sparse-intern-71089
03/09/2022, 9:02 PMbillowy-army-68599
creamy-fall-88031
03/09/2022, 9:22 PMuses: azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
works.
This one fails:
- uses: pulumi/actions@v3
with:
command: up
stack-name: dev
cloud-url: <azblob://state>
env:
PULUMI_CONFIG_PASSPHRASE: ${{ secrets.PULUMI_CONFIG_PASSPHRASE }}
AZURE_STORAGE_ACCOUNT: ${{ secrets.AZURE_STORAGE_ACCOUNT }}
AZURE_STORAGE_KEY: ${{ secrets.AZURE_STORAGE_KEY }}
AZURE_KEYVAULT_AUTH_VIA_CLI: true
billowy-army-68599
billowy-army-68599
creamy-fall-88031
03/09/2022, 9:33 PMcreamy-fall-88031
03/09/2022, 9:38 PMAZURE_CLIENT_SECRET
and/or ARM_CLIENT_SECRET
. This is exactly what I am trying to avoid and what the tutorial you linked in your first reply suggests.billowy-army-68599
billowy-army-68599
go-cloud
repobillowy-army-68599
creamy-fall-88031
03/16/2022, 8:12 AMazure/login@v1
action works without any issues just as you described in your tutorial, but the actual deployment via pulumi/actions@v3
always fails when deploying via OIDC.
At this point I had to return to service principal authentication and store the secret at Github.