From 1410d06b42962a6513a62363524f6c4887aa144a Mon Sep 17 00:00:00 2001 From: Will <28876888+willtsai@users.noreply.github.com> Date: Thu, 25 Apr 2024 14:49:22 -0700 Subject: [PATCH] update gh to ado sync workflow to use service principals (#1363) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Make env configurable (#1046) Signed-off-by: Reshma Abdul Rahim * Adding test AKS workflow to v0.32 (#1052) * Run functional tests every 2 hours and add another workflow that runs… (#1020) * Run functional tests every 2 hours and add another workflow that runs the tests on AKS instead of k3d Signed-off-by: ytimocin * Triggering workflow Signed-off-by: ytimocin --------- Signed-off-by: ytimocin * Removing the run of the AKS workflow on PRs (#1051) Signed-off-by: ytimocin * Update the timeout (30s) for Playwright Signed-off-by: ytimocin --------- Signed-off-by: ytimocin * Use retry and update eshop playwright tests to wait for the catalog to appear (#1213) Signed-off-by: ytimocin * update gh to ado sync workflow to use service principals Signed-off-by: Will Tsai <28876888+willtsai@users.noreply.github.com> --------- Signed-off-by: Reshma Abdul Rahim Signed-off-by: ytimocin Signed-off-by: Will Tsai <28876888+willtsai@users.noreply.github.com> Signed-off-by: Will <28876888+willtsai@users.noreply.github.com> Co-authored-by: Reshma Abdul Rahim <61033581+Reshrahim@users.noreply.github.com> Co-authored-by: Yetkin Timocin --- .github/workflows/issues.yaml | 49 +++++++++++++++++++++++++---------- 1 file changed, 35 insertions(+), 14 deletions(-) diff --git a/.github/workflows/issues.yaml b/.github/workflows/issues.yaml index 6aae5063..e4a5b680 100644 --- a/.github/workflows/issues.yaml +++ b/.github/workflows/issues.yaml @@ -1,28 +1,49 @@ -name: Issues Automation +name: Sync issue to Azure DevOps work item on: issues: - types: [opened, edited, deleted, closed, reopened, labeled, unlabeled, assigned] - + types: + [opened, edited, deleted, closed, reopened, labeled, unlabeled, assigned] + concurrency: group: issue-${{ github.event.issue.number }} cancel-in-progress: false +# Extra permissions needed to login with Entra ID service principal via federated identity +permissions: + id-token: write + issues: write + jobs: ado: - name: Sync issue to Azure DevOps runs-on: ubuntu-latest + environment: + name: issues steps: - - uses: danhellem/github-actions-issue-to-work-item@v2.2 + # Auth using Azure Service Principals was added as a part of v2.3 + # reference: https://github.com/danhellem/github-actions-issue-to-work-item/pull/143 + - name: Login to Azure + uses: azure/login@v2 + with: + client-id: ${{ vars.AZURE_SP_DEVOPS_SYNC_CLIENT_ID }} + tenant-id: ${{ vars.AZURE_SP_DEVOPS_SYNC_TENANT_ID }} + allow-no-subscriptions: true + - name: Get Azure DevOps token + id: get_ado_token + run: + # The resource ID for Azure DevOps is always 499b84ac-1321-427f-aa17-267ca6975798 + # https://learn.microsoft.com/azure/devops/integrate/get-started/authentication/service-principal-managed-identity + echo "ADO_TOKEN=$(az account get-access-token --resource 499b84ac-1321-427f-aa17-267ca6975798 --query "accessToken" --output tsv)" >> $GITHUB_ENV + - name: Sync issue to Azure DevOps + uses: danhellem/github-actions-issue-to-work-item@v2.3 env: - ado_token: "${{ secrets.ADO_AOCTO_BOT_TOKEN }}" - github_token: "${{ secrets.GH_RAD_CI_BOT_PAT }}" - ado_organization: "azure-octo" - ado_project: "Incubations" + ado_token: ${{ env.ADO_TOKEN }} + github_token: '${{ secrets.GH_RAD_CI_BOT_PAT }}' + ado_organization: 'azure-octo' + ado_project: 'Incubations' ado_area_path: "Incubations\\Radius" ado_iteration_path: "Incubations\\Radius" - ado_wit: "GitHub Issue" - ado_new_state: "New" - ado_active_state: "Active" - ado_close_state: "Closed" - ado_wit: "GitHub Issue" + ado_new_state: 'New' + ado_active_state: 'Active' + ado_close_state: 'Closed' + ado_wit: 'GitHub Issue'