Create azure-oidc-sample.yml (#10)

* Create azure-oidc-sample.yml

* Update azure-oidc-sample.yml

* Update azure-oidc-sample.yml

* Update azure-oidc-sample.yml

.github/workflows/azure-oidc-sample.yml

@@ -0,0 +1,50 @@
+name: azure-oidc-sample # this doesn't show up in ui
+
+on:
+  workflow_call:
+    inputs:
+      runs-on:
+        description: Platform to execute on
+        type: string
+        default: ubuntu-latest
+
+# # set this in caller workflow: 
+# permissions:
+#   id-token: write # this is needed for oidc
+#   contents: read # this is needed to clone repo
+
+jobs:
+  login:
+    runs-on: ${{ inputs.runs-on }}
+    permissions:
+      id-token: write # this is needed for oidc
+      contents: read # this is needed to clone repo
+
+    steps:
+    - uses: actions/checkout@v4
+    # logging in with OIDC
+    - name: 'Az CLI login'
+      uses: azure/login@v1
+      with:
+        client-id: d951ac80-75f2-446a-aca6-cd53a68611f0
+        tenant-id: e9846558-c4f0-4312-a89e-ebebe80779a1
+        subscription-id: 2e9bfb26-ca29-44f5-8920-72c1b0b37188
+
+    - name: just show some sub stuff
+      run: |
+        az account show
+        az account show | jq ".id"
+        
+    - name: get all az keyvault secrets
+      run: |
+        for secret_name in $(az keyvault secret list --vault-name test-vault --query "[].{name:name}" --output tsv); do
+          secret_value=$(az keyvault secret show --vault-name "test-vault" --name $secret_name --query value -o tsv)
+          echo "::add-mask::$secret_value"
+          echo "$secret_name=$secret_value" >> $GITHUB_ENV
+        done
+        
+    - name: testing secrets
+      run: |
+        echo "echoing as secret: ${{ secrets.othersecret }}" # doesn't work
+        echo "echoing as env: ${{ env.othersecret }}" # works
+