Skip to content

Commit 09ebdeb

Browse files
Harmanpreet-MicrosoftHarmanpreet-Microsoft
authored
Update Azure DevOps workflow for service principal handling
1 parent cc157d2 commit 09ebdeb

1 file changed

Lines changed: 28 additions & 10 deletions

File tree

.github/workflows/azure-dev.yml

Lines changed: 28 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -24,55 +24,73 @@ jobs:
2424
AZURE_RESOURCE_GROUP: ${{ vars.AZURE_RESOURCE_GROUP }}
2525
AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }}
2626
AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
27-
AZURE_PRINCIPAL_ID: ${{ vars.PRINCIPAL_ID || vars.AZURE_CLIENT_ID }}
2827
AZURE_PRINCIPAL_TYPE: 'ServicePrincipal'
2928
TEMP: /tmp
3029
steps:
3130
- name: Checkout
3231
uses: actions/checkout@v4
3332
with:
3433
submodules: recursive
34+
3535
- name: Install azd
3636
uses: Azure/setup-azd@v2
37+
3738
- name: Azure Developer CLI Login
3839
run: |
3940
azd auth login `
4041
--client-id "$Env:AZURE_CLIENT_ID" `
4142
--federated-credential-provider "github" `
42-
--tenant-id "$Env:AZURE_TENANT_ID"
43+
--tenant-id "$Env:AZURE_TENANT_ID"
4344
shell: pwsh
45+
4446
- name: Azure CLI Login
4547
uses: azure/login@v2
4648
with:
4749
client-id: ${{ vars.AZURE_CLIENT_ID }}
4850
tenant-id: ${{ vars.AZURE_TENANT_ID }}
4951
subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
5052

51-
53+
- name: Resolve Service Principal Object ID
54+
run: |
55+
# If PRINCIPAL_ID repo variable is set and is a valid GUID, use it directly
56+
if [[ "${{ vars.PRINCIPAL_ID }}" =~ ^[0-9a-fA-F-]{36}$ ]]; then
57+
echo "Using PRINCIPAL_ID from repo variables"
58+
echo "AZURE_PRINCIPAL_ID=${{ vars.PRINCIPAL_ID }}" >> $GITHUB_ENV
59+
else
60+
# Resolve the Object ID from the Application (Client) ID
61+
# Role assignments require the SP Object ID, not the Client/App ID
62+
echo "Resolving Service Principal Object ID from Client ID..."
63+
SP_OBJECT_ID=$(az ad sp show --id "${{ vars.AZURE_CLIENT_ID }}" --query id -o tsv 2>/dev/null)
64+
if [[ -z "$SP_OBJECT_ID" ]]; then
65+
echo "::error::Failed to resolve Service Principal Object ID from Client ID: ${{ vars.AZURE_CLIENT_ID }}"
66+
exit 1
67+
fi
68+
echo "Resolved SP Object ID: $SP_OBJECT_ID"
69+
echo "AZURE_PRINCIPAL_ID=$SP_OBJECT_ID" >> $GITHUB_ENV
70+
fi
5271
5372
- name: Create Resource Group if needed
5473
run: |
5574
# Use provided RG name or derive from environment name
5675
RESOURCE_GROUP="${AZURE_RESOURCE_GROUP:-rg-${AZURE_ENV_NAME}}"
5776
echo "Using resource group: $RESOURCE_GROUP"
58-
77+
5978
RG_EXISTS=$(az group exists --name "$RESOURCE_GROUP")
6079
if [ "$RG_EXISTS" = "false" ]; then
6180
echo "Creating resource group: $RESOURCE_GROUP"
6281
az group create --name "$RESOURCE_GROUP" --location ${{ vars.AZURE_LOCATION }}
6382
else
6483
echo "Resource group already exists: $RESOURCE_GROUP"
6584
fi
66-
85+
6786
# Set for subsequent steps
6887
echo "RESOURCE_GROUP=$RESOURCE_GROUP" >> $GITHUB_ENV
6988
7089
- name: Provision Infrastructure
7190
id: provision-main
72-
continue-on-error: true
7391
run: azd provision --no-prompt
7492
env:
75-
AZD_INITIAL_ENVIRONMENT_CONFIG: ${{ secrets.AZD_INITIAL_ENVIRONMENT_CONFIG }}
76-
AZURE_PRINCIPAL_TYPE: 'ServicePrincipal'
77-
fabricCapacityMode: 'none'
78-
fabricWorkspaceMode: 'none'
93+
AZD_INITIAL_ENVIRONMENT_CONFIG: ${{ secrets.AZD_INITIAL_ENVIRONMENT_CONFIG }}
94+
AZURE_PRINCIPAL_TYPE: 'ServicePrincipal'
95+
fabricCapacityMode: 'none'
96+
fabricWorkspaceMode: 'none'

0 commit comments

Comments
 (0)