Link Azure to GitHub #4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: When issue closed | |
on: | |
issues: | |
types: [closed] | |
permissions: | |
contents: read | |
issues: write | |
jobs: | |
setup-app: | |
runs-on: ubuntu-latest | |
if: contains(github.event.issue.labels.*.name, 'setup-app') | |
steps: | |
- name: Check out the code | |
uses: actions/checkout@v4 | |
- name: Check if secrets are set | |
run: | | |
if [ -z "$APPLICATION_PRIVATE_KEY" ] || [ -z "$APPLICATION_ID"] ; then | |
gh issue reopen ${{ github.event.issue.number }} | |
gh issue comment ${{ github.event.issue.number }} --body "To continue, we need to have both secrets names `APPLICATION_PRIVATE_KEY` or `APPLICATION_ID` to be set. Please set them and try again." | |
exit 1 | |
fi | |
env: | |
APPLICATION_PRIVATE_KEY: ${{ secrets.APPLICATION_PRIVATE_KEY }} | |
APPLICATION_ID: ${{ secrets.APPLICATION_ID }} | |
GH_TOKEN: ${{ github.token }} | |
- name: Get app token | |
id: get_workflow_token | |
uses: peter-murray/workflow-application-token-action@v3 | |
with: | |
application_id: ${{ secrets.APPLICATION_ID }} | |
application_private_key: ${{ secrets.APPLICATION_PRIVATE_KEY }} | |
organization: ${{ github.repository_owner }} | |
- name: Check if app token is set | |
if: failure() | |
run: | | |
GITHUB_WORKFLOW_URL=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID | |
gh issue reopen ${{ github.event.issue.number }} | |
gh issue comment ${{ github.event.issue.number }} --body "Failed to generate app token. See output of [workflow run]($GITHUB_WORKFLOW_URL) for details." | |
echo "::error::Failed to generate app token. See output of [workflow run]($GITHUB_WORKFLOW_URL) for details." | |
exit 1 | |
env: | |
GH_TOKEN: ${{ github.token }} | |
link-azure: | |
runs-on: ubuntu-latest | |
if: contains(github.event.issue.labels.*.name, 'link-azure') | |
steps: | |
- name: Check out the code | |
uses: actions/checkout@v4 | |
- name: Validate Azure Credentials | |
run: | | |
function missing_secret { | |
gh issue reopen ${{ github.event.issue.number }} | |
gh issue comment ${{ github.event.issue.number }} --body "To continue, we need to have Azure credentials set. Please set them and try again." | |
echo "::error::To continue, we need to have Azure credentials set. Please set them and try again." | |
exit 1 | |
} | |
if [[ -z "${{ secrets.AZURE_CLIENT_ID }}" ]] \ | |
|| [[ -z "${{ secrets.AZURE_CLIENT_SECRET }}" ]] \ | |
|| [[ -z "${{ secrets.AZURE_TENANT_ID }}" ]] \ | |
|| [[ -z "${{ secrets.AZURE_SUBSCRIPTION_ID }}" ]]; then | |
missing_secret | |
fi | |
az login --service-principal \ | |
--username ${{ secrets.AZURE_CLIENT_ID }} \ | |
--password=${{ secrets.AZURE_CLIENT_SECRET }} \ | |
--tenant ${{ secrets.AZURE_TENANT_ID }} \ | |
--output none | |
if [ $? -ne 0 ]; then | |
missing_secret | |
fi | |
az account set --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
if [ $? -ne 0 ]; then | |
missing_secret | |
fi | |
# If both the client-id and client-secret for the web-app are set, let's test these credentials | |
if [[ -n "${{ secrets.APP_REGISTRATION_APP_ID }}" ]] \ | |
&& [[ -n "${{ secrets.WEB_APP_CLIENT_SECRET }}" ]]; then | |
az login --service-principal \ | |
--username ${{ secrets.APP_REGISTRATION_APP_ID }} \ | |
--password=${{ secrets.WEB_APP_CLIENT_SECRET }} \ | |
--tenant ${{ secrets.AZURE_TENANT_ID }} \ | |
--output none | |
if [ $? -ne 0 ]; then | |
missing_secret | |
fi | |
az account set --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
if [ $? -ne 0 ]; then | |
missing_secret | |
fi | |
fi | |
env: | |
GH_TOKEN: ${{ github.token }} | |
environment: TEST-WEEU-VNET-INFRASTRUCTURE |