Skip to content
Test Pull request

Use workload identity for sql server auth #5

Sign in to view logs

Use workload identity for sql server auth

Use workload identity for sql server auth #5

Workflow file for this run

.github/workflows/pr-test.yaml at fd84e0a
name: Test Pull request
on:
pull_request:
branches:
- main
permissions:
id-token: write
contents: read
jobs:
build-deploy:
runs-on: ubuntu-20.04
strategy:
fail-fast: false
matrix:
target:
- name: "dev"
acr-name: "radixdev"
client-id: "1a292b18-2960-49a5-b429-c8a50349b5eb"
subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b"
# - name: "playground"
# acr-name: "radixdev"
# client-id: "1a292b18-2960-49a5-b429-c8a50349b5eb"
# subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b"
#
# - name: "platform"
# acr-name: "radixprod"
# client-id: "d1ee58e8-5896-48d9-a777-5418c3df9a58"
# subscription-id: "ded7ca41-37c8-4085-862f-b11d21ab341a"
#
# - name: "c2"
# acr-name: "radixc2prod"
# client-id: "d1ee58e8-5896-48d9-a777-5418c3df9a58"
# subscription-id: "ded7ca41-37c8-4085-862f-b11d21ab341a"
steps:
- uses: actions/checkout@v3
- uses: azure/login@v1
with:
client-id: ${{matrix.target.client-id}}
tenant-id: "3aa4a235-b6e2-48d5-9195-7fcf05b459b0"
subscription-id: ${{matrix.target.subscription-id}}
- name: Generate image tag
id: tag
run: |
sha=${GITHUB_SHA::8}
ts=$(date +%s)
echo "tag=${GITHUB_REF_NAME}-${sha}-${ts}" >> $GITHUB_OUTPUT
- name: Build image
env:
AZURE_SUBSCRIPTION_ID: ${{matrix.target.subscription-id}}
ACR_NAME: ${{matrix.target.acr-name}}
IMAGE_NAME: radix-vulnerability-scanner
run: |
echo az acr task run \
--subscription ${AZURE_SUBSCRIPTION_ID} \
--name radix-image-builder-internal \
--registry ${ACR_NAME} \
--context ${GITHUB_WORKSPACE} \
--file ${GITHUB_WORKSPACE}/Dockerfile \
--set DOCKER_REGISTRY=${ACR_NAME} \
--set BRANCH=${GITHUB_REF_NAME} \
--set TAGS="--tag ${ACR_NAME}.azurecr.io/${IMAGE_NAME}:${{steps.tag.outputs.tag}}" \
--set DOCKER_FILE_NAME=Dockerfile \
--set PUSH="--push" \
--set REPOSITORY_NAME=${IMAGE_NAME} \
--set CACHE="" \
--set CACHE_TO_OPTIONS="--cache-to=type=registry,ref=${ACR_NAME}.azurecr.io/${IMAGE_NAME}:radix-cache-${GITHUB_REF_NAME},mode=max"