Link Azure to GitHub #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: When issue closed | |
| on: | |
| issues: | |
| types: [closed] | |
| permissions: | |
| contents: read | |
| issues: write | |
| jobs: | |
| setup-app: | |
| runs-on: ubuntu-latest | |
| if: contains(github.event.issue.labels.*.name, 'setup-app') | |
| steps: | |
| - name: Check out the code | |
| uses: actions/checkout@v4 | |
| - name: Check if secrets are set | |
| run: | | |
| if [ -z "$APPLICATION_PRIVATE_KEY" ] || [ -z "$APPLICATION_ID"] ; then | |
| gh issue reopen ${{ github.event.issue.number }} | |
| gh issue comment ${{ github.event.issue.number }} --body "To continue, we need to have both secrets names `APPLICATION_PRIVATE_KEY` or `APPLICATION_ID` to be set.\n\nPlease set them and try again." | |
| exit 1 | |
| fi | |
| env: | |
| APPLICATION_PRIVATE_KEY: ${{ secrets.APPLICATION_PRIVATE_KEY }} | |
| APPLICATION_ID: ${{ secrets.APPLICATION_ID }} | |
| GH_TOKEN: ${{ github.token }} | |
| - name: Get app token | |
| id: get_workflow_token | |
| uses: peter-murray/workflow-application-token-action@v3 | |
| with: | |
| application_id: ${{ secrets.APPLICATION_ID }} | |
| application_private_key: ${{ secrets.APPLICATION_PRIVATE_KEY }} | |
| #organization: ${{ github.repository_owner }} | |
| - name: Check if app token is set | |
| if: failure() | |
| run: | | |
| GITHUB_WORKFLOW_URL=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID | |
| gh issue reopen ${{ github.event.issue.number }} | |
| gh issue comment ${{ github.event.issue.number }} --body "Failed to generate app token. See output of [workflow run]($GITHUB_WORKFLOW_URL) for details." | |
| exit 1 | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| link-azure: | |
| runs-on: ubuntu-latest | |
| if: contains(github.event.issue.labels.*.name, 'link-azure') | |
| steps: | |
| - name: Validate Azure Credentials | |
| run: | | |
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| function missing_secret { | |
| # azure_link_issue=$(gh issue list --json 'number' | jq '.[].number' -r | grep link-azure) | |
| gh issue reopen ${{ github.event.issue.number }} | |
| gh issue comment ${{ github.event.issue.number }} --body "To continue, we need to have Azure credentials set.\n\nPlease set them and try again." | |
| exit 1 | |
| } | |
| if [[ -z "${{ secrets.AZURE_CLIENT_ID }}" ]] \ | |
| || [[ -z "${{ secrets.AZURE_CLIENT_SECRET }}" ]] \ | |
| || [[ -z "${{ secrets.AZURE_TENANT_ID }}" ]] \ | |
| || [[ -z "${{ secrets.AZURE_SUBSCRIPTION_ID }}" ]]; then | |
| missing_secret | |
| fi | |
| az login --service-principal \ | |
| --username ${{ secrets.AZURE_CLIENT_ID }} \ | |
| --password=${{ secrets.AZURE_CLIENT_SECRET }} \ | |
| --tenant ${{ secrets.AZURE_TENANT_ID }} \ | |
| --output none | |
| if [ $? -ne 0 ]; then | |
| missing_secret | |
| fi | |
| az account set --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| if [ $? -ne 0 ]; then | |
| missing_secret | |
| fi | |
| # If both the client-id and client-secret for the web-app are set, let's test these credentials | |
| if [[ -n "${{ secrets.APP_REGISTRATION_APP_ID }}" ]] \ | |
| && [[ -n "${{ secrets.WEB_APP_CLIENT_SECRET }}"]]; then | |
| az login --service-principal \ | |
| --username ${{ secrets.APP_REGISTRATION_APP_ID }} \ | |
| --password=${{ secrets.WEB_APP_CLIENT_SECRET }} \ | |
| --tenant ${{ secrets.AZURE_TENANT_ID }} \ | |
| --output none | |
| if [ $? -ne 0 ]; then | |
| missing_secret | |
| fi | |
| az account set --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| if [ $? -ne 0 ]; then | |
| missing_secret | |
| fi | |
| fi | |
| env: | |
| GH_TOKEN: ${{ github.token }} |