From 46d010d0e584b838faea12290de49934bae1b05f Mon Sep 17 00:00:00 2001 From: Evan Baker Date: Wed, 5 Jun 2024 17:24:52 +0000 Subject: [PATCH] feat: migrate azure/login gha to oidc Signed-off-by: Evan Baker --- .github/workflows/e2e.yaml | 9 ++++----- .github/workflows/images.yaml | 25 ++++++++++++++++--------- 2 files changed, 20 insertions(+), 14 deletions(-) diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 9bcec18007..5c92f7474f 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -9,6 +9,7 @@ on: permissions: contents: read + id-token: write jobs: e2e: @@ -16,10 +17,6 @@ jobs: name: E2E runs-on: ubuntu-latest - permissions: - id-token: write - contents: read - steps: - name: Checkout code uses: actions/checkout@v4 @@ -34,7 +31,9 @@ jobs: uses: azure/login@v2 if: ${{ github.event_name == 'merge_group' }} with: - creds: ${{ secrets.AZURE_CREDENTIALS }} + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION }} - name: Run E2E env: diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml index 38b3e8d6f4..d0b0b41921 100644 --- a/.github/workflows/images.yaml +++ b/.github/workflows/images.yaml @@ -9,6 +9,7 @@ on: permissions: contents: read + id-token: write jobs: retina-images: @@ -36,7 +37,9 @@ jobs: uses: azure/login@v2 if: ${{ github.event_name == 'merge_group' }} with: - creds: ${{ secrets.AZURE_CREDENTIALS }} + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION }} - name: Build Images shell: bash @@ -83,7 +86,9 @@ jobs: uses: azure/login@v2 if: ${{ github.event_name == 'merge_group' }} with: - creds: ${{ secrets.AZURE_CREDENTIALS }} + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION }} - name: Build Images shell: bash @@ -130,7 +135,9 @@ jobs: uses: azure/login@v2 if: ${{ github.event_name == 'merge_group' }} with: - creds: ${{ secrets.AZURE_CREDENTIALS }} + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION }} - name: Build Images shell: bash @@ -172,7 +179,9 @@ jobs: - name: Azure CLI login uses: azure/login@v2 with: - creds: ${{ secrets.AZURE_CREDENTIALS }} + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION }} - name: Generate Manifests shell: bash @@ -188,10 +197,6 @@ jobs: runs-on: ubuntu-latest needs: [manifests] - permissions: - id-token: write - contents: read - steps: - name: Checkout code uses: actions/checkout@v4 @@ -206,7 +211,9 @@ jobs: uses: azure/login@v2 if: ${{ github.event_name == 'merge_group' }} with: - creds: ${{ secrets.AZURE_CREDENTIALS }} + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION }} - name: Run E2E Tests env: