From 45e5e991bf0fe0312c97e9c47d209319f8f66f75 Mon Sep 17 00:00:00 2001 From: John Date: Sun, 23 Aug 2020 16:53:51 +0200 Subject: [PATCH 1/2] Updated 'secrets' url in the README Updated the URL regarding the 'secret' docs. The issue was opened here: https://github.com/Azure/login/issues/47. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5e5266e3..be40d565 100644 --- a/README.md +++ b/README.md @@ -81,7 +81,7 @@ Refer [Azure PowerShell](https://github.com/azure/powershell) Github action to r ## Configure deployment credentials: -For any credentials like Azure Service Principal, Publish Profile etc add them as [secrets](https://help.github.com/en/articles/virtual-environments-for-github-actions#creating-and-using-secrets-encrypted-variables) in the GitHub repository and then use them in the workflow. +For any credentials like Azure Service Principal, Publish Profile etc add them as [secrets](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets) in the GitHub repository and then use them in the workflow. The above example uses user-level credentials i.e., Azure Service Principal for deployment. From 604f0eb80b2bc530831e2561484b5bf493d4ebf3 Mon Sep 17 00:00:00 2001 From: Usha N Date: Wed, 26 Aug 2020 13:41:07 +0530 Subject: [PATCH 2/2] Update README.md --- README.md | 37 +++++++++++-------------------------- 1 file changed, 11 insertions(+), 26 deletions(-) diff --git a/README.md b/README.md index be40d565..9109e730 100644 --- a/README.md +++ b/README.md @@ -86,8 +86,9 @@ For any credentials like Azure Service Principal, Publish Profile etc add them a The above example uses user-level credentials i.e., Azure Service Principal for deployment. Follow the steps to configure the secret: - * Define a new secret under your repository settings, Add secret menu - * Store the output of the below [az cli](https://docs.microsoft.com/en-us/cli/azure/?view=azure-cli-latest) command as the value of secret variable, for example 'AZURE_CREDENTIALS' + * Define a new secret variable under your repository **Settings** -> **Secrets** -> **New secret**. Provide a secret variable **Name**, for example 'AZURE_CREDENTIALS'. + * Run the below [az cli](https://docs.microsoft.com/en-us/cli/azure/?view=azure-cli-latest) command and Store the output as the **Value** of the secret variable + * Below *az ad* command scopes the service principal to a specific resource group *{resource-group}* within a specific Azure subscription *{subscription-id}* ```bash az ad sp create-for-rbac --name "myApp" --role contributor \ @@ -106,34 +107,18 @@ Follow the steps to configure the secret: (...) } +``` + * You can also further scope down the Azure Credentials to a specific Azure resource, for example - a Web App by specifying the path to the specic resource in the *--scopes* attribute. Below script is for scoping the credentials to a web app of name *{app-name}* +```bash + az ad sp create-for-rbac --name "myApp" --role contributor \ + --scopes /subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Web/sites/{app-name} \ + --sdk-auth + + # Replace {subscription-id}, {resource-group}, and {app-name} with the names of your subscription, resource group, and Azure Web App. ``` * Now in the workflow file in your branch: `.github/workflows/workflow.yml` replace the secret in Azure login action with your secret (Refer to the example above) -# Azure Login metadata file - -```yaml - -# action.yml - -# Login to Azure subscription -name: 'Azure Login' -description: 'Authenticate to Azure and run your Az CLI or Az PowerShell based Actions or scripts. github.com/Azure/Actions' -inputs: - creds: - description: 'Paste output of `az ad sp create-for-rbac` as value of secret variable: AZURE_CREDENTIALS' - required: true - enable-AzPSSession: - description: 'Set this value to true to enable Azure PowerShell Login in addition to Az CLI login' - required: false - default: false -branding: - icon: 'login.svg' - color: 'blue' -runs: - using: 'node12' - main: 'lib/main.js' -``` # Contributing