Skip to content
This repository has been archived by the owner on Aug 24, 2023. It is now read-only.

Commit

Permalink
Authentication must be handled by the app, due to GitHub limitations (#9
Browse files Browse the repository at this point in the history
)
  • Loading branch information
Stefan Kürzeder authored Sep 6, 2021
1 parent 35d831f commit 9bae2e9
Show file tree
Hide file tree
Showing 14 changed files with 89 additions and 220 deletions.
16 changes: 0 additions & 16 deletions .github/workflows/docker-build-pr.yaml

This file was deleted.

53 changes: 0 additions & 53 deletions .github/workflows/docker-build-release.yaml

This file was deleted.

53 changes: 21 additions & 32 deletions .github/workflows/unit-tests.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,40 +7,29 @@ jobs:
test_action_job:
runs-on: ubuntu-latest
steps:
- name: Login to Azure
uses: Azure/login@v1
- name: Check out Source Code
uses: actions/checkout@v1

- uses: ./
id: deploy
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
resourceGroupName: azurearmaction
templateLocation: examples/template/template.json
parameters: examples/template/parameters.json
deploymentName: github-advanced-test

- name: Set up Go 1.16
uses: actions/setup-go@v1
with:
go-version: 1.16
- run: echo ${{ steps.deploy.outputs.containerName }}

- name: Check out source code
uses: actions/checkout@v1

- name: Build
env:
GOPROXY: "https://proxy.golang.org"
CGO_ENABLED: 0
GOOS: linux
GOARCH: amd64
run: go build -a -installsuffix cgo -ldflags="-w -s" .
- uses: ./
id: deploy2
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
resourceGroupName: azurearmaction
templateLocation: examples/template/template.json
parameters: examples/template/parameters.json
deploymentName: github-advanced-test
overrideParameters: |
containerName=${{ steps.deploy.outputs.containerName }}-overriden
- name: Test
env:
GOPROXY: "https://proxy.golang.org"
CGO_ENABLED: 0
GOOS: linux
GOARCH: amd64
LOG_LEVEL: DEBUG
INPUT_RESOURCEGROUPNAME: azurearmaction
INPUT_TEMPLATELOCATION: ./test/template.json
INPUT_PARAMETERS: ./test/parameters.json
INPUT_OVERRIDEPARAMETERS: |
containerName=github-action-overriden
connectionString='Server=tcp:test.database.windows.net;Database=test;User ID=test;Password=test;Trusted_Connection=False;Encrypt=True;'
INPUT_DEPLOYMENTNAME: github-test
INPUT_DEPLOYMENTMODE: Incremental
run: go test -v -failfast .
- run: echo ${{ steps.deploy2.outputs.containerName }}
5 changes: 2 additions & 3 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ WORKDIR /app
# Git is required for fetching the dependencies.
# Ca-certificates is required to call HTTPS endpoints.
RUN apk update && \
apk add --no-cache git ca-certificates upx && \
apk add --no-cache git ca-certificates && \
update-ca-certificates

# Add src files
Expand All @@ -19,8 +19,7 @@ RUN go mod verify
# Build the binary.
ARG GIT_SHA
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 \
go build -ldflags="-w -s -X main.gitSha=${GIT_SHA} -X main.goVersion=$(go version | cut -d " " -f 3) -X main.buildTime=$(date -u +%Y-%m-%dT%H:%M:%SZ)" -a -o /go/bin/azure-arm-action \
&& upx -q /go/bin/azure-arm-action
go build -a -o /go/bin/azure-arm-action

# Runner
FROM scratch
Expand Down
36 changes: 26 additions & 10 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,11 @@ A GitHub Action to deploy ARM templates.
## Dependencies

* [Checkout](https://github.com/actions/checkout) To checks-out your repository so the workflow can access any specified ARM template.
* [Azure/Login](https://github.com/Azure/login) To authenticate with Azure.

## Inputs
* `creds` **Required**
[Create Service Principal for Authentication](#Create-Service-Principal-for-Authentication)

* `templateLocation` **Required**
Specify the path to the Azure Resource Manager template.
(See [assets/json/template.json](test/template.json))
Expand Down Expand Up @@ -45,15 +47,34 @@ Additionally are the following outputs available:
## Usage

```yml
- uses: whiteducksoftware/azure-arm-action@v3.3
- uses: whiteducksoftware/azure-arm-action@master
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
resourceGroupName: <YourResourceGroup>
templateLocation: <path/to/azuredeploy.json>
deploymentName: <Deployment base name>
```
## Example
## Create Service Principal for Authentication
The Service Principal can be easily generated using the Azure CLI. Using the following command will create the SP in the supported structure.
At Subscription Scope: `az ad sp create-for-rbac --name "azure-arm-action" --role contributor --scopes=/subscriptions/********-****-****-****-************/ --sdk-auth -o json`
The JSON, which shall be used for authentication, should be in the following format:
```json
{
"clientId": "********-****-****-****-************",
"clientSecret": "[*]",
"subscriptionId": "********-****-****-****-************",
"tenantId": "********-****-****-****-************",
"activeDirectoryEndpointUrl": "https://login.microsoftonline.com",
"resourceManagerEndpointUrl": "https://management.azure.com/",
"activeDirectoryGraphResourceId": "https://graph.windows.net/",
"sqlManagementEndpointUrl": "https://management.core.windows.net:8443/",
"galleryEndpointUrl": "https://gallery.azure.com/",
"managementEndpointUrl": "https://management.core.windows.net/"
}
```

## Example
```yml
on: [push]
name: ARMActionSample
Expand All @@ -63,14 +84,9 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master

- name: Login to Azure
uses: Azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}

- uses: whiteducksoftware/[email protected]
- uses: whiteducksoftware/azure-arm-action@master
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
resourceGroupName: <YourResourceGroup>
templateLocation: <path/to/azuredeploy.json>
parameters: <path/to/parameters.json> OR <KEY=VALUE>
Expand Down
5 changes: 1 addition & 4 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,6 @@ inputs:
deploymentName:
description: "Specifies the name of the resource group deployment to create."
required: true
subscriptionId:
description: "Specify the Subscription Id where you want to deploy your template. If not set the Id will be read from the CLI."
required: false
deploymentMode:
description: "Incremental (only add resources to resource group) or Complete (remove extra resources from resource group)."
required: false
Expand All @@ -35,4 +32,4 @@ branding:
icon: package
runs:
using: 'docker'
image: 'docker://ghcr.io/whiteducksoftware/azure-arm-action:v3.3'
image: 'Dockerfile'
13 changes: 4 additions & 9 deletions examples/Advanced.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,16 +4,10 @@ Our template has two outputs `location` and `containerName`. But we are only int

## Steps
```yaml
- name: Login to Azure
uses: Azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
```
As first step we need to authenticate with Azure.
```yaml
- uses: whiteducksoftware/[email protected]
- uses: whiteducksoftware/azure-arm-action@master
id: deploy
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
resourceGroupName: azurearmaction
templateLocation: examples/template/template.json
parameters: examples/template/parameters.json
Expand Down Expand Up @@ -42,9 +36,10 @@ we can see that on the console will be `github-action` printed.

Now we add our second deployment which relies on that value and modfies the `containerName` parameter,
```yaml
- uses: whiteducksoftware/azure-arm-action@v3.3
- uses: whiteducksoftware/azure-arm-action@master
id: deploy2
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
resourceGroupName: azurearmaction
templateLocation: examples/template/template.json
parameters: examples/template/parameters.json
Expand Down
11 changes: 4 additions & 7 deletions examples/advanced-example.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,24 +11,21 @@ jobs:
steps:
- uses: actions/checkout@v1

- name: Login to Azure
uses: Azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}

- uses: whiteducksoftware/[email protected]
- uses: whiteducksoftware/azure-arm-action@master
id: deploy
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
resourceGroupName: azurearmaction
templateLocation: examples/template/template.json
parameters: examples/template/parameters.json
deploymentName: github-advanced-test

- run: echo ${{ steps.deploy.outputs.containerName }}

- uses: whiteducksoftware/azure-arm-action@v3.3
- uses: whiteducksoftware/azure-arm-action@master
id: deploy2
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
resourceGroupName: azurearmaction
templateLocation: examples/template/template.json
parameters: examples/template/parameters.json
Expand Down
2 changes: 0 additions & 2 deletions main.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,6 @@ func init() {
}

func main() {
logrus.Info(__Version__)

opts, err := github.LoadOptions()
if err != nil {
logrus.Errorf("failed to load options: %s", err)
Expand Down
Loading

0 comments on commit 9bae2e9

Please sign in to comment.