Restructure a few bits to use the composite approach (#339)

* Restructure a few bits to use the composite approach * Update .github/actions/oidc-auth-flow/action.yml
dotnet · May 1, 2024 · 52f0c0f · 52f0c0f
1 parent c07a5e5
commit 52f0c0f
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 17 deletions.
diff --git a/.github/actions/oidc-auth-flow/action.yml b/.github/actions/oidc-auth-flow/action.yml
@@ -0,0 +1,36 @@
+name: Azure OIDC auth flow
+description: "Azure OpenID Connect authentication flow"
+
+inputs:
+  client-id:
+    description: "The Azure AD application client ID"
+    required: true
+  tenant-id:
+    description: "The Azure AD tenant ID"
+    required: true
+  audience:
+    description: "The audience for the access token"
+    required: true
+
+outputs:
+  access-token:
+    description: "The Azure OIDC bearer access token"
+    value: ${{ steps.api-access.outputs.AZURE_ACCESS_TOKEN }}
+
+runs:
+  using: "composite"
+  steps:
+    - name: Azure OpenID Connect
+      uses: azure/login@v2
+      with:
+        client-id: ${{ inputs.client-id }}
+        tenant-id: ${{ inputs.tenant-id }}
+        audience: ${{ inputs.audience }}
+        allow-no-subscriptions: true
+
+    - name: OSMP API access
+      id: api-access
+      shell: bash
+      run: |
+        TOKEN=$(az account get-access-token --query 'accessToken' -o tsv --resource ${{ inputs.audience }})
+        echo "AZURE_ACCESS_TOKEN=$(echo $TOKEN)" >> $GITHUB_OUTPUT
diff --git a/.github/workflows/quest-bulk.yml b/.github/workflows/quest-bulk.yml
@@ -25,25 +25,20 @@ jobs:
           echo "Reason: ${{ github.event.inputs.reason }}"
 
       - name: Azure OpenID Connect
-        uses: azure/login@v2
+        id: azure-oidc-auth
+        uses: dotnet/docs-tools/.github/actions/azure-oidc-auth@main
         with:
           client-id: ${{ secrets.CLIENT_ID }}
           tenant-id: ${{ secrets.TENANT_ID }}
           audience: ${{ secrets.OSMP_API_AUDIENCE }}
-          allow-no-subscriptions: true
-
-      - name: OSMP API access
-        run: |
-          TOKEN=$(az account get-access-token --query 'accessToken' -o tsv --resource ${{ secrets.OSMP_API_AUDIENCE }})
-          echo "AZURE_ACCESS_TOKEN=$TOKEN" >> $GITHUB_ENV
 
       - name: bulk-sequester
         id: bulk-sequester
         uses: dotnet/docs-tools/actions/sequester@main
         env:
           ImportOptions__ApiKeys__GitHubToken: ${{ secrets.GITHUB_TOKEN }}
           ImportOptions__ApiKeys__QuestKey: ${{ secrets.QUEST_KEY }}
-          ImportOptions__ApiKeys__AzureAccessToken: ${{ env.AZURE_ACCESS_TOKEN }}
+          ImportOptions__ApiKeys__AzureAccessToken: ${{ steps.azure-oidc-auth.outputs.access-token }}
           ImportOptions__ApiKeys__SequesterPrivateKey: ${{ secrets.SEQUESTER_PRIVATEKEY }}
           ImportOptions__ApiKeys__SequesterAppID: ${{ secrets.SEQUESTER_APPID }}
         with:

diff --git a/.github/workflows/quest.yml b/.github/workflows/quest.yml
@@ -32,17 +32,12 @@ jobs:
           echo "Issue number: ${{ github.event.inputs.issue }}"
 
       - name: Azure OpenID Connect
-        uses: azure/login@v2
+        id: azure-oidc-auth
+        uses: dotnet/docs-tools/.github/actions/azure-oidc-auth@main
         with:
           client-id: ${{ secrets.CLIENT_ID }}
           tenant-id: ${{ secrets.TENANT_ID }}
           audience: ${{ secrets.OSMP_API_AUDIENCE }}
-          allow-no-subscriptions: true
-
-      - name: OSMP API access
-        run: |
-          TOKEN=$(az account get-access-token --query 'accessToken' -o tsv --resource ${{ secrets.OSMP_API_AUDIENCE }})
-          echo "AZURE_ACCESS_TOKEN=$TOKEN" >> $GITHUB_ENV
 
       # This step occurs when ran manually, passing the manual issue number input
       - name: manual-sequester
@@ -51,7 +46,7 @@ jobs:
         uses: dotnet/docs-tools/actions/sequester@main
         env:
           ImportOptions__ApiKeys__GitHubToken: ${{ secrets.GITHUB_TOKEN }}
-          ImportOptions__ApiKeys__AzureAccessToken: ${{ env.AZURE_ACCESS_TOKEN }}
+          ImportOptions__ApiKeys__AzureAccessToken:  ${{ steps.azure-oidc-auth.outputs.access-token }}
           ImportOptions__ApiKeys__QuestKey: ${{ secrets.QUEST_KEY }}
           ImportOptions__ApiKeys__SequesterPrivateKey: ${{ secrets.SEQUESTER_PRIVATEKEY }}
           ImportOptions__ApiKeys__SequesterAppID: ${{ secrets.SEQUESTER_APPID }}
@@ -67,7 +62,7 @@ jobs:
         uses: dotnet/docs-tools/actions/sequester@main
         env:
           ImportOptions__ApiKeys__GitHubToken: ${{ secrets.GITHUB_TOKEN }}
-          ImportOptions__ApiKeys__AzureAccessToken: $AZURE_ACCESS_TOKEN
+          ImportOptions__ApiKeys__AzureAccessToken: ${{ steps.azure-oidc-auth.outputs.access-token }}
           ImportOptions__ApiKeys__QuestKey: ${{ secrets.QUEST_KEY }}
           ImportOptions__ApiKeys__SequesterPrivateKey: ${{ secrets.SEQUESTER_PRIVATEKEY }}
           ImportOptions__ApiKeys__SequesterAppID: ${{ secrets.SEQUESTER_APPID }}