Open spyoungtech opened 1 month ago
Hi @spyoungtech , we are working on adding documentation that will make this process more clear. In the meantime, I suggest watching this YouTube video which helped me understand the process better. Your YAML will end up looking something like this, but the credentials need to be configured correctly in Azure (which the video walks you through):
permissions:
id-token: write
contents: read
jobs:
test:
runs-on: windows-latest
steps:
- name: Checkout the code
uses: actions/checkout@v4
- name: Azure login
uses: azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Trusted Signing
uses: azure/trusted-signing-action@v0.3.18
with:
...
exclude-environment-credential: true
exclude-workload-identity-credential: true
exclude-managed-identity-credential: true
exclude-shared-token-cache-credential: true
exclude-visual-studio-credential: true
exclude-visual-studio-code-credential: true
exclude-azure-cli-credential: false
exclude-azure-powershell-credential: true
exclude-azure-developer-cli-credential: true
exclude-interactive-browser-credential: true
Thanks, this worked like a charm.
I would like to use federated credentials to authenticate with GitHub Actions. I have an app registration with the Trusted Signing Certificate Profile Signer role assigned and federated access configured for my GitHub repository as described in the documentation linked above, but it's not clear to me how I can configure my GitHub Action workflow with this Action to use federated credentials for signing in.
I understand that the documentation states that AzureDefaultCredential is used under the hood here for authentication. However, not being a C# developer, this reference documentation doesn't help me much in understanding how to properly configure this Action for my desired scenario.
I will try a few things based on hunches I have and will report my findings, but it would probably be appreciated by many if this could be outlined at least briefly in the README. Thanks!