Skip to content

Use OpenID Connect to authenticate to Azure #24

Use OpenID Connect to authenticate to Azure

Use OpenID Connect to authenticate to Azure #24

# Docs for the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy
# More on GitHub Actions for Azure: https://github.com/Azure/actions
# More on GitHub Action for Azure Login: https://github.com/azure/login#github-action-for-azure-login
name: Publish OData org website to Azure Web App staging slot
on:
push:
branches: [ staging ]
workflow_dispatch: # Makes it possible to trigger workflow manually
jobs:
publish:
if: github.repository_owner == 'OData' && github.event_name == 'workflow_dispatch'
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v3
with:
lfs: true # Forces LFS files (images in our case) to be checked out
submodules: 'recursive' # Check out submodules if applicable
- name: Build the site in a jekyll/builder container
run: |
docker run \
-v ${{ github.workspace }}:/srv/jekyll -v ${{ github.workspace }}/_site:/srv/jekyll/_site \
jekyll/builder:stable /bin/bash -c "chmod -R 777 /srv/jekyll && jekyll build --config _config_staging.yml --future"
- name: Log in with Azure # Using OpenID Connect (OIDC)
uses: azure/login@v1
with:
auth-type: IDENTITY
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Deploy to Azure Web App
uses: azure/webapps-deploy@v2
with:
app-name: 'odata-prod'
slot-name: 'stage' # Specify the staging slot
package: ${{ github.workspace }}/_site