From 3b44c39880e6be6e820a7b979abff6a5729ff04f Mon Sep 17 00:00:00 2001
From: Jan-Hendrik Boll <jboll@redhat.com>
Date: Thu, 13 Feb 2025 13:32:23 +0100
Subject: [PATCH] Additional Federation credential for main branch

---
 .../github-actions/hack/create-application.sh         | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/tooling/azure-automation/github-actions/hack/create-application.sh b/tooling/azure-automation/github-actions/hack/create-application.sh
index 0c2a97fc6..a071c0ef7 100755
--- a/tooling/azure-automation/github-actions/hack/create-application.sh
+++ b/tooling/azure-automation/github-actions/hack/create-application.sh
@@ -33,6 +33,17 @@ az ad app federated-credential create --id "${APP_ID}" --parameters \
     "subject": "repo:Azure/ARO-HCP:pull_request"
 }'
 
+az ad app federated-credential create --id "${APP_ID}" --parameters \
+'{
+    "audiences": [
+        "api://AzureADTokenExchange"
+    ],
+    "description": "https://github.com/Azure/ARO-HCP runner",
+    "issuer": "https://token.actions.githubusercontent.com",
+    "name": "aro-hcp-main",
+    "subject": "repo:Azure/ARO-HCP:ref:refs/heads/main"
+}'
+
 echo "----------- Configure GitHub with the below secrets -----------"
 echo "AZURE_CLIENT_ID: ${APP_ID}"
 echo "AZURE_SUBSCRIPTION_ID: ${SUBSCRIPTION}"