Skip to content

Commit

Permalink
Use OpenID Connect to authenticate to Azure
Browse files Browse the repository at this point in the history
  • Loading branch information
gathogojr committed Feb 26, 2024
1 parent 4a76eeb commit ad7df8f
Showing 1 changed file with 8 additions and 2 deletions.
10 changes: 8 additions & 2 deletions .github/workflows/publish_to_staging_slot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@ name: Publish OData org website to Azure Web App staging slot
on:
workflow_dispatch: # Makes it possible to trigger workflow manually

permissions:
id-token: write
contents: read

jobs:
publish:
if: github.repository_owner == 'OData' && github.event_name == 'workflow_dispatch'
Expand All @@ -24,10 +28,12 @@ jobs:
-v ${{ github.workspace }}:/srv/jekyll -v ${{ github.workspace }}/_site:/srv/jekyll/_site \
jekyll/builder:stable /bin/bash -c "chmod -R 777 /srv/jekyll && jekyll build --config _config_staging.yml --future"
- name: Log in with Azure # Using Azure Service Principal
- name: Log in with Azure # Using OpenID Connect (OIDC)
uses: azure/login@v1
with:
creds: '{"clientId":"${{ secrets.AZURE_CLIENT_ID }}","clientSecret":"${{ secrets.AZURE_CLIENT_SECRET }}","subscriptionId":"${{ secrets.AZURE_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.AZURE_TENANT_ID }}"}'
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

- name: Deploy to Azure Web App
uses: azure/webapps-deploy@v2
Expand Down

0 comments on commit ad7df8f

Please sign in to comment.