diff --git a/.github/workflows/build-and-push-image.yml b/.github/workflows/build-and-push-image.yml index 38f2d3b28..228f7fb06 100644 --- a/.github/workflows/build-and-push-image.yml +++ b/.github/workflows/build-and-push-image.yml @@ -45,9 +45,13 @@ jobs: echo "checked-out-sha=${CHECKED_OUT_SHA}" >> $GITHUB_OUTPUT deploy-image: + permissions: + id-token: write + contents: read + packages: write name: Deploy '${{ needs.set-env.outputs.branch }}' to ${{ needs.set-env.outputs.environment }} needs: [ set-env ] - uses: DFE-Digital/deploy-azure-container-apps-action/.github/workflows/build-push-deploy.yml@v2.5.0 + uses: DFE-Digital/deploy-azure-container-apps-action/.github/workflows/build-push-deploy.yml@v3.0.0 strategy: matrix: image: [ @@ -56,10 +60,10 @@ jobs: ] include: - image: "web" - aca_name_secret: "AZURE_ACA_NAME" + aca_name_secret: "ACA_CONTAINERAPP_NAME" tag_prefix: "" - image: "api" - aca_name_secret: "AZURE_API_ACA_NAME" + aca_name_secret: "ACA_CONTAINERAPP_API_NAME" tag_prefix: "api-" with: docker-image-name: 'mfsp-app' @@ -68,11 +72,13 @@ jobs: environment: ${{ needs.set-env.outputs.environment }} annotate-release: ${{ matrix.image == 'web' }} secrets: - azure-acr-credentials: ${{ secrets.ACR_CREDENTIALS }} + azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} + azure-subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + azure-acr-client-id: ${{ secrets.ACR_CLIENT_ID }} azure-acr-name: ${{ secrets.ACR_NAME }} - azure-aca-credentials: ${{ secrets.AZURE_ACA_CREDENTIALS }} - azure-aca-name: ${{ secrets[matrix.aca_name_secret] }} - azure-aca-resource-group: ${{ secrets.AZURE_ACA_RESOURCE_GROUP }} + azure-aca-client-id: ${{ secrets.ACA_CLIENT_ID }} + azure-aca-name: ${{ secrets.[matrix.aca_name_secret] }} + azure-aca-resource-group: ${{ secrets.ACA_RESOURCE_GROUP }} create-tag: name: Tag and release