forked from pumasecurity/nymeria
-
Notifications
You must be signed in to change notification settings - Fork 0
59 lines (51 loc) · 2.06 KB
/
long-lived-credentials.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
name: Long Lived Credentials
on:
workflow_dispatch:
inputs:
name:
type: choice
description: "Action will output the Azure client secret to the logs"
options:
- "Yes, I understand"
permissions:
actions: read # read gh actions
contents: read # read access to the repo
jobs:
terraform:
name: Apply Terraform
runs-on: ubuntu-latest
steps:
- name: Initialize
shell: bash
run: |
jq --version
az --version
aws --version
gcloud --version
- shell: bash
env:
AZURE_BOOTSTRAP: ${{ secrets.AZURE_BOOTSTRAP }}
run: |
ARM_SUBSCRIPTION_ID=$(echo $AZURE_BOOTSTRAP | jq -r '.azure_subscription_id.value')
ARM_TENANT_ID=$(echo $AZURE_BOOTSTRAP | jq -r '.azure_tenant_id.value')
ARM_CLIENT_ID=$(echo $AZURE_BOOTSTRAP | jq -r '.github_creds_client_id.value')
ARM_CLIENT_SECRET=$(echo $AZURE_BOOTSTRAP | jq -r '.github_creds_client_secret.value')
ARM_RESOURCE_GROUP_NAME=$(echo $AZURE_BOOTSTRAP | jq -r '.resource_group_name.value')
ARM_STORAGE_ACCOUNT_NAME=$(echo $AZURE_BOOTSTRAP | jq -r '.terraform_state_storage_account_name.value')
echo ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID >> $GITHUB_ENV
echo ARM_TENANT_ID=$ARM_TENANT_ID >> $GITHUB_ENV
echo ARM_CLIENT_ID=$ARM_CLIENT_ID >> $GITHUB_ENV
echo ARM_CLIENT_SECRET=$ARM_CLIENT_SECRET >> $GITHUB_ENV
echo ARM_RESOURCE_GROUP_NAME=$ARM_RESOURCE_GROUP_NAME >> $GITHUB_ENV
echo ARM_STORAGE_ACCOUNT_NAME=$ARM_STORAGE_ACCOUNT_NAME >> $GITHUB_ENV
# Check out the repository
- name: Checkout
uses: actions/checkout@v2.5.0
- name: Azure Login
uses: azure/login@v1.4.6
with:
creds: '{"clientId":"${{ env.ARM_CLIENT_ID }}","clientSecret":"${{ env.ARM_CLIENT_SECRET }}","subscriptionId":"${{ env.ARM_SUBSCRIPTION_ID }}","tenantId":"${{ env.ARM_TENANT_ID }}"}'
- name: Azure Command
shell: bash
run: |
az group list