mirror of
https://github.com/bitwarden/server.git
synced 2025-07-04 09:32:48 -05:00
[BRE-831] Updating to use AKV with OIDC
This commit is contained in:
Andy Pixley
5
.github/workflows/publish.yml
vendored
5
.github/workflows/publish.yml
vendored
@ -26,6 +26,9 @@ jobs:
|
|||||||
setup:
|
setup:
|
||||||
name: Setup
|
name: Setup
|
||||||
runs-on: ubuntu-22.04
|
runs-on: ubuntu-22.04
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
deployments: write
|
||||||
outputs:
|
outputs:
|
||||||
branch-name: ${{ steps.branch.outputs.branch-name }}
|
branch-name: ${{ steps.branch.outputs.branch-name }}
|
||||||
deployment-id: ${{ steps.deployment.outputs.deployment_id }}
|
deployment-id: ${{ steps.deployment.outputs.deployment_id }}
|
||||||
@ -167,6 +170,8 @@ jobs:
|
|||||||
needs:
|
needs:
|
||||||
- setup
|
- setup
|
||||||
- publish-docker
|
- publish-docker
|
||||||
|
permissions:
|
||||||
|
deployments: write
|
||||||
if: ${{ always() && inputs.publish_type != 'Dry Run' }}
|
if: ${{ always() && inputs.publish_type != 'Dry Run' }}
|
||||||
steps:
|
steps:
|
||||||
- name: Check if any job failed
|
- name: Check if any job failed
|
||||||
|
|||||||
27
.github/workflows/repository-management.yml
vendored
27
.github/workflows/repository-management.yml
vendored
@ -26,6 +26,7 @@ jobs:
|
|||||||
setup:
|
setup:
|
||||||
name: Setup
|
name: Setup
|
||||||
runs-on: ubuntu-24.04
|
runs-on: ubuntu-24.04
|
||||||
|
permissions: {}
|
||||||
outputs:
|
outputs:
|
||||||
branch: ${{ steps.set-branch.outputs.branch }}
|
branch: ${{ steps.set-branch.outputs.branch }}
|
||||||
steps:
|
steps:
|
||||||
@ -237,7 +238,28 @@ jobs:
|
|||||||
needs:
|
needs:
|
||||||
- bump_version
|
- bump_version
|
||||||
- setup
|
- setup
|
||||||
|
permissions:
|
||||||
|
contents: write
|
||||||
|
id-token: write
|
||||||
steps:
|
steps:
|
||||||
|
- name: Azure Login
|
||||||
|
id: azure-login
|
||||||
|
uses: bitwarden/gh-actions/azure-login@main
|
||||||
|
with:
|
||||||
|
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
||||||
|
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
|
||||||
|
client_id: ${{ secrets.AZURE_CLIENT_ID }}
|
||||||
|
|
||||||
|
- name: Get KV secrets
|
||||||
|
id: get-kv-secrets
|
||||||
|
uses: bitwarden/gh-actions/get-keyvault-secrets@main
|
||||||
|
with:
|
||||||
|
keyvault: gh-org-bitwarden
|
||||||
|
secrets: "BW-GHAPP-ID,BW-GHAPP-KEY"
|
||||||
|
|
||||||
|
- name: Azure Logout
|
||||||
|
uses: bitwarden/gh-actions/azure-logout@main
|
||||||
|
|
||||||
- name: Generate GH App token
|
- name: Generate GH App token
|
||||||
uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1
|
uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1
|
||||||
id: app-token
|
id: app-token
|
||||||
@ -320,3 +342,8 @@ jobs:
|
|||||||
needs: cherry_pick
|
needs: cherry_pick
|
||||||
uses: ./.github/workflows/_move_finalization_db_scripts.yml
|
uses: ./.github/workflows/_move_finalization_db_scripts.yml
|
||||||
secrets: inherit
|
secrets: inherit
|
||||||
|
permissions:
|
||||||
|
contents: write
|
||||||
|
pull-requests: write
|
||||||
|
id-token: write
|
||||||
|
actions: read
|
||||||
|
|||||||
Reference in New Issue
Block a user