generated from XpiritBV/azure-sap-automation-deployer
-
Notifications
You must be signed in to change notification settings - Fork 0
110 lines (91 loc) · 3.74 KB
/
issue-closed.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
name: When issue closed
on:
issues:
types: [closed]
permissions:
contents: read
issues: write
jobs:
setup-app:
runs-on: ubuntu-latest
if: contains(github.event.issue.labels.*.name, 'setup-app')
steps:
- name: Check out the code
uses: actions/checkout@v4
- name: Check if secrets are set
run: |
if [ -z "$APPLICATION_PRIVATE_KEY" ] || [ -z "$APPLICATION_ID"] ; then
gh issue reopen ${{ github.event.issue.number }}
gh issue comment ${{ github.event.issue.number }} --body "To continue, we need to have both secrets names `APPLICATION_PRIVATE_KEY` or `APPLICATION_ID` to be set.\n\nPlease set them and try again."
exit 1
fi
env:
APPLICATION_PRIVATE_KEY: ${{ secrets.APPLICATION_PRIVATE_KEY }}
APPLICATION_ID: ${{ secrets.APPLICATION_ID }}
GH_TOKEN: ${{ github.token }}
- name: Get app token
id: get_workflow_token
uses: peter-murray/workflow-application-token-action@v3
with:
application_id: ${{ secrets.APPLICATION_ID }}
application_private_key: ${{ secrets.APPLICATION_PRIVATE_KEY }}
#organization: ${{ github.repository_owner }}
- name: Check if app token is set
if: failure()
run: |
GITHUB_WORKFLOW_URL=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID
gh issue reopen ${{ github.event.issue.number }}
gh issue comment ${{ github.event.issue.number }} --body "Failed to generate app token. See output of [workflow run]($GITHUB_WORKFLOW_URL) for details."
exit 1
env:
GH_TOKEN: ${{ github.token }}
link-azure:
runs-on: ubuntu-latest
if: contains(github.event.issue.labels.*.name, 'link-azure')
steps:
- name: Validate Azure Credentials
run: |
#!/usr/bin/env bash
set -euo pipefail
function missing_secret {
# azure_link_issue=$(gh issue list --json 'number' | jq '.[].number' -r | grep link-azure)
gh issue reopen ${{ github.event.issue.number }}
gh issue comment ${{ github.event.issue.number }} --body "To continue, we need to have Azure credentials set.\n\nPlease set them and try again."
exit 1
}
if [[ -z "${{ secrets.AZURE_CLIENT_ID }}" ]] \
|| [[ -z "${{ secrets.AZURE_CLIENT_SECRET }}" ]] \
|| [[ -z "${{ secrets.AZURE_TENANT_ID }}" ]] \
|| [[ -z "${{ secrets.AZURE_SUBSCRIPTION_ID }}" ]]; then
missing_secret
fi
az login --service-principal \
--username ${{ secrets.AZURE_CLIENT_ID }} \
--password=${{ secrets.AZURE_CLIENT_SECRET }} \
--tenant ${{ secrets.AZURE_TENANT_ID }} \
--output none
if [ $? -ne 0 ]; then
missing_secret
fi
az account set --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }}
if [ $? -ne 0 ]; then
missing_secret
fi
# If both the client-id and client-secret for the web-app are set, let's test these credentials
if [[ -n "${{ secrets.APP_REGISTRATION_APP_ID }}" ]] \
&& [[ -n "${{ secrets.WEB_APP_CLIENT_SECRET }}"]]; then
az login --service-principal \
--username ${{ secrets.APP_REGISTRATION_APP_ID }} \
--password=${{ secrets.WEB_APP_CLIENT_SECRET }} \
--tenant ${{ secrets.AZURE_TENANT_ID }} \
--output none
if [ $? -ne 0 ]; then
missing_secret
fi
az account set --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }}
if [ $? -ne 0 ]; then
missing_secret
fi
fi
env:
GH_TOKEN: ${{ github.token }}