Azure · eriqua · Jul 23, 2024 · Aug 8, 2024 · Aug 9, 2024 · Aug 9, 2024
@@ -59,10 +59,17 @@ inputs:
 runs:
  using: "composite"
  steps:
+ # [Azure login] task(s)
+ # ------------------------------
+ # Supports both OIDC and service principal with secret
+ # 'creds' will be ignored if 'client-id', 'subscription-id' or 'tenant-id' is set
  - name: Azure Login
  uses: azure/login@v2
  with:
  creds: ${{ env.AZURE_CREDENTIALS }}
+ client-id: ${{ env.VALIDATE_CLIENT_ID }}
+ tenant-id: ${{ env.VALIDATE_TENANT_ID }}
+ subscription-id: ${{ env.VALIDATE_SUBSCRIPTION_ID }}
  enable-AzPSSession: true
 
  # [Set Deployment Location] task(s)
@@ -373,6 +380,7 @@ runs:
  Write-Verbose 'Found no Pester test files (*.test.ps1) in test folder' -Verbose
  Write-Output ('{0}={1}' -f 'formattedPesterResultsPath', '') >> $env:GITHUB_OUTPUT
  }
+
  - name: "Output to GitHub job summaries"
  if: steps.pester_run_step.outputs.formattedPesterResultsPath != ''
  shell: pwsh

@@ -21,9 +21,9 @@ on:
  required: true
 
 env:
+ # Used for token replacement steps in both PSRule and deployment validation
  ARM_SUBSCRIPTION_ID: "${{ secrets.ARM_SUBSCRIPTION_ID }}"
  ARM_MGMTGROUP_ID: "${{ secrets.ARM_MGMTGROUP_ID }}"
- ARM_TENANT_ID: "${{ secrets.ARM_TENANT_ID }}"
  TOKEN_NAMEPREFIX: "${{ secrets.TOKEN_NAMEPREFIX }}"
 
 jobs:
@@ -98,6 +98,7 @@ jobs:
  #############################
  job_module_deploy_validation: # Note: Please don't change this job name. It is used by the setEnvironment action to define which PS modules to install on runners.
  name: "Deploy [${{ matrix.testCases.name}}]"
+ environment: avm-validation
  runs-on: ubuntu-latest
  if: |
  !cancelled() &&
@@ -132,6 +133,9 @@ jobs:
  customLocation: "${{ fromJson(inputs.workflowInput).customLocation }}"
  env:
  AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
+ VALIDATE_CLIENT_ID: ${{ secrets.VALIDATE_CLIENT_ID_UAI }}
+ VALIDATE_SUBSCRIPTION_ID: ${{ secrets.VALIDATE_SUBSCRIPTION_ID }}
+ VALIDATE_TENANT_ID: ${{ secrets.VALIDATE_TENANT_ID }}
 
  ##################
  # Publishing #