Merge pull request #436 from Azure/jefmarti-patch

updating login version
Azure · Mar 22, 2024 · f500f97 · f500f97
2 parents 0db9f1f + 85efb05
commit f500f97
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 11 deletions.
diff --git a/.github/workflows/delete-slot.yml b/.github/workflows/delete-slot.yml
@@ -13,15 +13,23 @@ env:
   RESOURCE_GROUP: appserviceblogsite
   SLOT_NAME: pr-${{ github.event.number }}
 
+#OIDC
+permissions:
+    id-token: write
+    contents: read
+
 jobs:
   delete-slot:
     runs-on: ubuntu-latest
 
     steps:
-    - name: Log into Azure CLI with service principal
-      uses: azure/login@v1
+    #OIDC
+    - name: Run Azure Login with OIDC
+      uses: azure/login@v2
       with:
-        creds: ${{ secrets.AZURE_CREDENTIALS }}
+        client-id: ${{ secrets.AZURE_CLIENT_ID }}
+        tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
 
     - name: Delete slot on staging site
       run: | 

diff --git a/.github/workflows/deploy-to-staging-site.yml b/.github/workflows/deploy-to-staging-site.yml
@@ -12,6 +12,10 @@ env:
   RESOURCE_GROUP: appserviceblogsite
   SLOT_NAME: pr-${{ github.event.number }}
 
+permissions:
+    id-token: write
+    contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -48,14 +52,20 @@ jobs:
   set-up-test-env:
     name: Create test env
     runs-on: ubuntu-latest
+    permissions:
+     id-token: write
+     contents: read
 
     steps:
-    - uses: azure/login@v1
+    - name: Run Azure Login with OIDC
+      uses: azure/login@v2
       with:
-        creds: ${{ secrets.AZURE_CREDENTIALS }}
+        client-id: ${{ secrets.AZURE_CLIENT_ID }}
+        tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
 
     - name: Azure CLI script
-      uses: azure/CLI@v1
+      uses: azure/CLI@v2
       with:
         azcliversion: latest
         inlineScript: |
@@ -73,18 +83,23 @@ jobs:
     runs-on: ubuntu-latest
     needs: [build, set-up-test-env]
     environment:
-      name: "PR #${{ github.event.number }}"
+      name: "production"
       url: "${{ steps.deploy-to-webapp.outputs.webapp-url }}"
     permissions:
+      id-token: write
+      contents: read
       pull-requests: write
-    
+
     steps:
-    - uses: azure/login@v1
+    - name: Run Azure Login with OIDC
+      uses: azure/login@v2
       with:
-        creds: ${{ secrets.AZURE_CREDENTIALS }}
+        client-id: ${{ secrets.AZURE_CLIENT_ID }}
+        tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
 
     - name: Azure CLI script
-      uses: azure/CLI@v1
+      uses: azure/CLI@v2
       with:
         azcliversion: latest
         inlineScript: |