Skip to content

Commit

Permalink
Use workload identity
Browse files Browse the repository at this point in the history 
Signed-off-by: Young Bu Park <[email protected]>
  • Loading branch information
@youngbupark
youngbupark committed Mar 15, 2024
1 parent c77088f commit 69f0081
Show file tree
Hide file tree
Showing 3 changed files with 30 additions and 4 deletions.
9 changes: 8 additions & 1 deletion .github/workflows/functional-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,11 @@
# ------------------------------------------------------------

name: Functional tests

permissions:
id-token: write # Required for requesting the JWT
contents: read # Required for actions/checkout

on:
schedule:
# Run every 4 hours on weekdays.
Expand Down Expand Up @@ -380,7 +385,9 @@ jobs:
- name: Login to Azure
uses: azure/login@v1
with:
creds: '{"clientId":"${{ secrets.INTEGRATION_TEST_SP_APP_ID }}","clientSecret":"${{ secrets.INTEGRATION_TEST_SP_PASSWORD }}","subscriptionId":"${{ secrets.INTEGRATION_TEST_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.INTEGRATION_TEST_TENANT_ID }}"}'
client-id: ${{ secrets.INTEGRATION_TEST_SP_APP_ID }}
tenant-id: ${{ secrets.INTEGRATION_TEST_SUBSCRIPTION_ID }}
subscription-id: ${{ secrets.INTEGRATION_TEST_SUBSCRIPTION_ID }}
- uses: marocchino/sticky-pull-request-comment@v2
continue-on-error: true
with:
Expand Down
13 changes: 11 additions & 2 deletions .github/workflows/long-running-azure.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,11 @@
# Grafana dashboard URL: https://radiuse2e00-dashboard-audycmffgberbghy.wus3.grafana.azure.com/

name: Long-running test on Azure

permissions:
id-token: write # Required for requesting the JWT
contents: read # Required for actions/checkout

on:
schedule:
# Run every 2 hours
Expand Down Expand Up @@ -203,7 +208,9 @@ jobs:
if: steps.skip-build.outputs.SKIP_BUILD != 'true'
uses: azure/login@v1
with:
creds: '{"clientId":"${{ secrets.INTEGRATION_TEST_SP_APP_ID }}","clientSecret":"${{ secrets.INTEGRATION_TEST_SP_PASSWORD }}","subscriptionId":"${{ secrets.INTEGRATION_TEST_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.INTEGRATION_TEST_TENANT_ID }}"}'
client-id: ${{ secrets.INTEGRATION_TEST_SP_APP_ID }}
tenant-id: ${{ secrets.INTEGRATION_TEST_SUBSCRIPTION_ID }}
subscription-id: ${{ secrets.INTEGRATION_TEST_SUBSCRIPTION_ID }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
Expand Down Expand Up @@ -332,7 +339,9 @@ jobs:
- name: Login to Azure
uses: azure/login@v1
with:
creds: '{"clientId":"${{ secrets.INTEGRATION_TEST_SP_APP_ID }}","clientSecret":"${{ secrets.INTEGRATION_TEST_SP_PASSWORD }}","subscriptionId":"${{ secrets.INTEGRATION_TEST_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.INTEGRATION_TEST_TENANT_ID }}"}'
client-id: ${{ secrets.INTEGRATION_TEST_SP_APP_ID }}
tenant-id: ${{ secrets.INTEGRATION_TEST_SUBSCRIPTION_ID }}
subscription-id: ${{ secrets.INTEGRATION_TEST_SUBSCRIPTION_ID }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
Expand Down
12 changes: 11 additions & 1 deletion .github/workflows/purge-test-resources.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,15 @@
# ------------------------------------------------------------

name: Purge test resources

permissions:
id-token: write # Required for requesting the JWT
contents: read # Required for actions/checkout

on:
push:
branches:
- main
schedule:
# Run twice a day
- cron: "30 0,12 * * *"
Expand Down Expand Up @@ -48,7 +56,9 @@ jobs:
- name: Login to Azure
uses: azure/login@v1
with:
creds: '{"clientId":"${{ secrets.INTEGRATION_TEST_SP_APP_ID }}","clientSecret":"${{ secrets.INTEGRATION_TEST_SP_PASSWORD }}","subscriptionId":"${{ secrets.INTEGRATION_TEST_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.INTEGRATION_TEST_TENANT_ID }}"}'
client-id: ${{ secrets.INTEGRATION_TEST_SP_APP_ID }}
tenant-id: ${{ secrets.INTEGRATION_TEST_SUBSCRIPTION_ID }}
subscription-id: ${{ secrets.INTEGRATION_TEST_SUBSCRIPTION_ID }}
- name: Find old test resource groups
run: |
echo "## Test resource group list" >> $GITHUB_STEP_SUMMARY
Expand Down

0 comments on commit 69f0081

Please sign in to comment.