From ed814b830f90fe626b1dd9a55be69bb3af770ea1 Mon Sep 17 00:00:00 2001 From: Chris Wright Date: Fri, 18 Oct 2024 12:56:12 +0100 Subject: [PATCH] Bump deploy-azure-container-apps-action v3.0.0 * Uses OIDC with Azure/login instead of Credential based authentication * https://github.com/DFE-Digital/deploy-azure-container-apps-action/compare/v2.6.0...v3.0.0 --- .github/workflows/build-and-push-image.yml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-and-push-image.yml b/.github/workflows/build-and-push-image.yml index c11b9a4a4..7deeb296e 100644 --- a/.github/workflows/build-and-push-image.yml +++ b/.github/workflows/build-and-push-image.yml @@ -48,17 +48,23 @@ jobs: echo "release=${RELEASE}" >> $GITHUB_OUTPUT deploy-image: + permissions: + id-token: write + contents: read + packages: write needs: [ set-env ] - uses: DFE-Digital/deploy-azure-container-apps-action/.github/workflows/build-push-deploy.yml@v2.6.0 + uses: DFE-Digital/deploy-azure-container-apps-action/.github/workflows/build-push-deploy.yml@v3.0.0 with: docker-image-name: 'a2bext-app' docker-build-file-name: './Dockerfile' environment: ${{ needs.set-env.outputs.environment }} annotate-release: true secrets: - azure-acr-credentials: ${{ secrets.ACR_CREDENTIALS }} + azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} + azure-subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + azure-acr-client-id: ${{ secrets.ACR_CLIENT_ID }} azure-acr-name: ${{ secrets.ACR_NAME }} - azure-aca-credentials: ${{ secrets.ACA_CREDENTIALS }} + azure-aca-client-id: ${{ secrets.ACA_CLIENT_ID }} azure-aca-name: ${{ secrets.ACA_CONTAINERAPP_NAME }} azure-aca-resource-group: ${{ secrets.ACA_RESOURCE_GROUP }}