Skip to content

Commit 884d95f

Browse files
emmanuelknafoemmanuelknafo
authored
Merge pull request #44 from devopsabcs-engineering/feature/fix-oidc-envs-and-unique-bicep
fix: add deploy/teardown OIDC creds and uniqueString suffix to Bicep resource names
2 parents 342ea22 + 4562abf commit 884d95f

7 files changed

Lines changed: 43 additions & 32 deletions

File tree

a11y-demo-app-001/infra/main.bicep

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -10,9 +10,10 @@ param imageTag string = 'latest'
1010
@description('Container port the app listens on')
1111
param containerPort string = '8080'
1212

13-
var acrName = replace('${appName}acr', '-', '')
14-
var appServicePlanName = '${appName}-plan'
15-
var webAppName = '${appName}-app'
13+
var suffix = uniqueString(resourceGroup().id)
14+
var acrName = replace('${appName}${suffix}acr', '-', '')
15+
var appServicePlanName = '${appName}-${suffix}-plan'
16+
var webAppName = '${appName}-${suffix}-app'
1617

1718
// Azure Container Registry
1819
resource acr 'Microsoft.ContainerRegistry/registries@2023-07-01' = {

a11y-demo-app-002/infra/main.bicep

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -10,9 +10,10 @@ param imageTag string = 'latest'
1010
@description('Container port the app listens on')
1111
param containerPort string = '8080'
1212

13-
var acrName = replace('${appName}acr', '-', '')
14-
var appServicePlanName = '${appName}-plan'
15-
var webAppName = '${appName}-app'
13+
var suffix = uniqueString(resourceGroup().id)
14+
var acrName = replace('${appName}${suffix}acr', '-', '')
15+
var appServicePlanName = '${appName}-${suffix}-plan'
16+
var webAppName = '${appName}-${suffix}-app'
1617

1718
// Azure Container Registry
1819
resource acr 'Microsoft.ContainerRegistry/registries@2023-07-01' = {

a11y-demo-app-003/infra/main.bicep

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -10,9 +10,10 @@ param imageTag string = 'latest'
1010
@description('Container port the app listens on')
1111
param containerPort string = '8080'
1212

13-
var acrName = replace('${appName}acr', '-', '')
14-
var appServicePlanName = '${appName}-plan'
15-
var webAppName = '${appName}-app'
13+
var suffix = uniqueString(resourceGroup().id)
14+
var acrName = replace('${appName}${suffix}acr', '-', '')
15+
var appServicePlanName = '${appName}-${suffix}-plan'
16+
var webAppName = '${appName}-${suffix}-app'
1617

1718
// Azure Container Registry
1819
resource acr 'Microsoft.ContainerRegistry/registries@2023-07-01' = {

a11y-demo-app-004/infra/main.bicep

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -10,9 +10,10 @@ param imageTag string = 'latest'
1010
@description('Container port the app listens on')
1111
param containerPort string = '8080'
1212

13-
var acrName = replace('${appName}acr', '-', '')
14-
var appServicePlanName = '${appName}-plan'
15-
var webAppName = '${appName}-app'
13+
var suffix = uniqueString(resourceGroup().id)
14+
var acrName = replace('${appName}${suffix}acr', '-', '')
15+
var appServicePlanName = '${appName}-${suffix}-plan'
16+
var webAppName = '${appName}-${suffix}-app'
1617

1718
// Azure Container Registry
1819
resource acr 'Microsoft.ContainerRegistry/registries@2023-07-01' = {

a11y-demo-app-005/infra/main.bicep

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -10,9 +10,10 @@ param imageTag string = 'latest'
1010
@description('Container port the app listens on')
1111
param containerPort string = '8080'
1212

13-
var acrName = replace('${appName}acr', '-', '')
14-
var appServicePlanName = '${appName}-plan'
15-
var webAppName = '${appName}-app'
13+
var suffix = uniqueString(resourceGroup().id)
14+
var acrName = replace('${appName}${suffix}acr', '-', '')
15+
var appServicePlanName = '${appName}-${suffix}-plan'
16+
var webAppName = '${appName}-${suffix}-app'
1617

1718
// Azure Container Registry
1819
resource acr 'Microsoft.ContainerRegistry/registries@2023-07-01' = {

infra/main.bicep

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -10,11 +10,12 @@ param imageTag string = 'latest'
1010
@description('App Service Plan SKU')
1111
param appServicePlanSku string = 'P1v3'
1212

13-
var acrName = replace('${appName}acr', '-', '')
14-
var appServicePlanName = '${appName}-plan'
15-
var webAppName = '${appName}-app'
16-
var logAnalyticsName = '${appName}-log'
17-
var appInsightsName = '${appName}-ai'
13+
var suffix = uniqueString(resourceGroup().id)
14+
var acrName = replace('${appName}${suffix}acr', '-', '')
15+
var appServicePlanName = '${appName}-${suffix}-plan'
16+
var webAppName = '${appName}-${suffix}-app'
17+
var logAnalyticsName = '${appName}-${suffix}-log'
18+
var appInsightsName = '${appName}-${suffix}-ai'
1819

1920
// Azure Container Registry
2021
resource acr 'Microsoft.ContainerRegistry/registries@2023-07-01' = {

scripts/setup-oidc.ps1

Lines changed: 17 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -25,19 +25,24 @@ $Issuer = 'https://token.actions.githubusercontent.com'
2525
$Audience = 'api://AzureADTokenExchange'
2626

2727
# All repos that need federated credentials (scanner + 5 demo apps)
28-
# Each repo gets a main branch credential; demo apps also get a production environment credential for teardown
28+
# Each repo gets a main branch credential; demo apps get deploy-NNN and teardown-NNN environment credentials
2929
$FederatedRepos = @(
30-
@{ Repo = $ScannerRepo; CredName = 'github-actions-scanner-main'; Subject = "repo:${RepoOwner}/${ScannerRepo}:ref:refs/heads/main"; Description = "OIDC for $RepoOwner/$ScannerRepo main branch" }
31-
@{ Repo = 'a11y-demo-app-001'; CredName = 'github-actions-demo-001-main'; Subject = "repo:${RepoOwner}/a11y-demo-app-001:ref:refs/heads/main"; Description = "OIDC for $RepoOwner/a11y-demo-app-001 main branch" }
32-
@{ Repo = 'a11y-demo-app-001'; CredName = 'github-actions-demo-001-prod-env'; Subject = "repo:${RepoOwner}/a11y-demo-app-001:environment:production"; Description = "OIDC for $RepoOwner/a11y-demo-app-001 production environment" }
33-
@{ Repo = 'a11y-demo-app-002'; CredName = 'github-actions-demo-002-main'; Subject = "repo:${RepoOwner}/a11y-demo-app-002:ref:refs/heads/main"; Description = "OIDC for $RepoOwner/a11y-demo-app-002 main branch" }
34-
@{ Repo = 'a11y-demo-app-002'; CredName = 'github-actions-demo-002-prod-env'; Subject = "repo:${RepoOwner}/a11y-demo-app-002:environment:production"; Description = "OIDC for $RepoOwner/a11y-demo-app-002 production environment" }
35-
@{ Repo = 'a11y-demo-app-003'; CredName = 'github-actions-demo-003-main'; Subject = "repo:${RepoOwner}/a11y-demo-app-003:ref:refs/heads/main"; Description = "OIDC for $RepoOwner/a11y-demo-app-003 main branch" }
36-
@{ Repo = 'a11y-demo-app-003'; CredName = 'github-actions-demo-003-prod-env'; Subject = "repo:${RepoOwner}/a11y-demo-app-003:environment:production"; Description = "OIDC for $RepoOwner/a11y-demo-app-003 production environment" }
37-
@{ Repo = 'a11y-demo-app-004'; CredName = 'github-actions-demo-004-main'; Subject = "repo:${RepoOwner}/a11y-demo-app-004:ref:refs/heads/main"; Description = "OIDC for $RepoOwner/a11y-demo-app-004 main branch" }
38-
@{ Repo = 'a11y-demo-app-004'; CredName = 'github-actions-demo-004-prod-env'; Subject = "repo:${RepoOwner}/a11y-demo-app-004:environment:production"; Description = "OIDC for $RepoOwner/a11y-demo-app-004 production environment" }
39-
@{ Repo = 'a11y-demo-app-005'; CredName = 'github-actions-demo-005-main'; Subject = "repo:${RepoOwner}/a11y-demo-app-005:ref:refs/heads/main"; Description = "OIDC for $RepoOwner/a11y-demo-app-005 main branch" }
40-
@{ Repo = 'a11y-demo-app-005'; CredName = 'github-actions-demo-005-prod-env'; Subject = "repo:${RepoOwner}/a11y-demo-app-005:environment:production"; Description = "OIDC for $RepoOwner/a11y-demo-app-005 production environment" }
30+
@{ Repo = $ScannerRepo; CredName = 'github-actions-scanner-main'; Subject = "repo:${RepoOwner}/${ScannerRepo}:ref:refs/heads/main"; Description = "OIDC for $RepoOwner/$ScannerRepo main branch" }
31+
@{ Repo = 'a11y-demo-app-001'; CredName = 'github-actions-demo-001-main'; Subject = "repo:${RepoOwner}/a11y-demo-app-001:ref:refs/heads/main"; Description = "OIDC for $RepoOwner/a11y-demo-app-001 main branch" }
32+
@{ Repo = 'a11y-demo-app-001'; CredName = 'github-actions-demo-001-deploy-env'; Subject = "repo:${RepoOwner}/a11y-demo-app-001:environment:deploy-001"; Description = "OIDC for $RepoOwner/a11y-demo-app-001 deploy environment" }
33+
@{ Repo = 'a11y-demo-app-001'; CredName = 'github-actions-demo-001-teardown-env'; Subject = "repo:${RepoOwner}/a11y-demo-app-001:environment:teardown-001"; Description = "OIDC for $RepoOwner/a11y-demo-app-001 teardown environment" }
34+
@{ Repo = 'a11y-demo-app-002'; CredName = 'github-actions-demo-002-main'; Subject = "repo:${RepoOwner}/a11y-demo-app-002:ref:refs/heads/main"; Description = "OIDC for $RepoOwner/a11y-demo-app-002 main branch" }
35+
@{ Repo = 'a11y-demo-app-002'; CredName = 'github-actions-demo-002-deploy-env'; Subject = "repo:${RepoOwner}/a11y-demo-app-002:environment:deploy-002"; Description = "OIDC for $RepoOwner/a11y-demo-app-002 deploy environment" }
36+
@{ Repo = 'a11y-demo-app-002'; CredName = 'github-actions-demo-002-teardown-env'; Subject = "repo:${RepoOwner}/a11y-demo-app-002:environment:teardown-002"; Description = "OIDC for $RepoOwner/a11y-demo-app-002 teardown environment" }
37+
@{ Repo = 'a11y-demo-app-003'; CredName = 'github-actions-demo-003-main'; Subject = "repo:${RepoOwner}/a11y-demo-app-003:ref:refs/heads/main"; Description = "OIDC for $RepoOwner/a11y-demo-app-003 main branch" }
38+
@{ Repo = 'a11y-demo-app-003'; CredName = 'github-actions-demo-003-deploy-env'; Subject = "repo:${RepoOwner}/a11y-demo-app-003:environment:deploy-003"; Description = "OIDC for $RepoOwner/a11y-demo-app-003 deploy environment" }
39+
@{ Repo = 'a11y-demo-app-003'; CredName = 'github-actions-demo-003-teardown-env'; Subject = "repo:${RepoOwner}/a11y-demo-app-003:environment:teardown-003"; Description = "OIDC for $RepoOwner/a11y-demo-app-003 teardown environment" }
40+
@{ Repo = 'a11y-demo-app-004'; CredName = 'github-actions-demo-004-main'; Subject = "repo:${RepoOwner}/a11y-demo-app-004:ref:refs/heads/main"; Description = "OIDC for $RepoOwner/a11y-demo-app-004 main branch" }
41+
@{ Repo = 'a11y-demo-app-004'; CredName = 'github-actions-demo-004-deploy-env'; Subject = "repo:${RepoOwner}/a11y-demo-app-004:environment:deploy-004"; Description = "OIDC for $RepoOwner/a11y-demo-app-004 deploy environment" }
42+
@{ Repo = 'a11y-demo-app-004'; CredName = 'github-actions-demo-004-teardown-env'; Subject = "repo:${RepoOwner}/a11y-demo-app-004:environment:teardown-004"; Description = "OIDC for $RepoOwner/a11y-demo-app-004 teardown environment" }
43+
@{ Repo = 'a11y-demo-app-005'; CredName = 'github-actions-demo-005-main'; Subject = "repo:${RepoOwner}/a11y-demo-app-005:ref:refs/heads/main"; Description = "OIDC for $RepoOwner/a11y-demo-app-005 main branch" }
44+
@{ Repo = 'a11y-demo-app-005'; CredName = 'github-actions-demo-005-deploy-env'; Subject = "repo:${RepoOwner}/a11y-demo-app-005:environment:deploy-005"; Description = "OIDC for $RepoOwner/a11y-demo-app-005 deploy environment" }
45+
@{ Repo = 'a11y-demo-app-005'; CredName = 'github-actions-demo-005-teardown-env'; Subject = "repo:${RepoOwner}/a11y-demo-app-005:environment:teardown-005"; Description = "OIDC for $RepoOwner/a11y-demo-app-005 teardown environment" }
4146
)
4247

4348
Write-Host '=== OIDC Federation Setup ===' -ForegroundColor Cyan

0 commit comments

Comments
 (0)