diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index eea522e..7cf0c84 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -10,6 +10,11 @@ on: jobs: deploy: runs-on: ubuntu-22.04 + environment: deploy-dl + + permissions: + id-token: write + contents: read steps: - name: Download packages @@ -18,24 +23,26 @@ jobs: path: build/ - name: Azure Login - uses: azure/login@v1 + uses: azure/login@v2 with: - creds: ${{ secrets.AZURE_CREDENTIALS }} + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: Deploy packages and latest file - uses: azure/CLI@v1 + uses: azure/cli@v2 with: azcliversion: 2.53.0 inlineScript: | for i in `find build/ -name "*.deb"`; do \ echo "Uploading ${i}"; \ - az storage blob upload --account-name flecs --container-name flecs-dl --name ${{ inputs.deploy-type }}/libflunder/deb/$(basename ${i}) --file ${i} --overwrite + az storage blob upload --auth-mode login --account-name flecs --container-name flecs-dl --name ${{ inputs.deploy-type }}/libflunder/deb/$(basename ${i}) --file ${i} --overwrite done for i in `find build/ -name "*.tar.gz"`; do \ echo "Uploading ${i}"; \ - az storage blob upload --account-name flecs --container-name flecs-dl --name ${{ inputs.deploy-type }}/libflunder/tgz/$(basename ${i}) --file ${i} --overwrite + az storage blob upload --auth-mode login --account-name flecs --container-name flecs-dl --name ${{ inputs.deploy-type }}/libflunder/tgz/$(basename ${i}) --file ${i} --overwrite done for i in `find build/ -name "latest"`; do \ echo "Uploading ${i}"; \ - az storage blob upload --account-name flecs --container-name flecs-dl --name ${{ inputs.deploy-type }}/libflunder/$(basename ${i}) --file ${i} --overwrite + az storage blob upload --auth-mode login --account-name flecs --container-name flecs-dl --name ${{ inputs.deploy-type }}/libflunder/$(basename ${i}) --file ${i} --overwrite done