enable github action login with user assigned identity

dantelmomsft · dantelmomsft · commit a4c6ef89fafb · 2024-10-09T16:25:49.000+02:00
diff --git a/.github/workflows/aca-deploy.yaml b/.github/workflows/aca-deploy.yaml
@@ -23,8 +23,16 @@ jobs:
         steps:
         - name: Log in to Azure with service principal
           uses: azure/login@v2
+          if: ${{ vars.AZURE_CLIENT_ID == '' }}
           with:
             creds: ${{ secrets.AZURE_CREDENTIALS }}
+        - name: Log in with Azure (Federated Credentials)
+          if: ${{ vars.AZURE_CLIENT_ID != '' }}
+          uses: azure/login@v2
+          with:
+            client-id: ${{ vars.AZURE_CLIENT_ID }}
+            tenant-id: ${{ vars.AZURE_TENANT_ID }}
+            subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }} 
         - name: Build and deploy Container App
           uses: azure/container-apps-deploy-action@v1
           with:
diff --git a/.github/workflows/acr-build-push.yaml b/.github/workflows/acr-build-push.yaml
@@ -17,17 +17,30 @@ jobs:
     build:
         runs-on: ubuntu-latest
         environment: ${{inputs.env-name}}
+        
         steps:
         - name: Log in to Azure with service principal
+          if: ${{ vars.AZURE_CLIENT_ID == '' }}
           uses: azure/login@v2
           with:
             creds: ${{ secrets.AZURE_CREDENTIALS }}
         - name: Log in Azure Container Registry
+          if: ${{ vars.AZURE_CLIENT_ID == '' }}
           uses: azure/docker-login@v2
           with:
             login-server: ${{vars.ACR_NAME}}.azurecr.io
             username: ${{ secrets.SPI_CLIENT_ID   }}
             password: ${{ secrets.SPI_CLIENT_SECRET }}
+        - name: Log in with Azure (Federated Credentials)
+          if: ${{ vars.AZURE_CLIENT_ID != '' }}
+          uses: azure/login@v2
+          with:
+            client-id: ${{ vars.AZURE_CLIENT_ID }}
+            tenant-id: ${{ vars.AZURE_TENANT_ID }}
+            subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}       
+        - name: Login to Azure Container Registry (Federated Credentials)
+          if: ${{ vars.AZURE_CLIENT_ID != '' }}  
+          run: az acr login --name ${{vars.ACR_NAME}}
         - uses: actions/checkout@v2
         - name: Build and Push to ACR
           run: |
