Merge pull request #2034 from diggerhq/docs/add-azure-quickstart

ZIJ · web-flow · commit cd1447d9c256 · 2025-07-22T16:28:41.000+01:00
Add Azure tab to quickstarts
diff --git a/docs/ce/getting-started/with-opentofu.mdx b/docs/ce/getting-started/with-opentofu.mdx
@@ -10,6 +10,7 @@ In this tutorial, you will set up Digger to automate OpenTofu pull requests usin
 - Your cloud provider credentials:
   - For AWS: [Hashicorp's AWS tutorial](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/aws-build)
   - For GCP: [Hashicorp's GCP tutorial](https://developer.hashicorp.com/terraform/tutorials/gcp-get-started/google-cloud-platform-build)
+  - For Azure: [Hashicorp's Azure tutorial](https://developer.hashicorp.com/terraform/tutorials/azure-get-started/azure-build)
 
 # Step 1: create your Digger account
 
@@ -42,6 +43,13 @@ In GitHub repository settings, go to Secrets and Variables - Actions. Create the
     - `GCP_CREDENTIALS` - contents of your GCP Service Account Key json file You
     can also [use OIDC](/gcp/federated-oidc-access/) for GCP authentication.
   </Tab>
+  <Tab title="Azure">
+    - `AZURE_CLIENT_ID` - Your Azure App Registration Client ID
+    - `AZURE_TENANT_ID` - Your Azure Tenant ID
+    - `AZURE_SUBSCRIPTION_ID` - Your Azure Subscription ID
+    
+    You'll need to configure OIDC authentication by setting up federated credentials in your Azure App Registration. See [Azure OIDC setup](/ce/azure-specific/azure) for details.
+  </Tab>
 </Tabs>
 
 # Step 4: Create digger.yml
@@ -158,6 +166,57 @@ Place it at `.github/workflows/digger_workflow.yml` (name is important!)
     - Verify that GCP is configured correctly by running `gcloud info`
 
   </Tab>
+  <Tab title="Azure">
+    ```yaml
+    name: Digger Workflow
+
+    on:
+      workflow_dispatch:
+        inputs:
+          spec:
+            required: true
+          run_name:
+            required: false
+
+    run-name: '${{inputs.run_name}}'
+
+    jobs:
+      digger-job:
+        runs-on: ubuntu-latest
+        permissions:
+          contents: write      # required to merge PRs
+          actions: write       # required for plan persistence
+          id-token: write      # required for workload-identity-federation
+          pull-requests: write # required to post PR comments
+          issues: read         # required to check if PR number is an issue or not
+          statuses: write      # required to validate combined PR status
+
+        steps:
+          - uses: actions/checkout@v4
+          - name: ${{ fromJSON(github.event.inputs.spec).job_id }}
+            run: echo "job id ${{ fromJSON(github.event.inputs.spec).job_id }}"
+          - uses: diggerhq/digger@vLatest
+            with:
+              digger-spec: ${{ inputs.spec }}
+              setup-azure: true
+              azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
+              azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+              azure-subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+              setup-opentofu: true
+              opentofu-version: 1.10.3
+            env:
+              GITHUB_CONTEXT: ${{ toJson(github) }}
+              GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+              ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+              ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+              ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+    ```
+    
+    This workflow uses Azure OIDC authentication, which requires:
+    - Setting up federated credentials in your Azure App Registration for GitHub Actions
+    - The `id-token: write` permission for workload identity federation
+    - ARM_* environment variables for the Azure Terraform provider
+  </Tab>
 </Tabs>
 
 # Step 6: Create a PR to verify that it works
@@ -172,3 +231,4 @@ Then you can add a comment like `digger apply` and shortly after apply output wi
 
 - [AWS demo repo](https://github.com/diggerhq/quickstart-actions-aws)
 - [GCP demo repo](https://github.com/diggerhq/demo-conftest-gcp/)
+- [Azure demo repo](https://github.com/diggerhq/azure-onboarding-test)
diff --git a/docs/ce/getting-started/with-terraform.mdx b/docs/ce/getting-started/with-terraform.mdx
@@ -10,6 +10,7 @@ In this tutorial, you will set up Digger to automate terraform pull requests usi
 - Your cloud provider credentials:
   - For AWS: [Hashicorp's AWS tutorial](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/aws-build)
   - For GCP: [Hashicorp's GCP tutorial](https://developer.hashicorp.com/terraform/tutorials/gcp-get-started/google-cloud-platform-build)
+  - For Azure: [Hashicorp's Azure tutorial](https://developer.hashicorp.com/terraform/tutorials/azure-get-started/azure-build)
 
 # Step 1: create your Digger account
 
@@ -42,6 +43,13 @@ In GitHub repository settings, go to Secrets and Variables - Actions. Create the
     - `GCP_CREDENTIALS` - contents of your GCP Service Account Key json file You
     can also [use OIDC](/gcp/federated-oidc-access/) for GCP authentication.
   </Tab>
+  <Tab title="Azure">
+    - `AZURE_CLIENT_ID` - Your Azure App Registration Client ID
+    - `AZURE_TENANT_ID` - Your Azure Tenant ID
+    - `AZURE_SUBSCRIPTION_ID` - Your Azure Subscription ID
+    
+    You'll need to configure OIDC authentication by setting up federated credentials in your Azure App Registration. See [Azure OIDC setup](/ce/azure-specific/azure) for details.
+  </Tab>
 </Tabs>
 
 # Step 4: Create digger.yml
@@ -158,6 +166,57 @@ Place it at `.github/workflows/digger_workflow.yml` (name is important!)
     - Verify that GCP is configured correctly by running `gcloud info`
 
   </Tab>
+  <Tab title="Azure">
+    ```yaml
+    name: Digger Workflow
+
+    on:
+      workflow_dispatch:
+        inputs:
+          spec:
+            required: true
+          run_name:
+            required: false
+
+    run-name: '${{inputs.run_name}}'
+
+    jobs:
+      digger-job:
+        runs-on: ubuntu-latest
+        permissions:
+          contents: write      # required to merge PRs
+          actions: write       # required for plan persistence
+          id-token: write      # required for workload-identity-federation
+          pull-requests: write # required to post PR comments
+          issues: read         # required to check if PR number is an issue or not
+          statuses: write      # required to validate combined PR status
+
+        steps:
+          - uses: actions/checkout@v4
+          - name: ${{ fromJSON(github.event.inputs.spec).job_id }}
+            run: echo "job id ${{ fromJSON(github.event.inputs.spec).job_id }}"
+          - uses: diggerhq/digger@vLatest
+            with:
+              digger-spec: ${{ inputs.spec }}
+              setup-azure: true
+              azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
+              azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+              azure-subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+              setup-terraform: true
+              terraform-version: 1.5.5
+            env:
+              GITHUB_CONTEXT: ${{ toJson(github) }}
+              GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+              ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+              ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+              ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+    ```
+    
+    This workflow uses Azure OIDC authentication, which requires:
+    - Setting up federated credentials in your Azure App Registration for GitHub Actions
+    - The `id-token: write` permission for workload identity federation
+    - ARM_* environment variables for the Azure Terraform provider
+  </Tab>
 </Tabs>
 
 # Step 6: Create a PR to verify that it works
@@ -172,3 +231,4 @@ Then you can add a comment like `digger apply` and shortly after apply output wi
 
 - [AWS demo repo](https://github.com/diggerhq/quickstart-actions-aws)
 - [GCP demo repo](https://github.com/diggerhq/demo-conftest-gcp/)
+- [Azure demo repo](https://github.com/diggerhq/azure-onboarding-test)
diff --git a/docs/ce/getting-started/with-terragrunt.mdx b/docs/ce/getting-started/with-terragrunt.mdx
@@ -10,6 +10,7 @@ In this tutorial, you will set up Digger to automate Terragrunt pull requests us
 - Your cloud provider credentials:
   - For AWS: [Hashicorp's AWS tutorial](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/aws-build)
   - For GCP: [Hashicorp's GCP tutorial](https://developer.hashicorp.com/terraform/tutorials/gcp-get-started/google-cloud-platform-build)
+  - For Azure: [Hashicorp's Azure tutorial](https://developer.hashicorp.com/terraform/tutorials/azure-get-started/azure-build)
 
 # Step 1: create your Digger account
 
@@ -44,6 +45,13 @@ In GitHub repository settings, go to Secrets and Variables - Actions. Create the
     
     You can also [use OIDC](/gcp/federated-oidc-access/) for GCP authentication.
   </Tab>
+  <Tab title="Azure">
+    - `AZURE_CLIENT_ID` - Your Azure App Registration Client ID
+    - `AZURE_TENANT_ID` - Your Azure Tenant ID
+    - `AZURE_SUBSCRIPTION_ID` - Your Azure Subscription ID
+    
+    You'll need to configure OIDC authentication by setting up federated credentials in your Azure App Registration. See [Azure OIDC setup](/ce/azure-specific/azure) for details.
+  </Tab>
 </Tabs>
 
 # Step 4: Create digger.yml
@@ -204,6 +212,57 @@ Place it at `.github/workflows/digger_workflow.yml` (name is important!)
     - Set up Google Cloud SDK for use in the subsequent steps via Google's official [Setup-gcloud action](https://github.com/google-github-actions/setup-gcloud)
     - Verify that GCP is configured correctly by running `gcloud info`
   </Tab>
+  <Tab title="Azure">
+    ```yaml
+    name: Digger Workflow
+
+    on:
+      workflow_dispatch:
+        inputs:
+          spec:
+            required: true
+          run_name:
+            required: false
+
+    run-name: '${{inputs.run_name}}'
+
+    jobs:
+      digger-job:
+        runs-on: ubuntu-latest
+        permissions:
+          contents: write      # required to merge PRs
+          actions: write       # required for plan persistence
+          id-token: write      # required for workload-identity-federation
+          pull-requests: write # required to post PR comments
+          issues: read         # required to check if PR number is an issue or not
+          statuses: write      # required to validate combined PR status
+
+        steps:
+          - uses: actions/checkout@v4
+          - name: ${{ fromJSON(github.event.inputs.spec).job_id }}
+            run: echo "job id ${{ fromJSON(github.event.inputs.spec).job_id }}"
+          - uses: diggerhq/digger@vLatest
+            with:
+              digger-spec: ${{ inputs.spec }}
+              setup-azure: true
+              azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
+              azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+              azure-subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+              setup-terragrunt: true
+              terragrunt-version: 0.44.1
+            env:
+              GITHUB_CONTEXT: ${{ toJson(github) }}
+              GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+              ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+              ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+              ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+    ```
+    
+    This workflow uses Azure OIDC authentication, which requires:
+    - Setting up federated credentials in your Azure App Registration for GitHub Actions
+    - The `id-token: write` permission for workload identity federation
+    - ARM_* environment variables for the Azure Terraform provider
+  </Tab>
 </Tabs>
 
 <Note>
