microsoft/openvmm
Publicmirrored fromhttps://github.com/microsoft/openvmmAvailable
.github/workflows/refresh-vso.yml
39lines · modecode
| 1 | name: VSO refresh |
| 2 | on: |
| 3 | workflow_dispatch: |
| 4 | push: |
| 5 | branches: |
| 6 | - main |
| 7 | permissions: |
| 8 | id-token: write |
| 9 | contents: read |
| 10 | pull-requests: read |
| 11 | |
| 12 | jobs: |
| 13 | Refresh: |
| 14 | runs-on: ubuntu-latest |
| 15 | steps: |
| 16 | - name: Azure Login |
| 17 | uses: Azure/login@v2 |
| 18 | with: |
| 19 | # These secrets describe the HvLite-GitHub service principal and associated Azure subscription, |
| 20 | # which, along with the GITHUB_TOKEN, are used to authenticate GitHub Actions to Azure with OpenID Connect. |
| 21 | # The service principal has federated identity credentials configured describing which branches and |
| 22 | # scenarios can be authenticated. |
| 23 | client-id: ${{ secrets.OPENVMM_CLIENT_ID }} |
| 24 | tenant-id: ${{ secrets.OPENVMM_TENANT_ID }} |
| 25 | subscription-id: ${{ secrets.OPENVMM_SUBSCRIPTION_ID }} |
| 26 | |
| 27 | - name: Pull Azure Key Vault secrets |
| 28 | uses: Azure/get-keyvault-secrets@v1 |
| 29 | with: |
| 30 | keyvault: "HvLite-PATs" |
| 31 | secrets: 'HvliteMirrorPAT' # comma separated list of secret keys that need to be fetched from the Key Vault |
| 32 | id: AzureKeyVault # Reference the secrets with steps.AzureKeyVault.outputs.mySecret1 |
| 33 | |
| 34 | - name: Refresh the VSO mirror |
| 35 | uses: Azure/pipelines@v1 |
| 36 | with: |
| 37 | azure-devops-project-url: '${{ secrets.VSO_MIRROR_URL }}' |
| 38 | azure-pipeline-name: '${{ secrets.VSO_REFRESH_PIPELINE_NAME }}' |
| 39 | azure-devops-token: '${{ steps.AzureKeyVault.outputs.HvliteMirrorPAT }}' # This PAT should have the Build (read & execute) permission. |
| 40 | |