Authentication must be handled by the app, due to GitHub limitations (#9

)

.github/workflows/unit-tests.yaml

@@ -7,40 +7,29 @@ jobs:
   test_action_job:
     runs-on: ubuntu-latest
     steps:
-      - name: Login to Azure
-        uses: Azure/login@v1
+      - name: Check out Source Code
+        uses: actions/checkout@v1
+
+      - uses: ./
+        id: deploy
         with:
           creds: ${{ secrets.AZURE_CREDENTIALS }}
+          resourceGroupName: azurearmaction
+          templateLocation: examples/template/template.json
+          parameters: examples/template/parameters.json
+          deploymentName: github-advanced-test
 
-      - name: Set up Go 1.16
-        uses: actions/setup-go@v1
-        with:
-          go-version: 1.16
+      - run: echo ${{ steps.deploy.outputs.containerName }}
 
-      - name: Check out source code
-        uses: actions/checkout@v1
-
-      - name: Build
-        env:
-          GOPROXY: "https://proxy.golang.org"
-          CGO_ENABLED: 0 
-          GOOS: linux 
-          GOARCH: amd64
-        run: go build -a -installsuffix cgo -ldflags="-w -s" .
+      - uses: ./
+        id: deploy2
+        with:
+          creds: ${{ secrets.AZURE_CREDENTIALS }}
+          resourceGroupName: azurearmaction
+          templateLocation: examples/template/template.json
+          parameters: examples/template/parameters.json
+          deploymentName: github-advanced-test
+          overrideParameters: |
+            containerName=${{ steps.deploy.outputs.containerName }}-overriden
 
-      - name: Test
-        env:
-          GOPROXY: "https://proxy.golang.org"
-          CGO_ENABLED: 0 
-          GOOS: linux 
-          GOARCH: amd64
-          LOG_LEVEL: DEBUG
-          INPUT_RESOURCEGROUPNAME: azurearmaction
-          INPUT_TEMPLATELOCATION: ./test/template.json
-          INPUT_PARAMETERS: ./test/parameters.json
-          INPUT_OVERRIDEPARAMETERS: |
-            containerName=github-action-overriden
-            connectionString='Server=tcp:test.database.windows.net;Database=test;User ID=test;Password=test;Trusted_Connection=False;Encrypt=True;'
-          INPUT_DEPLOYMENTNAME: github-test
-          INPUT_DEPLOYMENTMODE: Incremental
-        run: go test -v -failfast .
+      - run: echo ${{ steps.deploy2.outputs.containerName }}

Dockerfile

@@ -6,7 +6,7 @@ WORKDIR /app
 # Git is required for fetching the dependencies.
 # Ca-certificates is required to call HTTPS endpoints.
 RUN apk update && \
-    apk add --no-cache git ca-certificates upx && \
+    apk add --no-cache git ca-certificates && \
     update-ca-certificates
 
 # Add src files
@@ -19,8 +19,7 @@ RUN go mod verify
 # Build the binary.
 ARG GIT_SHA
 RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 \
-    go build -ldflags="-w -s -X main.gitSha=${GIT_SHA} -X main.goVersion=$(go version | cut -d " " -f 3) -X main.buildTime=$(date -u +%Y-%m-%dT%H:%M:%SZ)" -a -o /go/bin/azure-arm-action \
-    && upx -q /go/bin/azure-arm-action
+    go build -a -o /go/bin/azure-arm-action
 
 # Runner
 FROM scratch

README.md

@@ -11,9 +11,11 @@ A GitHub Action to deploy ARM templates.
 ## Dependencies
 
 * [Checkout](https://github.com/actions/checkout) To checks-out your repository so the workflow can access any specified ARM template.
-* [Azure/Login](https://github.com/Azure/login) To authenticate with Azure.
 
 ## Inputs
+* `creds` **Required**   
+    [Create Service Principal for Authentication](#Create-Service-Principal-for-Authentication)    
+
 * `templateLocation` **Required**  
     Specify the path to the Azure Resource Manager template.  
 (See [assets/json/template.json](test/template.json))
@@ -45,15 +47,34 @@ Additionally are the following outputs available:
 ## Usage
 
 ```yml
-- uses: whiteducksoftware/azure-arm-action@v3.3
+- uses: whiteducksoftware/azure-arm-action@master
   with:
+    creds: ${{ secrets.AZURE_CREDENTIALS }}
     resourceGroupName: <YourResourceGroup>
     templateLocation: <path/to/azuredeploy.json>
     deploymentName: <Deployment base name>
 ```
 
-## Example
+## Create Service Principal for Authentication
+The Service Principal can be easily generated using the Azure CLI. Using the following command will create the SP in the supported structure.   
+At Subscription Scope: `az ad sp create-for-rbac --name "azure-arm-action" --role contributor --scopes=/subscriptions/********-****-****-****-************/ --sdk-auth -o json`    
+The JSON, which shall be used for authentication, should be in the following format:
+```json
+{
+  "clientId": "********-****-****-****-************",
+  "clientSecret": "[*]",
+  "subscriptionId": "********-****-****-****-************",
+  "tenantId": "********-****-****-****-************",
+  "activeDirectoryEndpointUrl": "https://login.microsoftonline.com",
+  "resourceManagerEndpointUrl": "https://management.azure.com/",
+  "activeDirectoryGraphResourceId": "https://graph.windows.net/",
+  "sqlManagementEndpointUrl": "https://management.core.windows.net:8443/",
+  "galleryEndpointUrl": "https://gallery.azure.com/",
+  "managementEndpointUrl": "https://management.core.windows.net/"
+}
+```
 
+## Example
 ```yml
 on: [push]
 name: ARMActionSample
@@ -63,14 +84,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@master
-
-    - name: Login to Azure
-        uses: Azure/login@v1
-        with:
-          creds: ${{ secrets.AZURE_CREDENTIALS }}
-
-    - uses: whiteducksoftware/[email protected]
+    - uses: whiteducksoftware/azure-arm-action@master
       with:
+        creds: ${{ secrets.AZURE_CREDENTIALS }}
         resourceGroupName: <YourResourceGroup>
         templateLocation: <path/to/azuredeploy.json>
         parameters: <path/to/parameters.json> OR <KEY=VALUE>

action.yml

@@ -14,9 +14,6 @@ inputs:
   deploymentName:
     description: "Specifies the name of the resource group deployment to create."
     required: true
-  subscriptionId:
-    description: "Specify the Subscription Id where you want to deploy your template. If not set the Id will be read from the CLI."
-    required: false
   deploymentMode:
     description: "Incremental (only add resources to resource group) or Complete (remove extra resources from resource group)."
     required: false
@@ -35,4 +32,4 @@ branding:
   icon: package
 runs:
   using: 'docker'
-  image: 'docker://ghcr.io/whiteducksoftware/azure-arm-action:v3.3'
+  image: 'Dockerfile'

examples/Advanced.md

@@ -4,16 +4,10 @@ Our template has two outputs `location` and `containerName`. But we are only int
 
 ## Steps
 ```yaml
-- name: Login to Azure
-  uses: Azure/login@v1
-  with:
-    creds: ${{ secrets.AZURE_CREDENTIALS }}
-```
-As first step we need to authenticate with Azure.
-```yaml
-- uses: whiteducksoftware/[email protected]
+- uses: whiteducksoftware/azure-arm-action@master
   id: deploy
   with:
+      creds: ${{ secrets.AZURE_CREDENTIALS }}
       resourceGroupName: azurearmaction
       templateLocation: examples/template/template.json
       parameters: examples/template/parameters.json
@@ -42,9 +36,10 @@ we can see that on the console will be `github-action` printed.
 
 Now we add our second deployment which relies on that value and modfies the `containerName` parameter,
 ```yaml
-- uses: whiteducksoftware/azure-arm-action@v3.3
+- uses: whiteducksoftware/azure-arm-action@master
   id: deploy2
   with:
+      creds: ${{ secrets.AZURE_CREDENTIALS }}
       resourceGroupName: azurearmaction
       templateLocation: examples/template/template.json
       parameters: examples/template/parameters.json

examples/advanced-example.yaml

@@ -11,24 +11,21 @@ jobs:
     steps:
       - uses: actions/checkout@v1
 
-      - name: Login to Azure
-        uses: Azure/login@v1
-        with:
-          creds: ${{ secrets.AZURE_CREDENTIALS }}
-
-      - uses: whiteducksoftware/[email protected]
+      - uses: whiteducksoftware/azure-arm-action@master
         id: deploy
         with:
+            creds: ${{ secrets.AZURE_CREDENTIALS }}
             resourceGroupName: azurearmaction
             templateLocation: examples/template/template.json
             parameters: examples/template/parameters.json
             deploymentName: github-advanced-test
 
       - run: echo ${{ steps.deploy.outputs.containerName }}
 
-      - uses: whiteducksoftware/azure-arm-action@v3.3
+      - uses: whiteducksoftware/azure-arm-action@master
         id: deploy2
         with:
+            creds: ${{ secrets.AZURE_CREDENTIALS }}
             resourceGroupName: azurearmaction
             templateLocation: examples/template/template.json
             parameters: examples/template/parameters.json

main.go

@@ -31,8 +31,6 @@ func init() {
 }
 
 func main() {
-	logrus.Info(__Version__)
-
 	opts, err := github.LoadOptions()
 	if err != nil {
 		logrus.Errorf("failed to load options: %s", err)