Updating CICD for PhraseExpress VersionChecker to use Federated Auth …

…OIDC w/ the Service Principal
bc3tech · Jun 10, 2024 · cb291af · cb291af
1 parent 4b04984
commit cb291af
Showing 1 changed file with 14 additions and 39 deletions.
diff --git a/.github/workflows/phraseexpress-versionfetcher-cicd.yml b/.github/workflows/phraseexpress-versionfetcher-cicd.yml
@@ -1,47 +1,29 @@
-# This workflow will build a .NET Core project and deploy it to an Azure Functions App on Windows or Linux when a commit is pushed to your default branch.
-#
-# This workflow assumes you have already created the target Azure Functions app.
-# For instructions see https://learn.microsoft.com/en-us/azure/azure-functions/create-first-function-vs-code-csharp?tabs=in-process
-#
-# To configure this workflow:
-# 1. Set up the following secrets in your repository:
-#   - AZURE_FUNCTIONAPP_PUBLISH_PROFILE
-# 2. Change env variables for your configuration.
-#
-# For more information on:
-#   - GitHub Actions for Azure: https://github.com/Azure/Actions
-#   - Azure Functions Action: https://github.com/Azure/functions-action
-#   - Publish Profile: https://github.com/Azure/functions-action#using-publish-profile-as-deployment-credential-recommended
-#   - Azure Service Principal for RBAC: https://github.com/Azure/functions-action#using-azure-service-principal-for-rbac-as-deployment-credential
-#
-# For more samples to get started with GitHub Action workflows to deploy to Azure: https://github.com/Azure/actions-workflow-samples/tree/master/FunctionApp
-
 name: Deploy PhraseExpress VersionFetcher
 
 on:
+  workflow_dispatch:
   push:
     branches:
       - 'main'
     paths:
       - 'PhraseExpress/LatestVersionFunction/**'
 
+permissions: 
+  id-token: write
+  contents: read
+
 env:
-  AZURE_FUNCTIONAPP_NAME: 'PhraseExpressVersionChecker'   # set this to your function app name on Azure
+  AZURE_FUNCTIONAPP_NAME: 'PhraseExpressVersionChecker'
   AZURE_FUNCTIONAPP_PACKAGE_PATH: './PhraseExpress/LatestVersionFunction'
 
 jobs:
   build-and-deploy:
     runs-on: windows-latest # For Linux, use ubuntu-latest
-    environment: dev
     steps:
     - name: 'Checkout GitHub Action'
-      uses: actions/checkout@v3
-
-    # If you want to use Azure RBAC instead of Publish Profile, then uncomment the task below
-    # - name: 'Login via Azure CLI'
-    #   uses: azure/login@v1
-    #   with:
-    #     creds: ${{ secrets.AZURE_RBAC_CREDENTIALS }} # set up AZURE_RBAC_CREDENTIALS secrets in your repository
+      uses: actions/checkout@v4
+      with:
+        show-progress: false
 
     - name: 'Build Function app'
       shell: pwsh # For Linux, use bash
@@ -51,22 +33,15 @@ jobs:
         popd
 
     - name: Azure Login
-      uses: Azure/login@v1
+      uses: azure/login@v2
       with:
-        creds: ${{ secrets.PHRASEEXPRESS_DEPLOY_AZURE_CREDENTIALS }}
+        client-id: ${{ secrets.AZURE_CLIENT_ID }}
+        tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
 
     - name: 'Publish to Azure'
       uses: Azure/functions-action@v1
       id: fa
       with:
         app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }}
-        package: '${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}\output'
-        # publish-profile: ${{ secrets.AZURE_FUNCTIONAPP_PUBLISH_PROFILE }} # Remove publish-profile to use Azure RBAC
-
-    - name: Azure CLI script
-      uses: azure/CLI@v1
-      with:
-        inlineScript: |
-          az logout
-          az cache purge
-          az account clear
+        package: '${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}\output'