Skip to content

Commit

Permalink
Use federated Azure login via OIDC for preview env destroy job (#2214)
Browse files Browse the repository at this point in the history
  • Loading branch information
@camertron
camertron authored Aug 18, 2023
1 parent dfb7e2a commit 6ee1df5
Showing 1 changed file with 8 additions and 2 deletions.
10 changes: 8 additions & 2 deletions .github/workflows/demo-preview-destroy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,18 +12,24 @@ concurrency:
cancel-in-progress: true

jobs:
destory:
destroy:
if: ${{ github.event.pull_request.head.repo.full_name == 'primer/view_components' && github.actor != 'dependabot[bot]' }}
name: Destroy
runs-on: ubuntu-latest
timeout-minutes: 5
environment:
name: preview
env:
PR_NUMBER: ${{ github.event.number || github.event.inputs.PR_NUMBER }}

steps:
- uses: Azure/login@v1
with:
creds: '{"clientId":"5ad1a188-b944-40eb-a2f8-cc683a6a65a0","clientSecret":"${{ secrets.AZURE_SPN_CLIENT_SECRET }}","subscriptionId":"550eb99d-d0c7-4651-a337-f53fa6520c4f","tenantId":"398a6654-997b-47e9-b12b-9515b896b4de"}'
# excluding a client secret here will cause a login via OpenID Connect (OIDC),
# which prevents us from having to rotate client credentials, etc
client-id: "5ad1a188-b944-40eb-a2f8-cc683a6a65a0"
tenant-id: "398a6654-997b-47e9-b12b-9515b896b4de"
subscription-id: "550eb99d-d0c7-4651-a337-f53fa6520c4f"

- name: Check out repo
uses: actions/checkout@v3
Expand Down

0 comments on commit 6ee1df5

Please sign in to comment.