diff --git a/auth-setup.md b/auth-setup.md new file mode 100644 index 0000000..26fc368 --- /dev/null +++ b/auth-setup.md @@ -0,0 +1,33 @@ +githubOrganizationName='codebytes' +githubRepositoryName='github-actions-demos' + +applicationRegistrationDetails=$(az ad app create --display-name 'github-actions-demos') +applicationRegistrationObjectId=$(echo $applicationRegistrationDetails | jq -r '.id') +applicationRegistrationAppId=$(echo $applicationRegistrationDetails | jq -r '.appId') + +az ad app federated-credential create \ + --id $applicationRegistrationObjectId \ + --parameters "{\"name\":\"github-actions-demos-pr\",\"issuer\":\"https://token.actions.githubusercontent.com\",\"subject\":\"repo:${githubOrganizationName}/${githubRepositoryName}:pull_request\",\"audiences\":[\"api://AzureADTokenExchange\"]}" +az ad app federated-credential create \ + --id $applicationRegistrationObjectId \ + --parameters "{\"name\":\"github-actions-demos-env-prod\",\"issuer\":\"https://token.actions.githubusercontent.com\",\"subject\":\"repo:${githubOrganizationName}/${githubRepositoryName}:environment:prod\",\"audiences\":[\"api://AzureADTokenExchange\"]}" +az ad app federated-credential create \ + --id $applicationRegistrationObjectId \ + --parameters "{\"name\":\"github-actions-demos-env-dotnet\",\"issuer\":\"https://token.actions.githubusercontent.com\",\"subject\":\"repo:${githubOrganizationName}/${githubRepositoryName}:environment:dotnet\",\"audiences\":[\"api://AzureADTokenExchange\"]}" + +az ad sp create --id $applicationRegistrationObjectId +az role assignment create \ + --assignee $applicationRegistrationAppId \ + --role Contributor + +AZURE_CLIENT_ID=$applicationRegistrationAppId +AZURE_TENANT_ID=$(az account show --query tenantId --output tsv) +AZURE_SUBSCRIPTION_ID=$(az account show --query id --output tsv) + +echo "AZURE_CLIENT_ID: $AZURE_CLIENT_ID" +echo "AZURE_TENANT_ID: $AZURE_TENANT_ID" +echo "AZURE_SUBSCRIPTION_ID: $AZURE_SUBSCRIPTION_ID" + +gh secret set AZURE_CLIENT_ID --body "$AZURE_CLIENT_ID" +gh secret set AZURE_TENANT_ID --body "$AZURE_TENANT_ID" +gh secret set AZURE_SUBSCRIPTION_ID --body "$AZURE_SUBSCRIPTION_ID" \ No newline at end of file diff --git a/slides/Slides.md b/slides/Slides.md index a2505a0..7119557 100644 --- a/slides/Slides.md +++ b/slides/Slides.md @@ -1,14 +1,13 @@ --- marp: true theme: default -footer: '@Chris_L_Ayers - https://chrislayers.com' +footer: '@Chris_L_Ayers - https://chris-ayers.com' style: | .columns { display: grid; grid-template-columns: repeat(2, minmax(0, 1fr)); gap: 1rem; } - --- ![bg](./img/bg.png) @@ -23,7 +22,7 @@ style: | - Twitter: @Chris\_L\_Ayers - LinkedIn: - [chris\-l\-ayers](https://linkedin.com/in/chris-l-ayers/) -- Blog: [https://chrislayers\.com/](https://chrislayers.com/) +- Blog: [https://chris-ayers\.com/](https://chris-ayers.com/) - GitHub: [Codebytes](https://github.com/codebytes) --- @@ -66,7 +65,6 @@ GitHub uses YAML for workflows ![contain](./img/cicd.png) - --- ![bg](./img/bg.png) @@ -81,7 +79,7 @@ GitHub uses YAML for workflows ![bg right contain](./img/event-job.png) # Workflows -- Events trigger workflows +- [Events](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows) trigger workflows - Workflows contain jobs - Jobs contain steps - Steps are commands or actions @@ -91,7 +89,7 @@ GitHub uses YAML for workflows ![bg right contain](./img/job-runner.png) # Jobs - Workflows can contain multiple jobs -- Each job runs on a Runner +- Each job runs on a [Runner](https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners) --- @@ -114,7 +112,7 @@ GitHub uses YAML for workflows ## Links -- [https://docs.microsoft.com/en-us/users/chrisayers/collections/ykr4sj3rzmnkqz?WT.mc_id=learnlive-20220629B](https://docs.microsoft.com/en-us/users/chrisayers/collections/ykr4sj3rzmnkqz?WT.mc_id=learnlive-20220629B) +- https://docs.github.com - [https://skills.github.com](https://skills.github.com) @@ -123,10 +121,13 @@ GitHub uses YAML for workflows ## Chris Ayers - Twitter: @Chris\_L\_Ayers - LinkedIn: - [chris\-l\-ayers](https://linkedin.com/in/chris-l-ayers/) -- Blog: [https://chrislayers\.com/](https://chrislayers.com/) +- Blog: [https://chris-ayers\.com/](https://chris-ayers.com/) - GitHub: [Codebytes](https://github.com/codebytes) + + +