Skip to content

Commit

Permalink
Use OIDC keys for the OSPO API
Browse files Browse the repository at this point in the history
  • Loading branch information
@davidbritch
davidbritch committed May 3, 2024
1 parent 5aa6155 commit 3c1d7ff
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 4 deletions.
15 changes: 14 additions & 1 deletion .github/workflows/quest-bulk.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,12 +22,25 @@ jobs:
run: |
echo "Reason: ${{ github.event.inputs.reason }}"
- name: Azure OpenID Connect
uses: azure/login@v2
with:
client-id: ${{ secrets.CLIENT_ID }}
tenant-id: ${{ secrets.TENANT_ID }}
audience: ${{ secrets.OSMP_API_AUDIENCE }}
allow-no-subscriptions: true

- name: OSMP API access
run: |
TOKEN=$(az account get-access-token --query 'accessToken' -o tsv --resource ${{ secrets.OSMP_API_AUDIENCE }})
echo "AZURE_ACCESS_TOKEN=$TOKEN" >> $GITHUB_ENV
- name: bulk-sequester
id: bulk-sequester
uses: dotnet/docs-tools/actions/sequester@main
env:
ImportOptions__ApiKeys__GitHubToken: ${{ secrets.GITHUB_TOKEN }}
ImportOptions__ApiKeys__OSPOKey: ${{ secrets.OSPO_KEY }}
ImportOptions__ApiKeys__AzureAccessToken: ${{ env.AZURE_ACCESS_TOKEN }}
ImportOptions__ApiKeys__QuestKey: ${{ secrets.QUEST_KEY }}
ImportOptions__ApiKeys__SequesterPrivateKey: ${{ secrets.SEQUESTER_PRIVATEKEY }}
ImportOptions__ApiKeys__SequesterAppID: ${{ secrets.SEQUESTER_APPID }}
Expand Down
18 changes: 15 additions & 3 deletions .github/workflows/quest.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,14 +29,27 @@ jobs:
echo "Reason: ${{ github.event.inputs.reason }}"
echo "Issue number: ${{ github.event.inputs.issue }}"
- name: Azure OpenID Connect
uses: azure/login@v2
with:
client-id: ${{ secrets.CLIENT_ID }}
tenant-id: ${{ secrets.TENANT_ID }}
audience: ${{ secrets.OSMP_API_AUDIENCE }}
allow-no-subscriptions: true

- name: OSMP API access
run: |
TOKEN=$(az account get-access-token --query 'accessToken' -o tsv --resource ${{ secrets.OSMP_API_AUDIENCE }})
echo "AZURE_ACCESS_TOKEN=$TOKEN" >> $GITHUB_ENV
# This step occurs when ran manually, passing the manual issue number input
- name: manual-sequester
if: ${{ github.event_name == 'workflow_dispatch' }}
id: manual-sequester
uses: dotnet/docs-tools/actions/sequester@main
env:
ImportOptions__ApiKeys__GitHubToken: ${{ secrets.GITHUB_TOKEN }}
ImportOptions__ApiKeys__OSPOKey: ${{ secrets.OSPO_KEY }}
ImportOptions__ApiKeys__AzureAccessToken: ${{ env.AZURE_ACCESS_TOKEN }}
ImportOptions__ApiKeys__QuestKey: ${{ secrets.QUEST_KEY }}
ImportOptions__ApiKeys__SequesterPrivateKey: ${{ secrets.SEQUESTER_PRIVATEKEY }}
ImportOptions__ApiKeys__SequesterAppID: ${{ secrets.SEQUESTER_APPID }}
Expand All @@ -52,12 +65,11 @@ jobs:
uses: dotnet/docs-tools/actions/sequester@main
env:
ImportOptions__ApiKeys__GitHubToken: ${{ secrets.GITHUB_TOKEN }}
ImportOptions__ApiKeys__OSPOKey: ${{ secrets.OSPO_KEY }}
ImportOptions__ApiKeys__AzureAccessToken: $AZURE_ACCESS_TOKEN
ImportOptions__ApiKeys__QuestKey: ${{ secrets.QUEST_KEY }}
ImportOptions__ApiKeys__SequesterPrivateKey: ${{ secrets.SEQUESTER_PRIVATEKEY }}
ImportOptions__ApiKeys__SequesterAppID: ${{ secrets.SEQUESTER_APPID }}
with:
org: ${{ github.repository_owner }}
repo: ${{ github.repository }}
issue: ${{ github.event.issue.number }}

0 comments on commit 3c1d7ff

Please sign in to comment.