From 65ecda761405888f91b5897190e6bbe8281e10b9 Mon Sep 17 00:00:00 2001
From: Josh Johanning <joshjohanning@github.com>
Date: Mon, 9 Oct 2023 06:58:16 -0500
Subject: [PATCH] Create azure-oidc-sample.yml (#10)

* Create azure-oidc-sample.yml

* Update azure-oidc-sample.yml

* Update azure-oidc-sample.yml

* Update azure-oidc-sample.yml
---
 .github/workflows/azure-oidc-sample.yml | 50 +++++++++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 .github/workflows/azure-oidc-sample.yml

diff --git a/.github/workflows/azure-oidc-sample.yml b/.github/workflows/azure-oidc-sample.yml
new file mode 100644
index 0000000..7af6f86
--- /dev/null
+++ b/.github/workflows/azure-oidc-sample.yml
@@ -0,0 +1,50 @@
+name: azure-oidc-sample # this doesn't show up in ui
+
+on:
+  workflow_call:
+    inputs:
+      runs-on:
+        description: Platform to execute on
+        type: string
+        default: ubuntu-latest
+
+# # set this in caller workflow: 
+# permissions:
+#   id-token: write # this is needed for oidc
+#   contents: read # this is needed to clone repo
+
+jobs:
+  login:
+    runs-on: ${{ inputs.runs-on }}
+    permissions:
+      id-token: write # this is needed for oidc
+      contents: read # this is needed to clone repo
+
+    steps:
+    - uses: actions/checkout@v4
+    # logging in with OIDC
+    - name: 'Az CLI login'
+      uses: azure/login@v1
+      with:
+        client-id: d951ac80-75f2-446a-aca6-cd53a68611f0
+        tenant-id: e9846558-c4f0-4312-a89e-ebebe80779a1
+        subscription-id: 2e9bfb26-ca29-44f5-8920-72c1b0b37188
+        
+    - name: just show some sub stuff
+      run: |
+        az account show
+        az account show | jq ".id"
+        
+    - name: get all az keyvault secrets
+      run: |
+        for secret_name in $(az keyvault secret list --vault-name test-vault --query "[].{name:name}" --output tsv); do
+          secret_value=$(az keyvault secret show --vault-name "test-vault" --name $secret_name --query value -o tsv)
+          echo "::add-mask::$secret_value"
+          echo "$secret_name=$secret_value" >> $GITHUB_ENV
+        done
+        
+    - name: testing secrets
+      run: |
+        echo "echoing as secret: ${{ secrets.othersecret }}" # doesn't work
+        echo "echoing as env: ${{ env.othersecret }}" # works
+