Use OpenID Connect to authenticate to Azure #24
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Docs for the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy | |
| # More on GitHub Actions for Azure: https://github.com/Azure/actions | |
| # More on GitHub Action for Azure Login: https://github.com/azure/login#github-action-for-azure-login | |
| name: Publish OData org website to Azure Web App staging slot | |
| on: | |
| push: | |
| branches: [ staging ] | |
| workflow_dispatch: # Makes it possible to trigger workflow manually | |
| jobs: | |
| publish: | |
| if: github.repository_owner == 'OData' && github.event_name == 'workflow_dispatch' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| lfs: true # Forces LFS files (images in our case) to be checked out | |
| submodules: 'recursive' # Check out submodules if applicable | |
| - name: Build the site in a jekyll/builder container | |
| run: | | |
| docker run \ | |
| -v ${{ github.workspace }}:/srv/jekyll -v ${{ github.workspace }}/_site:/srv/jekyll/_site \ | |
| jekyll/builder:stable /bin/bash -c "chmod -R 777 /srv/jekyll && jekyll build --config _config_staging.yml --future" | |
| - name: Log in with Azure # Using OpenID Connect (OIDC) | |
| uses: azure/login@v1 | |
| with: | |
| auth-type: IDENTITY | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| - name: Deploy to Azure Web App | |
| uses: azure/webapps-deploy@v2 | |
| with: | |
| app-name: 'odata-prod' | |
| slot-name: 'stage' # Specify the staging slot | |
| package: ${{ github.workspace }}/_site |