[CI Environment] [MAJOR/BREAKING] Introducing OIDC and dual environment support #1608
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Push updated Readme file(s) * Fix environement files * Updated actions to use powershell action in gh * reset readme * restore main * Test login using OCID * Update all workflows to use Engineering environment :D * Update workflows to use OIDC * Added envs to dependency pipeline * Removing commented out code * reset global.var and settings Co-authored-by: CARMLPipelinePrincipal <[email protected]>
This was
linked to
issues
Jun 26, 2022
Closed
This was
linked to
issues
Jun 26, 2022
Unit Test Results 1 files ±0 1 suites ±0 16s ⏱️ +3s Results for commit 6393e1d. ± Comparison against base commit 27b1952. This pull request removes 45 and adds 49 tests. Note that renamed tests count towards both.♻️ This comment has been updated with latest results. |
* enable publishing in different subscription Co-authored-by: Marius Storhaug <[email protected]>
…into issue/1607
MariusStorhaug
changed the title
AlexanderSehr
added
enhancement
| env: | ||
| AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} | ||
| AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} # TODO: Update this to use OIDC |
There was a problem hiding this comment.
Note: here is a TODO
There was a problem hiding this comment.
Yepp, this is deffo not ready for wider review. Think I just wanted initial thoughts on the changes. But lets discuss in the Thursday call. Don't want to doc yet until we agree on more aspects on this PR.
| @@ -405,8 +405,14 @@ on: | |||
| - 'network-hub-rg/Parameters/**' | |||
| - '.github/workflows/network-hub.yml' | |||
|
|
|||
| permissions: | |||
There was a problem hiding this comment.
Is this needed? Especially as 2 permissions call out the publishing of test results even though the example is a deployment pipeline
There was a problem hiding this comment.
The two OIDC permissions would be needed here if we want to update this example to use OIDC as well. Thoughts?
There was a problem hiding this comment.
Right, be we list 4 here
| @@ -127,11 +127,12 @@ For _GitHub_, you have to perform the following environment-specific steps: | |||
|
|
|||
| To use the environment's pipelines you should use the information you gathered during the [Azure setup](#1-configure-your-azure-environment) to set up the following repository secrets: | |||
|
|
|||
| <!-- TODO: Update this to use OIDC --> | |||
| @@ -157,6 +158,7 @@ To use the environment's pipelines you should use the information you gathered d | |||
|
|
|||
| <p> | |||
|
|
|||
| <!-- TODO: Update this to use OIDC --> | |||
| @@ -258,12 +260,13 @@ The variable group `PLATFORM_VARIABLES` must be set up in Azure DevOps as descri | |||
|
|
|||
| Based on the information you gathered in the [Azure setup](#1-configure-your-azure-environment), you must configure the following secrets in the variable group: | |||
|
|
|||
| <!-- TODO: Update this to use OIDC --> | |||
| AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} | ||
| ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' | ||
| AZURE_CLIENT_ID: '${{ secrets.AZURE_CLIENT_ID }}' | ||
| AZURE_SUBSCRIPTION_ID: '${{ secrets.AZURE_SUBSCRIPTION_ID }}' | ||
| ARM_MGMTGROUP_ID: '${{ secrets.ARM_MGMTGROUP_ID }}' |
There was a problem hiding this comment.
Should we not also rename the managemet group to AZURE_MANAGEMENTGROUP_ID?
This was
unlinked from
issues
Jun 27, 2022
Closed
|
@MariusStorhaug great work! What I don't get: When you are using Was it on purpose or is this just missing? I think we should stick to one pattern here. What do you think? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Adding support for 2 environments with separate subscriptions and Service Principals for:
ADO:
GH:
Validationenvironment.Publishingenvironment.Validationenvironment.Update
Getting started - scenario 2documentation.Pipeline references
Type of Change
Please delete options that are not relevant.
Checklist