIENT_ID: 018b2e1a-41f3-48cf-a3b6-dd93f74c6d2f
AZURE_CLIENT_SECRET: ${{ secrets.TEST_AZURE_CLIENT_SECRET }}
AZURE_SUBSCRIPTION_ID: 0c737b3e-898f-48de-a33a-30671859dc4f
AZURE_KEY_VAULT_URL: https://ci-go-cloud-encrypt.vault.azure.net/
AZURE_KEY_NAME: ci-go-cloud-encrypt
AWS_REGION: eu-central-1
Expand Down Expand Up @@ -38,6 +38,13 @@ jobs:
workload_identity_provider: ${{ env.GCP_IDENTITY_PROVIDER }}
create_credentials_file: true

- name: Azure Login
uses: azure/login@v2
with:
client-id: ${{ env.AZURE_CLIENT_ID }}
tenant-id: ${{ env.AZURE_TENANT_ID }}
subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }}

- name: Build image
run: |
docker login --username "$DOCKERHUB_USER" --password "$DOCKERHUB_TOKEN"
Expand Down
8 changes: 8 additions & 0 deletions provisioning/ci/azure_servicePrincipal.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,14 @@ resource "azuread_service_principal_password" "go_cloud_encrypt" {
service_principal_id = azuread_service_principal.go_cloud_encrypt.id
}

resource "azuread_application_federated_identity_credential" "go_cloud_encrypt" {
application_id = azuread_application.go_cloud_encrypt.id
display_name = "${var.name_prefix}-go-cloud-encrypt"
audiences = ["api://AzureADTokenExchange"]
issuer = "https://token.actions.githubusercontent.com"
subject = "repo:${local.github_repository}:*"
}

output "az_client_id" {
value = azuread_application.go_cloud_encrypt.client_id
}
Expand Down

0 comments on commit 06a5c33

Please sign in to comment.