Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Question] GitHub Actions workflow template #137

Open
justinyoo opened this issue Apr 15, 2024 · 1 comment
Open

[Question] GitHub Actions workflow template #137

justinyoo opened this issue Apr 15, 2024 · 1 comment
Assignees
@wenytang-ms

Comments

@justinyoo
Copy link
Collaborator

Hi, Team.

I've got a few questions around the GitHub Actions workflow template that registers API.

  1. When I run the menu, API Center: Register API ➡️ CI/CD ➡️ GitHub, in VS Code, it keeps overwriting the existing register-api.yml file. There must be use cases that the register-api.yml is customised. However, it keeps overwriting. Is it by design?

  2. What's the purpose of this environment? Instead of setting it explicitly, can we leave it to the user? It's because every organisation has their different use case for the environment.

    vscode-azureapicenter/templates/.github/cd.yml

    Lines 12 to 14 in 3236dd2

    # Please configure the environment name required in federated identity credential
    # https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment#creating-an-environment
    environment: production

  3. Can we provide both azure credentials way and RBAC way? It's sort of azdevfied standard. So, instead of this

    vscode-azureapicenter/templates/.github/cd.yml

    Lines 18 to 26 in 3236dd2

    # https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure
    # https://github.com/marketplace/actions/azure-login#login-with-openid-connect-oidc-recommended
    - name: Azure login
    uses: azure/login@v1
    with:
    client-id: ${{ secrets.AZURE_CLIENT_ID }}
    tenant-id: ${{ secrets.AZURE_TENANT_ID }}
    subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
    enable-AzPSSession: true

    I think it should be like this:

      - name: Azure login with Azure Credentials
    if: '${{ env.AZURE_CREDENTIALS }}' != ''
    uses: azure/login@v1
    with:
      creds: ${{ env.AZURE_CREDENTIALS }}
      enable-AzPSSession: true

  - name: Azure login with Federated Credentials
    if: '${{ env.AZURE_CREDENTIALS }}' == ''
    uses: azure/login@v1
    with:
      client-id: ${{ env.AZURE_CLIENT_ID }}
      tenant-id: ${{ env.AZURE_TENANT_ID }}
      subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }}
      enable-AzPSSession: true

  4. Should we use vars here? Can we use inputs from the workflow_dispatch event instead, so that we can manually run this workflow through the gh CLI call, the REST API call or manual call directly on GitHub repo?

    vscode-azureapicenter/templates/.github/cd.yml

    Lines 36 to 38 in 3236dd2

    azcliversion: latest
    inlineScript: |
    az apic api register -g ${{ vars.RESOURCE_GROUP }} -s ${{ vars.RESOURCE_NAME }} --api-location ${{ vars.FILE_LOCATION }}

@wenytang-ms
Copy link
Contributor

Hi @justinyoo thank you for your question, these are indeed worth considering now.
We have already added these improvements to May's backlog and consider providing more flexibility and convenience for register CI/CD.
We will ping you in time if there are any updates to this feature!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wenytang-ms wenytang-ms

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@justinyoo @wenytang-ms