From bb175ab8af09b9110e1483c0be8b8fdbafe0e979 Mon Sep 17 00:00:00 2001 From: Stretch Date: Wed, 23 Oct 2024 16:13:13 +0100 Subject: [PATCH] Bump deploy-azure-container-apps-action v3.0.0 (#919) * Bump deploy-azure-container-apps-action v3.0.0 * Uses OIDC with Azure/login instead of Credential based authentication * https://github.com/DFE-Digital/deploy-azure-container-apps-action/compare/v2.6.0...v3.0.0 * Use matrix to load different secrets --------- Co-authored-by: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com> --- .github/workflows/build-and-push-image.yml | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build-and-push-image.yml b/.github/workflows/build-and-push-image.yml index 38f2d3b28..228f7fb06 100644 --- a/.github/workflows/build-and-push-image.yml +++ b/.github/workflows/build-and-push-image.yml @@ -45,9 +45,13 @@ jobs: echo "checked-out-sha=${CHECKED_OUT_SHA}" >> $GITHUB_OUTPUT deploy-image: + permissions: + id-token: write + contents: read + packages: write name: Deploy '${{ needs.set-env.outputs.branch }}' to ${{ needs.set-env.outputs.environment }} needs: [ set-env ] - uses: DFE-Digital/deploy-azure-container-apps-action/.github/workflows/build-push-deploy.yml@v2.5.0 + uses: DFE-Digital/deploy-azure-container-apps-action/.github/workflows/build-push-deploy.yml@v3.0.0 strategy: matrix: image: [ @@ -56,10 +60,10 @@ jobs: ] include: - image: "web" - aca_name_secret: "AZURE_ACA_NAME" + aca_name_secret: "ACA_CONTAINERAPP_NAME" tag_prefix: "" - image: "api" - aca_name_secret: "AZURE_API_ACA_NAME" + aca_name_secret: "ACA_CONTAINERAPP_API_NAME" tag_prefix: "api-" with: docker-image-name: 'mfsp-app' @@ -68,11 +72,13 @@ jobs: environment: ${{ needs.set-env.outputs.environment }} annotate-release: ${{ matrix.image == 'web' }} secrets: - azure-acr-credentials: ${{ secrets.ACR_CREDENTIALS }} + azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} + azure-subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + azure-acr-client-id: ${{ secrets.ACR_CLIENT_ID }} azure-acr-name: ${{ secrets.ACR_NAME }} - azure-aca-credentials: ${{ secrets.AZURE_ACA_CREDENTIALS }} - azure-aca-name: ${{ secrets[matrix.aca_name_secret] }} - azure-aca-resource-group: ${{ secrets.AZURE_ACA_RESOURCE_GROUP }} + azure-aca-client-id: ${{ secrets.ACA_CLIENT_ID }} + azure-aca-name: ${{ secrets.[matrix.aca_name_secret] }} + azure-aca-resource-group: ${{ secrets.ACA_RESOURCE_GROUP }} create-tag: name: Tag and release