Skip to content

Commit

Permalink
ci: update azure SP federated credentials (#1442)
Browse files Browse the repository at this point in the history
  • Loading branch information
akashsinghal authored May 8, 2024
1 parent 51c1c00 commit 3639957
Show file tree
Hide file tree
Showing 3 changed files with 39 additions and 4 deletions.
5 changes: 4 additions & 1 deletion .github/workflows/build-pr.yml
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,7 @@ jobs:
permissions:
id-token: write
contents: read
environment: azure-test
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
Expand All @@ -80,7 +81,9 @@ jobs:
- name: Az CLI login
uses: azure/login@6b2456866fc08b011acb422a92a4aa20e2c4de32 # v2.1.0
with:
creds: '{"clientId":"${{ env.AZURE_CLIENT_ID }}","clientSecret":"${{ secrets.AZURE_CLIENT_SECRET }}","subscriptionId":"${{ env.AZURE_SUBSCRIPTION_ID }}","tenantId":"${{ env.AZURE_TENANT_ID }}"}'
client-id: ${{ env.AZURE_CLIENT_ID }}
tenant-id: ${{ env.AZURE_TENANT_ID }}
subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }}

- name: clean up
run: |
Expand Down
33 changes: 31 additions & 2 deletions .github/workflows/e2e-aks.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,18 +26,47 @@ jobs:
AZURE_SUBSCRIPTION_ID: daae1e1a-63dc-454f-825d-b39289070f79
runs-on: ubuntu-latest
timeout-minutes: 30
environment: azure-test
permissions:
id-token: write
contents: read
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- name: Set up Go 1.21
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version: '1.21'

- name: Update az cli # TODO: remove after az cli is updated in the runnger image to be >= 2.60.0
run: |
sudo apt-get update
sudo apt-get install apt-transport-https ca-certificates curl gnupg lsb-release
sudo mkdir -p /etc/apt/keyrings
curl -sLS https://packages.microsoft.com/keys/microsoft.asc |
sudo gpg --dearmor -o /etc/apt/keyrings/microsoft.gpg
sudo chmod go+r /etc/apt/keyrings/microsoft.gpg
AZ_DIST=$(lsb_release -cs)
echo "Types: deb
URIs: https://packages.microsoft.com/repos/azure-cli/
Suites: ${AZ_DIST}
Components: main
Architectures: $(dpkg --print-architecture)
Signed-by: /etc/apt/keyrings/microsoft.gpg" | sudo tee /etc/apt/sources.list.d/azure-cli.sources
AZ_VER=2.60.0
sudo apt-get update && sudo apt-get install azure-cli
- name: Az CLI login
uses: azure/login@6b2456866fc08b011acb422a92a4aa20e2c4de32 # v2.1.0
with:
creds: '{"clientId":"${{ env.AZURE_CLIENT_ID }}","clientSecret":"${{ secrets.AZURE_CLIENT_SECRET }}","subscriptionId":"${{ env.AZURE_SUBSCRIPTION_ID }}","tenantId":"${{ env.AZURE_TENANT_ID }}"}'
client-id: ${{ env.AZURE_CLIENT_ID }}
tenant-id: ${{ env.AZURE_TENANT_ID }}
subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }}
- name: Cache AAD tokens
run: |
az version
# Key Vault:
az account get-access-token --scope https://vault.azure.net/.default --output none
# Container Registry:
az account get-access-token --scope https://containerregistry.azure.net/.default --output none
- name: Dependencies e2e
run: |
Expand Down
5 changes: 4 additions & 1 deletion .github/workflows/run-full-validation.yml
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@ jobs:
permissions:
id-token: write
contents: read
environment: azure-test
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
Expand All @@ -70,7 +71,9 @@ jobs:
- name: Az CLI login
uses: azure/login@6b2456866fc08b011acb422a92a4aa20e2c4de32 # v2.1.0
with:
creds: '{"clientId":"${{ env.AZURE_CLIENT_ID }}","clientSecret":"${{ secrets.AZURE_CLIENT_SECRET }}","subscriptionId":"${{ env.AZURE_SUBSCRIPTION_ID }}","tenantId":"${{ env.AZURE_TENANT_ID }}"}'
client-id: ${{ env.AZURE_CLIENT_ID }}
tenant-id: ${{ env.AZURE_TENANT_ID }}
subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }}

- name: clean up
run: |
Expand Down

0 comments on commit 3639957

Please sign in to comment.