Used AZURE_CREDENTIALS

NeckerFree · NeckerFree · commit 5795e5d3067b · 2025-07-23T16:38:13.000-05:00
diff --git a/.github/workflows/terraform-create.yml b/.github/workflows/terraform-create.yml
@@ -9,11 +9,11 @@ permissions:
   contents: read
 
 env:
-  ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
-  ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
-  ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
-  ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
-
+  ARM_CLIENT_ID: ${{ fromJson(secrets.AZURE_CREDENTIALS).clientId }}
+  ARM_CLIENT_SECRET: ${{ fromJson(secrets.AZURE_CREDENTIALS).clientSecret }}
+  ARM_SUBSCRIPTION_ID: ${{ fromJson(secrets.AZURE_CREDENTIALS).subscriptionId }}
+  ARM_TENANT_ID: ${{ fromJson(secrets.AZURE_CREDENTIALS).tenantId }}
+  
 jobs:
   terraform:
     runs-on: ubuntu-latest
@@ -26,10 +26,7 @@ jobs:
       - name: Azure Login (for backend bootstrap)
         uses: azure/login@v1
         with:
-          client-id: ${{ secrets.ARM_CLIENT_ID }}
-          client-secret: ${{ secrets.ARM_CLIENT_SECRET }}
-          tenant-id: ${{ secrets.ARM_TENANT_ID }}
-          subscription-id: ${{ secrets.ARM_SUBSCRIPTION_ID }}
+          creds: ${{ secrets.AZURE_CREDENTIALS }}
 
       - name: Ensure backend storage exists (idempotent)
         run: |
@@ -44,4 +41,4 @@ jobs:
         run: terraform init -input=false -no-color
 
       - name: Terraform Apply
-        run: terraform apply -auto-approve -input=false -no-color           -var "client_id=${{ secrets.ARM_CLIENT_ID }}"           -var "client_secret=${{ secrets.ARM_CLIENT_SECRET }}"           -var "subscription_id=${{ secrets.ARM_SUBSCRIPTION_ID }}"           -var "tenant_id=${{ secrets.ARM_TENANT_ID }}"           -var "ssh_public_key=${{ secrets.VM_SSH_PUB_KEY }}"
+        run: terraform apply -auto-approve -input=false -no-color -var "client_id=${{ secrets.ARM_CLIENT_ID }}" -var "client_secret=${{ secrets.ARM_CLIENT_SECRET }}" -var "subscription_id=${{ secrets.ARM_SUBSCRIPTION_ID }}" -var "tenant_id=${{ secrets.ARM_TENANT_ID }}" -var "ssh_public_key=${{ secrets.VM_SSH_PUB_KEY }}"
diff --git a/.github/workflows/terraform-destroy.yml b/.github/workflows/terraform-destroy.yml
@@ -7,10 +7,10 @@ permissions:
   contents: read
 
 env:
-  ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
-  ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
-  ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
-  ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
+  ARM_CLIENT_ID: ${{ fromJson(secrets.AZURE_CREDENTIALS).clientId }}
+  ARM_CLIENT_SECRET: ${{ fromJson(secrets.AZURE_CREDENTIALS).clientSecret }}
+  ARM_SUBSCRIPTION_ID: ${{ fromJson(secrets.AZURE_CREDENTIALS).subscriptionId }}
+  ARM_TENANT_ID: ${{ fromJson(secrets.AZURE_CREDENTIALS).tenantId }}
 
 jobs:
   terraform-destroy:
@@ -24,10 +24,7 @@ jobs:
       - name: Azure Login (for backend)
         uses: azure/login@v1
         with:
-          client-id: ${{ secrets.ARM_CLIENT_ID }}
-          client-secret: ${{ secrets.ARM_CLIENT_SECRET }}
-          tenant-id: ${{ secrets.ARM_TENANT_ID }}
-          subscription-id: ${{ secrets.ARM_SUBSCRIPTION_ID }}
+           creds: ${{ secrets.AZURE_CREDENTIALS }}
 
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v2
@@ -36,4 +33,4 @@ jobs:
         run: terraform init -input=false -no-color
 
       - name: Terraform Destroy
-        run: terraform destroy -auto-approve -input=false -no-color           -var "client_id=${{ secrets.ARM_CLIENT_ID }}"           -var "client_secret=${{ secrets.ARM_CLIENT_SECRET }}"           -var "subscription_id=${{ secrets.ARM_SUBSCRIPTION_ID }}"           -var "tenant_id=${{ secrets.ARM_TENANT_ID }}"           -var "ssh_public_key=${{ secrets.VM_SSH_PUB_KEY }}"
+        run: terraform destroy -auto-approve -input=false -no-color -var "client_id=${{ secrets.ARM_CLIENT_ID }}" -var "client_secret=${{ secrets.ARM_CLIENT_SECRET }}" -var "subscription_id=${{ secrets.ARM_SUBSCRIPTION_ID }}" -var "tenant_id=${{ secrets.ARM_TENANT_ID }}" -var "ssh_public_key=${{ secrets.VM_SSH_PUB_KEY }}"
