Skip to content

fix(scripts): remove stale prod-env OIDC creds and add teardown entries AB#2135#47

Merged
emmanuelknafo merged 1 commit intomainfrom
feature/2135-cleanup-stale-oidc-credentials
Mar 29, 2026
Merged

fix(scripts): remove stale prod-env OIDC creds and add teardown entries AB#2135#47
emmanuelknafo merged 1 commit intomainfrom
feature/2135-cleanup-stale-oidc-credentials

Conversation

@emmanuelknafo
Copy link
Copy Markdown
Contributor

@emmanuelknafo emmanuelknafo commented Mar 29, 2026
edited by azure-boards Bot
Loading

Summary

The Azure AD app registration a11y-scanner-github-actions hit the 20 federated credential limit, blocking creation of the scanner-teardown-env and demo-005-teardown-env credentials. Five stale *-prod-env credentials (for environment:production) were occupying slots but are unused — no workflow references environment: production.

Changes

  • setup-oidc.ps1
    • Add cleanup step (step 2/6) to remove 5 stale *-prod-env federated credentials
    • Add github-actions-scanner-teardown-env credential for the scanner repo's teardown environment
    • Add comment documenting the 20-credential Azure AD limit
    • Renumber steps from 5 to 6
  • bootstrap-demo-apps.ps1 — create teardown GitHub environment on the scanner repo

Credential inventory (17/20 after fix)

Repo main deploy teardown
scanner yes new
demo-001 yes yes yes
demo-002 yes yes yes
demo-003 yes yes yes
demo-004 yes yes yes
demo-005 yes yes new

Fixes AB#2135

@emmanuelknafo
fix(scripts): remove stale prod-env OIDC creds and add teardown entri…
a1bf877 
…es AB#2135

- add cleanup step to remove 5 unused prod-env federated credentials
- add scanner-teardown-env and demo-005-teardown-env credentials
- create teardown environment on scanner repo in bootstrap script
- renumber setup-oidc steps from 5 to 6

🔧 - Generated by Copilot
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Mar 29, 2026

Coverage Report for Coverage

Status Category Percentage Covered / Total
🔵 Lines 83.29% (🎯 80%) 723 / 868
🔵 Statements 82.82% (🎯 80%) 786 / 949
🔵 Functions 80.86% (🎯 80%) 131 / 162
🔵 Branches 70.09% (🎯 65%) 368 / 525
File CoverageNo changed files found.
Generated in workflow #127 for commit a1bf877 by the Vitest Coverage Report Action

@emmanuelknafo emmanuelknafo merged commit 62c087e into main Mar 29, 2026
18 checks passed
@emmanuelknafo emmanuelknafo deleted the feature/2135-cleanup-stale-oidc-credentials branch March 29, 2026 21:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@emmanuelknafo