actions-workflow-samples icon indicating copy to clipboard operation
actions-workflow-samples copied to clipboard
verified publisher icon Azure

[Question] Access to repositories information from another account

Open Drjacky opened this issue 2 years ago • 1 comments

https://github.com/Azure/actions-workflow-samples/blob/master/assets/create-secrets-for-GitHub-workflows.md

How to create secret for all repositories of a GitHub account A, to use it in another GitHub account B?

Drjacky avatar Jul 22 '23 09:07 Drjacky

No tech guru here, but hope this helps nonetheless... /workflow/build/Deployment/Node.js | \Web.app ---> Azure(cTM) \user \profile From your Azure fs,

+ File: .github/workflows/workflow.yml

on: push

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
    # chkout repo
    - name: 'Checkout Github Action' 
      uses: actions/checkout@master
    
    - name: Setup Node 10.x
      uses: actions/setup-node@v1
      with:
        node-version: '10.x'
    - name: 'npm install, build, and test'
      run: |
        npm install
        npm run build --if-present
        npm run test --if-present
       
    - name: 'Run acct A and publish secret for @Drjacky  Azure/repo'
      uses: azure/webapps-deploy@v2
      with: 
        app-name: node-rn
        publish-profile: ${{ secrets.azureWebAppPublishProfile }}
- .portal, .crypto

Follow these steps to use it on Acct B:

  • Download acct A's published profile for WebApp from Portal (Get Publish profile option)
  • Define a new secret under Acc B's repository settings, Add secret menu
  • Paste the contents for the downloaded publish profile file into the secret's value field
  • Now in the workflow file in your branch: .github/workflows/workflow.yml replace the secret for the input publish-profile: of the deploy Azure WebApp action (Refer to the example above) Finally, usr/cred/Azure.Srvc | usr/profile/etc

  • repo.git ▶ .yml, .json, .py secrets

  • User-level credentials i.e., Azure Service Principal for deployment.

  1. Define Secret/vars
  2. Settings -> Secrets -> New secret. Provide a secret variable Name, for example 'AZURE_CREDENTIALS'
  3. az cli
  4. cmd/Store/io/value/_Secret_vars
  5. Store output as Value of secret variable az ad command scopes service principal to a specific resource group... {resource-group} within a specific Azure subscription {subscription-id} V
$ az ad sp create-for-rbac --name "myApp" --role contributor \
                            --scopes /subscriptions/{subscription-id}/resourceGroups/{resource-group} \
                            --sdk-auth
                            
  # Replace {subscription-id}, {resource-group} "resource, group, details"
  # The command should output a JSON object similar to this:

  {
    "clientId": "<GUID>",
    "clientSecret": "<GUID>",
    "subscriptionId": "<GUID>",
    "tenantId": "<GUID>",
    (...)
  }

TheProdigyLeague avatar Oct 13 '23 23:10 TheProdigyLeague