Skip to content

Commit

Permalink
Merge pull request #20 from robinmordasiewicz/oidc-1
Browse files Browse the repository at this point in the history 
fix: update screenshot workflow"
  • Loading branch information
@robinmordasiewicz
robinmordasiewicz authored Nov 20, 2023
2 parents 05e3069 + 99875df commit 9b54e17
Show file tree
Hide file tree
Showing 8 changed files with 105 additions and 73 deletions.
6 changes: 5 additions & 1 deletion .github/workflows/screenshots.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,11 @@ permissions:

jobs:
screenshots:
if: github.head_ref != 'release-please--branches--main'
if: ${{ ! contains('
release-please--branches--main
dependabot/
', github.head_ref)
}}
name: screenshots
runs-on: ubuntu-latest
Expand Down
2 changes: 1 addition & 1 deletion .pre-commit-config.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ repos:
# language: system
# pass_filenames: false
- repo: https://github.com/oxsecurity/megalinter
rev: v7.5.0
rev: v7.6.0
hooks:
- id: megalinter-incremental
stages:
Expand Down
96 changes: 96 additions & 0 deletions docs/azure-oidc.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
# Configuring OIDC in Azure to Authenticate a GitHub Repository

This guide will walk you through the steps to configure OpenID Connect (OIDC) in Azure to authenticate a GitHub repository. The instructions will cover both the web interface and the equivalent Azure CLI commands.

## Prerequisites

Before you begin, make sure you have the following:

- An Azure account with sufficient permissions to create and manage resources.
- A GitHub repository that you want to authenticate.

## Step 1: Create an Azure Active Directory (AAD) Application

1. Go to the [Azure portal](https://portal.azure.com) and sign in with your Azure account.
2. Navigate to the Azure Active Directory service.
3. Click on "App registrations" and then click on "New registration".
4. Provide a name for your application and select the appropriate account type.
5. In the "Redirect URI" section, select "Web" and enter the redirect URI for your GitHub repository.
6. Click on "Register" to create the application.

![Create AAD Application](https://example.com/create-aad-application.png)

## Step 2: Configure Authentication

1. In the AAD application page, navigate to the "Authentication" section.
2. Under "Platform configurations", click on "Add a platform" and select "Web".
3. Enter the redirect URI for your GitHub repository.
4. Under "Implicit grant", select "Access tokens" and "ID tokens".
5. Click on "Configure" to save the changes.

![Configure Authentication](https://example.com/configure-authentication.png)

## Step 3: Grant API Permissions

1. In the AAD application page, navigate to the "API permissions" section.
2. Click on "Add a permission" and select the appropriate API.
3. Grant the necessary permissions for your GitHub repository.
4. Click on "Grant admin consent" to save the changes.

![Grant API Permissions](https://example.com/grant-api-permissions.png)

## Step 4: Generate Client Secret

1. In the AAD application page, navigate to the "Certificates & secrets" section.
2. Click on "New client secret" and enter a description.
3. Set the expiration and click on "Add" to generate the client secret.
4. Make sure to copy and securely store the client secret as it will not be visible again.

![Generate Client Secret](https://example.com/generate-client-secret.png)

## Step 5: Configure GitHub Repository

1. Go to your GitHub repository settings.
2. Navigate to the "Secrets" section and click on "New repository secret".
3. Enter a name for the secret and paste the client secret value.
4. Click on "Add secret" to save the changes.

![Configure GitHub Repository](https://example.com/configure-github-repository.png)

## Azure CLI Equivalent Commands

Here are the equivalent Azure CLI commands to perform the above steps:

```bash
# Step 1: Create an Azure Active Directory (AAD) Application
az ad app create --display-name "MyApp" --redirect-uri "https://github.com/redirect-uri"

# Step 2: Configure Authentication
az ad app update --id <application-id> --reply-urls "https://github.com/redirect-uri" --oauth2-allow-implicit-flow true

# Step 3: Grant API Permissions
az ad app permission add --id <application-id> --api <api-id> --api-permissions <permissions>

# Step 4: Generate Client Secret
az ad app credential reset --id <application-id> --credential-description "MyClientSecret"

# Step 5: Configure GitHub Repository
az repos secret update --name <secret-name> --value <client-secret> --repository <repository-name>
```

Replace `<application-id>`, `<api-id>`, `<permissions>`, `<secret-name>`, `<client-secret>`, and `<repository-name>` with the appropriate values.

## Testing and Validation

To test and validate that the authentication works, follow these steps:

1. Clone the GitHub repository to your local machine.
2. Run the following command to authenticate using the Azure CLI:

```bash
az login --identity
```

3. If the authentication is successful, you will be logged in with your Azure account.

That's it! You have successfully configured OIDC in Azure to authenticate a GitHub repository.
Binary file modified docs/img/github-profile.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
56 changes: 0 additions & 56 deletions docs/overrides/partials/footer.html
View file

This file was deleted.

12 changes: 0 additions & 12 deletions docs/overrides/partials/git-committers.html
View file

This file was deleted.

2 changes: 2 additions & 0 deletions doit.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,3 +17,5 @@ google-chrome --headless=new --screenshot="docs/img/github-profile.png" --hide-s
#sgpt --code "write a markdown page instructing users step by step with short titles and sections, how to sign up for a DockerHub account" >docs/account-docker.md

#sgpt "write a markdown file that lets people know that this is the beginning of a guide that requires users to have login accounts in github with copilot, azure, docker, and openai. For each of the accounts in the list, include the login page as a link in markdown. Make the title of the markdown document 'Accounts'. Do not use please and thank you in the documentation" >docs/accounts.md

# sgpt "write a one page markdown file with step by step instructions on how to configure OIDC in Azure to authenticate a github repository using the web interfaces and include links to screenshots of the web interface that show where to click. Include the equivalent az cli commands and make sure that the fenced code blocks are set to bash. Include a summary which shows how to test and validate from the cli that the authentication works." > docs/azure-oidc.md
4 changes: 1 addition & 3 deletions mkdocs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ site_url: https://robinmordasiewicz.github.io/devops-toolkit/
repo_url: https://github.com/robinmordasiewicz/devops-toolkit/
edit_uri: edit/main/docs/
repo_name: "robinmordasiewicz/devops-toolkit"
dev_addr: "127.0.0.1:8000"

extra:
generator: false
Expand Down Expand Up @@ -126,9 +127,6 @@ markdown_extensions:
clickable_checkbox: true

plugins:
- git-committers:
repository: robinmordasiewicz/devops-toolkit
branch: main
- glightbox
- social
- blog
Expand Down

0 comments on commit 9b54e17

Please sign in to comment.