Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Question] Access to repositories information from another account #148

Open
Drjacky opened this issue Jul 22, 2023 · 1 comment
Open

[Question] Access to repositories information from another account #148

Drjacky opened this issue Jul 22, 2023 · 1 comment

Comments

@Drjacky
Copy link

Drjacky commented Jul 22, 2023

https://github.com/Azure/actions-workflow-samples/blob/master/assets/create-secrets-for-GitHub-workflows.md

How to create secret for all repositories of a GitHub account A, to use it in another GitHub account B?
@TheProdigyLeague
Copy link

No tech guru here, but hope this helps nonetheless...
/workflow/build/Deployment/Node.js | \Web.app ---> Azure(cTM) \user \profile
From your Azure fs,

+ File: .github/workflows/workflow.yml

on: push

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
    # chkout repo
    - name: 'Checkout Github Action' 
      uses: actions/checkout@master
    
    - name: Setup Node 10.x
      uses: actions/setup-node@v1
      with:
        node-version: '10.x'
    - name: 'npm install, build, and test'
      run: |
        npm install
        npm run build --if-present
        npm run test --if-present
       
    - name: 'Run acct A and publish secret for @Drjacky  Azure/repo'
      uses: azure/webapps-deploy@v2
      with: 
        app-name: node-rn
        publish-profile: ${{ secrets.azureWebAppPublishProfile }}
- .portal, .crypto

Follow these steps to use it on Acct B:

  • Download acct A's published profile for WebApp from Portal (Get Publish profile option)
  • Define a new secret under Acc B's repository settings, Add secret menu
  • Paste the contents for the downloaded publish profile file into the secret's value field
  • Now in the workflow file in your branch: .github/workflows/workflow.yml replace the secret for the input publish-profile: of the deploy Azure WebApp action (Refer to the example above)
    Finally,
    usr/cred/Azure.Srvc | usr/profile/etc

  • repo.git ▶ .yml, .json, .py
    secrets

  • User-level credentials i.e., Azure Service Principal for deployment.

  1. Define Secret/vars
  2. Settings -> Secrets -> New secret. Provide a secret variable Name, for example 'AZURE_CREDENTIALS'
  3. az cli
  4. cmd/Store/io/value/_Secret_vars
  5. Store output as Value of secret variable
    az ad command scopes service principal to a specific resource group...
    {resource-group} within a specific Azure subscription {subscription-id}
    V
$ az ad sp create-for-rbac --name "myApp" --role contributor \
                            --scopes /subscriptions/{subscription-id}/resourceGroups/{resource-group} \
                            --sdk-auth
                            
  # Replace {subscription-id}, {resource-group} "resource, group, details"
  # The command should output a JSON object similar to this:

  {
    "clientId": "<GUID>",
    "clientSecret": "<GUID>",
    "subscriptionId": "<GUID>",
    "tenantId": "<GUID>",
    (...)
  }

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Drjacky @TheProdigyLeague