From 61a6d841af30bc7385195d1b697ece4a7a6eeac6 Mon Sep 17 00:00:00 2001 From: John Gathogo Date: Mon, 26 Feb 2024 09:29:21 +0300 Subject: [PATCH] Use OpenID Connect to authenticate to Azure --- .github/workflows/publish_to_staging_slot.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish_to_staging_slot.yml b/.github/workflows/publish_to_staging_slot.yml index 5ffc067..1d4bcd0 100644 --- a/.github/workflows/publish_to_staging_slot.yml +++ b/.github/workflows/publish_to_staging_slot.yml @@ -12,6 +12,10 @@ jobs: if: github.repository_owner == 'OData' && github.event_name == 'workflow_dispatch' runs-on: ubuntu-latest + permissions: + id-token: write + contents: read + steps: - uses: actions/checkout@v3 with: @@ -24,10 +28,12 @@ jobs: -v ${{ github.workspace }}:/srv/jekyll -v ${{ github.workspace }}/_site:/srv/jekyll/_site \ jekyll/builder:stable /bin/bash -c "chmod -R 777 /srv/jekyll && jekyll build --config _config_staging.yml --future" - - name: Log in with Azure # Using Azure Service Principal + - name: Log in with Azure # Using OpenID Connect (OIDC) uses: azure/login@v1 with: - creds: '{"clientId":"${{ secrets.AZURE_CLIENT_ID }}","clientSecret":"${{ secrets.AZURE_CLIENT_SECRET }}","subscriptionId":"${{ secrets.AZURE_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.AZURE_TENANT_ID }}"}' + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: Deploy to Azure Web App uses: azure/webapps-deploy@v2