[{"data":1,"prerenderedAt":12168},["Reactive",2],{"navigation":3,"aAII9Cz3yR":204,"tags-security":397},[4,192,200],{"title":5,"_path":6,"children":7,"icon":191},"Blog","/posts",[8,11,14,17,20,23,26,29,32,35,38,41,44,47,50,53,56,59,62,65,68,71,74,77,80,83,86,89,92,95,98,101,104,107,110,113,116,119,122,125,128,131,134,137,140,143,146,149,152,155,158,161,164,167,170,173,176,179,182,185,188],{"title":9,"_path":10},"Testing your API with REST Client","/posts/testing-your-api-with-rest-client",{"title":12,"_path":13},"HTML templating in Xamarin","/posts/html-templating-in-xamarin",{"title":15,"_path":16},"Goodbye Azure Portal, Welcome Azure CLI","/posts/welcome-azure-cli",{"title":18,"_path":19},"Coming across Gitpod","/posts/gitpod",{"title":21,"_path":22},"Handle token retrieval while querying an API","/posts/delegating-handler",{"title":24,"_path":25},"Clean up your local git branches.","/posts/cleaning-git-branches",{"title":27,"_path":28},"Automate configuration of Teams Tab SSO with PowerShell.","/posts/teams-sso-powershell",{"title":30,"_path":31},"How to do a technology watch? - Part 1","/posts/technology-watch-part1",{"title":33,"_path":34},"How to do a technology watch? - Part 2","/posts/technology-watch-part2",{"title":36,"_path":37},"You almost no longer need Key Vault references for Azure Functions.","/posts/azure-functions-custom-configuration",{"title":39,"_path":40},"How to do a technology watch? - Part 3","/posts/technology-watch-part3",{"title":42,"_path":43},"Forget DevOps, the future is already here!","/posts/devops-future",{"title":45,"_path":46},"Week 9, 2021 - Tips I learned this week","/posts/w09-2021-tips-learned-this-week",{"title":48,"_path":49},"Week 12, 2021 - Tips I learned this week","/posts/w12-2021-tips-learned-this-week",{"title":51,"_path":52},"Week 14, 2021 - Tips I learned this week","/posts/w14-2021-tips-learned-this-week",{"title":54,"_path":55},"Once upon a time in .NET","/posts/once-upon-a-time-in-dotnet",{"title":57,"_path":58},"Install your applications with winget","/posts/winget-import",{"title":60,"_path":61},"Customize your applications when installing them with winget","/posts/winget-override",{"title":63,"_path":64},"Week 22, 2021 - Tips I learned this week","/posts/w22-2021-tips-learned-this-week",{"title":66,"_path":67},"How to connect to an Azure SQL Database from C# using Azure AD","/posts/sqlclient-active-directory-authent",{"title":69,"_path":70},"Producing packages for Windows Package Manager","/posts/wingetcreate",{"title":72,"_path":73},"4 tips about GitHub Actions environment variables and contexts","/posts/github-actions-var-and-context",{"title":75,"_path":76},"AzureWebJobsStorage, the secret you don't need in your Function App.","/posts/azure-functions-without-azurewebjobsstorage",{"title":78,"_path":79},"ASP.NET Core - Lost in configuration","/posts/lost-in-configuration",{"title":81,"_path":82},"Week 39, 2021 - Tips I learned this week","/posts/w39-2021-tips-learned-this-week",{"title":84,"_path":85},"Week 41, 2021 - Tips I learned this week","/posts/w41-2021-tips-learned-this-week",{"title":87,"_path":88},"Migrating and open-sourcing my blog","/posts/migrating-blog",{"title":90,"_path":91},"Week 45, 2021 - Tips I learned this week","/posts/w45-2021-tips-learned-this-week",{"title":93,"_path":94},"Organize your GitHub stars with Astral","/posts/astral",{"title":96,"_path":97},"Pulumi with an Azure Blob Storage backend","/posts/pulumi-azure-backend",{"title":99,"_path":100},"IaC Hot Reload with Pulumi Watch","/posts/pulumi-watch",{"title":102,"_path":103},"Week 2, 2022 - Tips I learned this week","/posts/w02-2022-tips-learned-this-week",{"title":105,"_path":106},"Week 3, 2022 - Tips I learned this week","/posts/w03-2022-tips-learned-this-week",{"title":108,"_path":109},"Week 5, 2022 - Tips I learned this week","/posts/w05-2022-tips-learned-this-week",{"title":111,"_path":112},"How to provision an Azure SQL Database with Active Directory authentication","/posts/sqldatabase-active-directory-authent",{"title":114,"_path":115},"Why will I choose Pulumi over Terraform for my next project?","/posts/pulumi-vs-terraform",{"title":117,"_path":118},"Week 19, 2022 - Tips I learned this week","/posts/w19-2022-tips-learned-this-week",{"title":120,"_path":121},"Week 20, 2022 - Tips I learned this week","/posts/w20-2022-tips-learned-this-week",{"title":123,"_path":124},"Keeping secrets secure when using API Clients","/posts/http-clients-secrets",{"title":126,"_path":127},"What made me want to be a developer?","/posts/be-a-developer",{"title":129,"_path":130},"What can we do when stuck with a programming problem?","/posts/get-unstuck",{"title":132,"_path":133},"How did I automate the setup of my developer Windows laptop?","/posts/automate-developer-machine",{"title":135,"_path":136},"Discussion about API clients","/posts/http-clients",{"title":138,"_path":139},"Week 46, 2022 - Tips I learned this week","/posts/w46-2022-tips-learned-this-week",{"title":141,"_path":142},"When Pulumi met Nuke: a .NET love story","/posts/when-pulumi-met-nuke",{"title":144,"_path":145},"A year of learning and sharing - Dev Retro 2022","/posts/2022-retro",{"title":147,"_path":148},"Perform Dynamic Execution of an npm Package","/posts/pnpm-dlx",{"title":150,"_path":151},"Manage multiple Node.js versions","/posts/pnpm-env",{"title":153,"_path":154},"Introducing the Vue.js CI/CD series","/posts/vuecicd-introduction",{"title":156,"_path":157},"Execute commands using your project dependencies","/posts/pnpm-exec",{"title":159,"_path":160},"Vue.js CI/CD: Continuous Integration","/posts/vuecicd-ci",{"title":162,"_path":163},"Who is using pnpm?","/posts/pnpm-who-is-using",{"title":165,"_path":166},"Create an Azure-Ready GitHub Repository using Pulumi","/posts/azure-ready-github-repository",{"title":168,"_path":169},"Deploying to Azure from Azure DevOps without secrets","/posts/ado-workload-identity-federation",{"title":171,"_path":172},"Effortlessly Configure GitHub Repositories for Azure Deployment via OIDC","/posts/scripting-azure-ready-github-repository",{"title":174,"_path":175},"Playing with the .NET 8 Web API template","/posts/playing-with-dotnet8",{"title":177,"_path":178},"Another year of sharing and learning - Dev Retro 2023","/posts/2023-retro",{"title":180,"_path":181},"Week 4, 2024 - Tips I learned this week","/posts/w04-2024-tips-learned-this-week",{"title":183,"_path":184},"Using dependency injection with Azure .NET SDK","/posts/azure-sdk-di",{"title":186,"_path":187},"Having Fun With IT Event Calendars","/posts/it-event-calendars",{"title":189,"_path":190},"Call your Azure AD B2C protected API with authenticated HTTP requests from your JetBrains IDE","/posts/http-clients-oauth2","i-heroicons-newspaper",{"title":193,"_path":194,"children":195,"icon":199},"Goodies","/goodies",[196],{"title":197,"_path":198},"My Git Cheat Sheet","/goodies/gitcheatsheet","i-heroicons-gift-solid",{"title":201,"_path":202,"icon":203},"About","/about","i-heroicons-user-circle-solid",[205,207,209,211,214,217,220,223,226,229,231,234,237,240,242,244,247,250,253,255,258,261,264,267,270,273,276,279,282,285,287,289,292,294,297,300,303,305,308,310,313,316,319,322,325,327,329,332,335,338,341,344,347,350,353,356,359,361,363,366,369,372,375,377,380,383,385,388,391,394],[206,206],"tooling",[208,208],"vscode",[210,210],"rest",[212,213],"http","HTTP",[215,216],"razor","Razor",[218,219],"xamarin","Xamarin",[221,222],"templating","Templating",[224,225],"azure-cli","Azure CLI",[227,228],"azure","Azure",[230,230],"shell",[232,233],"github","GitHub",[235,236],"asp-net-core","ASP.NET Core",[238,239],"net",".NET",[241,241],"git",[243,243],"nushell",[245,246],"microsoft-teams","Microsoft Teams",[248,249],"powershell","PowerShell",[251,252],"azure-active-directory","Azure Active Directory",[254,254],"learning",[256,257],"azure-functions","Azure Functions",[259,260],"azure-key-vault","Azure Key Vault",[262,263],"configuration","Configuration",[265,266],"devops","DevOps",[268,269],"it","IT",[271,272],"tips-learned-this-week","tips learned this week",[274,275],"windows-terminal","Windows Terminal",[277,278],"azure-pipelines","Azure Pipelines",[280,281],"application-insights","Application Insights",[283,284],"azure-iot","Azure IoT",[286,286],"records",[288,288],"refit",[290,291],"development-box-setup","development box setup",[293,293],"winget",[295,296],"package-manager","package manager",[298,299],"azure-sql-database","Azure SQL Database",[301,302],"azure-sdk","Azure SDK",[304,304],"wingetcreate",[306,307],"github-actions","GitHub Actions",[309,309],"jq",[311,312],"pulumi","Pulumi",[314,315],"iac","IaC",[317,318],"azure-storage","Azure Storage",[320,321],"azure-signalr","Azure SignalR",[323,324],"visio","Visio",[326,326],"csharp",[328,328],"jest",[330,331],"statiq","Statiq",[333,334],"open-source","open source",[336,337],"visual-studio","Visual Studio",[339,340],"vue-js","Vue.js",[342,343],"azure-devops","Azure DevOps",[345,346],"vite","Vite",[348,349],"code-analysis","Code analysis",[351,352],"diagram","Diagram",[354,355],"terraform","Terraform",[357,358],"typescript","TypeScript",[360,360],"thoughts",[362,362],"pnpm",[364,365],"nuke","Nuke",[367,368],"pipelines","Pipelines",[370,371],"cicd","CI/CD",[373,374],"openid-connect","OpenID Connect",[376,376],"security",[378,379],"github-cli","GitHub CLI",[381,382],"microsoft-entra-id","Microsoft Entra ID",[384,384],"advent",[386,387],"finops","FinOps",[389,390],"anglesharp","AngleSharp",[392,393],"oauth2","OAuth2",[395,396],"azure-ad-b2c","Azure AD B2C",[398,4696],{"_path":169,"_dir":399,"_draft":400,"_partial":400,"_locale":401,"title":168,"description":402,"lead":403,"date":404,"image":405,"badge":407,"tags":408,"body":409,"_type":4691,"_id":4692,"_source":4693,"_file":4694,"_extension":4695},"posts",false,"","If you are deploying your application to Azure from Azure Pipelines, you might want to leverage the ability to do so without using secrets thanks to Workload identity federation. In this article, I will demonstrate how to automate the configuration of your Azure DevOps project, with everything pre-configured to securely deploy applications to Azure.","Azure DevOps Workload identity federation (OIDC) with Pulumi","2023-09-21T00:00:00.000Z",{"src":406},"/images/azuredevopsoidc.webp",{"label":266},[228,233,307,374,312,315,376,239],{"type":410,"children":411,"toc":4678},"root",[412,419,426,442,457,462,483,495,514,526,531,545,550,555,564,573,578,583,593,599,606,611,685,697,756,761,800,805,850,856,861,900,914,950,974,979,1353,1358,1372,1484,1489,1755,1796,1802,1816,2106,2119,2277,2282,2304,2532,2538,2543,2561,2566,3051,3066,3071,3392,3405,3411,3416,3429,3668,3673,3928,3933,4204,4209,4394,4399,4563,4576,4608,4617,4622,4628,4641,4646,4651,4656,4672],{"type":413,"tag":414,"props":415,"children":416},"element","p",{},[417],{"type":418,"value":402},"text",{"type":413,"tag":420,"props":421,"children":423},"h2",{"id":422},"why-should-you-use-workload-identity-federation-for-your-deployment-pipelines",[424],{"type":418,"value":425},"Why should you use Workload Identity Federation for your deployment pipelines?",{"type":413,"tag":414,"props":427,"children":428},{},[429,431,440],{"type":418,"value":430},"I already wrote about the ",{"type":413,"tag":432,"props":433,"children":437},"a",{"href":434,"rel":435},"https://www.techwatching.dev/posts/azure-ready-github-repository#the-problem-with-secret-credentials",[436],"nofollow",[438],{"type":418,"value":439},"problem of secret credentials",{"type":418,"value":441},", but let me remind you 2 reasons why I think you should always avoid using secrets in your deployment pipelines:",{"type":413,"tag":443,"props":444,"children":445},"ul",{},[446,452],{"type":413,"tag":447,"props":448,"children":449},"li",{},[450],{"type":418,"value":451},"It's more secure if you don't need a secret to authenticate to Azure",{"type":413,"tag":447,"props":453,"children":454},{},[455],{"type":418,"value":456},"It's more practical if you don't need to handle secret rotation when secrets expire",{"type":413,"tag":414,"props":458,"children":459},{},[460],{"type":418,"value":461},"This is true whatever the CI/CD platform you are using.",{"type":413,"tag":414,"props":463,"children":464},{},[465,472,474,481],{"type":413,"tag":432,"props":466,"children":469},{"href":467,"rel":468},"https://learn.microsoft.com/en-us/azure/active-directory/workload-identities/workload-identity-federation",[436],[470],{"type":418,"value":471},"Workload identity federation",{"type":418,"value":473}," leverages OpenID Connect to solve these problems and avoid using secrets in your pipelines to authenticate to Azure. I previously published ",{"type":413,"tag":432,"props":475,"children":478},{"href":476,"rel":477},"https://www.techwatching.dev/posts/azure-ready-github-repository",[436],[479],{"type":418,"value":480},"an article about using Azure OpenID Connect with Pulumi in GitHub Actions",{"type":418,"value":482},", but that also works with Azure Pipelines.",{"type":413,"tag":414,"props":484,"children":485},{},[486],{"type":413,"tag":487,"props":488,"children":494},"img",{"alt":489,"className":490,"src":493},"Workload Identity Federation for Azure DevOps",[491,492],"rounded-lg","mx-auto","/posts/images/azuredevopsoidc_schema_1.webp",[],{"type":413,"tag":496,"props":497,"children":499},"callout",{"icon":498},"i-heroicons-information-circle",[500],{"type":413,"tag":414,"props":501,"children":502},{},[503,505,512],{"type":418,"value":504},"Microsoft has announced the ",{"type":413,"tag":432,"props":506,"children":509},{"href":507,"rel":508},"https://devblogs.microsoft.com/devops/public-preview-of-workload-identity-federation-for-azure-pipelines/",[436],[510],{"type":418,"value":511},"public preview of Workload identity federation for Azure Pipelines",{"type":418,"value":513}," on the 11th September 2023.",{"type":413,"tag":420,"props":515,"children":517},{"id":516},"how-can-you-use-workload-identity-federation-to-deploy-to-azure-from-azure-pipelines",[518,520],{"type":418,"value":519},"How can you use ",{"type":413,"tag":521,"props":522,"children":523},"strong",{},[524],{"type":418,"value":525},"Workload Identity Federation to deploy to Azure from Azure Pipelines?",{"type":413,"tag":414,"props":527,"children":528},{},[529],{"type":418,"value":530},"Azure Pipelines tasks use service connections to authenticate with external services. Specifically, for Azure, it is necessary to create an Azure Resource Manager service connection.",{"type":413,"tag":414,"props":532,"children":533},{},[534,536,543],{"type":418,"value":535},"You can create an Azure Resource Manager service connection that uses workload identity federation by configuring it in your Azure DevOps organization portal (check the documentation ",{"type":413,"tag":432,"props":537,"children":540},{"href":538,"rel":539},"https://learn.microsoft.com/en-us/azure/devops/pipelines/library/connect-to-azure?view=azure-devops#create-an-azure-resource-manager-service-connection-using-workload-identity-federation",[436],[541],{"type":418,"value":542},"here",{"type":418,"value":544},").",{"type":413,"tag":414,"props":546,"children":547},{},[548],{"type":418,"value":549},"Or ... you can automate that using Infrastructure as Code 😉.",{"type":413,"tag":414,"props":551,"children":552},{},[553],{"type":418,"value":554},"Yet, who wants to manually configure things from a wizard when everything can be automated in versioned code? So let's go the IaC way.",{"type":413,"tag":496,"props":556,"children":558},{"icon":557},"i-heroicons-chat-bubble-left-20-solid",[559],{"type":413,"tag":414,"props":560,"children":561},{},[562],{"type":418,"value":563},"All kidding aside, I genuinely believe that there are many advantages to provisioning your Azure DevOps projects and their associated resources (Repos, Service Connections, policies, pipelines, ...) using Infrastructure as Code. It takes time to properly configure Azure DevOps projects, and if they are often organized similarly, it's more efficient to automate their configuration rather than doing it manually.",{"type":413,"tag":414,"props":565,"children":566},{},[567],{"type":413,"tag":487,"props":568,"children":572},{"alt":569,"className":570,"src":571},"Diagram to deploy from Azure Pipelines to Azure",[491,492],"/posts/images/azuredevopsoidc_schema_2.webp",[],{"type":413,"tag":414,"props":574,"children":575},{},[576],{"type":418,"value":577},"I will use Pulumi and its Azure DevOps provider to provision the necessary resources. The infrastructure as code will be written in C# but you could easily convert the C# code to any language that Pulumi supports (like TypeScript, I am a big fan of using TypeScript to write infrastructure code 🔥).",{"type":413,"tag":414,"props":579,"children":580},{},[581],{"type":418,"value":582},"Here is the complete solution to implement:",{"type":413,"tag":414,"props":584,"children":585},{},[586],{"type":413,"tag":487,"props":587,"children":592},{"alt":588,"className":589,"src":590,"width":591},"Schema of the complete solution",[491,492],"/posts/images/azuredevopsoidc_schema_3.webp",1000,[],{"type":413,"tag":420,"props":594,"children":596},{"id":595},"automate-the-configuration-of-workload-identity-federation-in-azure-devops",[597],{"type":418,"value":598},"Automate the configuration of Workload identity federation in Azure DevOps",{"type":413,"tag":600,"props":601,"children":603},"h3",{"id":602},"create-the-pulumi-net-project",[604],{"type":418,"value":605},"Create the Pulumi .NET project",{"type":413,"tag":414,"props":607,"children":608},{},[609],{"type":418,"value":610},"Let's start by scaffolding a new Pulumi project using .NET:",{"type":413,"tag":612,"props":613,"children":617},"pre",{"className":614,"code":615,"language":616,"meta":401,"style":401},"language-bash shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","pulumi new csharp -n AzureDevOpsWorkloadIdentity -s dev -d \"A program to set up an Azure-Ready Azure DevOps repository\"\n","bash",[618],{"type":413,"tag":619,"props":620,"children":621},"code",{"__ignoreMap":401},[622],{"type":413,"tag":623,"props":624,"children":627},"span",{"class":625,"line":626},"line",1,[628,633,639,644,649,654,659,664,669,675,680],{"type":413,"tag":623,"props":629,"children":631},{"style":630},"--shiki-light:#E2931D;--shiki-default:#FFCB6B;--shiki-dark:#FFCB6B",[632],{"type":418,"value":311},{"type":413,"tag":623,"props":634,"children":636},{"style":635},"--shiki-light:#91B859;--shiki-default:#C3E88D;--shiki-dark:#C3E88D",[637],{"type":418,"value":638}," new",{"type":413,"tag":623,"props":640,"children":641},{"style":635},[642],{"type":418,"value":643}," csharp",{"type":413,"tag":623,"props":645,"children":646},{"style":635},[647],{"type":418,"value":648}," -n",{"type":413,"tag":623,"props":650,"children":651},{"style":635},[652],{"type":418,"value":653}," AzureDevOpsWorkloadIdentity",{"type":413,"tag":623,"props":655,"children":656},{"style":635},[657],{"type":418,"value":658}," -s",{"type":413,"tag":623,"props":660,"children":661},{"style":635},[662],{"type":418,"value":663}," dev",{"type":413,"tag":623,"props":665,"children":666},{"style":635},[667],{"type":418,"value":668}," -d",{"type":413,"tag":623,"props":670,"children":672},{"style":671},"--shiki-light:#39ADB5;--shiki-default:#89DDFF;--shiki-dark:#89DDFF",[673],{"type":418,"value":674}," \"",{"type":413,"tag":623,"props":676,"children":677},{"style":635},[678],{"type":418,"value":679},"A program to set up an Azure-Ready Azure DevOps repository",{"type":413,"tag":623,"props":681,"children":682},{"style":671},[683],{"type":418,"value":684},"\"\n",{"type":413,"tag":414,"props":686,"children":687},{},[688,690,695],{"type":418,"value":689},"This command creates a new pulumi project and stack from the ",{"type":413,"tag":619,"props":691,"children":693},{"className":692},[],[694],{"type":418,"value":326},{"type":418,"value":696}," template:",{"type":413,"tag":443,"props":698,"children":699},{},[700,721,738],{"type":413,"tag":447,"props":701,"children":702},{},[703,705,711,713,719],{"type":418,"value":704},"The name of the project \"",{"type":413,"tag":706,"props":707,"children":708},"em",{},[709],{"type":418,"value":710},"AzureDevOpsWorkloadIdentity",{"type":418,"value":712},"\" is specified using the ",{"type":413,"tag":619,"props":714,"children":716},{"className":715},[],[717],{"type":418,"value":718},"-n",{"type":418,"value":720}," option",{"type":413,"tag":447,"props":722,"children":723},{},[724,726,730,731,737],{"type":418,"value":725},"The description of the project \"",{"type":413,"tag":706,"props":727,"children":728},{},[729],{"type":418,"value":679},{"type":418,"value":712},{"type":413,"tag":619,"props":732,"children":734},{"className":733},[],[735],{"type":418,"value":736},"-d",{"type":418,"value":720},{"type":413,"tag":447,"props":739,"children":740},{},[741,743,748,749,755],{"type":418,"value":742},"The stack of the project \"",{"type":413,"tag":706,"props":744,"children":745},{},[746],{"type":418,"value":747},"dev",{"type":418,"value":712},{"type":413,"tag":619,"props":750,"children":752},{"className":751},[],[753],{"type":418,"value":754},"-s",{"type":418,"value":720},{"type":413,"tag":414,"props":757,"children":758},{},[759],{"type":418,"value":760},"This project will need 3 different providers:",{"type":413,"tag":443,"props":762,"children":763},{},[764,776,789],{"type":413,"tag":447,"props":765,"children":766},{},[767,769],{"type":418,"value":768},"the ",{"type":413,"tag":432,"props":770,"children":773},{"href":771,"rel":772},"https://www.pulumi.com/registry/packages/azure-native/",[436],[774],{"type":418,"value":775},"Azure Native provider",{"type":413,"tag":447,"props":777,"children":778},{},[779,780,787],{"type":418,"value":768},{"type":413,"tag":432,"props":781,"children":784},{"href":782,"rel":783},"https://www.pulumi.com/registry/packages/azuread/",[436],[785],{"type":418,"value":786},"Azure Active Directory provider",{"type":418,"value":788}," (provider for Microsoft Entra ID)",{"type":413,"tag":447,"props":790,"children":791},{},[792,793],{"type":418,"value":768},{"type":413,"tag":432,"props":794,"children":797},{"href":795,"rel":796},"https://www.pulumi.com/registry/packages/azuredevops/",[436],[798],{"type":418,"value":799},"Azure DevOps provider",{"type":413,"tag":414,"props":801,"children":802},{},[803],{"type":418,"value":804},"So we can add the following Nuget packages to our project:",{"type":413,"tag":443,"props":806,"children":807},{},[808,822,836],{"type":413,"tag":447,"props":809,"children":810},{},[811],{"type":413,"tag":432,"props":812,"children":815},{"href":813,"rel":814},"https://www.nuget.org/packages/Pulumi.AzureNative",[436],[816],{"type":413,"tag":619,"props":817,"children":819},{"className":818},[],[820],{"type":418,"value":821},"Pulumi.AzureNative",{"type":413,"tag":447,"props":823,"children":824},{},[825],{"type":413,"tag":432,"props":826,"children":829},{"href":827,"rel":828},"https://www.nuget.org/packages/Pulumi.AzureAD",[436],[830],{"type":413,"tag":619,"props":831,"children":833},{"className":832},[],[834],{"type":418,"value":835},"Pulumi.AzureAD",{"type":413,"tag":447,"props":837,"children":838},{},[839],{"type":413,"tag":432,"props":840,"children":843},{"href":841,"rel":842},"https://www.nuget.org/packages/Pulumi.AzureDevOps",[436],[844],{"type":413,"tag":619,"props":845,"children":847},{"className":846},[],[848],{"type":418,"value":849},"Pulumi.AzureDevOps",{"type":413,"tag":600,"props":851,"children":853},{"id":852},"create-the-azure-devops-project",[854],{"type":418,"value":855},"Create the Azure DevOps project",{"type":413,"tag":414,"props":857,"children":858},{},[859],{"type":418,"value":860},"First, we must select the Azure DevOps organization where we wish to create a project and set its URL in our Pulumi configuration.",{"type":413,"tag":612,"props":862,"children":864},{"className":614,"code":863,"language":616,"meta":401,"style":401},"pulumi config set azuredevops:orgServiceUrl XXXXXXXXXXXXXX --secret\n",[865],{"type":413,"tag":619,"props":866,"children":867},{"__ignoreMap":401},[868],{"type":413,"tag":623,"props":869,"children":870},{"class":625,"line":626},[871,875,880,885,890,895],{"type":413,"tag":623,"props":872,"children":873},{"style":630},[874],{"type":418,"value":311},{"type":413,"tag":623,"props":876,"children":877},{"style":635},[878],{"type":418,"value":879}," config",{"type":413,"tag":623,"props":881,"children":882},{"style":635},[883],{"type":418,"value":884}," set",{"type":413,"tag":623,"props":886,"children":887},{"style":635},[888],{"type":418,"value":889}," azuredevops:orgServiceUrl",{"type":413,"tag":623,"props":891,"children":892},{"style":635},[893],{"type":418,"value":894}," XXXXXXXXXXXXXX",{"type":413,"tag":623,"props":896,"children":897},{"style":635},[898],{"type":418,"value":899}," --secret\n",{"type":413,"tag":414,"props":901,"children":902},{},[903,905,912],{"type":418,"value":904},"Second, we need to supply the necessary Azure DevOps credentials. For that, we can ",{"type":413,"tag":432,"props":906,"children":909},{"href":907,"rel":908},"https://learn.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=azure-devops&tabs=Windows#create-a-pat",[436],[910],{"type":418,"value":911},"create a personal access token",{"type":418,"value":913}," and add it to our Pulumi configuration.",{"type":413,"tag":612,"props":915,"children":917},{"className":614,"code":916,"language":616,"meta":401,"style":401},"pulumi config set azuredevops:personalAccessToken YYYYYYYYYYYYYY --secret\n",[918],{"type":413,"tag":619,"props":919,"children":920},{"__ignoreMap":401},[921],{"type":413,"tag":623,"props":922,"children":923},{"class":625,"line":626},[924,928,932,936,941,946],{"type":413,"tag":623,"props":925,"children":926},{"style":630},[927],{"type":418,"value":311},{"type":413,"tag":623,"props":929,"children":930},{"style":635},[931],{"type":418,"value":879},{"type":413,"tag":623,"props":933,"children":934},{"style":635},[935],{"type":418,"value":884},{"type":413,"tag":623,"props":937,"children":938},{"style":635},[939],{"type":418,"value":940}," azuredevops:personalAccessToken",{"type":413,"tag":623,"props":942,"children":943},{"style":635},[944],{"type":418,"value":945}," YYYYYYYYYYYYYY",{"type":413,"tag":623,"props":947,"children":948},{"style":635},[949],{"type":418,"value":899},{"type":413,"tag":496,"props":951,"children":953},{"icon":952},"i-fluent-emoji-flat-locked-with-key",[954],{"type":413,"tag":414,"props":955,"children":956},{},[957,959,965,967,972],{"type":418,"value":958},"I followed the documentation but to be honest, I don't think it's necessary to include the ",{"type":413,"tag":619,"props":960,"children":962},{"className":961},[],[963],{"type":418,"value":964},"--secret",{"type":418,"value":966}," option for the organization URL as it's not really a sensitive value that needs to be encrypted. However, ",{"type":413,"tag":521,"props":968,"children":969},{},[970],{"type":418,"value":971},"it's mandatory to include it for the access token",{"type":418,"value":973}," so that we can safely commit the configuration files without creating security risks.",{"type":413,"tag":414,"props":975,"children":976},{},[977],{"type":418,"value":978},"Third, we can create the DevOps project:",{"type":413,"tag":612,"props":980,"children":983},{"className":981,"code":982,"language":326,"meta":401,"style":401},"language-csharp shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","var project = new Project(\"AzureReadyADOProject\", new()\n{\n    Description = \"New project with everything correctly configured to provision Azure resources or deploy applications to Azure\",\n    Features = new()\n    {\n        [\"boards\"] = \"disabled\",\n        [\"repositories\"] = \"enabled\",\n        [\"pipelines\"] = \"enabled\",\n        [\"testplans\"] = \"disabled\",\n        [\"artifacts\"] = \"disabled\"\n    },\n});\n",[984],{"type":413,"tag":619,"props":985,"children":986},{"__ignoreMap":401},[987,1043,1052,1085,1102,1111,1159,1205,1249,1294,1335,1344],{"type":413,"tag":623,"props":988,"children":989},{"class":625,"line":626},[990,995,1000,1005,1009,1014,1019,1024,1029,1033,1038],{"type":413,"tag":623,"props":991,"children":992},{"style":630},[993],{"type":418,"value":994},"var",{"type":413,"tag":623,"props":996,"children":997},{"style":630},[998],{"type":418,"value":999}," project",{"type":413,"tag":623,"props":1001,"children":1002},{"style":671},[1003],{"type":418,"value":1004}," =",{"type":413,"tag":623,"props":1006,"children":1007},{"style":671},[1008],{"type":418,"value":638},{"type":413,"tag":623,"props":1010,"children":1011},{"style":630},[1012],{"type":418,"value":1013}," Project",{"type":413,"tag":623,"props":1015,"children":1016},{"style":671},[1017],{"type":418,"value":1018},"(",{"type":413,"tag":623,"props":1020,"children":1021},{"style":671},[1022],{"type":418,"value":1023},"\"",{"type":413,"tag":623,"props":1025,"children":1026},{"style":635},[1027],{"type":418,"value":1028},"AzureReadyADOProject",{"type":413,"tag":623,"props":1030,"children":1031},{"style":671},[1032],{"type":418,"value":1023},{"type":413,"tag":623,"props":1034,"children":1035},{"style":671},[1036],{"type":418,"value":1037},",",{"type":413,"tag":623,"props":1039,"children":1040},{"style":671},[1041],{"type":418,"value":1042}," new()\n",{"type":413,"tag":623,"props":1044,"children":1046},{"class":625,"line":1045},2,[1047],{"type":413,"tag":623,"props":1048,"children":1049},{"style":671},[1050],{"type":418,"value":1051},"{\n",{"type":413,"tag":623,"props":1053,"children":1055},{"class":625,"line":1054},3,[1056,1062,1067,1071,1076,1080],{"type":413,"tag":623,"props":1057,"children":1059},{"style":1058},"--shiki-light:#90A4AE;--shiki-default:#EEFFFF;--shiki-dark:#BABED8",[1060],{"type":418,"value":1061},"    Description ",{"type":413,"tag":623,"props":1063,"children":1064},{"style":671},[1065],{"type":418,"value":1066},"=",{"type":413,"tag":623,"props":1068,"children":1069},{"style":671},[1070],{"type":418,"value":674},{"type":413,"tag":623,"props":1072,"children":1073},{"style":635},[1074],{"type":418,"value":1075},"New project with everything correctly configured to provision Azure resources or deploy applications to Azure",{"type":413,"tag":623,"props":1077,"children":1078},{"style":671},[1079],{"type":418,"value":1023},{"type":413,"tag":623,"props":1081,"children":1082},{"style":671},[1083],{"type":418,"value":1084},",\n",{"type":413,"tag":623,"props":1086,"children":1088},{"class":625,"line":1087},4,[1089,1094,1098],{"type":413,"tag":623,"props":1090,"children":1091},{"style":1058},[1092],{"type":418,"value":1093},"    Features ",{"type":413,"tag":623,"props":1095,"children":1096},{"style":671},[1097],{"type":418,"value":1066},{"type":413,"tag":623,"props":1099,"children":1100},{"style":671},[1101],{"type":418,"value":1042},{"type":413,"tag":623,"props":1103,"children":1105},{"class":625,"line":1104},5,[1106],{"type":413,"tag":623,"props":1107,"children":1108},{"style":671},[1109],{"type":418,"value":1110},"    {\n",{"type":413,"tag":623,"props":1112,"children":1114},{"class":625,"line":1113},6,[1115,1120,1124,1129,1133,1138,1142,1146,1151,1155],{"type":413,"tag":623,"props":1116,"children":1117},{"style":671},[1118],{"type":418,"value":1119},"        [",{"type":413,"tag":623,"props":1121,"children":1122},{"style":671},[1123],{"type":418,"value":1023},{"type":413,"tag":623,"props":1125,"children":1126},{"style":635},[1127],{"type":418,"value":1128},"boards",{"type":413,"tag":623,"props":1130,"children":1131},{"style":671},[1132],{"type":418,"value":1023},{"type":413,"tag":623,"props":1134,"children":1135},{"style":671},[1136],{"type":418,"value":1137},"]",{"type":413,"tag":623,"props":1139,"children":1140},{"style":671},[1141],{"type":418,"value":1004},{"type":413,"tag":623,"props":1143,"children":1144},{"style":671},[1145],{"type":418,"value":674},{"type":413,"tag":623,"props":1147,"children":1148},{"style":635},[1149],{"type":418,"value":1150},"disabled",{"type":413,"tag":623,"props":1152,"children":1153},{"style":671},[1154],{"type":418,"value":1023},{"type":413,"tag":623,"props":1156,"children":1157},{"style":671},[1158],{"type":418,"value":1084},{"type":413,"tag":623,"props":1160,"children":1162},{"class":625,"line":1161},7,[1163,1167,1171,1176,1180,1184,1188,1192,1197,1201],{"type":413,"tag":623,"props":1164,"children":1165},{"style":671},[1166],{"type":418,"value":1119},{"type":413,"tag":623,"props":1168,"children":1169},{"style":671},[1170],{"type":418,"value":1023},{"type":413,"tag":623,"props":1172,"children":1173},{"style":635},[1174],{"type":418,"value":1175},"repositories",{"type":413,"tag":623,"props":1177,"children":1178},{"style":671},[1179],{"type":418,"value":1023},{"type":413,"tag":623,"props":1181,"children":1182},{"style":671},[1183],{"type":418,"value":1137},{"type":413,"tag":623,"props":1185,"children":1186},{"style":671},[1187],{"type":418,"value":1004},{"type":413,"tag":623,"props":1189,"children":1190},{"style":671},[1191],{"type":418,"value":674},{"type":413,"tag":623,"props":1193,"children":1194},{"style":635},[1195],{"type":418,"value":1196},"enabled",{"type":413,"tag":623,"props":1198,"children":1199},{"style":671},[1200],{"type":418,"value":1023},{"type":413,"tag":623,"props":1202,"children":1203},{"style":671},[1204],{"type":418,"value":1084},{"type":413,"tag":623,"props":1206,"children":1208},{"class":625,"line":1207},8,[1209,1213,1217,1221,1225,1229,1233,1237,1241,1245],{"type":413,"tag":623,"props":1210,"children":1211},{"style":671},[1212],{"type":418,"value":1119},{"type":413,"tag":623,"props":1214,"children":1215},{"style":671},[1216],{"type":418,"value":1023},{"type":413,"tag":623,"props":1218,"children":1219},{"style":635},[1220],{"type":418,"value":367},{"type":413,"tag":623,"props":1222,"children":1223},{"style":671},[1224],{"type":418,"value":1023},{"type":413,"tag":623,"props":1226,"children":1227},{"style":671},[1228],{"type":418,"value":1137},{"type":413,"tag":623,"props":1230,"children":1231},{"style":671},[1232],{"type":418,"value":1004},{"type":413,"tag":623,"props":1234,"children":1235},{"style":671},[1236],{"type":418,"value":674},{"type":413,"tag":623,"props":1238,"children":1239},{"style":635},[1240],{"type":418,"value":1196},{"type":413,"tag":623,"props":1242,"children":1243},{"style":671},[1244],{"type":418,"value":1023},{"type":413,"tag":623,"props":1246,"children":1247},{"style":671},[1248],{"type":418,"value":1084},{"type":413,"tag":623,"props":1250,"children":1252},{"class":625,"line":1251},9,[1253,1257,1261,1266,1270,1274,1278,1282,1286,1290],{"type":413,"tag":623,"props":1254,"children":1255},{"style":671},[1256],{"type":418,"value":1119},{"type":413,"tag":623,"props":1258,"children":1259},{"style":671},[1260],{"type":418,"value":1023},{"type":413,"tag":623,"props":1262,"children":1263},{"style":635},[1264],{"type":418,"value":1265},"testplans",{"type":413,"tag":623,"props":1267,"children":1268},{"style":671},[1269],{"type":418,"value":1023},{"type":413,"tag":623,"props":1271,"children":1272},{"style":671},[1273],{"type":418,"value":1137},{"type":413,"tag":623,"props":1275,"children":1276},{"style":671},[1277],{"type":418,"value":1004},{"type":413,"tag":623,"props":1279,"children":1280},{"style":671},[1281],{"type":418,"value":674},{"type":413,"tag":623,"props":1283,"children":1284},{"style":635},[1285],{"type":418,"value":1150},{"type":413,"tag":623,"props":1287,"children":1288},{"style":671},[1289],{"type":418,"value":1023},{"type":413,"tag":623,"props":1291,"children":1292},{"style":671},[1293],{"type":418,"value":1084},{"type":413,"tag":623,"props":1295,"children":1297},{"class":625,"line":1296},10,[1298,1302,1306,1311,1315,1319,1323,1327,1331],{"type":413,"tag":623,"props":1299,"children":1300},{"style":671},[1301],{"type":418,"value":1119},{"type":413,"tag":623,"props":1303,"children":1304},{"style":671},[1305],{"type":418,"value":1023},{"type":413,"tag":623,"props":1307,"children":1308},{"style":635},[1309],{"type":418,"value":1310},"artifacts",{"type":413,"tag":623,"props":1312,"children":1313},{"style":671},[1314],{"type":418,"value":1023},{"type":413,"tag":623,"props":1316,"children":1317},{"style":671},[1318],{"type":418,"value":1137},{"type":413,"tag":623,"props":1320,"children":1321},{"style":671},[1322],{"type":418,"value":1004},{"type":413,"tag":623,"props":1324,"children":1325},{"style":671},[1326],{"type":418,"value":674},{"type":413,"tag":623,"props":1328,"children":1329},{"style":635},[1330],{"type":418,"value":1150},{"type":413,"tag":623,"props":1332,"children":1333},{"style":671},[1334],{"type":418,"value":684},{"type":413,"tag":623,"props":1336,"children":1338},{"class":625,"line":1337},11,[1339],{"type":413,"tag":623,"props":1340,"children":1341},{"style":671},[1342],{"type":418,"value":1343},"    },\n",{"type":413,"tag":623,"props":1345,"children":1347},{"class":625,"line":1346},12,[1348],{"type":413,"tag":623,"props":1349,"children":1350},{"style":671},[1351],{"type":418,"value":1352},"});\n",{"type":413,"tag":414,"props":1354,"children":1355},{},[1356],{"type":418,"value":1357},"I intentionally disabled Azure Boards, Azure Test Plans, and Azure Artifacts as we only need Azure Repos and Azure Pipelines for this demo but you can enable what you need for your projects.",{"type":413,"tag":414,"props":1359,"children":1360},{},[1361,1363,1370],{"type":418,"value":1362},"By default, when we create an Azure DevOps project, a ",{"type":413,"tag":432,"props":1364,"children":1367},{"href":1365,"rel":1366},"https://www.pulumi.com/registry/packages/azuredevops/api-docs/git/",[436],[1368],{"type":418,"value":1369},"Git repository",{"type":418,"value":1371}," is created for us with the same name as the project. This repository can be retrieved using the following code:",{"type":413,"tag":612,"props":1373,"children":1375},{"className":981,"code":1374,"language":326,"meta":401,"style":401},"var repository = GetGitRepository.Invoke(new()\n{\n    ProjectId = project.Id,\n    Name = project.Name\n});\n",[1376],{"type":413,"tag":619,"props":1377,"children":1378},{"__ignoreMap":401},[1379,1416,1423,1452,1477],{"type":413,"tag":623,"props":1380,"children":1381},{"class":625,"line":626},[1382,1386,1391,1395,1400,1405,1411],{"type":413,"tag":623,"props":1383,"children":1384},{"style":630},[1385],{"type":418,"value":994},{"type":413,"tag":623,"props":1387,"children":1388},{"style":630},[1389],{"type":418,"value":1390}," repository",{"type":413,"tag":623,"props":1392,"children":1393},{"style":671},[1394],{"type":418,"value":1004},{"type":413,"tag":623,"props":1396,"children":1397},{"style":1058},[1398],{"type":418,"value":1399}," GetGitRepository",{"type":413,"tag":623,"props":1401,"children":1402},{"style":671},[1403],{"type":418,"value":1404},".",{"type":413,"tag":623,"props":1406,"children":1408},{"style":1407},"--shiki-light:#6182B8;--shiki-default:#82AAFF;--shiki-dark:#82AAFF",[1409],{"type":418,"value":1410},"Invoke",{"type":413,"tag":623,"props":1412,"children":1413},{"style":671},[1414],{"type":418,"value":1415},"(new()\n",{"type":413,"tag":623,"props":1417,"children":1418},{"class":625,"line":1045},[1419],{"type":413,"tag":623,"props":1420,"children":1421},{"style":671},[1422],{"type":418,"value":1051},{"type":413,"tag":623,"props":1424,"children":1425},{"class":625,"line":1054},[1426,1431,1435,1439,1443,1448],{"type":413,"tag":623,"props":1427,"children":1428},{"style":1058},[1429],{"type":418,"value":1430},"    ProjectId ",{"type":413,"tag":623,"props":1432,"children":1433},{"style":671},[1434],{"type":418,"value":1066},{"type":413,"tag":623,"props":1436,"children":1437},{"style":1058},[1438],{"type":418,"value":999},{"type":413,"tag":623,"props":1440,"children":1441},{"style":671},[1442],{"type":418,"value":1404},{"type":413,"tag":623,"props":1444,"children":1445},{"style":1058},[1446],{"type":418,"value":1447},"Id",{"type":413,"tag":623,"props":1449,"children":1450},{"style":671},[1451],{"type":418,"value":1084},{"type":413,"tag":623,"props":1453,"children":1454},{"class":625,"line":1087},[1455,1460,1464,1468,1472],{"type":413,"tag":623,"props":1456,"children":1457},{"style":1058},[1458],{"type":418,"value":1459},"    Name ",{"type":413,"tag":623,"props":1461,"children":1462},{"style":671},[1463],{"type":418,"value":1066},{"type":413,"tag":623,"props":1465,"children":1466},{"style":1058},[1467],{"type":418,"value":999},{"type":413,"tag":623,"props":1469,"children":1470},{"style":671},[1471],{"type":418,"value":1404},{"type":413,"tag":623,"props":1473,"children":1474},{"style":1058},[1475],{"type":418,"value":1476},"Name\n",{"type":413,"tag":623,"props":1478,"children":1479},{"class":625,"line":1104},[1480],{"type":413,"tag":623,"props":1481,"children":1482},{"style":671},[1483],{"type":418,"value":1352},{"type":413,"tag":414,"props":1485,"children":1486},{},[1487],{"type":418,"value":1488},"We can also choose to create a new Git repository like this:",{"type":413,"tag":612,"props":1490,"children":1492},{"className":981,"code":1491,"language":326,"meta":401,"style":401},"var repository = new Git(\"AzureReadyADORepository\", new()\n{\n    ProjectId = project.Id,\n    Initialization = new GitInitializationArgs()\n    {\n        InitType = \"Clean\",\n        SourceType = \"Git\",\n        SourceUrl = \"https://repo.com\",\n        ServiceConnectionId = \"\"\n    },\n    DefaultBranch = \"refs/heads/main\"\n});\n",[1493],{"type":413,"tag":619,"props":1494,"children":1495},{"__ignoreMap":401},[1496,1545,1552,1579,1605,1612,1641,1670,1699,1716,1723,1748],{"type":413,"tag":623,"props":1497,"children":1498},{"class":625,"line":626},[1499,1503,1507,1511,1515,1520,1524,1528,1533,1537,1541],{"type":413,"tag":623,"props":1500,"children":1501},{"style":630},[1502],{"type":418,"value":994},{"type":413,"tag":623,"props":1504,"children":1505},{"style":630},[1506],{"type":418,"value":1390},{"type":413,"tag":623,"props":1508,"children":1509},{"style":671},[1510],{"type":418,"value":1004},{"type":413,"tag":623,"props":1512,"children":1513},{"style":671},[1514],{"type":418,"value":638},{"type":413,"tag":623,"props":1516,"children":1517},{"style":630},[1518],{"type":418,"value":1519}," Git",{"type":413,"tag":623,"props":1521,"children":1522},{"style":671},[1523],{"type":418,"value":1018},{"type":413,"tag":623,"props":1525,"children":1526},{"style":671},[1527],{"type":418,"value":1023},{"type":413,"tag":623,"props":1529,"children":1530},{"style":635},[1531],{"type":418,"value":1532},"AzureReadyADORepository",{"type":413,"tag":623,"props":1534,"children":1535},{"style":671},[1536],{"type":418,"value":1023},{"type":413,"tag":623,"props":1538,"children":1539},{"style":671},[1540],{"type":418,"value":1037},{"type":413,"tag":623,"props":1542,"children":1543},{"style":671},[1544],{"type":418,"value":1042},{"type":413,"tag":623,"props":1546,"children":1547},{"class":625,"line":1045},[1548],{"type":413,"tag":623,"props":1549,"children":1550},{"style":671},[1551],{"type":418,"value":1051},{"type":413,"tag":623,"props":1553,"children":1554},{"class":625,"line":1054},[1555,1559,1563,1567,1571,1575],{"type":413,"tag":623,"props":1556,"children":1557},{"style":1058},[1558],{"type":418,"value":1430},{"type":413,"tag":623,"props":1560,"children":1561},{"style":671},[1562],{"type":418,"value":1066},{"type":413,"tag":623,"props":1564,"children":1565},{"style":1058},[1566],{"type":418,"value":999},{"type":413,"tag":623,"props":1568,"children":1569},{"style":671},[1570],{"type":418,"value":1404},{"type":413,"tag":623,"props":1572,"children":1573},{"style":1058},[1574],{"type":418,"value":1447},{"type":413,"tag":623,"props":1576,"children":1577},{"style":671},[1578],{"type":418,"value":1084},{"type":413,"tag":623,"props":1580,"children":1581},{"class":625,"line":1087},[1582,1587,1591,1595,1600],{"type":413,"tag":623,"props":1583,"children":1584},{"style":1058},[1585],{"type":418,"value":1586},"    Initialization ",{"type":413,"tag":623,"props":1588,"children":1589},{"style":671},[1590],{"type":418,"value":1066},{"type":413,"tag":623,"props":1592,"children":1593},{"style":671},[1594],{"type":418,"value":638},{"type":413,"tag":623,"props":1596,"children":1597},{"style":630},[1598],{"type":418,"value":1599}," GitInitializationArgs",{"type":413,"tag":623,"props":1601,"children":1602},{"style":671},[1603],{"type":418,"value":1604},"()\n",{"type":413,"tag":623,"props":1606,"children":1607},{"class":625,"line":1104},[1608],{"type":413,"tag":623,"props":1609,"children":1610},{"style":671},[1611],{"type":418,"value":1110},{"type":413,"tag":623,"props":1613,"children":1614},{"class":625,"line":1113},[1615,1620,1624,1628,1633,1637],{"type":413,"tag":623,"props":1616,"children":1617},{"style":1058},[1618],{"type":418,"value":1619},"        InitType ",{"type":413,"tag":623,"props":1621,"children":1622},{"style":671},[1623],{"type":418,"value":1066},{"type":413,"tag":623,"props":1625,"children":1626},{"style":671},[1627],{"type":418,"value":674},{"type":413,"tag":623,"props":1629,"children":1630},{"style":635},[1631],{"type":418,"value":1632},"Clean",{"type":413,"tag":623,"props":1634,"children":1635},{"style":671},[1636],{"type":418,"value":1023},{"type":413,"tag":623,"props":1638,"children":1639},{"style":671},[1640],{"type":418,"value":1084},{"type":413,"tag":623,"props":1642,"children":1643},{"class":625,"line":1161},[1644,1649,1653,1657,1662,1666],{"type":413,"tag":623,"props":1645,"children":1646},{"style":1058},[1647],{"type":418,"value":1648},"        SourceType ",{"type":413,"tag":623,"props":1650,"children":1651},{"style":671},[1652],{"type":418,"value":1066},{"type":413,"tag":623,"props":1654,"children":1655},{"style":671},[1656],{"type":418,"value":674},{"type":413,"tag":623,"props":1658,"children":1659},{"style":635},[1660],{"type":418,"value":1661},"Git",{"type":413,"tag":623,"props":1663,"children":1664},{"style":671},[1665],{"type":418,"value":1023},{"type":413,"tag":623,"props":1667,"children":1668},{"style":671},[1669],{"type":418,"value":1084},{"type":413,"tag":623,"props":1671,"children":1672},{"class":625,"line":1207},[1673,1678,1682,1686,1691,1695],{"type":413,"tag":623,"props":1674,"children":1675},{"style":1058},[1676],{"type":418,"value":1677},"        SourceUrl ",{"type":413,"tag":623,"props":1679,"children":1680},{"style":671},[1681],{"type":418,"value":1066},{"type":413,"tag":623,"props":1683,"children":1684},{"style":671},[1685],{"type":418,"value":674},{"type":413,"tag":623,"props":1687,"children":1688},{"style":635},[1689],{"type":418,"value":1690},"https://repo.com",{"type":413,"tag":623,"props":1692,"children":1693},{"style":671},[1694],{"type":418,"value":1023},{"type":413,"tag":623,"props":1696,"children":1697},{"style":671},[1698],{"type":418,"value":1084},{"type":413,"tag":623,"props":1700,"children":1701},{"class":625,"line":1251},[1702,1707,1711],{"type":413,"tag":623,"props":1703,"children":1704},{"style":1058},[1705],{"type":418,"value":1706},"        ServiceConnectionId ",{"type":413,"tag":623,"props":1708,"children":1709},{"style":671},[1710],{"type":418,"value":1066},{"type":413,"tag":623,"props":1712,"children":1713},{"style":671},[1714],{"type":418,"value":1715}," \"\"\n",{"type":413,"tag":623,"props":1717,"children":1718},{"class":625,"line":1296},[1719],{"type":413,"tag":623,"props":1720,"children":1721},{"style":671},[1722],{"type":418,"value":1343},{"type":413,"tag":623,"props":1724,"children":1725},{"class":625,"line":1337},[1726,1731,1735,1739,1744],{"type":413,"tag":623,"props":1727,"children":1728},{"style":1058},[1729],{"type":418,"value":1730},"    DefaultBranch ",{"type":413,"tag":623,"props":1732,"children":1733},{"style":671},[1734],{"type":418,"value":1066},{"type":413,"tag":623,"props":1736,"children":1737},{"style":671},[1738],{"type":418,"value":674},{"type":413,"tag":623,"props":1740,"children":1741},{"style":635},[1742],{"type":418,"value":1743},"refs/heads/main",{"type":413,"tag":623,"props":1745,"children":1746},{"style":671},[1747],{"type":418,"value":684},{"type":413,"tag":623,"props":1749,"children":1750},{"class":625,"line":1346},[1751],{"type":413,"tag":623,"props":1752,"children":1753},{"style":671},[1754],{"type":418,"value":1352},{"type":413,"tag":496,"props":1756,"children":1757},{"icon":498},[1758],{"type":413,"tag":414,"props":1759,"children":1760},{},[1761,1763,1769,1771,1777,1779,1785,1787,1794],{"type":418,"value":1762},"We should not have to set the ",{"type":413,"tag":619,"props":1764,"children":1766},{"className":1765},[],[1767],{"type":418,"value":1768},"SourceType",{"type":418,"value":1770},", ",{"type":413,"tag":619,"props":1772,"children":1774},{"className":1773},[],[1775],{"type":418,"value":1776},"SourceUrl",{"type":418,"value":1778}," and ",{"type":413,"tag":619,"props":1780,"children":1782},{"className":1781},[],[1783],{"type":418,"value":1784},"ServiceConnectionId",{"type":418,"value":1786}," properties as we are initializing a clean Git repository, not importing one, but it's a workaround because of this ",{"type":413,"tag":432,"props":1788,"children":1791},{"href":1789,"rel":1790},"https://github.com/pulumi/pulumi-azuredevops/issues/66",[436],[1792],{"type":418,"value":1793},"issue",{"type":418,"value":1795}," on the provider.",{"type":413,"tag":600,"props":1797,"children":1799},{"id":1798},"configure-the-arm-service-connection-in-azure-devops",[1800],{"type":418,"value":1801},"Configure the ARM Service Connection in Azure DevOps",{"type":413,"tag":414,"props":1803,"children":1804},{},[1805,1807,1814],{"type":418,"value":1806},"In the Azure DevOps provider, the Azure Resource Manager service connection is called a ",{"type":413,"tag":432,"props":1808,"children":1811},{"href":1809,"rel":1810},"https://www.pulumi.com/registry/packages/azuredevops/api-docs/serviceendpointazurerm/#workload-identity-federation-manual-azurerm-service-endpoint-subscription-scoped",[436],[1812],{"type":418,"value":1813},"ServiceEndpointAzureRM",{"type":418,"value":1815},". We can create such a resource like this:",{"type":413,"tag":612,"props":1817,"children":1819},{"className":981,"code":1818,"language":326,"meta":401,"style":401},"var serviceConnection = new ServiceEndpointAzureRM(\"AzureServiceConnection\", new()\n{\n    ProjectId = project.Id,\n    ServiceEndpointName = \"azure-with-oidc\",\n    ServiceEndpointAuthenticationScheme = \"WorkloadIdentityFederation\",\n    AzurermSpnTenantid = tenantId,\n    AzurermSubscriptionId = subscriptionId,\n    AzurermSubscriptionName = subscriptionName,\n    Credentials = new ServiceEndpointAzureRMCredentialsArgs()\n    {\n        Serviceprincipalid = servicePrincipal.ApplicationId,\n    }\n});\n",[1820],{"type":413,"tag":619,"props":1821,"children":1822},{"__ignoreMap":401},[1823,1873,1880,1907,1936,1965,1986,2007,2028,2053,2060,2090,2098],{"type":413,"tag":623,"props":1824,"children":1825},{"class":625,"line":626},[1826,1830,1835,1839,1843,1848,1852,1856,1861,1865,1869],{"type":413,"tag":623,"props":1827,"children":1828},{"style":630},[1829],{"type":418,"value":994},{"type":413,"tag":623,"props":1831,"children":1832},{"style":630},[1833],{"type":418,"value":1834}," serviceConnection",{"type":413,"tag":623,"props":1836,"children":1837},{"style":671},[1838],{"type":418,"value":1004},{"type":413,"tag":623,"props":1840,"children":1841},{"style":671},[1842],{"type":418,"value":638},{"type":413,"tag":623,"props":1844,"children":1845},{"style":630},[1846],{"type":418,"value":1847}," ServiceEndpointAzureRM",{"type":413,"tag":623,"props":1849,"children":1850},{"style":671},[1851],{"type":418,"value":1018},{"type":413,"tag":623,"props":1853,"children":1854},{"style":671},[1855],{"type":418,"value":1023},{"type":413,"tag":623,"props":1857,"children":1858},{"style":635},[1859],{"type":418,"value":1860},"AzureServiceConnection",{"type":413,"tag":623,"props":1862,"children":1863},{"style":671},[1864],{"type":418,"value":1023},{"type":413,"tag":623,"props":1866,"children":1867},{"style":671},[1868],{"type":418,"value":1037},{"type":413,"tag":623,"props":1870,"children":1871},{"style":671},[1872],{"type":418,"value":1042},{"type":413,"tag":623,"props":1874,"children":1875},{"class":625,"line":1045},[1876],{"type":413,"tag":623,"props":1877,"children":1878},{"style":671},[1879],{"type":418,"value":1051},{"type":413,"tag":623,"props":1881,"children":1882},{"class":625,"line":1054},[1883,1887,1891,1895,1899,1903],{"type":413,"tag":623,"props":1884,"children":1885},{"style":1058},[1886],{"type":418,"value":1430},{"type":413,"tag":623,"props":1888,"children":1889},{"style":671},[1890],{"type":418,"value":1066},{"type":413,"tag":623,"props":1892,"children":1893},{"style":1058},[1894],{"type":418,"value":999},{"type":413,"tag":623,"props":1896,"children":1897},{"style":671},[1898],{"type":418,"value":1404},{"type":413,"tag":623,"props":1900,"children":1901},{"style":1058},[1902],{"type":418,"value":1447},{"type":413,"tag":623,"props":1904,"children":1905},{"style":671},[1906],{"type":418,"value":1084},{"type":413,"tag":623,"props":1908,"children":1909},{"class":625,"line":1087},[1910,1915,1919,1923,1928,1932],{"type":413,"tag":623,"props":1911,"children":1912},{"style":1058},[1913],{"type":418,"value":1914},"    ServiceEndpointName ",{"type":413,"tag":623,"props":1916,"children":1917},{"style":671},[1918],{"type":418,"value":1066},{"type":413,"tag":623,"props":1920,"children":1921},{"style":671},[1922],{"type":418,"value":674},{"type":413,"tag":623,"props":1924,"children":1925},{"style":635},[1926],{"type":418,"value":1927},"azure-with-oidc",{"type":413,"tag":623,"props":1929,"children":1930},{"style":671},[1931],{"type":418,"value":1023},{"type":413,"tag":623,"props":1933,"children":1934},{"style":671},[1935],{"type":418,"value":1084},{"type":413,"tag":623,"props":1937,"children":1938},{"class":625,"line":1104},[1939,1944,1948,1952,1957,1961],{"type":413,"tag":623,"props":1940,"children":1941},{"style":1058},[1942],{"type":418,"value":1943},"    ServiceEndpointAuthenticationScheme ",{"type":413,"tag":623,"props":1945,"children":1946},{"style":671},[1947],{"type":418,"value":1066},{"type":413,"tag":623,"props":1949,"children":1950},{"style":671},[1951],{"type":418,"value":674},{"type":413,"tag":623,"props":1953,"children":1954},{"style":635},[1955],{"type":418,"value":1956},"WorkloadIdentityFederation",{"type":413,"tag":623,"props":1958,"children":1959},{"style":671},[1960],{"type":418,"value":1023},{"type":413,"tag":623,"props":1962,"children":1963},{"style":671},[1964],{"type":418,"value":1084},{"type":413,"tag":623,"props":1966,"children":1967},{"class":625,"line":1113},[1968,1973,1977,1982],{"type":413,"tag":623,"props":1969,"children":1970},{"style":1058},[1971],{"type":418,"value":1972},"    AzurermSpnTenantid ",{"type":413,"tag":623,"props":1974,"children":1975},{"style":671},[1976],{"type":418,"value":1066},{"type":413,"tag":623,"props":1978,"children":1979},{"style":1058},[1980],{"type":418,"value":1981}," tenantId",{"type":413,"tag":623,"props":1983,"children":1984},{"style":671},[1985],{"type":418,"value":1084},{"type":413,"tag":623,"props":1987,"children":1988},{"class":625,"line":1161},[1989,1994,1998,2003],{"type":413,"tag":623,"props":1990,"children":1991},{"style":1058},[1992],{"type":418,"value":1993},"    AzurermSubscriptionId ",{"type":413,"tag":623,"props":1995,"children":1996},{"style":671},[1997],{"type":418,"value":1066},{"type":413,"tag":623,"props":1999,"children":2000},{"style":1058},[2001],{"type":418,"value":2002}," subscriptionId",{"type":413,"tag":623,"props":2004,"children":2005},{"style":671},[2006],{"type":418,"value":1084},{"type":413,"tag":623,"props":2008,"children":2009},{"class":625,"line":1207},[2010,2015,2019,2024],{"type":413,"tag":623,"props":2011,"children":2012},{"style":1058},[2013],{"type":418,"value":2014},"    AzurermSubscriptionName ",{"type":413,"tag":623,"props":2016,"children":2017},{"style":671},[2018],{"type":418,"value":1066},{"type":413,"tag":623,"props":2020,"children":2021},{"style":1058},[2022],{"type":418,"value":2023}," subscriptionName",{"type":413,"tag":623,"props":2025,"children":2026},{"style":671},[2027],{"type":418,"value":1084},{"type":413,"tag":623,"props":2029,"children":2030},{"class":625,"line":1251},[2031,2036,2040,2044,2049],{"type":413,"tag":623,"props":2032,"children":2033},{"style":1058},[2034],{"type":418,"value":2035},"    Credentials ",{"type":413,"tag":623,"props":2037,"children":2038},{"style":671},[2039],{"type":418,"value":1066},{"type":413,"tag":623,"props":2041,"children":2042},{"style":671},[2043],{"type":418,"value":638},{"type":413,"tag":623,"props":2045,"children":2046},{"style":630},[2047],{"type":418,"value":2048}," ServiceEndpointAzureRMCredentialsArgs",{"type":413,"tag":623,"props":2050,"children":2051},{"style":671},[2052],{"type":418,"value":1604},{"type":413,"tag":623,"props":2054,"children":2055},{"class":625,"line":1296},[2056],{"type":413,"tag":623,"props":2057,"children":2058},{"style":671},[2059],{"type":418,"value":1110},{"type":413,"tag":623,"props":2061,"children":2062},{"class":625,"line":1337},[2063,2068,2072,2077,2081,2086],{"type":413,"tag":623,"props":2064,"children":2065},{"style":1058},[2066],{"type":418,"value":2067},"        Serviceprincipalid ",{"type":413,"tag":623,"props":2069,"children":2070},{"style":671},[2071],{"type":418,"value":1066},{"type":413,"tag":623,"props":2073,"children":2074},{"style":1058},[2075],{"type":418,"value":2076}," servicePrincipal",{"type":413,"tag":623,"props":2078,"children":2079},{"style":671},[2080],{"type":418,"value":1404},{"type":413,"tag":623,"props":2082,"children":2083},{"style":1058},[2084],{"type":418,"value":2085},"ApplicationId",{"type":413,"tag":623,"props":2087,"children":2088},{"style":671},[2089],{"type":418,"value":1084},{"type":413,"tag":623,"props":2091,"children":2092},{"class":625,"line":1346},[2093],{"type":413,"tag":623,"props":2094,"children":2095},{"style":671},[2096],{"type":418,"value":2097},"    }\n",{"type":413,"tag":623,"props":2099,"children":2101},{"class":625,"line":2100},13,[2102],{"type":413,"tag":623,"props":2103,"children":2104},{"style":671},[2105],{"type":418,"value":1352},{"type":413,"tag":414,"props":2107,"children":2108},{},[2109,2111,2117],{"type":418,"value":2110},"Do not worry about the service principal, we will see in the next section how to create it. The tenant and the subscription identifiers can be retrieved from the current configuration of the Azure Native provider (using the ",{"type":413,"tag":619,"props":2112,"children":2114},{"className":2113},[],[2115],{"type":418,"value":2116},"GetClientConfig.Invoke",{"type":418,"value":2118}," function):",{"type":413,"tag":612,"props":2120,"children":2122},{"className":981,"code":2121,"language":326,"meta":401,"style":401},"var azureConfig = GetClientConfig.Invoke();\nvar tenantId = azureConfig.Apply(c => c.tenantId);\nvar subscriptionId = azureConfig.Apply(c => c.SubscriptionId);\n",[2123],{"type":413,"tag":619,"props":2124,"children":2125},{"__ignoreMap":401},[2126,2160,2221],{"type":413,"tag":623,"props":2127,"children":2128},{"class":625,"line":626},[2129,2133,2138,2142,2147,2151,2155],{"type":413,"tag":623,"props":2130,"children":2131},{"style":630},[2132],{"type":418,"value":994},{"type":413,"tag":623,"props":2134,"children":2135},{"style":630},[2136],{"type":418,"value":2137}," azureConfig",{"type":413,"tag":623,"props":2139,"children":2140},{"style":671},[2141],{"type":418,"value":1004},{"type":413,"tag":623,"props":2143,"children":2144},{"style":1058},[2145],{"type":418,"value":2146}," GetClientConfig",{"type":413,"tag":623,"props":2148,"children":2149},{"style":671},[2150],{"type":418,"value":1404},{"type":413,"tag":623,"props":2152,"children":2153},{"style":1407},[2154],{"type":418,"value":1410},{"type":413,"tag":623,"props":2156,"children":2157},{"style":671},[2158],{"type":418,"value":2159},"();\n",{"type":413,"tag":623,"props":2161,"children":2162},{"class":625,"line":1045},[2163,2167,2171,2175,2179,2183,2188,2192,2197,2202,2207,2211,2216],{"type":413,"tag":623,"props":2164,"children":2165},{"style":630},[2166],{"type":418,"value":994},{"type":413,"tag":623,"props":2168,"children":2169},{"style":630},[2170],{"type":418,"value":1981},{"type":413,"tag":623,"props":2172,"children":2173},{"style":671},[2174],{"type":418,"value":1004},{"type":413,"tag":623,"props":2176,"children":2177},{"style":1058},[2178],{"type":418,"value":2137},{"type":413,"tag":623,"props":2180,"children":2181},{"style":671},[2182],{"type":418,"value":1404},{"type":413,"tag":623,"props":2184,"children":2185},{"style":1407},[2186],{"type":418,"value":2187},"Apply",{"type":413,"tag":623,"props":2189,"children":2190},{"style":671},[2191],{"type":418,"value":1018},{"type":413,"tag":623,"props":2193,"children":2194},{"style":630},[2195],{"type":418,"value":2196},"c",{"type":413,"tag":623,"props":2198,"children":2199},{"style":671},[2200],{"type":418,"value":2201}," =>",{"type":413,"tag":623,"props":2203,"children":2204},{"style":1058},[2205],{"type":418,"value":2206}," c",{"type":413,"tag":623,"props":2208,"children":2209},{"style":671},[2210],{"type":418,"value":1404},{"type":413,"tag":623,"props":2212,"children":2213},{"style":1058},[2214],{"type":418,"value":2215},"tenantId",{"type":413,"tag":623,"props":2217,"children":2218},{"style":671},[2219],{"type":418,"value":2220},");\n",{"type":413,"tag":623,"props":2222,"children":2223},{"class":625,"line":1054},[2224,2228,2232,2236,2240,2244,2248,2252,2256,2260,2264,2268,2273],{"type":413,"tag":623,"props":2225,"children":2226},{"style":630},[2227],{"type":418,"value":994},{"type":413,"tag":623,"props":2229,"children":2230},{"style":630},[2231],{"type":418,"value":2002},{"type":413,"tag":623,"props":2233,"children":2234},{"style":671},[2235],{"type":418,"value":1004},{"type":413,"tag":623,"props":2237,"children":2238},{"style":1058},[2239],{"type":418,"value":2137},{"type":413,"tag":623,"props":2241,"children":2242},{"style":671},[2243],{"type":418,"value":1404},{"type":413,"tag":623,"props":2245,"children":2246},{"style":1407},[2247],{"type":418,"value":2187},{"type":413,"tag":623,"props":2249,"children":2250},{"style":671},[2251],{"type":418,"value":1018},{"type":413,"tag":623,"props":2253,"children":2254},{"style":630},[2255],{"type":418,"value":2196},{"type":413,"tag":623,"props":2257,"children":2258},{"style":671},[2259],{"type":418,"value":2201},{"type":413,"tag":623,"props":2261,"children":2262},{"style":1058},[2263],{"type":418,"value":2206},{"type":413,"tag":623,"props":2265,"children":2266},{"style":671},[2267],{"type":418,"value":1404},{"type":413,"tag":623,"props":2269,"children":2270},{"style":1058},[2271],{"type":418,"value":2272},"SubscriptionId",{"type":413,"tag":623,"props":2274,"children":2275},{"style":671},[2276],{"type":418,"value":2220},{"type":413,"tag":414,"props":2278,"children":2279},{},[2280],{"type":418,"value":2281},"For the subscription name, it's more complicated as we don't have it, and no easy way to retrieve it. To be frank, I think having to provide the subscription name while we already provide the subscription identifier is completely useless but that's how the Azure DevOps provider works.",{"type":413,"tag":414,"props":2283,"children":2284},{},[2285,2287,2294,2296,2302],{"type":418,"value":2286},"The Azure Classic provider offers a ",{"type":413,"tag":432,"props":2288,"children":2291},{"href":2289,"rel":2290},"https://www.pulumi.com/registry/packages/azure/api-docs/core/getsubscription/#azure-core-getsubscription",[436],[2292],{"type":418,"value":2293},"function",{"type":418,"value":2295}," to get a subscription by its identifier but it's not available in the Azure Native provider. I don't want to add the Azure Classic provider to my project solely for this purpose. However, it's not a big deal as it allows us to experience one of the advantages of using Pulumi: when something is not available you can just implement it or use any library that can help you, such as the ",{"type":413,"tag":432,"props":2297,"children":2300},{"href":2298,"rel":2299},"https://www.nuget.org/packages/Azure.ResourceManager",[436],[2301],{"type":418,"value":302},{"type":418,"value":2303}," in this case.",{"type":413,"tag":612,"props":2305,"children":2307},{"className":981,"code":2306,"language":326,"meta":401,"style":401},"var subscriptionName = subscriptionId.Apply(s =>\n{\n    var armClient = new ArmClient(new DefaultAzureCredential());\n    var subscription = armClient.GetSubscriptionResource(new ResourceIdentifier($\"/subscriptions/{s}\")).Get();\n    return subscription.Value.Data.DisplayName;\n});\n",[2308],{"type":413,"tag":619,"props":2309,"children":2310},{"__ignoreMap":401},[2311,2352,2359,2400,2480,2525],{"type":413,"tag":623,"props":2312,"children":2313},{"class":625,"line":626},[2314,2318,2322,2326,2330,2334,2338,2342,2347],{"type":413,"tag":623,"props":2315,"children":2316},{"style":630},[2317],{"type":418,"value":994},{"type":413,"tag":623,"props":2319,"children":2320},{"style":630},[2321],{"type":418,"value":2023},{"type":413,"tag":623,"props":2323,"children":2324},{"style":671},[2325],{"type":418,"value":1004},{"type":413,"tag":623,"props":2327,"children":2328},{"style":1058},[2329],{"type":418,"value":2002},{"type":413,"tag":623,"props":2331,"children":2332},{"style":671},[2333],{"type":418,"value":1404},{"type":413,"tag":623,"props":2335,"children":2336},{"style":1407},[2337],{"type":418,"value":2187},{"type":413,"tag":623,"props":2339,"children":2340},{"style":671},[2341],{"type":418,"value":1018},{"type":413,"tag":623,"props":2343,"children":2344},{"style":630},[2345],{"type":418,"value":2346},"s",{"type":413,"tag":623,"props":2348,"children":2349},{"style":671},[2350],{"type":418,"value":2351}," =>\n",{"type":413,"tag":623,"props":2353,"children":2354},{"class":625,"line":1045},[2355],{"type":413,"tag":623,"props":2356,"children":2357},{"style":671},[2358],{"type":418,"value":1051},{"type":413,"tag":623,"props":2360,"children":2361},{"class":625,"line":1054},[2362,2367,2372,2376,2380,2385,2390,2395],{"type":413,"tag":623,"props":2363,"children":2364},{"style":630},[2365],{"type":418,"value":2366},"    var",{"type":413,"tag":623,"props":2368,"children":2369},{"style":630},[2370],{"type":418,"value":2371}," armClient",{"type":413,"tag":623,"props":2373,"children":2374},{"style":671},[2375],{"type":418,"value":1004},{"type":413,"tag":623,"props":2377,"children":2378},{"style":671},[2379],{"type":418,"value":638},{"type":413,"tag":623,"props":2381,"children":2382},{"style":630},[2383],{"type":418,"value":2384}," ArmClient",{"type":413,"tag":623,"props":2386,"children":2387},{"style":671},[2388],{"type":418,"value":2389},"(new",{"type":413,"tag":623,"props":2391,"children":2392},{"style":630},[2393],{"type":418,"value":2394}," DefaultAzureCredential",{"type":413,"tag":623,"props":2396,"children":2397},{"style":671},[2398],{"type":418,"value":2399},"());\n",{"type":413,"tag":623,"props":2401,"children":2402},{"class":625,"line":1087},[2403,2407,2412,2416,2420,2424,2429,2433,2438,2442,2447,2452,2457,2461,2466,2471,2476],{"type":413,"tag":623,"props":2404,"children":2405},{"style":630},[2406],{"type":418,"value":2366},{"type":413,"tag":623,"props":2408,"children":2409},{"style":630},[2410],{"type":418,"value":2411}," subscription",{"type":413,"tag":623,"props":2413,"children":2414},{"style":671},[2415],{"type":418,"value":1004},{"type":413,"tag":623,"props":2417,"children":2418},{"style":1058},[2419],{"type":418,"value":2371},{"type":413,"tag":623,"props":2421,"children":2422},{"style":671},[2423],{"type":418,"value":1404},{"type":413,"tag":623,"props":2425,"children":2426},{"style":1407},[2427],{"type":418,"value":2428},"GetSubscriptionResource",{"type":413,"tag":623,"props":2430,"children":2431},{"style":671},[2432],{"type":418,"value":2389},{"type":413,"tag":623,"props":2434,"children":2435},{"style":630},[2436],{"type":418,"value":2437}," ResourceIdentifier",{"type":413,"tag":623,"props":2439,"children":2440},{"style":671},[2441],{"type":418,"value":1018},{"type":413,"tag":623,"props":2443,"children":2444},{"style":671},[2445],{"type":418,"value":2446},"$\"",{"type":413,"tag":623,"props":2448,"children":2449},{"style":635},[2450],{"type":418,"value":2451},"/subscriptions/",{"type":413,"tag":623,"props":2453,"children":2454},{"style":671},[2455],{"type":418,"value":2456},"{",{"type":413,"tag":623,"props":2458,"children":2459},{"style":1058},[2460],{"type":418,"value":2346},{"type":413,"tag":623,"props":2462,"children":2463},{"style":671},[2464],{"type":418,"value":2465},"}\"",{"type":413,"tag":623,"props":2467,"children":2468},{"style":671},[2469],{"type":418,"value":2470},")).",{"type":413,"tag":623,"props":2472,"children":2473},{"style":1407},[2474],{"type":418,"value":2475},"Get",{"type":413,"tag":623,"props":2477,"children":2478},{"style":671},[2479],{"type":418,"value":2159},{"type":413,"tag":623,"props":2481,"children":2482},{"class":625,"line":1104},[2483,2489,2493,2497,2502,2506,2511,2515,2520],{"type":413,"tag":623,"props":2484,"children":2486},{"style":2485},"--shiki-light:#39ADB5;--shiki-default:#89DDFF;--shiki-dark:#89DDFF;--shiki-light-font-style:italic;--shiki-default-font-style:italic;--shiki-dark-font-style:italic",[2487],{"type":418,"value":2488},"    return",{"type":413,"tag":623,"props":2490,"children":2491},{"style":1058},[2492],{"type":418,"value":2411},{"type":413,"tag":623,"props":2494,"children":2495},{"style":671},[2496],{"type":418,"value":1404},{"type":413,"tag":623,"props":2498,"children":2499},{"style":1058},[2500],{"type":418,"value":2501},"Value",{"type":413,"tag":623,"props":2503,"children":2504},{"style":671},[2505],{"type":418,"value":1404},{"type":413,"tag":623,"props":2507,"children":2508},{"style":1058},[2509],{"type":418,"value":2510},"Data",{"type":413,"tag":623,"props":2512,"children":2513},{"style":671},[2514],{"type":418,"value":1404},{"type":413,"tag":623,"props":2516,"children":2517},{"style":1058},[2518],{"type":418,"value":2519},"DisplayName",{"type":413,"tag":623,"props":2521,"children":2522},{"style":671},[2523],{"type":418,"value":2524},";\n",{"type":413,"tag":623,"props":2526,"children":2527},{"class":625,"line":1113},[2528],{"type":413,"tag":623,"props":2529,"children":2530},{"style":671},[2531],{"type":418,"value":1352},{"type":413,"tag":600,"props":2533,"children":2535},{"id":2534},"set-up-the-necessary-microsoft-entra-id-resources",[2536],{"type":418,"value":2537},"Set up the necessary Microsoft Entra ID resources",{"type":413,"tag":414,"props":2539,"children":2540},{},[2541],{"type":418,"value":2542},"We need to set up the following resources in Microsoft Entra ID:",{"type":413,"tag":443,"props":2544,"children":2545},{},[2546,2551,2556],{"type":413,"tag":447,"props":2547,"children":2548},{},[2549],{"type":418,"value":2550},"an Application that represents the Azure DevOps service connection identity",{"type":413,"tag":447,"props":2552,"children":2553},{},[2554],{"type":418,"value":2555},"a Service Principal (related to the application above) that has the contributor role on the Azure subscription",{"type":413,"tag":447,"props":2557,"children":2558},{},[2559],{"type":418,"value":2560},"credentials for the CI/CD pipeline to authenticate to Azure on behalf of this Microsoft Entra ID application",{"type":413,"tag":414,"props":2562,"children":2563},{},[2564],{"type":418,"value":2565},"Let's take care of the first 2 points:",{"type":413,"tag":612,"props":2567,"children":2569},{"className":981,"code":2568,"language":326,"meta":401,"style":401},"var azureConfig = GetClientConfig.Invoke();\nvar aadApplication = new Application(\"ADOAzureReadyApp\", new()\n{\n    DisplayName = \"ADO Azure Ready App\"\n});\nvar servicePrincipal  = new ServicePrincipal(\"AzureReadyServicePrincipal\", new()\n{\n    ApplicationId = aadApplication.ApplicationId,\n});\n\nvar subscriptionId = azureConfig.Apply(c => c.SubscriptionId);\nnew RoleAssignment(\"contributor\", new()\n{\n    PrincipalId= servicePrincipal.Id,\n    PrincipalType= PrincipalType.ServicePrincipal,\n    RoleDefinitionId = AzureBuiltInRoles.Contributor,\n    Scope = Output.Format($\"/subscriptions/{subscriptionId}\")\n});\n",[2570],{"type":413,"tag":619,"props":2571,"children":2572},{"__ignoreMap":401},[2573,2604,2654,2661,2686,2693,2743,2750,2778,2785,2794,2849,2888,2895,2924,2955,2986,3043],{"type":413,"tag":623,"props":2574,"children":2575},{"class":625,"line":626},[2576,2580,2584,2588,2592,2596,2600],{"type":413,"tag":623,"props":2577,"children":2578},{"style":630},[2579],{"type":418,"value":994},{"type":413,"tag":623,"props":2581,"children":2582},{"style":630},[2583],{"type":418,"value":2137},{"type":413,"tag":623,"props":2585,"children":2586},{"style":671},[2587],{"type":418,"value":1004},{"type":413,"tag":623,"props":2589,"children":2590},{"style":1058},[2591],{"type":418,"value":2146},{"type":413,"tag":623,"props":2593,"children":2594},{"style":671},[2595],{"type":418,"value":1404},{"type":413,"tag":623,"props":2597,"children":2598},{"style":1407},[2599],{"type":418,"value":1410},{"type":413,"tag":623,"props":2601,"children":2602},{"style":671},[2603],{"type":418,"value":2159},{"type":413,"tag":623,"props":2605,"children":2606},{"class":625,"line":1045},[2607,2611,2616,2620,2624,2629,2633,2637,2642,2646,2650],{"type":413,"tag":623,"props":2608,"children":2609},{"style":630},[2610],{"type":418,"value":994},{"type":413,"tag":623,"props":2612,"children":2613},{"style":630},[2614],{"type":418,"value":2615}," aadApplication",{"type":413,"tag":623,"props":2617,"children":2618},{"style":671},[2619],{"type":418,"value":1004},{"type":413,"tag":623,"props":2621,"children":2622},{"style":671},[2623],{"type":418,"value":638},{"type":413,"tag":623,"props":2625,"children":2626},{"style":630},[2627],{"type":418,"value":2628}," Application",{"type":413,"tag":623,"props":2630,"children":2631},{"style":671},[2632],{"type":418,"value":1018},{"type":413,"tag":623,"props":2634,"children":2635},{"style":671},[2636],{"type":418,"value":1023},{"type":413,"tag":623,"props":2638,"children":2639},{"style":635},[2640],{"type":418,"value":2641},"ADOAzureReadyApp",{"type":413,"tag":623,"props":2643,"children":2644},{"style":671},[2645],{"type":418,"value":1023},{"type":413,"tag":623,"props":2647,"children":2648},{"style":671},[2649],{"type":418,"value":1037},{"type":413,"tag":623,"props":2651,"children":2652},{"style":671},[2653],{"type":418,"value":1042},{"type":413,"tag":623,"props":2655,"children":2656},{"class":625,"line":1054},[2657],{"type":413,"tag":623,"props":2658,"children":2659},{"style":671},[2660],{"type":418,"value":1051},{"type":413,"tag":623,"props":2662,"children":2663},{"class":625,"line":1087},[2664,2669,2673,2677,2682],{"type":413,"tag":623,"props":2665,"children":2666},{"style":1058},[2667],{"type":418,"value":2668},"    DisplayName ",{"type":413,"tag":623,"props":2670,"children":2671},{"style":671},[2672],{"type":418,"value":1066},{"type":413,"tag":623,"props":2674,"children":2675},{"style":671},[2676],{"type":418,"value":674},{"type":413,"tag":623,"props":2678,"children":2679},{"style":635},[2680],{"type":418,"value":2681},"ADO Azure Ready App",{"type":413,"tag":623,"props":2683,"children":2684},{"style":671},[2685],{"type":418,"value":684},{"type":413,"tag":623,"props":2687,"children":2688},{"class":625,"line":1104},[2689],{"type":413,"tag":623,"props":2690,"children":2691},{"style":671},[2692],{"type":418,"value":1352},{"type":413,"tag":623,"props":2694,"children":2695},{"class":625,"line":1113},[2696,2700,2704,2709,2713,2718,2722,2726,2731,2735,2739],{"type":413,"tag":623,"props":2697,"children":2698},{"style":630},[2699],{"type":418,"value":994},{"type":413,"tag":623,"props":2701,"children":2702},{"style":630},[2703],{"type":418,"value":2076},{"type":413,"tag":623,"props":2705,"children":2706},{"style":671},[2707],{"type":418,"value":2708},"  =",{"type":413,"tag":623,"props":2710,"children":2711},{"style":671},[2712],{"type":418,"value":638},{"type":413,"tag":623,"props":2714,"children":2715},{"style":630},[2716],{"type":418,"value":2717}," ServicePrincipal",{"type":413,"tag":623,"props":2719,"children":2720},{"style":671},[2721],{"type":418,"value":1018},{"type":413,"tag":623,"props":2723,"children":2724},{"style":671},[2725],{"type":418,"value":1023},{"type":413,"tag":623,"props":2727,"children":2728},{"style":635},[2729],{"type":418,"value":2730},"AzureReadyServicePrincipal",{"type":413,"tag":623,"props":2732,"children":2733},{"style":671},[2734],{"type":418,"value":1023},{"type":413,"tag":623,"props":2736,"children":2737},{"style":671},[2738],{"type":418,"value":1037},{"type":413,"tag":623,"props":2740,"children":2741},{"style":671},[2742],{"type":418,"value":1042},{"type":413,"tag":623,"props":2744,"children":2745},{"class":625,"line":1161},[2746],{"type":413,"tag":623,"props":2747,"children":2748},{"style":671},[2749],{"type":418,"value":1051},{"type":413,"tag":623,"props":2751,"children":2752},{"class":625,"line":1207},[2753,2758,2762,2766,2770,2774],{"type":413,"tag":623,"props":2754,"children":2755},{"style":1058},[2756],{"type":418,"value":2757},"    ApplicationId ",{"type":413,"tag":623,"props":2759,"children":2760},{"style":671},[2761],{"type":418,"value":1066},{"type":413,"tag":623,"props":2763,"children":2764},{"style":1058},[2765],{"type":418,"value":2615},{"type":413,"tag":623,"props":2767,"children":2768},{"style":671},[2769],{"type":418,"value":1404},{"type":413,"tag":623,"props":2771,"children":2772},{"style":1058},[2773],{"type":418,"value":2085},{"type":413,"tag":623,"props":2775,"children":2776},{"style":671},[2777],{"type":418,"value":1084},{"type":413,"tag":623,"props":2779,"children":2780},{"class":625,"line":1251},[2781],{"type":413,"tag":623,"props":2782,"children":2783},{"style":671},[2784],{"type":418,"value":1352},{"type":413,"tag":623,"props":2786,"children":2787},{"class":625,"line":1296},[2788],{"type":413,"tag":623,"props":2789,"children":2791},{"emptyLinePlaceholder":2790},true,[2792],{"type":418,"value":2793},"\n",{"type":413,"tag":623,"props":2795,"children":2796},{"class":625,"line":1337},[2797,2801,2805,2809,2813,2817,2821,2825,2829,2833,2837,2841,2845],{"type":413,"tag":623,"props":2798,"children":2799},{"style":630},[2800],{"type":418,"value":994},{"type":413,"tag":623,"props":2802,"children":2803},{"style":630},[2804],{"type":418,"value":2002},{"type":413,"tag":623,"props":2806,"children":2807},{"style":671},[2808],{"type":418,"value":1004},{"type":413,"tag":623,"props":2810,"children":2811},{"style":1058},[2812],{"type":418,"value":2137},{"type":413,"tag":623,"props":2814,"children":2815},{"style":671},[2816],{"type":418,"value":1404},{"type":413,"tag":623,"props":2818,"children":2819},{"style":1407},[2820],{"type":418,"value":2187},{"type":413,"tag":623,"props":2822,"children":2823},{"style":671},[2824],{"type":418,"value":1018},{"type":413,"tag":623,"props":2826,"children":2827},{"style":630},[2828],{"type":418,"value":2196},{"type":413,"tag":623,"props":2830,"children":2831},{"style":671},[2832],{"type":418,"value":2201},{"type":413,"tag":623,"props":2834,"children":2835},{"style":1058},[2836],{"type":418,"value":2206},{"type":413,"tag":623,"props":2838,"children":2839},{"style":671},[2840],{"type":418,"value":1404},{"type":413,"tag":623,"props":2842,"children":2843},{"style":1058},[2844],{"type":418,"value":2272},{"type":413,"tag":623,"props":2846,"children":2847},{"style":671},[2848],{"type":418,"value":2220},{"type":413,"tag":623,"props":2850,"children":2851},{"class":625,"line":1346},[2852,2858,2863,2867,2871,2876,2880,2884],{"type":413,"tag":623,"props":2853,"children":2855},{"style":2854},"--shiki-light:#9C3EDA;--shiki-default:#C792EA;--shiki-dark:#C792EA",[2856],{"type":418,"value":2857},"new",{"type":413,"tag":623,"props":2859,"children":2860},{"style":1407},[2861],{"type":418,"value":2862}," RoleAssignment",{"type":413,"tag":623,"props":2864,"children":2865},{"style":671},[2866],{"type":418,"value":1018},{"type":413,"tag":623,"props":2868,"children":2869},{"style":671},[2870],{"type":418,"value":1023},{"type":413,"tag":623,"props":2872,"children":2873},{"style":635},[2874],{"type":418,"value":2875},"contributor",{"type":413,"tag":623,"props":2877,"children":2878},{"style":671},[2879],{"type":418,"value":1023},{"type":413,"tag":623,"props":2881,"children":2882},{"style":671},[2883],{"type":418,"value":1037},{"type":413,"tag":623,"props":2885,"children":2886},{"style":671},[2887],{"type":418,"value":1042},{"type":413,"tag":623,"props":2889,"children":2890},{"class":625,"line":2100},[2891],{"type":413,"tag":623,"props":2892,"children":2893},{"style":671},[2894],{"type":418,"value":1051},{"type":413,"tag":623,"props":2896,"children":2898},{"class":625,"line":2897},14,[2899,2904,2908,2912,2916,2920],{"type":413,"tag":623,"props":2900,"children":2901},{"style":1058},[2902],{"type":418,"value":2903},"    PrincipalId",{"type":413,"tag":623,"props":2905,"children":2906},{"style":671},[2907],{"type":418,"value":1066},{"type":413,"tag":623,"props":2909,"children":2910},{"style":1058},[2911],{"type":418,"value":2076},{"type":413,"tag":623,"props":2913,"children":2914},{"style":671},[2915],{"type":418,"value":1404},{"type":413,"tag":623,"props":2917,"children":2918},{"style":1058},[2919],{"type":418,"value":1447},{"type":413,"tag":623,"props":2921,"children":2922},{"style":671},[2923],{"type":418,"value":1084},{"type":413,"tag":623,"props":2925,"children":2927},{"class":625,"line":2926},15,[2928,2933,2937,2942,2946,2951],{"type":413,"tag":623,"props":2929,"children":2930},{"style":1058},[2931],{"type":418,"value":2932},"    PrincipalType",{"type":413,"tag":623,"props":2934,"children":2935},{"style":671},[2936],{"type":418,"value":1066},{"type":413,"tag":623,"props":2938,"children":2939},{"style":1058},[2940],{"type":418,"value":2941}," PrincipalType",{"type":413,"tag":623,"props":2943,"children":2944},{"style":671},[2945],{"type":418,"value":1404},{"type":413,"tag":623,"props":2947,"children":2948},{"style":1058},[2949],{"type":418,"value":2950},"ServicePrincipal",{"type":413,"tag":623,"props":2952,"children":2953},{"style":671},[2954],{"type":418,"value":1084},{"type":413,"tag":623,"props":2956,"children":2958},{"class":625,"line":2957},16,[2959,2964,2968,2973,2977,2982],{"type":413,"tag":623,"props":2960,"children":2961},{"style":1058},[2962],{"type":418,"value":2963},"    RoleDefinitionId ",{"type":413,"tag":623,"props":2965,"children":2966},{"style":671},[2967],{"type":418,"value":1066},{"type":413,"tag":623,"props":2969,"children":2970},{"style":1058},[2971],{"type":418,"value":2972}," AzureBuiltInRoles",{"type":413,"tag":623,"props":2974,"children":2975},{"style":671},[2976],{"type":418,"value":1404},{"type":413,"tag":623,"props":2978,"children":2979},{"style":1058},[2980],{"type":418,"value":2981},"Contributor",{"type":413,"tag":623,"props":2983,"children":2984},{"style":671},[2985],{"type":418,"value":1084},{"type":413,"tag":623,"props":2987,"children":2989},{"class":625,"line":2988},17,[2990,2995,2999,3004,3008,3013,3017,3021,3025,3029,3034,3038],{"type":413,"tag":623,"props":2991,"children":2992},{"style":1058},[2993],{"type":418,"value":2994},"    Scope ",{"type":413,"tag":623,"props":2996,"children":2997},{"style":671},[2998],{"type":418,"value":1066},{"type":413,"tag":623,"props":3000,"children":3001},{"style":1058},[3002],{"type":418,"value":3003}," Output",{"type":413,"tag":623,"props":3005,"children":3006},{"style":671},[3007],{"type":418,"value":1404},{"type":413,"tag":623,"props":3009,"children":3010},{"style":1407},[3011],{"type":418,"value":3012},"Format",{"type":413,"tag":623,"props":3014,"children":3015},{"style":671},[3016],{"type":418,"value":1018},{"type":413,"tag":623,"props":3018,"children":3019},{"style":671},[3020],{"type":418,"value":2446},{"type":413,"tag":623,"props":3022,"children":3023},{"style":635},[3024],{"type":418,"value":2451},{"type":413,"tag":623,"props":3026,"children":3027},{"style":671},[3028],{"type":418,"value":2456},{"type":413,"tag":623,"props":3030,"children":3031},{"style":1058},[3032],{"type":418,"value":3033},"subscriptionId",{"type":413,"tag":623,"props":3035,"children":3036},{"style":671},[3037],{"type":418,"value":2465},{"type":413,"tag":623,"props":3039,"children":3040},{"style":671},[3041],{"type":418,"value":3042},")\n",{"type":413,"tag":623,"props":3044,"children":3046},{"class":625,"line":3045},18,[3047],{"type":413,"tag":623,"props":3048,"children":3049},{"style":671},[3050],{"type":418,"value":1352},{"type":413,"tag":496,"props":3052,"children":3053},{"icon":498},[3054],{"type":413,"tag":414,"props":3055,"children":3056},{},[3057,3059],{"type":418,"value":3058},"It's worth mentioning that using an Application and its associated Service Principal is not the only way to proceed, we could have created instead a ",{"type":413,"tag":432,"props":3060,"children":3063},{"href":3061,"rel":3062},"https://www.pulumi.com/registry/packages/azure-native/api-docs/managedidentity/userassignedidentity/",[436],[3064],{"type":418,"value":3065},"User Assigned Identity",{"type":413,"tag":414,"props":3067,"children":3068},{},[3069],{"type":418,"value":3070},"Now that everything is created, we can create the Federated identity credentials:",{"type":413,"tag":612,"props":3072,"children":3074},{"className":981,"code":3073,"language":326,"meta":401,"style":401},"new ApplicationFederatedIdentityCredential(\"ADOAzureReadyAppFederatedIdentityCredential\", new() \n{\n    ApplicationObjectId = aadApplication.ObjectId,\n    DisplayName = \"AzureReadyDeploys\",\n    Description = \"Deployments for azure-ready-repository\",\n    Audiences = new(){\"api://AzureADTokenExchange\" },\n    Issuer = serviceConnection.WorkloadIdentityFederationIssuer,\n    Subject = Output.Format($\"sc://{organisationName}/{project.Name}/{serviceConnection.ServiceEndpointName}\")\n});\n",[3075],{"type":413,"tag":619,"props":3076,"children":3077},{"__ignoreMap":401},[3078,3121,3128,3157,3185,3213,3248,3277,3385],{"type":413,"tag":623,"props":3079,"children":3080},{"class":625,"line":626},[3081,3085,3090,3094,3098,3103,3107,3111,3116],{"type":413,"tag":623,"props":3082,"children":3083},{"style":2854},[3084],{"type":418,"value":2857},{"type":413,"tag":623,"props":3086,"children":3087},{"style":1407},[3088],{"type":418,"value":3089}," ApplicationFederatedIdentityCredential",{"type":413,"tag":623,"props":3091,"children":3092},{"style":671},[3093],{"type":418,"value":1018},{"type":413,"tag":623,"props":3095,"children":3096},{"style":671},[3097],{"type":418,"value":1023},{"type":413,"tag":623,"props":3099,"children":3100},{"style":635},[3101],{"type":418,"value":3102},"ADOAzureReadyAppFederatedIdentityCredential",{"type":413,"tag":623,"props":3104,"children":3105},{"style":671},[3106],{"type":418,"value":1023},{"type":413,"tag":623,"props":3108,"children":3109},{"style":671},[3110],{"type":418,"value":1037},{"type":413,"tag":623,"props":3112,"children":3113},{"style":671},[3114],{"type":418,"value":3115}," new()",{"type":413,"tag":623,"props":3117,"children":3118},{"style":1058},[3119],{"type":418,"value":3120}," \n",{"type":413,"tag":623,"props":3122,"children":3123},{"class":625,"line":1045},[3124],{"type":413,"tag":623,"props":3125,"children":3126},{"style":671},[3127],{"type":418,"value":1051},{"type":413,"tag":623,"props":3129,"children":3130},{"class":625,"line":1054},[3131,3136,3140,3144,3148,3153],{"type":413,"tag":623,"props":3132,"children":3133},{"style":1058},[3134],{"type":418,"value":3135},"    ApplicationObjectId ",{"type":413,"tag":623,"props":3137,"children":3138},{"style":671},[3139],{"type":418,"value":1066},{"type":413,"tag":623,"props":3141,"children":3142},{"style":1058},[3143],{"type":418,"value":2615},{"type":413,"tag":623,"props":3145,"children":3146},{"style":671},[3147],{"type":418,"value":1404},{"type":413,"tag":623,"props":3149,"children":3150},{"style":1058},[3151],{"type":418,"value":3152},"ObjectId",{"type":413,"tag":623,"props":3154,"children":3155},{"style":671},[3156],{"type":418,"value":1084},{"type":413,"tag":623,"props":3158,"children":3159},{"class":625,"line":1087},[3160,3164,3168,3172,3177,3181],{"type":413,"tag":623,"props":3161,"children":3162},{"style":1058},[3163],{"type":418,"value":2668},{"type":413,"tag":623,"props":3165,"children":3166},{"style":671},[3167],{"type":418,"value":1066},{"type":413,"tag":623,"props":3169,"children":3170},{"style":671},[3171],{"type":418,"value":674},{"type":413,"tag":623,"props":3173,"children":3174},{"style":635},[3175],{"type":418,"value":3176},"AzureReadyDeploys",{"type":413,"tag":623,"props":3178,"children":3179},{"style":671},[3180],{"type":418,"value":1023},{"type":413,"tag":623,"props":3182,"children":3183},{"style":671},[3184],{"type":418,"value":1084},{"type":413,"tag":623,"props":3186,"children":3187},{"class":625,"line":1104},[3188,3192,3196,3200,3205,3209],{"type":413,"tag":623,"props":3189,"children":3190},{"style":1058},[3191],{"type":418,"value":1061},{"type":413,"tag":623,"props":3193,"children":3194},{"style":671},[3195],{"type":418,"value":1066},{"type":413,"tag":623,"props":3197,"children":3198},{"style":671},[3199],{"type":418,"value":674},{"type":413,"tag":623,"props":3201,"children":3202},{"style":635},[3203],{"type":418,"value":3204},"Deployments for azure-ready-repository",{"type":413,"tag":623,"props":3206,"children":3207},{"style":671},[3208],{"type":418,"value":1023},{"type":413,"tag":623,"props":3210,"children":3211},{"style":671},[3212],{"type":418,"value":1084},{"type":413,"tag":623,"props":3214,"children":3215},{"class":625,"line":1113},[3216,3221,3225,3230,3234,3239,3243],{"type":413,"tag":623,"props":3217,"children":3218},{"style":1058},[3219],{"type":418,"value":3220},"    Audiences ",{"type":413,"tag":623,"props":3222,"children":3223},{"style":671},[3224],{"type":418,"value":1066},{"type":413,"tag":623,"props":3226,"children":3227},{"style":671},[3228],{"type":418,"value":3229}," new(){",{"type":413,"tag":623,"props":3231,"children":3232},{"style":671},[3233],{"type":418,"value":1023},{"type":413,"tag":623,"props":3235,"children":3236},{"style":635},[3237],{"type":418,"value":3238},"api://AzureADTokenExchange",{"type":413,"tag":623,"props":3240,"children":3241},{"style":671},[3242],{"type":418,"value":1023},{"type":413,"tag":623,"props":3244,"children":3245},{"style":671},[3246],{"type":418,"value":3247}," },\n",{"type":413,"tag":623,"props":3249,"children":3250},{"class":625,"line":1161},[3251,3256,3260,3264,3268,3273],{"type":413,"tag":623,"props":3252,"children":3253},{"style":1058},[3254],{"type":418,"value":3255},"    Issuer ",{"type":413,"tag":623,"props":3257,"children":3258},{"style":671},[3259],{"type":418,"value":1066},{"type":413,"tag":623,"props":3261,"children":3262},{"style":1058},[3263],{"type":418,"value":1834},{"type":413,"tag":623,"props":3265,"children":3266},{"style":671},[3267],{"type":418,"value":1404},{"type":413,"tag":623,"props":3269,"children":3270},{"style":1058},[3271],{"type":418,"value":3272},"WorkloadIdentityFederationIssuer",{"type":413,"tag":623,"props":3274,"children":3275},{"style":671},[3276],{"type":418,"value":1084},{"type":413,"tag":623,"props":3278,"children":3279},{"class":625,"line":1207},[3280,3285,3289,3293,3297,3301,3305,3309,3314,3318,3323,3328,3333,3337,3342,3346,3351,3355,3359,3363,3368,3372,3377,3381],{"type":413,"tag":623,"props":3281,"children":3282},{"style":1058},[3283],{"type":418,"value":3284},"    Subject ",{"type":413,"tag":623,"props":3286,"children":3287},{"style":671},[3288],{"type":418,"value":1066},{"type":413,"tag":623,"props":3290,"children":3291},{"style":1058},[3292],{"type":418,"value":3003},{"type":413,"tag":623,"props":3294,"children":3295},{"style":671},[3296],{"type":418,"value":1404},{"type":413,"tag":623,"props":3298,"children":3299},{"style":1407},[3300],{"type":418,"value":3012},{"type":413,"tag":623,"props":3302,"children":3303},{"style":671},[3304],{"type":418,"value":1018},{"type":413,"tag":623,"props":3306,"children":3307},{"style":671},[3308],{"type":418,"value":2446},{"type":413,"tag":623,"props":3310,"children":3311},{"style":635},[3312],{"type":418,"value":3313},"sc://",{"type":413,"tag":623,"props":3315,"children":3316},{"style":671},[3317],{"type":418,"value":2456},{"type":413,"tag":623,"props":3319,"children":3320},{"style":1058},[3321],{"type":418,"value":3322},"organisationName",{"type":413,"tag":623,"props":3324,"children":3325},{"style":671},[3326],{"type":418,"value":3327},"}",{"type":413,"tag":623,"props":3329,"children":3330},{"style":635},[3331],{"type":418,"value":3332},"/",{"type":413,"tag":623,"props":3334,"children":3335},{"style":671},[3336],{"type":418,"value":2456},{"type":413,"tag":623,"props":3338,"children":3339},{"style":1058},[3340],{"type":418,"value":3341},"project",{"type":413,"tag":623,"props":3343,"children":3344},{"style":671},[3345],{"type":418,"value":1404},{"type":413,"tag":623,"props":3347,"children":3348},{"style":1058},[3349],{"type":418,"value":3350},"Name",{"type":413,"tag":623,"props":3352,"children":3353},{"style":671},[3354],{"type":418,"value":3327},{"type":413,"tag":623,"props":3356,"children":3357},{"style":635},[3358],{"type":418,"value":3332},{"type":413,"tag":623,"props":3360,"children":3361},{"style":671},[3362],{"type":418,"value":2456},{"type":413,"tag":623,"props":3364,"children":3365},{"style":1058},[3366],{"type":418,"value":3367},"serviceConnection",{"type":413,"tag":623,"props":3369,"children":3370},{"style":671},[3371],{"type":418,"value":1404},{"type":413,"tag":623,"props":3373,"children":3374},{"style":1058},[3375],{"type":418,"value":3376},"ServiceEndpointName",{"type":413,"tag":623,"props":3378,"children":3379},{"style":671},[3380],{"type":418,"value":2465},{"type":413,"tag":623,"props":3382,"children":3383},{"style":671},[3384],{"type":418,"value":3042},{"type":413,"tag":623,"props":3386,"children":3387},{"class":625,"line":1251},[3388],{"type":413,"tag":623,"props":3389,"children":3390},{"style":671},[3391],{"type":418,"value":1352},{"type":413,"tag":414,"props":3393,"children":3394},{},[3395,3397,3403],{"type":418,"value":3396},"You can observe that the federation subject adheres to a particular format (",{"type":413,"tag":619,"props":3398,"children":3400},{"className":3399},[],[3401],{"type":418,"value":3402},"sc://\u003Corg>/\u003Cproject>/\u003Cservice connection name>",{"type":418,"value":3404},"), which identifies the service connection authorized for authentication with Azure.",{"type":413,"tag":600,"props":3406,"children":3408},{"id":3407},"create-the-deployment-pipeline",[3409],{"type":418,"value":3410},"Create the deployment pipeline",{"type":413,"tag":414,"props":3412,"children":3413},{},[3414],{"type":418,"value":3415},"We have completed the configuration of an ARM Service Connection that employs Workload Identity Federation for authentication with Azure. While we could stop at this point, it would be nice to automate the creation of a pipeline that utilizes this service connection and seize the opportunity to ensure everything works properly.",{"type":413,"tag":414,"props":3417,"children":3418},{},[3419,3421,3427],{"type":418,"value":3420},"For this purpose, I have written a very simple YAML pipeline that runs the ",{"type":413,"tag":619,"props":3422,"children":3424},{"className":3423},[],[3425],{"type":418,"value":3426},"AzureCLI",{"type":418,"value":3428}," task to show information about the Azure subscription associated with the previously created service connection.",{"type":413,"tag":612,"props":3430,"children":3432},{"className":981,"code":3431,"language":326,"meta":401,"style":401},"trigger:\n  - main\n\npool:\n  vmImage: ubuntu-latest\n\nsteps:\n  - task: AzureCLI@2\n    inputs:\n      azureSubscription: 'azure-with-oidc'\n      scriptType: 'pscore'\n      scriptLocation: 'inlineScript'\n      inlineScript: 'az account show --query id -o tsv'\n",[3433],{"type":413,"tag":619,"props":3434,"children":3435},{"__ignoreMap":401},[3436,3449,3462,3469,3481,3509,3516,3528,3555,3567,3593,3618,3643],{"type":413,"tag":623,"props":3437,"children":3438},{"class":625,"line":626},[3439,3444],{"type":413,"tag":623,"props":3440,"children":3441},{"style":630},[3442],{"type":418,"value":3443},"trigger",{"type":413,"tag":623,"props":3445,"children":3446},{"style":671},[3447],{"type":418,"value":3448},":\n",{"type":413,"tag":623,"props":3450,"children":3451},{"class":625,"line":1045},[3452,3457],{"type":413,"tag":623,"props":3453,"children":3454},{"style":671},[3455],{"type":418,"value":3456},"  -",{"type":413,"tag":623,"props":3458,"children":3459},{"style":1058},[3460],{"type":418,"value":3461}," main\n",{"type":413,"tag":623,"props":3463,"children":3464},{"class":625,"line":1054},[3465],{"type":413,"tag":623,"props":3466,"children":3467},{"emptyLinePlaceholder":2790},[3468],{"type":418,"value":2793},{"type":413,"tag":623,"props":3470,"children":3471},{"class":625,"line":1087},[3472,3477],{"type":413,"tag":623,"props":3473,"children":3474},{"style":630},[3475],{"type":418,"value":3476},"pool",{"type":413,"tag":623,"props":3478,"children":3479},{"style":671},[3480],{"type":418,"value":3448},{"type":413,"tag":623,"props":3482,"children":3483},{"class":625,"line":1104},[3484,3489,3494,3499,3504],{"type":413,"tag":623,"props":3485,"children":3486},{"style":630},[3487],{"type":418,"value":3488},"  vmImage",{"type":413,"tag":623,"props":3490,"children":3491},{"style":671},[3492],{"type":418,"value":3493},":",{"type":413,"tag":623,"props":3495,"children":3496},{"style":1058},[3497],{"type":418,"value":3498}," ubuntu",{"type":413,"tag":623,"props":3500,"children":3501},{"style":671},[3502],{"type":418,"value":3503},"-",{"type":413,"tag":623,"props":3505,"children":3506},{"style":1058},[3507],{"type":418,"value":3508},"latest\n",{"type":413,"tag":623,"props":3510,"children":3511},{"class":625,"line":1113},[3512],{"type":413,"tag":623,"props":3513,"children":3514},{"emptyLinePlaceholder":2790},[3515],{"type":418,"value":2793},{"type":413,"tag":623,"props":3517,"children":3518},{"class":625,"line":1161},[3519,3524],{"type":413,"tag":623,"props":3520,"children":3521},{"style":630},[3522],{"type":418,"value":3523},"steps",{"type":413,"tag":623,"props":3525,"children":3526},{"style":671},[3527],{"type":418,"value":3448},{"type":413,"tag":623,"props":3529,"children":3530},{"class":625,"line":1207},[3531,3535,3540,3544,3549],{"type":413,"tag":623,"props":3532,"children":3533},{"style":671},[3534],{"type":418,"value":3456},{"type":413,"tag":623,"props":3536,"children":3537},{"style":630},[3538],{"type":418,"value":3539}," task",{"type":413,"tag":623,"props":3541,"children":3542},{"style":671},[3543],{"type":418,"value":3493},{"type":413,"tag":623,"props":3545,"children":3546},{"style":1058},[3547],{"type":418,"value":3548}," AzureCLI@",{"type":413,"tag":623,"props":3550,"children":3552},{"style":3551},"--shiki-light:#F76D47;--shiki-default:#F78C6C;--shiki-dark:#F78C6C",[3553],{"type":418,"value":3554},"2\n",{"type":413,"tag":623,"props":3556,"children":3557},{"class":625,"line":1251},[3558,3563],{"type":413,"tag":623,"props":3559,"children":3560},{"style":630},[3561],{"type":418,"value":3562},"    inputs",{"type":413,"tag":623,"props":3564,"children":3565},{"style":671},[3566],{"type":418,"value":3448},{"type":413,"tag":623,"props":3568,"children":3569},{"class":625,"line":1296},[3570,3575,3579,3584,3588],{"type":413,"tag":623,"props":3571,"children":3572},{"style":630},[3573],{"type":418,"value":3574},"      azureSubscription",{"type":413,"tag":623,"props":3576,"children":3577},{"style":671},[3578],{"type":418,"value":3493},{"type":413,"tag":623,"props":3580,"children":3581},{"style":671},[3582],{"type":418,"value":3583}," '",{"type":413,"tag":623,"props":3585,"children":3586},{"style":635},[3587],{"type":418,"value":1927},{"type":413,"tag":623,"props":3589,"children":3590},{"style":671},[3591],{"type":418,"value":3592},"'\n",{"type":413,"tag":623,"props":3594,"children":3595},{"class":625,"line":1337},[3596,3601,3605,3609,3614],{"type":413,"tag":623,"props":3597,"children":3598},{"style":630},[3599],{"type":418,"value":3600},"      scriptType",{"type":413,"tag":623,"props":3602,"children":3603},{"style":671},[3604],{"type":418,"value":3493},{"type":413,"tag":623,"props":3606,"children":3607},{"style":671},[3608],{"type":418,"value":3583},{"type":413,"tag":623,"props":3610,"children":3611},{"style":635},[3612],{"type":418,"value":3613},"pscore",{"type":413,"tag":623,"props":3615,"children":3616},{"style":671},[3617],{"type":418,"value":3592},{"type":413,"tag":623,"props":3619,"children":3620},{"class":625,"line":1346},[3621,3626,3630,3634,3639],{"type":413,"tag":623,"props":3622,"children":3623},{"style":630},[3624],{"type":418,"value":3625},"      scriptLocation",{"type":413,"tag":623,"props":3627,"children":3628},{"style":671},[3629],{"type":418,"value":3493},{"type":413,"tag":623,"props":3631,"children":3632},{"style":671},[3633],{"type":418,"value":3583},{"type":413,"tag":623,"props":3635,"children":3636},{"style":635},[3637],{"type":418,"value":3638},"inlineScript",{"type":413,"tag":623,"props":3640,"children":3641},{"style":671},[3642],{"type":418,"value":3592},{"type":413,"tag":623,"props":3644,"children":3645},{"class":625,"line":2100},[3646,3651,3655,3659,3664],{"type":413,"tag":623,"props":3647,"children":3648},{"style":630},[3649],{"type":418,"value":3650},"      inlineScript",{"type":413,"tag":623,"props":3652,"children":3653},{"style":671},[3654],{"type":418,"value":3493},{"type":413,"tag":623,"props":3656,"children":3657},{"style":671},[3658],{"type":418,"value":3583},{"type":413,"tag":623,"props":3660,"children":3661},{"style":635},[3662],{"type":418,"value":3663},"az account show --query id -o tsv",{"type":413,"tag":623,"props":3665,"children":3666},{"style":671},[3667],{"type":418,"value":3592},{"type":413,"tag":414,"props":3669,"children":3670},{},[3671],{"type":418,"value":3672},"We can add this file in the Git repository:",{"type":413,"tag":612,"props":3674,"children":3676},{"className":981,"code":3675,"language":326,"meta":401,"style":401},"var pipelineFile = new GitRepositoryFile(\"AzurePipeline\", new()\n{\n    File = \"azure-pipelines.yaml\",\n    RepositoryId = repository.Apply(r => r.Id),\n    CommitMessage = \"Add preconfigured pipeline file\",\n    Content = File.ReadAllText(\"azure-pipelines.yml\"),\n    Branch = \"refs/heads/main\"\n});\n",[3677],{"type":413,"tag":619,"props":3678,"children":3679},{"__ignoreMap":401},[3680,3730,3737,3766,3821,3850,3897,3921],{"type":413,"tag":623,"props":3681,"children":3682},{"class":625,"line":626},[3683,3687,3692,3696,3700,3705,3709,3713,3718,3722,3726],{"type":413,"tag":623,"props":3684,"children":3685},{"style":630},[3686],{"type":418,"value":994},{"type":413,"tag":623,"props":3688,"children":3689},{"style":630},[3690],{"type":418,"value":3691}," pipelineFile",{"type":413,"tag":623,"props":3693,"children":3694},{"style":671},[3695],{"type":418,"value":1004},{"type":413,"tag":623,"props":3697,"children":3698},{"style":671},[3699],{"type":418,"value":638},{"type":413,"tag":623,"props":3701,"children":3702},{"style":630},[3703],{"type":418,"value":3704}," GitRepositoryFile",{"type":413,"tag":623,"props":3706,"children":3707},{"style":671},[3708],{"type":418,"value":1018},{"type":413,"tag":623,"props":3710,"children":3711},{"style":671},[3712],{"type":418,"value":1023},{"type":413,"tag":623,"props":3714,"children":3715},{"style":635},[3716],{"type":418,"value":3717},"AzurePipeline",{"type":413,"tag":623,"props":3719,"children":3720},{"style":671},[3721],{"type":418,"value":1023},{"type":413,"tag":623,"props":3723,"children":3724},{"style":671},[3725],{"type":418,"value":1037},{"type":413,"tag":623,"props":3727,"children":3728},{"style":671},[3729],{"type":418,"value":1042},{"type":413,"tag":623,"props":3731,"children":3732},{"class":625,"line":1045},[3733],{"type":413,"tag":623,"props":3734,"children":3735},{"style":671},[3736],{"type":418,"value":1051},{"type":413,"tag":623,"props":3738,"children":3739},{"class":625,"line":1054},[3740,3745,3749,3753,3758,3762],{"type":413,"tag":623,"props":3741,"children":3742},{"style":1058},[3743],{"type":418,"value":3744},"    File ",{"type":413,"tag":623,"props":3746,"children":3747},{"style":671},[3748],{"type":418,"value":1066},{"type":413,"tag":623,"props":3750,"children":3751},{"style":671},[3752],{"type":418,"value":674},{"type":413,"tag":623,"props":3754,"children":3755},{"style":635},[3756],{"type":418,"value":3757},"azure-pipelines.yaml",{"type":413,"tag":623,"props":3759,"children":3760},{"style":671},[3761],{"type":418,"value":1023},{"type":413,"tag":623,"props":3763,"children":3764},{"style":671},[3765],{"type":418,"value":1084},{"type":413,"tag":623,"props":3767,"children":3768},{"class":625,"line":1087},[3769,3774,3778,3782,3786,3790,3794,3799,3803,3808,3812,3816],{"type":413,"tag":623,"props":3770,"children":3771},{"style":1058},[3772],{"type":418,"value":3773},"    RepositoryId ",{"type":413,"tag":623,"props":3775,"children":3776},{"style":671},[3777],{"type":418,"value":1066},{"type":413,"tag":623,"props":3779,"children":3780},{"style":1058},[3781],{"type":418,"value":1390},{"type":413,"tag":623,"props":3783,"children":3784},{"style":671},[3785],{"type":418,"value":1404},{"type":413,"tag":623,"props":3787,"children":3788},{"style":1407},[3789],{"type":418,"value":2187},{"type":413,"tag":623,"props":3791,"children":3792},{"style":671},[3793],{"type":418,"value":1018},{"type":413,"tag":623,"props":3795,"children":3796},{"style":630},[3797],{"type":418,"value":3798},"r",{"type":413,"tag":623,"props":3800,"children":3801},{"style":671},[3802],{"type":418,"value":2201},{"type":413,"tag":623,"props":3804,"children":3805},{"style":1058},[3806],{"type":418,"value":3807}," r",{"type":413,"tag":623,"props":3809,"children":3810},{"style":671},[3811],{"type":418,"value":1404},{"type":413,"tag":623,"props":3813,"children":3814},{"style":1058},[3815],{"type":418,"value":1447},{"type":413,"tag":623,"props":3817,"children":3818},{"style":671},[3819],{"type":418,"value":3820},"),\n",{"type":413,"tag":623,"props":3822,"children":3823},{"class":625,"line":1104},[3824,3829,3833,3837,3842,3846],{"type":413,"tag":623,"props":3825,"children":3826},{"style":1058},[3827],{"type":418,"value":3828},"    CommitMessage ",{"type":413,"tag":623,"props":3830,"children":3831},{"style":671},[3832],{"type":418,"value":1066},{"type":413,"tag":623,"props":3834,"children":3835},{"style":671},[3836],{"type":418,"value":674},{"type":413,"tag":623,"props":3838,"children":3839},{"style":635},[3840],{"type":418,"value":3841},"Add preconfigured pipeline file",{"type":413,"tag":623,"props":3843,"children":3844},{"style":671},[3845],{"type":418,"value":1023},{"type":413,"tag":623,"props":3847,"children":3848},{"style":671},[3849],{"type":418,"value":1084},{"type":413,"tag":623,"props":3851,"children":3852},{"class":625,"line":1113},[3853,3858,3862,3867,3871,3876,3880,3884,3889,3893],{"type":413,"tag":623,"props":3854,"children":3855},{"style":1058},[3856],{"type":418,"value":3857},"    Content ",{"type":413,"tag":623,"props":3859,"children":3860},{"style":671},[3861],{"type":418,"value":1066},{"type":413,"tag":623,"props":3863,"children":3864},{"style":1058},[3865],{"type":418,"value":3866}," File",{"type":413,"tag":623,"props":3868,"children":3869},{"style":671},[3870],{"type":418,"value":1404},{"type":413,"tag":623,"props":3872,"children":3873},{"style":1407},[3874],{"type":418,"value":3875},"ReadAllText",{"type":413,"tag":623,"props":3877,"children":3878},{"style":671},[3879],{"type":418,"value":1018},{"type":413,"tag":623,"props":3881,"children":3882},{"style":671},[3883],{"type":418,"value":1023},{"type":413,"tag":623,"props":3885,"children":3886},{"style":635},[3887],{"type":418,"value":3888},"azure-pipelines.yml",{"type":413,"tag":623,"props":3890,"children":3891},{"style":671},[3892],{"type":418,"value":1023},{"type":413,"tag":623,"props":3894,"children":3895},{"style":671},[3896],{"type":418,"value":3820},{"type":413,"tag":623,"props":3898,"children":3899},{"class":625,"line":1161},[3900,3905,3909,3913,3917],{"type":413,"tag":623,"props":3901,"children":3902},{"style":1058},[3903],{"type":418,"value":3904},"    Branch ",{"type":413,"tag":623,"props":3906,"children":3907},{"style":671},[3908],{"type":418,"value":1066},{"type":413,"tag":623,"props":3910,"children":3911},{"style":671},[3912],{"type":418,"value":674},{"type":413,"tag":623,"props":3914,"children":3915},{"style":635},[3916],{"type":418,"value":1743},{"type":413,"tag":623,"props":3918,"children":3919},{"style":671},[3920],{"type":418,"value":684},{"type":413,"tag":623,"props":3922,"children":3923},{"class":625,"line":1207},[3924],{"type":413,"tag":623,"props":3925,"children":3926},{"style":671},[3927],{"type":418,"value":1352},{"type":413,"tag":414,"props":3929,"children":3930},{},[3931],{"type":418,"value":3932},"Now, we have to create the pipeline itself:",{"type":413,"tag":612,"props":3934,"children":3936},{"className":981,"code":3935,"language":326,"meta":401,"style":401},"var pipeline = new BuildDefinition(\"deployToAzure\", new()\n{\n    ProjectId = project.Id,\n    Repository = new BuildDefinitionRepositoryArgs()\n    {\n        RepoId = repository.Apply(r => r.Id),\n        BranchName = \"refs/heads/main\",\n        YmlPath = pipelineFile.File,\n        RepoType = \"TfsGit\"\n    }\n});\n",[3937],{"type":413,"tag":619,"props":3938,"children":3939},{"__ignoreMap":401},[3940,3990,3997,4024,4049,4056,4108,4136,4165,4190,4197],{"type":413,"tag":623,"props":3941,"children":3942},{"class":625,"line":626},[3943,3947,3952,3956,3960,3965,3969,3973,3978,3982,3986],{"type":413,"tag":623,"props":3944,"children":3945},{"style":630},[3946],{"type":418,"value":994},{"type":413,"tag":623,"props":3948,"children":3949},{"style":630},[3950],{"type":418,"value":3951}," pipeline",{"type":413,"tag":623,"props":3953,"children":3954},{"style":671},[3955],{"type":418,"value":1004},{"type":413,"tag":623,"props":3957,"children":3958},{"style":671},[3959],{"type":418,"value":638},{"type":413,"tag":623,"props":3961,"children":3962},{"style":630},[3963],{"type":418,"value":3964}," BuildDefinition",{"type":413,"tag":623,"props":3966,"children":3967},{"style":671},[3968],{"type":418,"value":1018},{"type":413,"tag":623,"props":3970,"children":3971},{"style":671},[3972],{"type":418,"value":1023},{"type":413,"tag":623,"props":3974,"children":3975},{"style":635},[3976],{"type":418,"value":3977},"deployToAzure",{"type":413,"tag":623,"props":3979,"children":3980},{"style":671},[3981],{"type":418,"value":1023},{"type":413,"tag":623,"props":3983,"children":3984},{"style":671},[3985],{"type":418,"value":1037},{"type":413,"tag":623,"props":3987,"children":3988},{"style":671},[3989],{"type":418,"value":1042},{"type":413,"tag":623,"props":3991,"children":3992},{"class":625,"line":1045},[3993],{"type":413,"tag":623,"props":3994,"children":3995},{"style":671},[3996],{"type":418,"value":1051},{"type":413,"tag":623,"props":3998,"children":3999},{"class":625,"line":1054},[4000,4004,4008,4012,4016,4020],{"type":413,"tag":623,"props":4001,"children":4002},{"style":1058},[4003],{"type":418,"value":1430},{"type":413,"tag":623,"props":4005,"children":4006},{"style":671},[4007],{"type":418,"value":1066},{"type":413,"tag":623,"props":4009,"children":4010},{"style":1058},[4011],{"type":418,"value":999},{"type":413,"tag":623,"props":4013,"children":4014},{"style":671},[4015],{"type":418,"value":1404},{"type":413,"tag":623,"props":4017,"children":4018},{"style":1058},[4019],{"type":418,"value":1447},{"type":413,"tag":623,"props":4021,"children":4022},{"style":671},[4023],{"type":418,"value":1084},{"type":413,"tag":623,"props":4025,"children":4026},{"class":625,"line":1087},[4027,4032,4036,4040,4045],{"type":413,"tag":623,"props":4028,"children":4029},{"style":1058},[4030],{"type":418,"value":4031},"    Repository ",{"type":413,"tag":623,"props":4033,"children":4034},{"style":671},[4035],{"type":418,"value":1066},{"type":413,"tag":623,"props":4037,"children":4038},{"style":671},[4039],{"type":418,"value":638},{"type":413,"tag":623,"props":4041,"children":4042},{"style":630},[4043],{"type":418,"value":4044}," BuildDefinitionRepositoryArgs",{"type":413,"tag":623,"props":4046,"children":4047},{"style":671},[4048],{"type":418,"value":1604},{"type":413,"tag":623,"props":4050,"children":4051},{"class":625,"line":1104},[4052],{"type":413,"tag":623,"props":4053,"children":4054},{"style":671},[4055],{"type":418,"value":1110},{"type":413,"tag":623,"props":4057,"children":4058},{"class":625,"line":1113},[4059,4064,4068,4072,4076,4080,4084,4088,4092,4096,4100,4104],{"type":413,"tag":623,"props":4060,"children":4061},{"style":1058},[4062],{"type":418,"value":4063},"        RepoId ",{"type":413,"tag":623,"props":4065,"children":4066},{"style":671},[4067],{"type":418,"value":1066},{"type":413,"tag":623,"props":4069,"children":4070},{"style":1058},[4071],{"type":418,"value":1390},{"type":413,"tag":623,"props":4073,"children":4074},{"style":671},[4075],{"type":418,"value":1404},{"type":413,"tag":623,"props":4077,"children":4078},{"style":1407},[4079],{"type":418,"value":2187},{"type":413,"tag":623,"props":4081,"children":4082},{"style":671},[4083],{"type":418,"value":1018},{"type":413,"tag":623,"props":4085,"children":4086},{"style":630},[4087],{"type":418,"value":3798},{"type":413,"tag":623,"props":4089,"children":4090},{"style":671},[4091],{"type":418,"value":2201},{"type":413,"tag":623,"props":4093,"children":4094},{"style":1058},[4095],{"type":418,"value":3807},{"type":413,"tag":623,"props":4097,"children":4098},{"style":671},[4099],{"type":418,"value":1404},{"type":413,"tag":623,"props":4101,"children":4102},{"style":1058},[4103],{"type":418,"value":1447},{"type":413,"tag":623,"props":4105,"children":4106},{"style":671},[4107],{"type":418,"value":3820},{"type":413,"tag":623,"props":4109,"children":4110},{"class":625,"line":1161},[4111,4116,4120,4124,4128,4132],{"type":413,"tag":623,"props":4112,"children":4113},{"style":1058},[4114],{"type":418,"value":4115},"        BranchName ",{"type":413,"tag":623,"props":4117,"children":4118},{"style":671},[4119],{"type":418,"value":1066},{"type":413,"tag":623,"props":4121,"children":4122},{"style":671},[4123],{"type":418,"value":674},{"type":413,"tag":623,"props":4125,"children":4126},{"style":635},[4127],{"type":418,"value":1743},{"type":413,"tag":623,"props":4129,"children":4130},{"style":671},[4131],{"type":418,"value":1023},{"type":413,"tag":623,"props":4133,"children":4134},{"style":671},[4135],{"type":418,"value":1084},{"type":413,"tag":623,"props":4137,"children":4138},{"class":625,"line":1207},[4139,4144,4148,4152,4156,4161],{"type":413,"tag":623,"props":4140,"children":4141},{"style":1058},[4142],{"type":418,"value":4143},"        YmlPath ",{"type":413,"tag":623,"props":4145,"children":4146},{"style":671},[4147],{"type":418,"value":1066},{"type":413,"tag":623,"props":4149,"children":4150},{"style":1058},[4151],{"type":418,"value":3691},{"type":413,"tag":623,"props":4153,"children":4154},{"style":671},[4155],{"type":418,"value":1404},{"type":413,"tag":623,"props":4157,"children":4158},{"style":1058},[4159],{"type":418,"value":4160},"File",{"type":413,"tag":623,"props":4162,"children":4163},{"style":671},[4164],{"type":418,"value":1084},{"type":413,"tag":623,"props":4166,"children":4167},{"class":625,"line":1251},[4168,4173,4177,4181,4186],{"type":413,"tag":623,"props":4169,"children":4170},{"style":1058},[4171],{"type":418,"value":4172},"        RepoType ",{"type":413,"tag":623,"props":4174,"children":4175},{"style":671},[4176],{"type":418,"value":1066},{"type":413,"tag":623,"props":4178,"children":4179},{"style":671},[4180],{"type":418,"value":674},{"type":413,"tag":623,"props":4182,"children":4183},{"style":635},[4184],{"type":418,"value":4185},"TfsGit",{"type":413,"tag":623,"props":4187,"children":4188},{"style":671},[4189],{"type":418,"value":684},{"type":413,"tag":623,"props":4191,"children":4192},{"class":625,"line":1296},[4193],{"type":413,"tag":623,"props":4194,"children":4195},{"style":671},[4196],{"type":418,"value":2097},{"type":413,"tag":623,"props":4198,"children":4199},{"class":625,"line":1337},[4200],{"type":413,"tag":623,"props":4201,"children":4202},{"style":671},[4203],{"type":418,"value":1352},{"type":413,"tag":414,"props":4205,"children":4206},{},[4207],{"type":418,"value":4208},"To complete the automation process, we can authorize the pipeline to utilize the service connection, eliminating the need for manual intervention through the portal:",{"type":413,"tag":612,"props":4210,"children":4212},{"className":981,"code":4211,"language":326,"meta":401,"style":401},"new PipelineAuthorization(\"azureOidcPipelineAuthorization\", new()\n{\n    ProjectId = project.Id,\n    Type = \"endpoint\",\n    PipelineId = pipeline.Id.Apply(int.Parse),\n    ResourceId = serviceConnection.Id\n});\n",[4213],{"type":413,"tag":619,"props":4214,"children":4215},{"__ignoreMap":401},[4216,4253,4260,4287,4316,4362,4387],{"type":413,"tag":623,"props":4217,"children":4218},{"class":625,"line":626},[4219,4223,4228,4232,4236,4241,4245,4249],{"type":413,"tag":623,"props":4220,"children":4221},{"style":2854},[4222],{"type":418,"value":2857},{"type":413,"tag":623,"props":4224,"children":4225},{"style":1407},[4226],{"type":418,"value":4227}," PipelineAuthorization",{"type":413,"tag":623,"props":4229,"children":4230},{"style":671},[4231],{"type":418,"value":1018},{"type":413,"tag":623,"props":4233,"children":4234},{"style":671},[4235],{"type":418,"value":1023},{"type":413,"tag":623,"props":4237,"children":4238},{"style":635},[4239],{"type":418,"value":4240},"azureOidcPipelineAuthorization",{"type":413,"tag":623,"props":4242,"children":4243},{"style":671},[4244],{"type":418,"value":1023},{"type":413,"tag":623,"props":4246,"children":4247},{"style":671},[4248],{"type":418,"value":1037},{"type":413,"tag":623,"props":4250,"children":4251},{"style":671},[4252],{"type":418,"value":1042},{"type":413,"tag":623,"props":4254,"children":4255},{"class":625,"line":1045},[4256],{"type":413,"tag":623,"props":4257,"children":4258},{"style":671},[4259],{"type":418,"value":1051},{"type":413,"tag":623,"props":4261,"children":4262},{"class":625,"line":1054},[4263,4267,4271,4275,4279,4283],{"type":413,"tag":623,"props":4264,"children":4265},{"style":1058},[4266],{"type":418,"value":1430},{"type":413,"tag":623,"props":4268,"children":4269},{"style":671},[4270],{"type":418,"value":1066},{"type":413,"tag":623,"props":4272,"children":4273},{"style":1058},[4274],{"type":418,"value":999},{"type":413,"tag":623,"props":4276,"children":4277},{"style":671},[4278],{"type":418,"value":1404},{"type":413,"tag":623,"props":4280,"children":4281},{"style":1058},[4282],{"type":418,"value":1447},{"type":413,"tag":623,"props":4284,"children":4285},{"style":671},[4286],{"type":418,"value":1084},{"type":413,"tag":623,"props":4288,"children":4289},{"class":625,"line":1087},[4290,4295,4299,4303,4308,4312],{"type":413,"tag":623,"props":4291,"children":4292},{"style":1058},[4293],{"type":418,"value":4294},"    Type ",{"type":413,"tag":623,"props":4296,"children":4297},{"style":671},[4298],{"type":418,"value":1066},{"type":413,"tag":623,"props":4300,"children":4301},{"style":671},[4302],{"type":418,"value":674},{"type":413,"tag":623,"props":4304,"children":4305},{"style":635},[4306],{"type":418,"value":4307},"endpoint",{"type":413,"tag":623,"props":4309,"children":4310},{"style":671},[4311],{"type":418,"value":1023},{"type":413,"tag":623,"props":4313,"children":4314},{"style":671},[4315],{"type":418,"value":1084},{"type":413,"tag":623,"props":4317,"children":4318},{"class":625,"line":1104},[4319,4324,4328,4332,4336,4340,4344,4348,4353,4358],{"type":413,"tag":623,"props":4320,"children":4321},{"style":1058},[4322],{"type":418,"value":4323},"    PipelineId ",{"type":413,"tag":623,"props":4325,"children":4326},{"style":671},[4327],{"type":418,"value":1066},{"type":413,"tag":623,"props":4329,"children":4330},{"style":1058},[4331],{"type":418,"value":3951},{"type":413,"tag":623,"props":4333,"children":4334},{"style":671},[4335],{"type":418,"value":1404},{"type":413,"tag":623,"props":4337,"children":4338},{"style":1058},[4339],{"type":418,"value":1447},{"type":413,"tag":623,"props":4341,"children":4342},{"style":671},[4343],{"type":418,"value":1404},{"type":413,"tag":623,"props":4345,"children":4346},{"style":1407},[4347],{"type":418,"value":2187},{"type":413,"tag":623,"props":4349,"children":4350},{"style":671},[4351],{"type":418,"value":4352},"(int.",{"type":413,"tag":623,"props":4354,"children":4355},{"style":1058},[4356],{"type":418,"value":4357},"Parse",{"type":413,"tag":623,"props":4359,"children":4360},{"style":671},[4361],{"type":418,"value":3820},{"type":413,"tag":623,"props":4363,"children":4364},{"class":625,"line":1113},[4365,4370,4374,4378,4382],{"type":413,"tag":623,"props":4366,"children":4367},{"style":1058},[4368],{"type":418,"value":4369},"    ResourceId ",{"type":413,"tag":623,"props":4371,"children":4372},{"style":671},[4373],{"type":418,"value":1066},{"type":413,"tag":623,"props":4375,"children":4376},{"style":1058},[4377],{"type":418,"value":1834},{"type":413,"tag":623,"props":4379,"children":4380},{"style":671},[4381],{"type":418,"value":1404},{"type":413,"tag":623,"props":4383,"children":4384},{"style":1058},[4385],{"type":418,"value":4386},"Id\n",{"type":413,"tag":623,"props":4388,"children":4389},{"class":625,"line":1161},[4390],{"type":413,"tag":623,"props":4391,"children":4392},{"style":671},[4393],{"type":418,"value":1352},{"type":413,"tag":414,"props":4395,"children":4396},{},[4397],{"type":418,"value":4398},"The last thing we can do is create a stack output to expose the URL of the created pipeline:",{"type":413,"tag":612,"props":4400,"children":4402},{"className":981,"code":4401,"language":326,"meta":401,"style":401},"return new Dictionary\u003Cstring, object?>\n{\n    [\"pipelineUrl\"] = Output.Format($\"{organizationUrl}{project.Name}/_build?definitionId={pipeline.Id}\")\n};\n",[4403],{"type":413,"tag":619,"props":4404,"children":4405},{"__ignoreMap":401},[4406,4442,4449,4555],{"type":413,"tag":623,"props":4407,"children":4408},{"class":625,"line":626},[4409,4414,4418,4423,4428,4433,4437],{"type":413,"tag":623,"props":4410,"children":4411},{"style":2485},[4412],{"type":418,"value":4413},"return",{"type":413,"tag":623,"props":4415,"children":4416},{"style":671},[4417],{"type":418,"value":638},{"type":413,"tag":623,"props":4419,"children":4420},{"style":630},[4421],{"type":418,"value":4422}," Dictionary",{"type":413,"tag":623,"props":4424,"children":4425},{"style":671},[4426],{"type":418,"value":4427},"\u003C",{"type":413,"tag":623,"props":4429,"children":4430},{"style":671},[4431],{"type":418,"value":4432},"string",{"type":413,"tag":623,"props":4434,"children":4435},{"style":671},[4436],{"type":418,"value":1037},{"type":413,"tag":623,"props":4438,"children":4439},{"style":671},[4440],{"type":418,"value":4441}," object?>\n",{"type":413,"tag":623,"props":4443,"children":4444},{"class":625,"line":1045},[4445],{"type":413,"tag":623,"props":4446,"children":4447},{"style":671},[4448],{"type":418,"value":1051},{"type":413,"tag":623,"props":4450,"children":4451},{"class":625,"line":1054},[4452,4457,4461,4466,4470,4474,4478,4482,4486,4490,4494,4499,4504,4509,4513,4517,4521,4525,4530,4534,4539,4543,4547,4551],{"type":413,"tag":623,"props":4453,"children":4454},{"style":671},[4455],{"type":418,"value":4456},"    [",{"type":413,"tag":623,"props":4458,"children":4459},{"style":671},[4460],{"type":418,"value":1023},{"type":413,"tag":623,"props":4462,"children":4463},{"style":635},[4464],{"type":418,"value":4465},"pipelineUrl",{"type":413,"tag":623,"props":4467,"children":4468},{"style":671},[4469],{"type":418,"value":1023},{"type":413,"tag":623,"props":4471,"children":4472},{"style":671},[4473],{"type":418,"value":1137},{"type":413,"tag":623,"props":4475,"children":4476},{"style":671},[4477],{"type":418,"value":1004},{"type":413,"tag":623,"props":4479,"children":4480},{"style":1058},[4481],{"type":418,"value":3003},{"type":413,"tag":623,"props":4483,"children":4484},{"style":671},[4485],{"type":418,"value":1404},{"type":413,"tag":623,"props":4487,"children":4488},{"style":1407},[4489],{"type":418,"value":3012},{"type":413,"tag":623,"props":4491,"children":4492},{"style":671},[4493],{"type":418,"value":1018},{"type":413,"tag":623,"props":4495,"children":4496},{"style":671},[4497],{"type":418,"value":4498},"$\"{",{"type":413,"tag":623,"props":4500,"children":4501},{"style":1058},[4502],{"type":418,"value":4503},"organizationUrl",{"type":413,"tag":623,"props":4505,"children":4506},{"style":671},[4507],{"type":418,"value":4508},"}{",{"type":413,"tag":623,"props":4510,"children":4511},{"style":1058},[4512],{"type":418,"value":3341},{"type":413,"tag":623,"props":4514,"children":4515},{"style":671},[4516],{"type":418,"value":1404},{"type":413,"tag":623,"props":4518,"children":4519},{"style":1058},[4520],{"type":418,"value":3350},{"type":413,"tag":623,"props":4522,"children":4523},{"style":671},[4524],{"type":418,"value":3327},{"type":413,"tag":623,"props":4526,"children":4527},{"style":635},[4528],{"type":418,"value":4529},"/_build?definitionId=",{"type":413,"tag":623,"props":4531,"children":4532},{"style":671},[4533],{"type":418,"value":2456},{"type":413,"tag":623,"props":4535,"children":4536},{"style":1058},[4537],{"type":418,"value":4538},"pipeline",{"type":413,"tag":623,"props":4540,"children":4541},{"style":671},[4542],{"type":418,"value":1404},{"type":413,"tag":623,"props":4544,"children":4545},{"style":1058},[4546],{"type":418,"value":1447},{"type":413,"tag":623,"props":4548,"children":4549},{"style":671},[4550],{"type":418,"value":2465},{"type":413,"tag":623,"props":4552,"children":4553},{"style":671},[4554],{"type":418,"value":3042},{"type":413,"tag":623,"props":4556,"children":4557},{"class":625,"line":1087},[4558],{"type":413,"tag":623,"props":4559,"children":4560},{"style":671},[4561],{"type":418,"value":4562},"};\n",{"type":413,"tag":414,"props":4564,"children":4565},{},[4566,4568,4574],{"type":418,"value":4567},"Now we can execute the ",{"type":413,"tag":619,"props":4569,"children":4571},{"className":4570},[],[4572],{"type":418,"value":4573},"pulumi up",{"type":418,"value":4575}," command to provision all these resources and then open the pipeline page in our browser to test the pipeline.",{"type":413,"tag":496,"props":4577,"children":4579},{"icon":4578},"i-heroicons-light-bulb",[4580],{"type":413,"tag":414,"props":4581,"children":4582},{},[4583,4585,4591,4593,4600,4602],{"type":418,"value":4584},"On Windows, you can use the ",{"type":413,"tag":619,"props":4586,"children":4588},{"className":4587},[],[4589],{"type":418,"value":4590},"start $(pulumi stack output pipelineUrl)",{"type":418,"value":4592}," command to directly open the browser on the pipeline page. If you are using ",{"type":413,"tag":432,"props":4594,"children":4597},{"href":4595,"rel":4596},"https://www.nushell.sh/",[436],[4598],{"type":418,"value":4599},"Nushell",{"type":418,"value":4601}," the command will be ",{"type":413,"tag":619,"props":4603,"children":4605},{"className":4604},[],[4606],{"type":418,"value":4607},"pulumi stack output pipelineUrl | start $in",{"type":413,"tag":414,"props":4609,"children":4610},{},[4611],{"type":413,"tag":487,"props":4612,"children":4616},{"alt":4613,"className":4614,"src":4615},"Results of the pipeline run in Azure DevOps",[491,492],"/posts/images/azuredevopsoidc_portal.webp",[],{"type":413,"tag":414,"props":4618,"children":4619},{},[4620],{"type":418,"value":4621},"Everything is working as expected.",{"type":413,"tag":420,"props":4623,"children":4625},{"id":4624},"to-conclude",[4626],{"type":418,"value":4627},"To conclude",{"type":413,"tag":414,"props":4629,"children":4630},{},[4631,4633,4639],{"type":418,"value":4632},"In this article, we demonstrated how to automate the configuration of an Azure DevOps project using Workload Identity Federation for secure deployments to Azure. We covered the provisioning of the Microsoft Entra ID and Azure DevOps resources necessary to make this work. It's very similar to ",{"type":413,"tag":432,"props":4634,"children":4636},{"href":476,"rel":4635},[436],[4637],{"type":418,"value":4638},"what can be done for GitHub",{"type":418,"value":4640}," but with the specificities of Azure DevOps.",{"type":413,"tag":414,"props":4642,"children":4643},{},[4644],{"type":418,"value":4645},"It was an opportunity for me to work with the Azure DevOps provider. Even if it does the job, I must admit I was somewhat disappointed with the developer experience which I found to be not very intuitive, with poorly named resources and an overreliance on strings as parameters. I assume that the Azure DevOps APIs are primarily responsible for this, as they are what the provider calls upon.",{"type":413,"tag":414,"props":4647,"children":4648},{},[4649],{"type":418,"value":4650},"One thing I find interesting with Azure DevOps is that YAML pipelines do not need to be updated to take advantage of workload identity federation as long as the Azure Pipelines tasks you are using support it and your ARM service connection has been converted to workload identity federation.",{"type":413,"tag":414,"props":4652,"children":4653},{},[4654],{"type":418,"value":4655},"Anyway, regardless of the CI/CD platform you are using, I believe that employing Workload Identity Federation to deploy code to Azure from pipelines is the right approach.",{"type":413,"tag":414,"props":4657,"children":4658},{},[4659,4661,4671],{"type":418,"value":4660},"You can find the complete source code used for this article ",{"type":413,"tag":432,"props":4662,"children":4665},{"href":4663,"rel":4664},"https://github.com/TechWatching/AzureDevOpsWorkloadIdentity",[436],[4666],{"type":413,"tag":521,"props":4667,"children":4668},{},[4669],{"type":418,"value":4670},"in this GitHub repository",{"type":418,"value":1404},{"type":413,"tag":4673,"props":4674,"children":4675},"style",{},[4676],{"type":418,"value":4677},"html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}",{"title":401,"searchDepth":1045,"depth":1045,"links":4679},[4680,4681,4683,4690],{"id":422,"depth":1045,"text":425},{"id":516,"depth":1045,"text":4682},"How can you use Workload Identity Federation to deploy to Azure from Azure Pipelines?",{"id":595,"depth":1045,"text":598,"children":4684},[4685,4686,4687,4688,4689],{"id":602,"depth":1054,"text":605},{"id":852,"depth":1054,"text":855},{"id":1798,"depth":1054,"text":1801},{"id":2534,"depth":1054,"text":2537},{"id":3407,"depth":1054,"text":3410},{"id":4624,"depth":1045,"text":4627},"markdown","content:1.posts:54.ado-workload-identity-federation.md","content","1.posts/54.ado-workload-identity-federation.md","md",{"_path":166,"_dir":399,"_draft":400,"_partial":400,"_locale":401,"title":165,"description":4697,"lead":4698,"date":4699,"image":4700,"badge":4702,"tags":4703,"body":4704,"_type":4691,"_id":12166,"_source":4693,"_file":12167,"_extension":4695},"Creating an application and deploying it to Azure is not complicated. You write some code on your machine, do some clicks in the Azure portal, or run some Azure CLI commands from your terminal and that's it: your application is up and running in Azure.","Using Azure OpenID Connect with Pulumi in GitHub Actions","2023-07-20T00:00:00.000Z",{"src":4701},"/images/azureOIDC.webp",{"label":266},[228,233,307,374,312,315,376],{"type":410,"children":4705,"toc":12141},[4706,4710,4715,4727,4733,4743,4752,4758,4769,4803,4812,4818,4830,4868,4877,4895,4901,4906,4911,4919,4924,4932,4937,4958,4976,4997,5003,5012,5018,5023,5047,5052,5075,5080,5086,5092,5097,5153,5158,5208,5247,5251,5283,5296,5314,5320,5343,5368,5383,5388,5646,5668,5690,5722,5734,5739,5989,6005,6010,6300,6327,6332,6346,6355,6361,6366,6371,6671,6683,6785,6790,6879,6900,6963,6971,6977,6982,6987,7006,7011,7162,7167,7666,7683,7689,7694,7699,8043,8056,8675,8688,8713,8721,8750,8783,8876,8898,9098,9103,9492,9497,9529,9552,9558,9570,9579,9584,9593,9598,9637,9642,9647,9697,9709,9722,9739,9760,9769,9774,9778,9784,9789,9794,9800,9805,9823,9828,9834,9839,9925,9931,9936,9941,12121,12132,12137],{"type":413,"tag":414,"props":4707,"children":4708},{},[4709],{"type":418,"value":4697},{"type":413,"tag":414,"props":4711,"children":4712},{},[4713],{"type":418,"value":4714},"Yet, that's not real life, at least not what you will do when working on a professional project. Your code needs to be versioned and pushed to a location where your colleagues can work on it. The provisioning of Azure resources and deployment to Azure should be carried out using a properly configured CI/CD pipeline with the necessary authorization.",{"type":413,"tag":414,"props":4716,"children":4717},{},[4718,4720,4725],{"type":418,"value":4719},"That's a lot of work that would need to be done each time you start a new project. So let's automate that using Pulumi to simplify the process and create an \"",{"type":413,"tag":706,"props":4721,"children":4722},{},[4723],{"type":418,"value":4724},"Azure-Ready GitHub repository",{"type":418,"value":4726},"\".",{"type":413,"tag":420,"props":4728,"children":4730},{"id":4729},"whats-an-azure-ready-github-repository",[4731],{"type":418,"value":4732},"What's an Azure-Ready GitHub repository?",{"type":413,"tag":414,"props":4734,"children":4735},{},[4736,4737,4741],{"type":418,"value":1023},{"type":413,"tag":706,"props":4738,"children":4739},{},[4740],{"type":418,"value":4724},{"type":418,"value":4742},"\" is not an official term or concept, it's just something I've come up with to describe a Github repository that has everything correctly configured to provision Azure resources or deploy applications to Azure from a GitHub Actions CI/CD pipeline.",{"type":413,"tag":414,"props":4744,"children":4745},{},[4746],{"type":413,"tag":487,"props":4747,"children":4751},{"alt":4748,"className":4749,"src":4750},"Diagram of a GitHub repository interacting with Azure.",[491,492],"/posts/images/azurereadygithub_overview_1.webp",[],{"type":413,"tag":600,"props":4753,"children":4755},{"id":4754},"the-github-part",[4756],{"type":418,"value":4757},"The GitHub part",{"type":413,"tag":414,"props":4759,"children":4760},{},[4761,4763,4767],{"type":418,"value":4762},"On the GitHub side, to have an ",{"type":413,"tag":706,"props":4764,"children":4765},{},[4766],{"type":418,"value":4724},{"type":418,"value":4768},", we need:",{"type":413,"tag":443,"props":4770,"children":4771},{},[4772,4785,4790],{"type":413,"tag":447,"props":4773,"children":4774},{},[4775,4777,4783],{"type":418,"value":4776},"the GitHub repository itself (already initialized with a ",{"type":413,"tag":619,"props":4778,"children":4780},{"className":4779},[],[4781],{"type":418,"value":4782},"main",{"type":418,"value":4784}," branch)",{"type":413,"tag":447,"props":4786,"children":4787},{},[4788],{"type":418,"value":4789},"the necessary GitHub Actions variables/secrets to authenticate to the correct Azure subscription",{"type":413,"tag":447,"props":4791,"children":4792},{},[4793,4795,4801],{"type":418,"value":4794},"a YAML file located in the ",{"type":413,"tag":619,"props":4796,"children":4798},{"className":4797},[],[4799],{"type":418,"value":4800},".github/workflows/",{"type":418,"value":4802}," folder that contains the CI/CD pipeline that provisions resources in Azure",{"type":413,"tag":414,"props":4804,"children":4805},{},[4806],{"type":413,"tag":487,"props":4807,"children":4811},{"alt":4808,"className":4809,"src":4810},"A diagram of the GitHub repository to create.",[491,492],"/posts/images/azurereadygithub_github_1.webp",[],{"type":413,"tag":600,"props":4813,"children":4815},{"id":4814},"the-azure-part",[4816],{"type":418,"value":4817},"The Azure part",{"type":413,"tag":414,"props":4819,"children":4820},{},[4821,4823,4828],{"type":418,"value":4822},"On the Azure side, to have an ",{"type":413,"tag":706,"props":4824,"children":4825},{},[4826],{"type":418,"value":4827},"Azure-Ready GitHub repository,",{"type":418,"value":4829}," we need:",{"type":413,"tag":443,"props":4831,"children":4832},{},[4833,4838],{"type":413,"tag":447,"props":4834,"children":4835},{},[4836],{"type":418,"value":4837},"the existing Azure subscription to which resources are deployed",{"type":413,"tag":447,"props":4839,"children":4840},{},[4841,4843,4848,4850],{"type":418,"value":4842},"an ",{"type":413,"tag":706,"props":4844,"children":4845},{},[4846],{"type":418,"value":4847},"identity",{"type":418,"value":4849}," in the Azure Active Directory of the desired tenant so that the GitHub CI/CD pipeline can authenticate to Azure and interact with the subscription",{"type":413,"tag":443,"props":4851,"children":4852},{},[4853,4858,4863],{"type":413,"tag":447,"props":4854,"children":4855},{},[4856],{"type":418,"value":4857},"an Azure AD application that represents the GitHub Actions pipeline identity",{"type":413,"tag":447,"props":4859,"children":4860},{},[4861],{"type":418,"value":4862},"a Service Principal (related to the Azure AD application) that has the contributor role on the Azure subscription",{"type":413,"tag":447,"props":4864,"children":4865},{},[4866],{"type":418,"value":4867},"credentials for the CI/CD pipeline to authenticate to Azure on behalf of this Azure AD application",{"type":413,"tag":414,"props":4869,"children":4870},{},[4871],{"type":413,"tag":487,"props":4872,"children":4876},{"alt":4873,"className":4874,"src":4875},"A diagram of the resources to configure in Azure.",[491,492],"/posts/images/azurereadygithub_azure_1.webp",[],{"type":413,"tag":496,"props":4878,"children":4879},{"icon":498},[4880],{"type":413,"tag":414,"props":4881,"children":4882},{},[4883,4887,4889,4893],{"type":413,"tag":706,"props":4884,"children":4885},{},[4886],{"type":418,"value":252},{"type":418,"value":4888}," has recently been renamed ",{"type":413,"tag":706,"props":4890,"children":4891},{},[4892],{"type":418,"value":382},{"type":418,"value":4894}," (as of the time of writing). However, I will continue to use the term Azure Active Directory throughout the rest of the article. Please note that both terms refer to the same service.",{"type":413,"tag":600,"props":4896,"children":4898},{"id":4897},"the-problem-with-secret-credentials",[4899],{"type":418,"value":4900},"The problem with secret credentials",{"type":413,"tag":414,"props":4902,"children":4903},{},[4904],{"type":418,"value":4905},"People tend to use secret credentials to authenticate their pipeline to Azure and that's not the best thing to do.",{"type":413,"tag":414,"props":4907,"children":4908},{},[4909],{"type":418,"value":4910},"From a security standpoint, depending on secrets always poses a security risk. Even if in that case the secret would be safely stored in a GitHub secret and never exposed publicly, it's still better to avoid secrets when we can.",{"type":413,"tag":496,"props":4912,"children":4913},{"icon":952},[4914],{"type":413,"tag":414,"props":4915,"children":4916},{},[4917],{"type":418,"value":4918},"That's precisely why when hosting applications in Azure, we use Managed Identities and IAM roles instead of relying on secrets. Yet, here we can't use Managed Identities for GitHub Actions pipelines.",{"type":413,"tag":414,"props":4920,"children":4921},{},[4922],{"type":418,"value":4923},"From a practical standpoint, depending on secrets can quickly become problematic as they expire and thus require rotation. Of course, you can set up alerting or automate secret rotation but that's something you would prefer to avoid managing.",{"type":413,"tag":496,"props":4925,"children":4926},{"icon":557},[4927],{"type":413,"tag":414,"props":4928,"children":4929},{},[4930],{"type":418,"value":4931},"I recently encountered a situation in Azure DevOps where a deployment failed due to the expiration of an Azure AD Application secret associated with the Service Connection used in the pipeline, and we were not alerted about it. That's the kind of scenario that can easily happen with secrets and that you want to avoid.",{"type":413,"tag":414,"props":4933,"children":4934},{},[4935],{"type":418,"value":4936},"So what can we do about that?",{"type":413,"tag":414,"props":4938,"children":4939},{},[4940,4942,4947,4949,4956],{"type":418,"value":4941},"👉 We can stop using secret credentials and use ",{"type":413,"tag":432,"props":4943,"children":4945},{"href":467,"rel":4944},[436],[4946],{"type":418,"value":471},{"type":418,"value":4948}," instead. I suggest you have a look at this ",{"type":413,"tag":432,"props":4950,"children":4953},{"href":4951,"rel":4952},"https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect",[436],[4954],{"type":418,"value":4955},"GitHub documentation page",{"type":418,"value":4957}," as well to better understand how it works but basically, you can remember the following:",{"type":413,"tag":443,"props":4959,"children":4960},{},[4961,4966,4971],{"type":413,"tag":447,"props":4962,"children":4963},{},[4964],{"type":418,"value":4965},"this mechanism relies on Open ID Connect and trust between Azure and GitHub",{"type":413,"tag":447,"props":4967,"children":4968},{},[4969],{"type":418,"value":4970},"the GitHub pipeline does not need an Azure AD application secret anymore to authenticate to Azure",{"type":413,"tag":447,"props":4972,"children":4973},{},[4974],{"type":418,"value":4975},"it's not an Azure thing only, it's an open standard that also works with other cloud providers and other platforms than Github",{"type":413,"tag":414,"props":4977,"children":4978},{},[4979,4981,4986,4988,4995],{"type":418,"value":4980},"To establish the trust relationship between the Azure AD application and the GitHub repository, a ",{"type":413,"tag":706,"props":4982,"children":4983},{},[4984],{"type":418,"value":4985},"Federated Identity Credential",{"type":418,"value":4987}," must be created in the Azure Active Directory. You can find how to do that manually from the portal in the ",{"type":413,"tag":432,"props":4989,"children":4992},{"href":4990,"rel":4991},"https://learn.microsoft.com/en-us/azure/active-directory/workload-identities/workload-identity-federation-create-trust?pivots=identity-wif-apps-methods-azp",[436],[4993],{"type":418,"value":4994},"documentation",{"type":418,"value":4996}," but we are going to directly automate that 😉.",{"type":413,"tag":600,"props":4998,"children":5000},{"id":4999},"the-complete-solution-to-implement",[5001],{"type":418,"value":5002},"The complete solution to implement",{"type":413,"tag":414,"props":5004,"children":5005},{},[5006],{"type":413,"tag":487,"props":5007,"children":5011},{"alt":5008,"className":5009,"src":5010},"A diagram showing the interactions between Azure and GitHub.",[491,492],"/posts/images/azurereadygithub_overview_2.webp",[],{"type":413,"tag":420,"props":5013,"children":5015},{"id":5014},"why-use-pulumi-in-that-context",[5016],{"type":418,"value":5017},"Why use Pulumi in that context?",{"type":413,"tag":414,"props":5019,"children":5020},{},[5021],{"type":418,"value":5022},"You might wonder why I chose to automate this process using Pulumi instead of writing a Bash or PowerShell script that would execute commands from the GitHub CLI and the Azure CLI.",{"type":413,"tag":496,"props":5024,"children":5025},{"icon":4578},[5026],{"type":413,"tag":414,"props":5027,"children":5028},{},[5029,5031,5037,5039,5045],{"type":418,"value":5030},"By the way, you should check ",{"type":413,"tag":432,"props":5032,"children":5035},{"href":5033,"rel":5034},"https://cli.github.com/",[436],[5036],{"type":418,"value":379},{"type":418,"value":5038}," if you have not done it yet, it's very handy. And if you have read my article about ",{"type":413,"tag":432,"props":5040,"children":5043},{"href":5041,"rel":5042},"https://www.techwatching.dev/posts/welcome-azure-cli",[436],[5044],{"type":418,"value":225},{"type":418,"value":5046},", you know it's a very convenient tool as well.",{"type":413,"tag":414,"props":5048,"children":5049},{},[5050],{"type":418,"value":5051},"I think Pulumi is a better choice here because:",{"type":413,"tag":443,"props":5053,"children":5054},{},[5055,5060,5065,5070],{"type":413,"tag":447,"props":5056,"children":5057},{},[5058],{"type":418,"value":5059},"a script is imperative by nature, but declarative infrastructure seems more suitable to avoid dealing with idempotency",{"type":413,"tag":447,"props":5061,"children":5062},{},[5063],{"type":418,"value":5064},"Pulumi can interact with both GitHub and Azure using its providers",{"type":413,"tag":447,"props":5066,"children":5067},{},[5068],{"type":418,"value":5069},"the code will be easier to write and maintain",{"type":413,"tag":447,"props":5071,"children":5072},{},[5073],{"type":418,"value":5074},"the code could be integrated into any application (including a future self-service infrastructure portal) using Pulumi Automation API",{"type":413,"tag":414,"props":5076,"children":5077},{},[5078],{"type":418,"value":5079},"In this article, the Pulumi code will be in TypeScript but it would work in any language supported by Pulumi.",{"type":413,"tag":420,"props":5081,"children":5083},{"id":5082},"automate-the-creation-of-the-azure-ready-github-repository",[5084],{"type":418,"value":5085},"Automate the creation of the Azure-Ready GitHub Repository",{"type":413,"tag":600,"props":5087,"children":5089},{"id":5088},"create-the-pulumi-project",[5090],{"type":418,"value":5091},"Create the Pulumi project",{"type":413,"tag":414,"props":5093,"children":5094},{},[5095],{"type":418,"value":5096},"Let's start by scaffolding a new Pulumi project using TypeScript:",{"type":413,"tag":612,"props":5098,"children":5101},{"className":5099,"code":5100,"language":248,"meta":401,"style":401},"language-powershell shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","pulumi new typescript -n AzureOIDC -s dev -d \"A program to set up an Azure-Ready GitHub repository\"\n",[5102],{"type":413,"tag":619,"props":5103,"children":5104},{"__ignoreMap":401},[5105],{"type":413,"tag":623,"props":5106,"children":5107},{"class":625,"line":626},[5108,5113,5117,5122,5126,5131,5135,5140,5144,5149],{"type":413,"tag":623,"props":5109,"children":5110},{"style":1058},[5111],{"type":418,"value":5112},"pulumi new typescript ",{"type":413,"tag":623,"props":5114,"children":5115},{"style":671},[5116],{"type":418,"value":3503},{"type":413,"tag":623,"props":5118,"children":5119},{"style":1058},[5120],{"type":418,"value":5121},"n AzureOIDC ",{"type":413,"tag":623,"props":5123,"children":5124},{"style":671},[5125],{"type":418,"value":3503},{"type":413,"tag":623,"props":5127,"children":5128},{"style":1058},[5129],{"type":418,"value":5130},"s dev ",{"type":413,"tag":623,"props":5132,"children":5133},{"style":671},[5134],{"type":418,"value":3503},{"type":413,"tag":623,"props":5136,"children":5137},{"style":1058},[5138],{"type":418,"value":5139},"d ",{"type":413,"tag":623,"props":5141,"children":5142},{"style":671},[5143],{"type":418,"value":1023},{"type":413,"tag":623,"props":5145,"children":5146},{"style":635},[5147],{"type":418,"value":5148},"A program to set up an Azure-Ready GitHub repository",{"type":413,"tag":623,"props":5150,"children":5151},{"style":671},[5152],{"type":418,"value":684},{"type":413,"tag":414,"props":5154,"children":5155},{},[5156],{"type":418,"value":5157},"This command creates a new pulumi project and stack from the TypeScript template:",{"type":413,"tag":443,"props":5159,"children":5160},{},[5161,5178,5193],{"type":413,"tag":447,"props":5162,"children":5163},{},[5164,5165,5170,5172,5177],{"type":418,"value":704},{"type":413,"tag":706,"props":5166,"children":5167},{},[5168],{"type":418,"value":5169},"AzureOIDC\"",{"type":418,"value":5171}," is specified using the ",{"type":413,"tag":619,"props":5173,"children":5175},{"className":5174},[],[5176],{"type":418,"value":718},{"type":418,"value":720},{"type":413,"tag":447,"props":5179,"children":5180},{},[5181,5182,5186,5187,5192],{"type":418,"value":725},{"type":413,"tag":706,"props":5183,"children":5184},{},[5185],{"type":418,"value":5148},{"type":418,"value":712},{"type":413,"tag":619,"props":5188,"children":5190},{"className":5189},[],[5191],{"type":418,"value":736},{"type":418,"value":720},{"type":413,"tag":447,"props":5194,"children":5195},{},[5196,5197,5201,5202,5207],{"type":418,"value":742},{"type":413,"tag":706,"props":5198,"children":5199},{},[5200],{"type":418,"value":747},{"type":418,"value":712},{"type":413,"tag":619,"props":5203,"children":5205},{"className":5204},[],[5206],{"type":418,"value":754},{"type":418,"value":720},{"type":413,"tag":496,"props":5209,"children":5210},{"icon":498},[5211],{"type":413,"tag":414,"props":5212,"children":5213},{},[5214,5216,5222,5224,5230,5232,5237,5239,5245],{"type":418,"value":5215},"By default, the ",{"type":413,"tag":619,"props":5217,"children":5219},{"className":5218},[],[5220],{"type":418,"value":5221},"pulumi new",{"type":418,"value":5223}," command installs the dependencies when creating the project. You can prevent this by specifying the ",{"type":413,"tag":619,"props":5225,"children":5227},{"className":5226},[],[5228],{"type":418,"value":5229},"-g",{"type":418,"value":5231}," option, which is useful when you want to use another package manager than the default one (",{"type":413,"tag":619,"props":5233,"children":5235},{"className":5234},[],[5236],{"type":418,"value":362},{"type":418,"value":5238}," instead of ",{"type":413,"tag":619,"props":5240,"children":5242},{"className":5241},[],[5243],{"type":418,"value":5244},"npm",{"type":418,"value":5246}," for instance).",{"type":413,"tag":414,"props":5248,"children":5249},{},[5250],{"type":418,"value":760},{"type":413,"tag":443,"props":5252,"children":5253},{},[5254,5263,5272],{"type":413,"tag":447,"props":5255,"children":5256},{},[5257,5258],{"type":418,"value":768},{"type":413,"tag":432,"props":5259,"children":5261},{"href":771,"rel":5260},[436],[5262],{"type":418,"value":775},{"type":413,"tag":447,"props":5264,"children":5265},{},[5266,5267],{"type":418,"value":768},{"type":413,"tag":432,"props":5268,"children":5270},{"href":782,"rel":5269},[436],[5271],{"type":418,"value":786},{"type":413,"tag":447,"props":5273,"children":5274},{},[5275,5276],{"type":418,"value":768},{"type":413,"tag":432,"props":5277,"children":5280},{"href":5278,"rel":5279},"https://www.pulumi.com/registry/packages/github/",[436],[5281],{"type":418,"value":5282},"GitHub provider",{"type":413,"tag":414,"props":5284,"children":5285},{},[5286,5288,5294],{"type":418,"value":5287},"So we can add the following packages to our ",{"type":413,"tag":619,"props":5289,"children":5291},{"className":5290},[],[5292],{"type":418,"value":5293},"package.json",{"type":418,"value":5295}," file:",{"type":413,"tag":443,"props":5297,"children":5298},{},[5299,5304,5309],{"type":413,"tag":447,"props":5300,"children":5301},{},[5302],{"type":418,"value":5303},"@pulumi/azure-native",{"type":413,"tag":447,"props":5305,"children":5306},{},[5307],{"type":418,"value":5308},"@pulumi/azuread",{"type":413,"tag":447,"props":5310,"children":5311},{},[5312],{"type":418,"value":5313},"@pulumi/github",{"type":413,"tag":600,"props":5315,"children":5317},{"id":5316},"create-the-repository-on-github",[5318],{"type":418,"value":5319},"Create the repository on GitHub",{"type":413,"tag":414,"props":5321,"children":5322},{},[5323,5325,5332,5334,5341],{"type":418,"value":5324},"To use the GitHub provider, we have to provide GitHub credentials. For that, we can create a personal access token (I prefer to create a ",{"type":413,"tag":432,"props":5326,"children":5329},{"href":5327,"rel":5328},"https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#fine-grained-personal-access-tokens",[436],[5330],{"type":418,"value":5331},"fine-grained personal access token",{"type":418,"value":5333}," although a ",{"type":413,"tag":432,"props":5335,"children":5338},{"href":5336,"rel":5337},"https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-personal-access-token-classic",[436],[5339],{"type":418,"value":5340},"classic personal access token",{"type":418,"value":5342}," would also work). Next, we simply set the GitHub token in our Pulumi configuration, and the GitHub provider will automatically use it:",{"type":413,"tag":612,"props":5344,"children":5346},{"className":5099,"code":5345,"language":248,"meta":401,"style":401},"pulumi config set github:token XXXXXXXXXXXXXX --secret\n",[5347],{"type":413,"tag":619,"props":5348,"children":5349},{"__ignoreMap":401},[5350],{"type":413,"tag":623,"props":5351,"children":5352},{"class":625,"line":626},[5353,5358,5363],{"type":413,"tag":623,"props":5354,"children":5355},{"style":1058},[5356],{"type":418,"value":5357},"pulumi config set github:token XXXXXXXXXXXXXX ",{"type":413,"tag":623,"props":5359,"children":5360},{"style":671},[5361],{"type":418,"value":5362},"--",{"type":413,"tag":623,"props":5364,"children":5365},{"style":1058},[5366],{"type":418,"value":5367},"secret\n",{"type":413,"tag":496,"props":5369,"children":5370},{"icon":952},[5371],{"type":413,"tag":414,"props":5372,"children":5373},{},[5374,5376,5381],{"type":418,"value":5375},"Don't forget to include the ",{"type":413,"tag":619,"props":5377,"children":5379},{"className":5378},[],[5380],{"type":418,"value":964},{"type":418,"value":5382}," option when setting sensitive configurations, as this ensures that Pulumi encrypts the information. By doing so, we can safely commit the configuration files without creating security risks.",{"type":413,"tag":414,"props":5384,"children":5385},{},[5386],{"type":418,"value":5387},"Now, it's time to create our GitHub repository!",{"type":413,"tag":612,"props":5389,"children":5392},{"className":5390,"code":5391,"language":357,"meta":401,"style":401},"language-typescript shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","import * as github from \"@pulumi/github\";\n\nconst repository = new github.Repository(\"azure-ready-repository\", {\n  name: \"azure-ready-repository\",\n  visibility: \"public\",\n  autoInit: true\n});\n\nexport const repositoryCloneUrl = repository.httpCloneUrl;\n",[5393],{"type":413,"tag":619,"props":5394,"children":5395},{"__ignoreMap":401},[5396,5440,5447,5508,5537,5566,5584,5600,5607],{"type":413,"tag":623,"props":5397,"children":5398},{"class":625,"line":626},[5399,5404,5409,5414,5419,5424,5428,5432,5436],{"type":413,"tag":623,"props":5400,"children":5401},{"style":2485},[5402],{"type":418,"value":5403},"import",{"type":413,"tag":623,"props":5405,"children":5406},{"style":671},[5407],{"type":418,"value":5408}," *",{"type":413,"tag":623,"props":5410,"children":5411},{"style":2485},[5412],{"type":418,"value":5413}," as",{"type":413,"tag":623,"props":5415,"children":5416},{"style":1058},[5417],{"type":418,"value":5418}," github ",{"type":413,"tag":623,"props":5420,"children":5421},{"style":2485},[5422],{"type":418,"value":5423},"from",{"type":413,"tag":623,"props":5425,"children":5426},{"style":671},[5427],{"type":418,"value":674},{"type":413,"tag":623,"props":5429,"children":5430},{"style":635},[5431],{"type":418,"value":5313},{"type":413,"tag":623,"props":5433,"children":5434},{"style":671},[5435],{"type":418,"value":1023},{"type":413,"tag":623,"props":5437,"children":5438},{"style":671},[5439],{"type":418,"value":2524},{"type":413,"tag":623,"props":5441,"children":5442},{"class":625,"line":1045},[5443],{"type":413,"tag":623,"props":5444,"children":5445},{"emptyLinePlaceholder":2790},[5446],{"type":418,"value":2793},{"type":413,"tag":623,"props":5448,"children":5449},{"class":625,"line":1054},[5450,5455,5460,5464,5468,5473,5477,5482,5486,5490,5495,5499,5503],{"type":413,"tag":623,"props":5451,"children":5452},{"style":2854},[5453],{"type":418,"value":5454},"const",{"type":413,"tag":623,"props":5456,"children":5457},{"style":1058},[5458],{"type":418,"value":5459}," repository ",{"type":413,"tag":623,"props":5461,"children":5462},{"style":671},[5463],{"type":418,"value":1066},{"type":413,"tag":623,"props":5465,"children":5466},{"style":671},[5467],{"type":418,"value":638},{"type":413,"tag":623,"props":5469,"children":5470},{"style":1058},[5471],{"type":418,"value":5472}," github",{"type":413,"tag":623,"props":5474,"children":5475},{"style":671},[5476],{"type":418,"value":1404},{"type":413,"tag":623,"props":5478,"children":5479},{"style":1407},[5480],{"type":418,"value":5481},"Repository",{"type":413,"tag":623,"props":5483,"children":5484},{"style":1058},[5485],{"type":418,"value":1018},{"type":413,"tag":623,"props":5487,"children":5488},{"style":671},[5489],{"type":418,"value":1023},{"type":413,"tag":623,"props":5491,"children":5492},{"style":635},[5493],{"type":418,"value":5494},"azure-ready-repository",{"type":413,"tag":623,"props":5496,"children":5497},{"style":671},[5498],{"type":418,"value":1023},{"type":413,"tag":623,"props":5500,"children":5501},{"style":671},[5502],{"type":418,"value":1037},{"type":413,"tag":623,"props":5504,"children":5505},{"style":671},[5506],{"type":418,"value":5507}," {\n",{"type":413,"tag":623,"props":5509,"children":5510},{"class":625,"line":1087},[5511,5517,5521,5525,5529,5533],{"type":413,"tag":623,"props":5512,"children":5514},{"style":5513},"--shiki-light:#E53935;--shiki-default:#F07178;--shiki-dark:#F07178",[5515],{"type":418,"value":5516},"  name",{"type":413,"tag":623,"props":5518,"children":5519},{"style":671},[5520],{"type":418,"value":3493},{"type":413,"tag":623,"props":5522,"children":5523},{"style":671},[5524],{"type":418,"value":674},{"type":413,"tag":623,"props":5526,"children":5527},{"style":635},[5528],{"type":418,"value":5494},{"type":413,"tag":623,"props":5530,"children":5531},{"style":671},[5532],{"type":418,"value":1023},{"type":413,"tag":623,"props":5534,"children":5535},{"style":671},[5536],{"type":418,"value":1084},{"type":413,"tag":623,"props":5538,"children":5539},{"class":625,"line":1104},[5540,5545,5549,5553,5558,5562],{"type":413,"tag":623,"props":5541,"children":5542},{"style":5513},[5543],{"type":418,"value":5544},"  visibility",{"type":413,"tag":623,"props":5546,"children":5547},{"style":671},[5548],{"type":418,"value":3493},{"type":413,"tag":623,"props":5550,"children":5551},{"style":671},[5552],{"type":418,"value":674},{"type":413,"tag":623,"props":5554,"children":5555},{"style":635},[5556],{"type":418,"value":5557},"public",{"type":413,"tag":623,"props":5559,"children":5560},{"style":671},[5561],{"type":418,"value":1023},{"type":413,"tag":623,"props":5563,"children":5564},{"style":671},[5565],{"type":418,"value":1084},{"type":413,"tag":623,"props":5567,"children":5568},{"class":625,"line":1113},[5569,5574,5578],{"type":413,"tag":623,"props":5570,"children":5571},{"style":5513},[5572],{"type":418,"value":5573},"  autoInit",{"type":413,"tag":623,"props":5575,"children":5576},{"style":671},[5577],{"type":418,"value":3493},{"type":413,"tag":623,"props":5579,"children":5581},{"style":5580},"--shiki-light:#FF5370;--shiki-default:#FF9CAC;--shiki-dark:#FF9CAC",[5582],{"type":418,"value":5583}," true\n",{"type":413,"tag":623,"props":5585,"children":5586},{"class":625,"line":1161},[5587,5591,5596],{"type":413,"tag":623,"props":5588,"children":5589},{"style":671},[5590],{"type":418,"value":3327},{"type":413,"tag":623,"props":5592,"children":5593},{"style":1058},[5594],{"type":418,"value":5595},")",{"type":413,"tag":623,"props":5597,"children":5598},{"style":671},[5599],{"type":418,"value":2524},{"type":413,"tag":623,"props":5601,"children":5602},{"class":625,"line":1207},[5603],{"type":413,"tag":623,"props":5604,"children":5605},{"emptyLinePlaceholder":2790},[5606],{"type":418,"value":2793},{"type":413,"tag":623,"props":5608,"children":5609},{"class":625,"line":1251},[5610,5615,5620,5625,5629,5633,5637,5642],{"type":413,"tag":623,"props":5611,"children":5612},{"style":2485},[5613],{"type":418,"value":5614},"export",{"type":413,"tag":623,"props":5616,"children":5617},{"style":2854},[5618],{"type":418,"value":5619}," const",{"type":413,"tag":623,"props":5621,"children":5622},{"style":1058},[5623],{"type":418,"value":5624}," repositoryCloneUrl ",{"type":413,"tag":623,"props":5626,"children":5627},{"style":671},[5628],{"type":418,"value":1066},{"type":413,"tag":623,"props":5630,"children":5631},{"style":1058},[5632],{"type":418,"value":1390},{"type":413,"tag":623,"props":5634,"children":5635},{"style":671},[5636],{"type":418,"value":1404},{"type":413,"tag":623,"props":5638,"children":5639},{"style":1058},[5640],{"type":418,"value":5641},"httpCloneUrl",{"type":413,"tag":623,"props":5643,"children":5644},{"style":671},[5645],{"type":418,"value":2524},{"type":413,"tag":414,"props":5647,"children":5648},{},[5649,5651,5658,5660,5666],{"type":418,"value":5650},"Pulumi has an ",{"type":413,"tag":432,"props":5652,"children":5655},{"href":5653,"rel":5654},"https://www.pulumi.com/docs/concepts/resources/names/#autonaming",[436],[5656],{"type":418,"value":5657},"auto-naming capability",{"type":418,"value":5659}," that is very convenient to prevent name collisions or to ensure zero-downtime resource updates. Yet, in this context, I prefer to avoid a random suffix in my GitHub repository name, that's why I am specifying the ",{"type":413,"tag":619,"props":5661,"children":5663},{"className":5662},[],[5664],{"type":418,"value":5665},"name",{"type":418,"value":5667}," property to override the auto-naming behavior.",{"type":413,"tag":414,"props":5669,"children":5670},{},[5671,5673,5680,5682,5688],{"type":418,"value":5672},"The last line creates a stack ",{"type":413,"tag":432,"props":5674,"children":5677},{"href":5675,"rel":5676},"https://www.pulumi.com/docs/concepts/stack/#outputs",[436],[5678],{"type":418,"value":5679},"output",{"type":418,"value":5681}," named ",{"type":413,"tag":619,"props":5683,"children":5685},{"className":5684},[],[5686],{"type":418,"value":5687},"repositoryCloneUrl",{"type":418,"value":5689}," so that we can easily get the URL to clone our newly created repository.",{"type":413,"tag":496,"props":5691,"children":5692},{"icon":498},[5693],{"type":413,"tag":414,"props":5694,"children":5695},{},[5696,5698,5704,5706,5712,5714,5720],{"type":418,"value":5697},"I wanted the repository to be initialized, that's why I set the ",{"type":413,"tag":619,"props":5699,"children":5701},{"className":5700},[],[5702],{"type":418,"value":5703},"autoInit",{"type":418,"value":5705}," property to ",{"type":413,"tag":619,"props":5707,"children":5709},{"className":5708},[],[5710],{"type":418,"value":5711},"true",{"type":418,"value":5713}," but you should set it to ",{"type":413,"tag":619,"props":5715,"children":5717},{"className":5716},[],[5718],{"type":418,"value":5719},"false",{"type":418,"value":5721}," if you have an existing local git repository that you want to push on this GitHub repository.",{"type":413,"tag":600,"props":5723,"children":5725},{"id":5724},"create-the-identity-in-azure-active-directory-for-the-github-actions-workflow",[5726,5728,5732],{"type":418,"value":5727},"Create the ",{"type":413,"tag":706,"props":5729,"children":5730},{},[5731],{"type":418,"value":4847},{"type":418,"value":5733}," in Azure Active Directory for the GitHub Actions workflow",{"type":413,"tag":414,"props":5735,"children":5736},{},[5737],{"type":418,"value":5738},"Creating an Azure AD application and its service principal is not very complicated:",{"type":413,"tag":612,"props":5740,"children":5742},{"className":5390,"code":5741,"language":357,"meta":401,"style":401},"import * as azuread from \"@pulumi/azuread\";\n\nconst aadApplication = new azuread.Application(\"AzureReadyApp\", { displayName: \"Azure Ready App\" });\nconst servicePrincipal = new azuread.ServicePrincipal(\"AzureReadServicePrincipal\", {\n  applicationId: aadApplication.applicationId,\n});\n",[5743],{"type":413,"tag":619,"props":5744,"children":5745},{"__ignoreMap":401},[5746,5786,5793,5888,5945,5974],{"type":413,"tag":623,"props":5747,"children":5748},{"class":625,"line":626},[5749,5753,5757,5761,5766,5770,5774,5778,5782],{"type":413,"tag":623,"props":5750,"children":5751},{"style":2485},[5752],{"type":418,"value":5403},{"type":413,"tag":623,"props":5754,"children":5755},{"style":671},[5756],{"type":418,"value":5408},{"type":413,"tag":623,"props":5758,"children":5759},{"style":2485},[5760],{"type":418,"value":5413},{"type":413,"tag":623,"props":5762,"children":5763},{"style":1058},[5764],{"type":418,"value":5765}," azuread ",{"type":413,"tag":623,"props":5767,"children":5768},{"style":2485},[5769],{"type":418,"value":5423},{"type":413,"tag":623,"props":5771,"children":5772},{"style":671},[5773],{"type":418,"value":674},{"type":413,"tag":623,"props":5775,"children":5776},{"style":635},[5777],{"type":418,"value":5308},{"type":413,"tag":623,"props":5779,"children":5780},{"style":671},[5781],{"type":418,"value":1023},{"type":413,"tag":623,"props":5783,"children":5784},{"style":671},[5785],{"type":418,"value":2524},{"type":413,"tag":623,"props":5787,"children":5788},{"class":625,"line":1045},[5789],{"type":413,"tag":623,"props":5790,"children":5791},{"emptyLinePlaceholder":2790},[5792],{"type":418,"value":2793},{"type":413,"tag":623,"props":5794,"children":5795},{"class":625,"line":1054},[5796,5800,5805,5809,5813,5818,5822,5827,5831,5835,5840,5844,5848,5853,5858,5862,5866,5871,5875,5880,5884],{"type":413,"tag":623,"props":5797,"children":5798},{"style":2854},[5799],{"type":418,"value":5454},{"type":413,"tag":623,"props":5801,"children":5802},{"style":1058},[5803],{"type":418,"value":5804}," aadApplication ",{"type":413,"tag":623,"props":5806,"children":5807},{"style":671},[5808],{"type":418,"value":1066},{"type":413,"tag":623,"props":5810,"children":5811},{"style":671},[5812],{"type":418,"value":638},{"type":413,"tag":623,"props":5814,"children":5815},{"style":1058},[5816],{"type":418,"value":5817}," azuread",{"type":413,"tag":623,"props":5819,"children":5820},{"style":671},[5821],{"type":418,"value":1404},{"type":413,"tag":623,"props":5823,"children":5824},{"style":1407},[5825],{"type":418,"value":5826},"Application",{"type":413,"tag":623,"props":5828,"children":5829},{"style":1058},[5830],{"type":418,"value":1018},{"type":413,"tag":623,"props":5832,"children":5833},{"style":671},[5834],{"type":418,"value":1023},{"type":413,"tag":623,"props":5836,"children":5837},{"style":635},[5838],{"type":418,"value":5839},"AzureReadyApp",{"type":413,"tag":623,"props":5841,"children":5842},{"style":671},[5843],{"type":418,"value":1023},{"type":413,"tag":623,"props":5845,"children":5846},{"style":671},[5847],{"type":418,"value":1037},{"type":413,"tag":623,"props":5849,"children":5850},{"style":671},[5851],{"type":418,"value":5852}," {",{"type":413,"tag":623,"props":5854,"children":5855},{"style":5513},[5856],{"type":418,"value":5857}," displayName",{"type":413,"tag":623,"props":5859,"children":5860},{"style":671},[5861],{"type":418,"value":3493},{"type":413,"tag":623,"props":5863,"children":5864},{"style":671},[5865],{"type":418,"value":674},{"type":413,"tag":623,"props":5867,"children":5868},{"style":635},[5869],{"type":418,"value":5870},"Azure Ready App",{"type":413,"tag":623,"props":5872,"children":5873},{"style":671},[5874],{"type":418,"value":1023},{"type":413,"tag":623,"props":5876,"children":5877},{"style":671},[5878],{"type":418,"value":5879}," }",{"type":413,"tag":623,"props":5881,"children":5882},{"style":1058},[5883],{"type":418,"value":5595},{"type":413,"tag":623,"props":5885,"children":5886},{"style":671},[5887],{"type":418,"value":2524},{"type":413,"tag":623,"props":5889,"children":5890},{"class":625,"line":1087},[5891,5895,5900,5904,5908,5912,5916,5920,5924,5928,5933,5937,5941],{"type":413,"tag":623,"props":5892,"children":5893},{"style":2854},[5894],{"type":418,"value":5454},{"type":413,"tag":623,"props":5896,"children":5897},{"style":1058},[5898],{"type":418,"value":5899}," servicePrincipal ",{"type":413,"tag":623,"props":5901,"children":5902},{"style":671},[5903],{"type":418,"value":1066},{"type":413,"tag":623,"props":5905,"children":5906},{"style":671},[5907],{"type":418,"value":638},{"type":413,"tag":623,"props":5909,"children":5910},{"style":1058},[5911],{"type":418,"value":5817},{"type":413,"tag":623,"props":5913,"children":5914},{"style":671},[5915],{"type":418,"value":1404},{"type":413,"tag":623,"props":5917,"children":5918},{"style":1407},[5919],{"type":418,"value":2950},{"type":413,"tag":623,"props":5921,"children":5922},{"style":1058},[5923],{"type":418,"value":1018},{"type":413,"tag":623,"props":5925,"children":5926},{"style":671},[5927],{"type":418,"value":1023},{"type":413,"tag":623,"props":5929,"children":5930},{"style":635},[5931],{"type":418,"value":5932},"AzureReadServicePrincipal",{"type":413,"tag":623,"props":5934,"children":5935},{"style":671},[5936],{"type":418,"value":1023},{"type":413,"tag":623,"props":5938,"children":5939},{"style":671},[5940],{"type":418,"value":1037},{"type":413,"tag":623,"props":5942,"children":5943},{"style":671},[5944],{"type":418,"value":5507},{"type":413,"tag":623,"props":5946,"children":5947},{"class":625,"line":1104},[5948,5953,5957,5961,5965,5970],{"type":413,"tag":623,"props":5949,"children":5950},{"style":5513},[5951],{"type":418,"value":5952},"  applicationId",{"type":413,"tag":623,"props":5954,"children":5955},{"style":671},[5956],{"type":418,"value":3493},{"type":413,"tag":623,"props":5958,"children":5959},{"style":1058},[5960],{"type":418,"value":2615},{"type":413,"tag":623,"props":5962,"children":5963},{"style":671},[5964],{"type":418,"value":1404},{"type":413,"tag":623,"props":5966,"children":5967},{"style":1058},[5968],{"type":418,"value":5969},"applicationId",{"type":413,"tag":623,"props":5971,"children":5972},{"style":671},[5973],{"type":418,"value":1084},{"type":413,"tag":623,"props":5975,"children":5976},{"class":625,"line":1113},[5977,5981,5985],{"type":413,"tag":623,"props":5978,"children":5979},{"style":671},[5980],{"type":418,"value":3327},{"type":413,"tag":623,"props":5982,"children":5983},{"style":1058},[5984],{"type":418,"value":5595},{"type":413,"tag":623,"props":5986,"children":5987},{"style":671},[5988],{"type":418,"value":2524},{"type":413,"tag":414,"props":5990,"children":5991},{},[5992,5994,6003],{"type":418,"value":5993},"The OIDC trust thing is a bit more complex. Fortunately, Microsoft's documentation has a detailed page ",{"type":413,"tag":432,"props":5995,"children":5997},{"href":4990,"rel":5996},[436],[5998],{"type":413,"tag":706,"props":5999,"children":6000},{},[6001],{"type":418,"value":6002},"Configuring an app to trust an external identity provider",{"type":418,"value":6004}," that explains everything and shows how to add a federated identity for GitHub Actions using the Azure Portal, Azure CLI, or Azure PowerShell.",{"type":413,"tag":414,"props":6006,"children":6007},{},[6008],{"type":418,"value":6009},"Let's do the same thing using TypeScript and Pulumi Azure AD provider:",{"type":413,"tag":612,"props":6011,"children":6013},{"className":5390,"code":6012,"language":357,"meta":401,"style":401},"new azuread.ApplicationFederatedIdentityCredential(\"AzureReadyAppFederatedIdentityCredential\", {\n  applicationObjectId: aadApplication.objectId,\n  displayName: \"AzureReadyDeploys\",\n  description: \"Deployments for azure-ready-repository\",\n  audiences: [\"api://AzureADTokenExchange\"],\n  issuer: \"https://token.actions.githubusercontent.com\",\n  subject: pulumi.interpolate`repo:${repository.fullName}:ref:refs/heads/main`,\n});\n",[6014],{"type":413,"tag":619,"props":6015,"children":6016},{"__ignoreMap":401},[6017,6062,6091,6119,6147,6184,6213,6285],{"type":413,"tag":623,"props":6018,"children":6019},{"class":625,"line":626},[6020,6024,6028,6032,6037,6041,6045,6050,6054,6058],{"type":413,"tag":623,"props":6021,"children":6022},{"style":671},[6023],{"type":418,"value":2857},{"type":413,"tag":623,"props":6025,"children":6026},{"style":1058},[6027],{"type":418,"value":5817},{"type":413,"tag":623,"props":6029,"children":6030},{"style":671},[6031],{"type":418,"value":1404},{"type":413,"tag":623,"props":6033,"children":6034},{"style":1407},[6035],{"type":418,"value":6036},"ApplicationFederatedIdentityCredential",{"type":413,"tag":623,"props":6038,"children":6039},{"style":1058},[6040],{"type":418,"value":1018},{"type":413,"tag":623,"props":6042,"children":6043},{"style":671},[6044],{"type":418,"value":1023},{"type":413,"tag":623,"props":6046,"children":6047},{"style":635},[6048],{"type":418,"value":6049},"AzureReadyAppFederatedIdentityCredential",{"type":413,"tag":623,"props":6051,"children":6052},{"style":671},[6053],{"type":418,"value":1023},{"type":413,"tag":623,"props":6055,"children":6056},{"style":671},[6057],{"type":418,"value":1037},{"type":413,"tag":623,"props":6059,"children":6060},{"style":671},[6061],{"type":418,"value":5507},{"type":413,"tag":623,"props":6063,"children":6064},{"class":625,"line":1045},[6065,6070,6074,6078,6082,6087],{"type":413,"tag":623,"props":6066,"children":6067},{"style":5513},[6068],{"type":418,"value":6069},"  applicationObjectId",{"type":413,"tag":623,"props":6071,"children":6072},{"style":671},[6073],{"type":418,"value":3493},{"type":413,"tag":623,"props":6075,"children":6076},{"style":1058},[6077],{"type":418,"value":2615},{"type":413,"tag":623,"props":6079,"children":6080},{"style":671},[6081],{"type":418,"value":1404},{"type":413,"tag":623,"props":6083,"children":6084},{"style":1058},[6085],{"type":418,"value":6086},"objectId",{"type":413,"tag":623,"props":6088,"children":6089},{"style":671},[6090],{"type":418,"value":1084},{"type":413,"tag":623,"props":6092,"children":6093},{"class":625,"line":1054},[6094,6099,6103,6107,6111,6115],{"type":413,"tag":623,"props":6095,"children":6096},{"style":5513},[6097],{"type":418,"value":6098},"  displayName",{"type":413,"tag":623,"props":6100,"children":6101},{"style":671},[6102],{"type":418,"value":3493},{"type":413,"tag":623,"props":6104,"children":6105},{"style":671},[6106],{"type":418,"value":674},{"type":413,"tag":623,"props":6108,"children":6109},{"style":635},[6110],{"type":418,"value":3176},{"type":413,"tag":623,"props":6112,"children":6113},{"style":671},[6114],{"type":418,"value":1023},{"type":413,"tag":623,"props":6116,"children":6117},{"style":671},[6118],{"type":418,"value":1084},{"type":413,"tag":623,"props":6120,"children":6121},{"class":625,"line":1087},[6122,6127,6131,6135,6139,6143],{"type":413,"tag":623,"props":6123,"children":6124},{"style":5513},[6125],{"type":418,"value":6126},"  description",{"type":413,"tag":623,"props":6128,"children":6129},{"style":671},[6130],{"type":418,"value":3493},{"type":413,"tag":623,"props":6132,"children":6133},{"style":671},[6134],{"type":418,"value":674},{"type":413,"tag":623,"props":6136,"children":6137},{"style":635},[6138],{"type":418,"value":3204},{"type":413,"tag":623,"props":6140,"children":6141},{"style":671},[6142],{"type":418,"value":1023},{"type":413,"tag":623,"props":6144,"children":6145},{"style":671},[6146],{"type":418,"value":1084},{"type":413,"tag":623,"props":6148,"children":6149},{"class":625,"line":1104},[6150,6155,6159,6164,6168,6172,6176,6180],{"type":413,"tag":623,"props":6151,"children":6152},{"style":5513},[6153],{"type":418,"value":6154},"  audiences",{"type":413,"tag":623,"props":6156,"children":6157},{"style":671},[6158],{"type":418,"value":3493},{"type":413,"tag":623,"props":6160,"children":6161},{"style":1058},[6162],{"type":418,"value":6163}," [",{"type":413,"tag":623,"props":6165,"children":6166},{"style":671},[6167],{"type":418,"value":1023},{"type":413,"tag":623,"props":6169,"children":6170},{"style":635},[6171],{"type":418,"value":3238},{"type":413,"tag":623,"props":6173,"children":6174},{"style":671},[6175],{"type":418,"value":1023},{"type":413,"tag":623,"props":6177,"children":6178},{"style":1058},[6179],{"type":418,"value":1137},{"type":413,"tag":623,"props":6181,"children":6182},{"style":671},[6183],{"type":418,"value":1084},{"type":413,"tag":623,"props":6185,"children":6186},{"class":625,"line":1113},[6187,6192,6196,6200,6205,6209],{"type":413,"tag":623,"props":6188,"children":6189},{"style":5513},[6190],{"type":418,"value":6191},"  issuer",{"type":413,"tag":623,"props":6193,"children":6194},{"style":671},[6195],{"type":418,"value":3493},{"type":413,"tag":623,"props":6197,"children":6198},{"style":671},[6199],{"type":418,"value":674},{"type":413,"tag":623,"props":6201,"children":6202},{"style":635},[6203],{"type":418,"value":6204},"https://token.actions.githubusercontent.com",{"type":413,"tag":623,"props":6206,"children":6207},{"style":671},[6208],{"type":418,"value":1023},{"type":413,"tag":623,"props":6210,"children":6211},{"style":671},[6212],{"type":418,"value":1084},{"type":413,"tag":623,"props":6214,"children":6215},{"class":625,"line":1161},[6216,6221,6225,6230,6234,6239,6244,6249,6254,6259,6263,6268,6272,6277,6281],{"type":413,"tag":623,"props":6217,"children":6218},{"style":5513},[6219],{"type":418,"value":6220},"  subject",{"type":413,"tag":623,"props":6222,"children":6223},{"style":671},[6224],{"type":418,"value":3493},{"type":413,"tag":623,"props":6226,"children":6227},{"style":1058},[6228],{"type":418,"value":6229}," pulumi",{"type":413,"tag":623,"props":6231,"children":6232},{"style":671},[6233],{"type":418,"value":1404},{"type":413,"tag":623,"props":6235,"children":6236},{"style":1407},[6237],{"type":418,"value":6238},"interpolate",{"type":413,"tag":623,"props":6240,"children":6241},{"style":671},[6242],{"type":418,"value":6243},"`",{"type":413,"tag":623,"props":6245,"children":6246},{"style":635},[6247],{"type":418,"value":6248},"repo:",{"type":413,"tag":623,"props":6250,"children":6251},{"style":671},[6252],{"type":418,"value":6253},"${",{"type":413,"tag":623,"props":6255,"children":6256},{"style":1058},[6257],{"type":418,"value":6258},"repository",{"type":413,"tag":623,"props":6260,"children":6261},{"style":671},[6262],{"type":418,"value":1404},{"type":413,"tag":623,"props":6264,"children":6265},{"style":1058},[6266],{"type":418,"value":6267},"fullName",{"type":413,"tag":623,"props":6269,"children":6270},{"style":671},[6271],{"type":418,"value":3327},{"type":413,"tag":623,"props":6273,"children":6274},{"style":635},[6275],{"type":418,"value":6276},":ref:refs/heads/main",{"type":413,"tag":623,"props":6278,"children":6279},{"style":671},[6280],{"type":418,"value":6243},{"type":413,"tag":623,"props":6282,"children":6283},{"style":671},[6284],{"type":418,"value":1084},{"type":413,"tag":623,"props":6286,"children":6287},{"class":625,"line":1207},[6288,6292,6296],{"type":413,"tag":623,"props":6289,"children":6290},{"style":671},[6291],{"type":418,"value":3327},{"type":413,"tag":623,"props":6293,"children":6294},{"style":1058},[6295],{"type":418,"value":5595},{"type":413,"tag":623,"props":6297,"children":6298},{"style":671},[6299],{"type":418,"value":2524},{"type":413,"tag":414,"props":6301,"children":6302},{},[6303,6305,6311,6313,6318,6320,6325],{"type":418,"value":6304},"The ",{"type":413,"tag":619,"props":6306,"children":6308},{"className":6307},[],[6309],{"type":418,"value":6310},"subject",{"type":418,"value":6312}," property is what identifies the repository where the GitHub Actions workflow will be authorized to exchange its GitHub token for an Azure access token. It's worth noting that it will only work if the GitHub Actions workflow is run on the git reference (branch or tag) or the environment you specify in ",{"type":413,"tag":619,"props":6314,"children":6316},{"className":6315},[],[6317],{"type":418,"value":6310},{"type":418,"value":6319},". You can also specify that only workflows triggered by a pull request should be authorized. Here, I have used the ",{"type":413,"tag":619,"props":6321,"children":6323},{"className":6322},[],[6324],{"type":418,"value":4782},{"type":418,"value":6326}," branch but I could create multiple Federated Identity Credentials with different subjects if needed.",{"type":413,"tag":414,"props":6328,"children":6329},{},[6330],{"type":418,"value":6331},"With this configuration, the GitHub Actions workflow we create next will be able to obtain a valid Azure access token.",{"type":413,"tag":414,"props":6333,"children":6334},{},[6335,6337,6344],{"type":418,"value":6336},"If you are interested in gaining a better understanding of how all this works, you can refer to ",{"type":413,"tag":432,"props":6338,"children":6341},{"href":6339,"rel":6340},"https://learn.microsoft.com/en-us/azure/active-directory/workload-identities/workload-identity-federation#how-it-works",[436],[6342],{"type":418,"value":6343},"this diagram",{"type":418,"value":6345}," from Microsoft's documentation (with GitHub serving as the external identity provider in our case).",{"type":413,"tag":414,"props":6347,"children":6348},{},[6349],{"type":413,"tag":487,"props":6350,"children":6354},{"alt":6351,"className":6352,"src":6353},"Sequence diagram explaining Azure OIDC.",[491,492],"/posts/images/azurereadygithub_identityfederation.webp",[],{"type":413,"tag":600,"props":6356,"children":6358},{"id":6357},"authorize-the-service-principal-to-provision-resources-on-the-subscription",[6359],{"type":418,"value":6360},"Authorize the Service Principal to provision resources on the subscription",{"type":413,"tag":414,"props":6362,"children":6363},{},[6364],{"type":418,"value":6365},"We have created everything we need to get a valid Azure access token, but we still have not authorized the application to provision resources on our subscription.",{"type":413,"tag":414,"props":6367,"children":6368},{},[6369],{"type":418,"value":6370},"We can do that by giving the Contributor role to our service principal.",{"type":413,"tag":612,"props":6372,"children":6374},{"className":5390,"code":6373,"language":357,"meta":401,"style":401},"import * as authorization from \"@pulumi/azure-native/authorization\";\nimport { azureBuiltInRoles } from \"./builtInRoles\";\n\nnew authorization.RoleAssignment(\"contributor\", {\n  principalId: servicePrincipal.id,\n  principalType: authorization.PrincipalType.ServicePrincipal,\n  roleDefinitionId: azureBuiltInRoles.contributor,\n  scope: pulumi.interpolate`/subscriptions/${subscriptionId}`,\n});\n",[6375],{"type":413,"tag":619,"props":6376,"children":6377},{"__ignoreMap":401},[6378,6419,6461,6468,6513,6542,6579,6607,6656],{"type":413,"tag":623,"props":6379,"children":6380},{"class":625,"line":626},[6381,6385,6389,6393,6398,6402,6406,6411,6415],{"type":413,"tag":623,"props":6382,"children":6383},{"style":2485},[6384],{"type":418,"value":5403},{"type":413,"tag":623,"props":6386,"children":6387},{"style":671},[6388],{"type":418,"value":5408},{"type":413,"tag":623,"props":6390,"children":6391},{"style":2485},[6392],{"type":418,"value":5413},{"type":413,"tag":623,"props":6394,"children":6395},{"style":1058},[6396],{"type":418,"value":6397}," authorization ",{"type":413,"tag":623,"props":6399,"children":6400},{"style":2485},[6401],{"type":418,"value":5423},{"type":413,"tag":623,"props":6403,"children":6404},{"style":671},[6405],{"type":418,"value":674},{"type":413,"tag":623,"props":6407,"children":6408},{"style":635},[6409],{"type":418,"value":6410},"@pulumi/azure-native/authorization",{"type":413,"tag":623,"props":6412,"children":6413},{"style":671},[6414],{"type":418,"value":1023},{"type":413,"tag":623,"props":6416,"children":6417},{"style":671},[6418],{"type":418,"value":2524},{"type":413,"tag":623,"props":6420,"children":6421},{"class":625,"line":1045},[6422,6426,6430,6435,6439,6444,6448,6453,6457],{"type":413,"tag":623,"props":6423,"children":6424},{"style":2485},[6425],{"type":418,"value":5403},{"type":413,"tag":623,"props":6427,"children":6428},{"style":671},[6429],{"type":418,"value":5852},{"type":413,"tag":623,"props":6431,"children":6432},{"style":1058},[6433],{"type":418,"value":6434}," azureBuiltInRoles",{"type":413,"tag":623,"props":6436,"children":6437},{"style":671},[6438],{"type":418,"value":5879},{"type":413,"tag":623,"props":6440,"children":6441},{"style":2485},[6442],{"type":418,"value":6443}," from",{"type":413,"tag":623,"props":6445,"children":6446},{"style":671},[6447],{"type":418,"value":674},{"type":413,"tag":623,"props":6449,"children":6450},{"style":635},[6451],{"type":418,"value":6452},"./builtInRoles",{"type":413,"tag":623,"props":6454,"children":6455},{"style":671},[6456],{"type":418,"value":1023},{"type":413,"tag":623,"props":6458,"children":6459},{"style":671},[6460],{"type":418,"value":2524},{"type":413,"tag":623,"props":6462,"children":6463},{"class":625,"line":1054},[6464],{"type":413,"tag":623,"props":6465,"children":6466},{"emptyLinePlaceholder":2790},[6467],{"type":418,"value":2793},{"type":413,"tag":623,"props":6469,"children":6470},{"class":625,"line":1087},[6471,6475,6480,6484,6489,6493,6497,6501,6505,6509],{"type":413,"tag":623,"props":6472,"children":6473},{"style":671},[6474],{"type":418,"value":2857},{"type":413,"tag":623,"props":6476,"children":6477},{"style":1058},[6478],{"type":418,"value":6479}," authorization",{"type":413,"tag":623,"props":6481,"children":6482},{"style":671},[6483],{"type":418,"value":1404},{"type":413,"tag":623,"props":6485,"children":6486},{"style":1407},[6487],{"type":418,"value":6488},"RoleAssignment",{"type":413,"tag":623,"props":6490,"children":6491},{"style":1058},[6492],{"type":418,"value":1018},{"type":413,"tag":623,"props":6494,"children":6495},{"style":671},[6496],{"type":418,"value":1023},{"type":413,"tag":623,"props":6498,"children":6499},{"style":635},[6500],{"type":418,"value":2875},{"type":413,"tag":623,"props":6502,"children":6503},{"style":671},[6504],{"type":418,"value":1023},{"type":413,"tag":623,"props":6506,"children":6507},{"style":671},[6508],{"type":418,"value":1037},{"type":413,"tag":623,"props":6510,"children":6511},{"style":671},[6512],{"type":418,"value":5507},{"type":413,"tag":623,"props":6514,"children":6515},{"class":625,"line":1104},[6516,6521,6525,6529,6533,6538],{"type":413,"tag":623,"props":6517,"children":6518},{"style":5513},[6519],{"type":418,"value":6520},"  principalId",{"type":413,"tag":623,"props":6522,"children":6523},{"style":671},[6524],{"type":418,"value":3493},{"type":413,"tag":623,"props":6526,"children":6527},{"style":1058},[6528],{"type":418,"value":2076},{"type":413,"tag":623,"props":6530,"children":6531},{"style":671},[6532],{"type":418,"value":1404},{"type":413,"tag":623,"props":6534,"children":6535},{"style":1058},[6536],{"type":418,"value":6537},"id",{"type":413,"tag":623,"props":6539,"children":6540},{"style":671},[6541],{"type":418,"value":1084},{"type":413,"tag":623,"props":6543,"children":6544},{"class":625,"line":1113},[6545,6550,6554,6558,6562,6567,6571,6575],{"type":413,"tag":623,"props":6546,"children":6547},{"style":5513},[6548],{"type":418,"value":6549},"  principalType",{"type":413,"tag":623,"props":6551,"children":6552},{"style":671},[6553],{"type":418,"value":3493},{"type":413,"tag":623,"props":6555,"children":6556},{"style":1058},[6557],{"type":418,"value":6479},{"type":413,"tag":623,"props":6559,"children":6560},{"style":671},[6561],{"type":418,"value":1404},{"type":413,"tag":623,"props":6563,"children":6564},{"style":1058},[6565],{"type":418,"value":6566},"PrincipalType",{"type":413,"tag":623,"props":6568,"children":6569},{"style":671},[6570],{"type":418,"value":1404},{"type":413,"tag":623,"props":6572,"children":6573},{"style":1058},[6574],{"type":418,"value":2950},{"type":413,"tag":623,"props":6576,"children":6577},{"style":671},[6578],{"type":418,"value":1084},{"type":413,"tag":623,"props":6580,"children":6581},{"class":625,"line":1161},[6582,6587,6591,6595,6599,6603],{"type":413,"tag":623,"props":6583,"children":6584},{"style":5513},[6585],{"type":418,"value":6586},"  roleDefinitionId",{"type":413,"tag":623,"props":6588,"children":6589},{"style":671},[6590],{"type":418,"value":3493},{"type":413,"tag":623,"props":6592,"children":6593},{"style":1058},[6594],{"type":418,"value":6434},{"type":413,"tag":623,"props":6596,"children":6597},{"style":671},[6598],{"type":418,"value":1404},{"type":413,"tag":623,"props":6600,"children":6601},{"style":1058},[6602],{"type":418,"value":2875},{"type":413,"tag":623,"props":6604,"children":6605},{"style":671},[6606],{"type":418,"value":1084},{"type":413,"tag":623,"props":6608,"children":6609},{"class":625,"line":1207},[6610,6615,6619,6623,6627,6631,6635,6639,6643,6647,6652],{"type":413,"tag":623,"props":6611,"children":6612},{"style":5513},[6613],{"type":418,"value":6614},"  scope",{"type":413,"tag":623,"props":6616,"children":6617},{"style":671},[6618],{"type":418,"value":3493},{"type":413,"tag":623,"props":6620,"children":6621},{"style":1058},[6622],{"type":418,"value":6229},{"type":413,"tag":623,"props":6624,"children":6625},{"style":671},[6626],{"type":418,"value":1404},{"type":413,"tag":623,"props":6628,"children":6629},{"style":1407},[6630],{"type":418,"value":6238},{"type":413,"tag":623,"props":6632,"children":6633},{"style":671},[6634],{"type":418,"value":6243},{"type":413,"tag":623,"props":6636,"children":6637},{"style":635},[6638],{"type":418,"value":2451},{"type":413,"tag":623,"props":6640,"children":6641},{"style":671},[6642],{"type":418,"value":6253},{"type":413,"tag":623,"props":6644,"children":6645},{"style":1058},[6646],{"type":418,"value":3033},{"type":413,"tag":623,"props":6648,"children":6649},{"style":671},[6650],{"type":418,"value":6651},"}`",{"type":413,"tag":623,"props":6653,"children":6654},{"style":671},[6655],{"type":418,"value":1084},{"type":413,"tag":623,"props":6657,"children":6658},{"class":625,"line":1251},[6659,6663,6667],{"type":413,"tag":623,"props":6660,"children":6661},{"style":671},[6662],{"type":418,"value":3327},{"type":413,"tag":623,"props":6664,"children":6665},{"style":1058},[6666],{"type":418,"value":5595},{"type":413,"tag":623,"props":6668,"children":6669},{"style":671},[6670],{"type":418,"value":2524},{"type":413,"tag":414,"props":6672,"children":6673},{},[6674,6676,6681],{"type":418,"value":6675},"I intentionally did not declare the variable ",{"type":413,"tag":619,"props":6677,"children":6679},{"className":6678},[],[6680],{"type":418,"value":3033},{"type":418,"value":6682}," in the code above. It's because it's up to you to choose how you will provide it. You may want to set it in the configuration and retrieve it from it :",{"type":413,"tag":612,"props":6684,"children":6686},{"className":5390,"code":6685,"language":357,"meta":401,"style":401},"const config = new pulumi.Config();\nconst subscriptionId = config.get(\"subscriptionId\");\n",[6687],{"type":413,"tag":619,"props":6688,"children":6689},{"__ignoreMap":401},[6690,6732],{"type":413,"tag":623,"props":6691,"children":6692},{"class":625,"line":626},[6693,6697,6702,6706,6710,6714,6718,6723,6728],{"type":413,"tag":623,"props":6694,"children":6695},{"style":2854},[6696],{"type":418,"value":5454},{"type":413,"tag":623,"props":6698,"children":6699},{"style":1058},[6700],{"type":418,"value":6701}," config ",{"type":413,"tag":623,"props":6703,"children":6704},{"style":671},[6705],{"type":418,"value":1066},{"type":413,"tag":623,"props":6707,"children":6708},{"style":671},[6709],{"type":418,"value":638},{"type":413,"tag":623,"props":6711,"children":6712},{"style":1058},[6713],{"type":418,"value":6229},{"type":413,"tag":623,"props":6715,"children":6716},{"style":671},[6717],{"type":418,"value":1404},{"type":413,"tag":623,"props":6719,"children":6720},{"style":1407},[6721],{"type":418,"value":6722},"Config",{"type":413,"tag":623,"props":6724,"children":6725},{"style":1058},[6726],{"type":418,"value":6727},"()",{"type":413,"tag":623,"props":6729,"children":6730},{"style":671},[6731],{"type":418,"value":2524},{"type":413,"tag":623,"props":6733,"children":6734},{"class":625,"line":1045},[6735,6739,6744,6748,6752,6756,6761,6765,6769,6773,6777,6781],{"type":413,"tag":623,"props":6736,"children":6737},{"style":2854},[6738],{"type":418,"value":5454},{"type":413,"tag":623,"props":6740,"children":6741},{"style":1058},[6742],{"type":418,"value":6743}," subscriptionId ",{"type":413,"tag":623,"props":6745,"children":6746},{"style":671},[6747],{"type":418,"value":1066},{"type":413,"tag":623,"props":6749,"children":6750},{"style":1058},[6751],{"type":418,"value":879},{"type":413,"tag":623,"props":6753,"children":6754},{"style":671},[6755],{"type":418,"value":1404},{"type":413,"tag":623,"props":6757,"children":6758},{"style":1407},[6759],{"type":418,"value":6760},"get",{"type":413,"tag":623,"props":6762,"children":6763},{"style":1058},[6764],{"type":418,"value":1018},{"type":413,"tag":623,"props":6766,"children":6767},{"style":671},[6768],{"type":418,"value":1023},{"type":413,"tag":623,"props":6770,"children":6771},{"style":635},[6772],{"type":418,"value":3033},{"type":413,"tag":623,"props":6774,"children":6775},{"style":671},[6776],{"type":418,"value":1023},{"type":413,"tag":623,"props":6778,"children":6779},{"style":1058},[6780],{"type":418,"value":5595},{"type":413,"tag":623,"props":6782,"children":6783},{"style":671},[6784],{"type":418,"value":2524},{"type":413,"tag":414,"props":6786,"children":6787},{},[6788],{"type":418,"value":6789},"Or your might want to retrieve it from the current configuration of the Azure native provider :",{"type":413,"tag":612,"props":6791,"children":6793},{"className":5390,"code":6792,"language":357,"meta":401,"style":401},"const azureConfig = pulumi.output(authorization.getClientConfig());\nconst subscriptionId = azureConfig.subscriptionId;\n",[6794],{"type":413,"tag":619,"props":6795,"children":6796},{"__ignoreMap":401},[6797,6848],{"type":413,"tag":623,"props":6798,"children":6799},{"class":625,"line":626},[6800,6804,6809,6813,6817,6821,6825,6830,6834,6839,6844],{"type":413,"tag":623,"props":6801,"children":6802},{"style":2854},[6803],{"type":418,"value":5454},{"type":413,"tag":623,"props":6805,"children":6806},{"style":1058},[6807],{"type":418,"value":6808}," azureConfig ",{"type":413,"tag":623,"props":6810,"children":6811},{"style":671},[6812],{"type":418,"value":1066},{"type":413,"tag":623,"props":6814,"children":6815},{"style":1058},[6816],{"type":418,"value":6229},{"type":413,"tag":623,"props":6818,"children":6819},{"style":671},[6820],{"type":418,"value":1404},{"type":413,"tag":623,"props":6822,"children":6823},{"style":1407},[6824],{"type":418,"value":5679},{"type":413,"tag":623,"props":6826,"children":6827},{"style":1058},[6828],{"type":418,"value":6829},"(authorization",{"type":413,"tag":623,"props":6831,"children":6832},{"style":671},[6833],{"type":418,"value":1404},{"type":413,"tag":623,"props":6835,"children":6836},{"style":1407},[6837],{"type":418,"value":6838},"getClientConfig",{"type":413,"tag":623,"props":6840,"children":6841},{"style":1058},[6842],{"type":418,"value":6843},"())",{"type":413,"tag":623,"props":6845,"children":6846},{"style":671},[6847],{"type":418,"value":2524},{"type":413,"tag":623,"props":6849,"children":6850},{"class":625,"line":1045},[6851,6855,6859,6863,6867,6871,6875],{"type":413,"tag":623,"props":6852,"children":6853},{"style":2854},[6854],{"type":418,"value":5454},{"type":413,"tag":623,"props":6856,"children":6857},{"style":1058},[6858],{"type":418,"value":6743},{"type":413,"tag":623,"props":6860,"children":6861},{"style":671},[6862],{"type":418,"value":1066},{"type":413,"tag":623,"props":6864,"children":6865},{"style":1058},[6866],{"type":418,"value":2137},{"type":413,"tag":623,"props":6868,"children":6869},{"style":671},[6870],{"type":418,"value":1404},{"type":413,"tag":623,"props":6872,"children":6873},{"style":1058},[6874],{"type":418,"value":3033},{"type":413,"tag":623,"props":6876,"children":6877},{"style":671},[6878],{"type":418,"value":2524},{"type":413,"tag":414,"props":6880,"children":6881},{},[6882,6884,6890,6892,6898],{"type":418,"value":6883},"Concerning, the contributor role definition identifier, I could have dynamically retrieved it using Azure APIs (like ",{"type":413,"tag":432,"props":6885,"children":6888},{"href":6886,"rel":6887},"https://github.com/pulumi/examples/blob/master/azure-ts-call-azure-sdk/index.ts",[436],[6889],{"type":418,"value":542},{"type":418,"value":6891},"). But honestly, as these identifiers don't change it's much easier to hardcode it in a dedicated ",{"type":413,"tag":619,"props":6893,"children":6895},{"className":6894},[],[6896],{"type":418,"value":6897},"builtInRoles.ts",{"type":418,"value":6899}," file.",{"type":413,"tag":612,"props":6901,"children":6903},{"className":5390,"code":6902,"language":357,"meta":401,"style":401},"export const azureBuiltInRoles = {\n  contributor : \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n};\n",[6904],{"type":413,"tag":619,"props":6905,"children":6906},{"__ignoreMap":401},[6907,6931,6956],{"type":413,"tag":623,"props":6908,"children":6909},{"class":625,"line":626},[6910,6914,6918,6923,6927],{"type":413,"tag":623,"props":6911,"children":6912},{"style":2485},[6913],{"type":418,"value":5614},{"type":413,"tag":623,"props":6915,"children":6916},{"style":2854},[6917],{"type":418,"value":5619},{"type":413,"tag":623,"props":6919,"children":6920},{"style":1058},[6921],{"type":418,"value":6922}," azureBuiltInRoles ",{"type":413,"tag":623,"props":6924,"children":6925},{"style":671},[6926],{"type":418,"value":1066},{"type":413,"tag":623,"props":6928,"children":6929},{"style":671},[6930],{"type":418,"value":5507},{"type":413,"tag":623,"props":6932,"children":6933},{"class":625,"line":1045},[6934,6939,6943,6947,6952],{"type":413,"tag":623,"props":6935,"children":6936},{"style":5513},[6937],{"type":418,"value":6938},"  contributor ",{"type":413,"tag":623,"props":6940,"children":6941},{"style":671},[6942],{"type":418,"value":3493},{"type":413,"tag":623,"props":6944,"children":6945},{"style":671},[6946],{"type":418,"value":674},{"type":413,"tag":623,"props":6948,"children":6949},{"style":635},[6950],{"type":418,"value":6951},"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",{"type":413,"tag":623,"props":6953,"children":6954},{"style":671},[6955],{"type":418,"value":684},{"type":413,"tag":623,"props":6957,"children":6958},{"class":625,"line":1054},[6959],{"type":413,"tag":623,"props":6960,"children":6961},{"style":671},[6962],{"type":418,"value":4562},{"type":413,"tag":496,"props":6964,"children":6965},{"icon":4578},[6966],{"type":413,"tag":414,"props":6967,"children":6968},{},[6969],{"type":418,"value":6970},"Please note that you don't have to work on the subscription scope. If you prefer to assign the contributor role (or any other role) to an existing resource group rather than the entire subscription, you can certainly do that as well.",{"type":413,"tag":600,"props":6972,"children":6974},{"id":6973},"add-the-configuration-for-the-github-actions-workflow",[6975],{"type":418,"value":6976},"Add the configuration for the GitHub Actions workflow",{"type":413,"tag":414,"props":6978,"children":6979},{},[6980],{"type":418,"value":6981},"The next step is to correctly set the configuration for the GitHub Actions of our Azure-Ready GitHub repository.",{"type":413,"tag":414,"props":6983,"children":6984},{},[6985],{"type":418,"value":6986},"The workflow requires three pieces of information for the OIDC authentication to function properly:",{"type":413,"tag":6988,"props":6989,"children":6990},"ol",{},[6991,6996,7001],{"type":413,"tag":447,"props":6992,"children":6993},{},[6994],{"type":418,"value":6995},"The identifier of the Azure tenant",{"type":413,"tag":447,"props":6997,"children":6998},{},[6999],{"type":418,"value":7000},"The identifier of the Azure subscription",{"type":413,"tag":447,"props":7002,"children":7003},{},[7004],{"type":418,"value":7005},"The application identifier (also known as client ID) of the previously created Azure AD application",{"type":413,"tag":414,"props":7007,"children":7008},{},[7009],{"type":418,"value":7010},"These identifiers are not secrets, they are just identifiers so we could directly set them as GitHub Actions variables like this:",{"type":413,"tag":612,"props":7012,"children":7014},{"className":5390,"code":7013,"language":357,"meta":401,"style":401},"new github.ActionsVariable(\"tenantId\", {\n  repository: repository.name,\n  variableName: \"ARM_TENANT_ID\",\n  value: azureConfig.tenantId,\n});\n",[7015],{"type":413,"tag":619,"props":7016,"children":7017},{"__ignoreMap":401},[7018,7062,7090,7119,7147],{"type":413,"tag":623,"props":7019,"children":7020},{"class":625,"line":626},[7021,7025,7029,7033,7038,7042,7046,7050,7054,7058],{"type":413,"tag":623,"props":7022,"children":7023},{"style":671},[7024],{"type":418,"value":2857},{"type":413,"tag":623,"props":7026,"children":7027},{"style":1058},[7028],{"type":418,"value":5472},{"type":413,"tag":623,"props":7030,"children":7031},{"style":671},[7032],{"type":418,"value":1404},{"type":413,"tag":623,"props":7034,"children":7035},{"style":1407},[7036],{"type":418,"value":7037},"ActionsVariable",{"type":413,"tag":623,"props":7039,"children":7040},{"style":1058},[7041],{"type":418,"value":1018},{"type":413,"tag":623,"props":7043,"children":7044},{"style":671},[7045],{"type":418,"value":1023},{"type":413,"tag":623,"props":7047,"children":7048},{"style":635},[7049],{"type":418,"value":2215},{"type":413,"tag":623,"props":7051,"children":7052},{"style":671},[7053],{"type":418,"value":1023},{"type":413,"tag":623,"props":7055,"children":7056},{"style":671},[7057],{"type":418,"value":1037},{"type":413,"tag":623,"props":7059,"children":7060},{"style":671},[7061],{"type":418,"value":5507},{"type":413,"tag":623,"props":7063,"children":7064},{"class":625,"line":1045},[7065,7070,7074,7078,7082,7086],{"type":413,"tag":623,"props":7066,"children":7067},{"style":5513},[7068],{"type":418,"value":7069},"  repository",{"type":413,"tag":623,"props":7071,"children":7072},{"style":671},[7073],{"type":418,"value":3493},{"type":413,"tag":623,"props":7075,"children":7076},{"style":1058},[7077],{"type":418,"value":1390},{"type":413,"tag":623,"props":7079,"children":7080},{"style":671},[7081],{"type":418,"value":1404},{"type":413,"tag":623,"props":7083,"children":7084},{"style":1058},[7085],{"type":418,"value":5665},{"type":413,"tag":623,"props":7087,"children":7088},{"style":671},[7089],{"type":418,"value":1084},{"type":413,"tag":623,"props":7091,"children":7092},{"class":625,"line":1054},[7093,7098,7102,7106,7111,7115],{"type":413,"tag":623,"props":7094,"children":7095},{"style":5513},[7096],{"type":418,"value":7097},"  variableName",{"type":413,"tag":623,"props":7099,"children":7100},{"style":671},[7101],{"type":418,"value":3493},{"type":413,"tag":623,"props":7103,"children":7104},{"style":671},[7105],{"type":418,"value":674},{"type":413,"tag":623,"props":7107,"children":7108},{"style":635},[7109],{"type":418,"value":7110},"ARM_TENANT_ID",{"type":413,"tag":623,"props":7112,"children":7113},{"style":671},[7114],{"type":418,"value":1023},{"type":413,"tag":623,"props":7116,"children":7117},{"style":671},[7118],{"type":418,"value":1084},{"type":413,"tag":623,"props":7120,"children":7121},{"class":625,"line":1087},[7122,7127,7131,7135,7139,7143],{"type":413,"tag":623,"props":7123,"children":7124},{"style":5513},[7125],{"type":418,"value":7126},"  value",{"type":413,"tag":623,"props":7128,"children":7129},{"style":671},[7130],{"type":418,"value":3493},{"type":413,"tag":623,"props":7132,"children":7133},{"style":1058},[7134],{"type":418,"value":2137},{"type":413,"tag":623,"props":7136,"children":7137},{"style":671},[7138],{"type":418,"value":1404},{"type":413,"tag":623,"props":7140,"children":7141},{"style":1058},[7142],{"type":418,"value":2215},{"type":413,"tag":623,"props":7144,"children":7145},{"style":671},[7146],{"type":418,"value":1084},{"type":413,"tag":623,"props":7148,"children":7149},{"class":625,"line":1104},[7150,7154,7158],{"type":413,"tag":623,"props":7151,"children":7152},{"style":671},[7153],{"type":418,"value":3327},{"type":413,"tag":623,"props":7155,"children":7156},{"style":1058},[7157],{"type":418,"value":5595},{"type":413,"tag":623,"props":7159,"children":7160},{"style":671},[7161],{"type":418,"value":2524},{"type":413,"tag":414,"props":7163,"children":7164},{},[7165],{"type":418,"value":7166},"However, I like to keep my tenant id and my subscription id private so we will store them in GitHub secrets but that's not mandatory at all.",{"type":413,"tag":612,"props":7168,"children":7170},{"className":5390,"code":7169,"language":357,"meta":401,"style":401},"const azureConfig = pulumi.output(authorization.getClientConfig());\n\nnew github.ActionsSecret(\"tenantId\", {\n  repository: repository.name,\n  secretName: \"ARM_TENANT_ID\",\n  plaintextValue: azureConfig.tenantId,\n});\n\nnew github.ActionsSecret(\"subscriptionId\", {\n  repository: repository.name,\n  secretName: \"ARM_SUBSCRIPTION_ID\",\n  plaintextValue: azureConfig.subscriptionId,\n});\n\nnew github.ActionsSecret(\"clientId\", {\n  repository: repository.name,\n  secretName: \"ARM_CLIENT_ID\",\n  plaintextValue: aadApplication.applicationId,\n});\n",[7171],{"type":413,"tag":619,"props":7172,"children":7173},{"__ignoreMap":401},[7174,7221,7228,7272,7299,7327,7355,7370,7377,7420,7447,7475,7502,7517,7524,7568,7595,7623,7650],{"type":413,"tag":623,"props":7175,"children":7176},{"class":625,"line":626},[7177,7181,7185,7189,7193,7197,7201,7205,7209,7213,7217],{"type":413,"tag":623,"props":7178,"children":7179},{"style":2854},[7180],{"type":418,"value":5454},{"type":413,"tag":623,"props":7182,"children":7183},{"style":1058},[7184],{"type":418,"value":6808},{"type":413,"tag":623,"props":7186,"children":7187},{"style":671},[7188],{"type":418,"value":1066},{"type":413,"tag":623,"props":7190,"children":7191},{"style":1058},[7192],{"type":418,"value":6229},{"type":413,"tag":623,"props":7194,"children":7195},{"style":671},[7196],{"type":418,"value":1404},{"type":413,"tag":623,"props":7198,"children":7199},{"style":1407},[7200],{"type":418,"value":5679},{"type":413,"tag":623,"props":7202,"children":7203},{"style":1058},[7204],{"type":418,"value":6829},{"type":413,"tag":623,"props":7206,"children":7207},{"style":671},[7208],{"type":418,"value":1404},{"type":413,"tag":623,"props":7210,"children":7211},{"style":1407},[7212],{"type":418,"value":6838},{"type":413,"tag":623,"props":7214,"children":7215},{"style":1058},[7216],{"type":418,"value":6843},{"type":413,"tag":623,"props":7218,"children":7219},{"style":671},[7220],{"type":418,"value":2524},{"type":413,"tag":623,"props":7222,"children":7223},{"class":625,"line":1045},[7224],{"type":413,"tag":623,"props":7225,"children":7226},{"emptyLinePlaceholder":2790},[7227],{"type":418,"value":2793},{"type":413,"tag":623,"props":7229,"children":7230},{"class":625,"line":1054},[7231,7235,7239,7243,7248,7252,7256,7260,7264,7268],{"type":413,"tag":623,"props":7232,"children":7233},{"style":671},[7234],{"type":418,"value":2857},{"type":413,"tag":623,"props":7236,"children":7237},{"style":1058},[7238],{"type":418,"value":5472},{"type":413,"tag":623,"props":7240,"children":7241},{"style":671},[7242],{"type":418,"value":1404},{"type":413,"tag":623,"props":7244,"children":7245},{"style":1407},[7246],{"type":418,"value":7247},"ActionsSecret",{"type":413,"tag":623,"props":7249,"children":7250},{"style":1058},[7251],{"type":418,"value":1018},{"type":413,"tag":623,"props":7253,"children":7254},{"style":671},[7255],{"type":418,"value":1023},{"type":413,"tag":623,"props":7257,"children":7258},{"style":635},[7259],{"type":418,"value":2215},{"type":413,"tag":623,"props":7261,"children":7262},{"style":671},[7263],{"type":418,"value":1023},{"type":413,"tag":623,"props":7265,"children":7266},{"style":671},[7267],{"type":418,"value":1037},{"type":413,"tag":623,"props":7269,"children":7270},{"style":671},[7271],{"type":418,"value":5507},{"type":413,"tag":623,"props":7273,"children":7274},{"class":625,"line":1087},[7275,7279,7283,7287,7291,7295],{"type":413,"tag":623,"props":7276,"children":7277},{"style":5513},[7278],{"type":418,"value":7069},{"type":413,"tag":623,"props":7280,"children":7281},{"style":671},[7282],{"type":418,"value":3493},{"type":413,"tag":623,"props":7284,"children":7285},{"style":1058},[7286],{"type":418,"value":1390},{"type":413,"tag":623,"props":7288,"children":7289},{"style":671},[7290],{"type":418,"value":1404},{"type":413,"tag":623,"props":7292,"children":7293},{"style":1058},[7294],{"type":418,"value":5665},{"type":413,"tag":623,"props":7296,"children":7297},{"style":671},[7298],{"type":418,"value":1084},{"type":413,"tag":623,"props":7300,"children":7301},{"class":625,"line":1104},[7302,7307,7311,7315,7319,7323],{"type":413,"tag":623,"props":7303,"children":7304},{"style":5513},[7305],{"type":418,"value":7306},"  secretName",{"type":413,"tag":623,"props":7308,"children":7309},{"style":671},[7310],{"type":418,"value":3493},{"type":413,"tag":623,"props":7312,"children":7313},{"style":671},[7314],{"type":418,"value":674},{"type":413,"tag":623,"props":7316,"children":7317},{"style":635},[7318],{"type":418,"value":7110},{"type":413,"tag":623,"props":7320,"children":7321},{"style":671},[7322],{"type":418,"value":1023},{"type":413,"tag":623,"props":7324,"children":7325},{"style":671},[7326],{"type":418,"value":1084},{"type":413,"tag":623,"props":7328,"children":7329},{"class":625,"line":1113},[7330,7335,7339,7343,7347,7351],{"type":413,"tag":623,"props":7331,"children":7332},{"style":5513},[7333],{"type":418,"value":7334},"  plaintextValue",{"type":413,"tag":623,"props":7336,"children":7337},{"style":671},[7338],{"type":418,"value":3493},{"type":413,"tag":623,"props":7340,"children":7341},{"style":1058},[7342],{"type":418,"value":2137},{"type":413,"tag":623,"props":7344,"children":7345},{"style":671},[7346],{"type":418,"value":1404},{"type":413,"tag":623,"props":7348,"children":7349},{"style":1058},[7350],{"type":418,"value":2215},{"type":413,"tag":623,"props":7352,"children":7353},{"style":671},[7354],{"type":418,"value":1084},{"type":413,"tag":623,"props":7356,"children":7357},{"class":625,"line":1161},[7358,7362,7366],{"type":413,"tag":623,"props":7359,"children":7360},{"style":671},[7361],{"type":418,"value":3327},{"type":413,"tag":623,"props":7363,"children":7364},{"style":1058},[7365],{"type":418,"value":5595},{"type":413,"tag":623,"props":7367,"children":7368},{"style":671},[7369],{"type":418,"value":2524},{"type":413,"tag":623,"props":7371,"children":7372},{"class":625,"line":1207},[7373],{"type":413,"tag":623,"props":7374,"children":7375},{"emptyLinePlaceholder":2790},[7376],{"type":418,"value":2793},{"type":413,"tag":623,"props":7378,"children":7379},{"class":625,"line":1251},[7380,7384,7388,7392,7396,7400,7404,7408,7412,7416],{"type":413,"tag":623,"props":7381,"children":7382},{"style":671},[7383],{"type":418,"value":2857},{"type":413,"tag":623,"props":7385,"children":7386},{"style":1058},[7387],{"type":418,"value":5472},{"type":413,"tag":623,"props":7389,"children":7390},{"style":671},[7391],{"type":418,"value":1404},{"type":413,"tag":623,"props":7393,"children":7394},{"style":1407},[7395],{"type":418,"value":7247},{"type":413,"tag":623,"props":7397,"children":7398},{"style":1058},[7399],{"type":418,"value":1018},{"type":413,"tag":623,"props":7401,"children":7402},{"style":671},[7403],{"type":418,"value":1023},{"type":413,"tag":623,"props":7405,"children":7406},{"style":635},[7407],{"type":418,"value":3033},{"type":413,"tag":623,"props":7409,"children":7410},{"style":671},[7411],{"type":418,"value":1023},{"type":413,"tag":623,"props":7413,"children":7414},{"style":671},[7415],{"type":418,"value":1037},{"type":413,"tag":623,"props":7417,"children":7418},{"style":671},[7419],{"type":418,"value":5507},{"type":413,"tag":623,"props":7421,"children":7422},{"class":625,"line":1296},[7423,7427,7431,7435,7439,7443],{"type":413,"tag":623,"props":7424,"children":7425},{"style":5513},[7426],{"type":418,"value":7069},{"type":413,"tag":623,"props":7428,"children":7429},{"style":671},[7430],{"type":418,"value":3493},{"type":413,"tag":623,"props":7432,"children":7433},{"style":1058},[7434],{"type":418,"value":1390},{"type":413,"tag":623,"props":7436,"children":7437},{"style":671},[7438],{"type":418,"value":1404},{"type":413,"tag":623,"props":7440,"children":7441},{"style":1058},[7442],{"type":418,"value":5665},{"type":413,"tag":623,"props":7444,"children":7445},{"style":671},[7446],{"type":418,"value":1084},{"type":413,"tag":623,"props":7448,"children":7449},{"class":625,"line":1337},[7450,7454,7458,7462,7467,7471],{"type":413,"tag":623,"props":7451,"children":7452},{"style":5513},[7453],{"type":418,"value":7306},{"type":413,"tag":623,"props":7455,"children":7456},{"style":671},[7457],{"type":418,"value":3493},{"type":413,"tag":623,"props":7459,"children":7460},{"style":671},[7461],{"type":418,"value":674},{"type":413,"tag":623,"props":7463,"children":7464},{"style":635},[7465],{"type":418,"value":7466},"ARM_SUBSCRIPTION_ID",{"type":413,"tag":623,"props":7468,"children":7469},{"style":671},[7470],{"type":418,"value":1023},{"type":413,"tag":623,"props":7472,"children":7473},{"style":671},[7474],{"type":418,"value":1084},{"type":413,"tag":623,"props":7476,"children":7477},{"class":625,"line":1346},[7478,7482,7486,7490,7494,7498],{"type":413,"tag":623,"props":7479,"children":7480},{"style":5513},[7481],{"type":418,"value":7334},{"type":413,"tag":623,"props":7483,"children":7484},{"style":671},[7485],{"type":418,"value":3493},{"type":413,"tag":623,"props":7487,"children":7488},{"style":1058},[7489],{"type":418,"value":2137},{"type":413,"tag":623,"props":7491,"children":7492},{"style":671},[7493],{"type":418,"value":1404},{"type":413,"tag":623,"props":7495,"children":7496},{"style":1058},[7497],{"type":418,"value":3033},{"type":413,"tag":623,"props":7499,"children":7500},{"style":671},[7501],{"type":418,"value":1084},{"type":413,"tag":623,"props":7503,"children":7504},{"class":625,"line":2100},[7505,7509,7513],{"type":413,"tag":623,"props":7506,"children":7507},{"style":671},[7508],{"type":418,"value":3327},{"type":413,"tag":623,"props":7510,"children":7511},{"style":1058},[7512],{"type":418,"value":5595},{"type":413,"tag":623,"props":7514,"children":7515},{"style":671},[7516],{"type":418,"value":2524},{"type":413,"tag":623,"props":7518,"children":7519},{"class":625,"line":2897},[7520],{"type":413,"tag":623,"props":7521,"children":7522},{"emptyLinePlaceholder":2790},[7523],{"type":418,"value":2793},{"type":413,"tag":623,"props":7525,"children":7526},{"class":625,"line":2926},[7527,7531,7535,7539,7543,7547,7551,7556,7560,7564],{"type":413,"tag":623,"props":7528,"children":7529},{"style":671},[7530],{"type":418,"value":2857},{"type":413,"tag":623,"props":7532,"children":7533},{"style":1058},[7534],{"type":418,"value":5472},{"type":413,"tag":623,"props":7536,"children":7537},{"style":671},[7538],{"type":418,"value":1404},{"type":413,"tag":623,"props":7540,"children":7541},{"style":1407},[7542],{"type":418,"value":7247},{"type":413,"tag":623,"props":7544,"children":7545},{"style":1058},[7546],{"type":418,"value":1018},{"type":413,"tag":623,"props":7548,"children":7549},{"style":671},[7550],{"type":418,"value":1023},{"type":413,"tag":623,"props":7552,"children":7553},{"style":635},[7554],{"type":418,"value":7555},"clientId",{"type":413,"tag":623,"props":7557,"children":7558},{"style":671},[7559],{"type":418,"value":1023},{"type":413,"tag":623,"props":7561,"children":7562},{"style":671},[7563],{"type":418,"value":1037},{"type":413,"tag":623,"props":7565,"children":7566},{"style":671},[7567],{"type":418,"value":5507},{"type":413,"tag":623,"props":7569,"children":7570},{"class":625,"line":2957},[7571,7575,7579,7583,7587,7591],{"type":413,"tag":623,"props":7572,"children":7573},{"style":5513},[7574],{"type":418,"value":7069},{"type":413,"tag":623,"props":7576,"children":7577},{"style":671},[7578],{"type":418,"value":3493},{"type":413,"tag":623,"props":7580,"children":7581},{"style":1058},[7582],{"type":418,"value":1390},{"type":413,"tag":623,"props":7584,"children":7585},{"style":671},[7586],{"type":418,"value":1404},{"type":413,"tag":623,"props":7588,"children":7589},{"style":1058},[7590],{"type":418,"value":5665},{"type":413,"tag":623,"props":7592,"children":7593},{"style":671},[7594],{"type":418,"value":1084},{"type":413,"tag":623,"props":7596,"children":7597},{"class":625,"line":2988},[7598,7602,7606,7610,7615,7619],{"type":413,"tag":623,"props":7599,"children":7600},{"style":5513},[7601],{"type":418,"value":7306},{"type":413,"tag":623,"props":7603,"children":7604},{"style":671},[7605],{"type":418,"value":3493},{"type":413,"tag":623,"props":7607,"children":7608},{"style":671},[7609],{"type":418,"value":674},{"type":413,"tag":623,"props":7611,"children":7612},{"style":635},[7613],{"type":418,"value":7614},"ARM_CLIENT_ID",{"type":413,"tag":623,"props":7616,"children":7617},{"style":671},[7618],{"type":418,"value":1023},{"type":413,"tag":623,"props":7620,"children":7621},{"style":671},[7622],{"type":418,"value":1084},{"type":413,"tag":623,"props":7624,"children":7625},{"class":625,"line":3045},[7626,7630,7634,7638,7642,7646],{"type":413,"tag":623,"props":7627,"children":7628},{"style":5513},[7629],{"type":418,"value":7334},{"type":413,"tag":623,"props":7631,"children":7632},{"style":671},[7633],{"type":418,"value":3493},{"type":413,"tag":623,"props":7635,"children":7636},{"style":1058},[7637],{"type":418,"value":2615},{"type":413,"tag":623,"props":7639,"children":7640},{"style":671},[7641],{"type":418,"value":1404},{"type":413,"tag":623,"props":7643,"children":7644},{"style":1058},[7645],{"type":418,"value":5969},{"type":413,"tag":623,"props":7647,"children":7648},{"style":671},[7649],{"type":418,"value":1084},{"type":413,"tag":623,"props":7651,"children":7653},{"class":625,"line":7652},19,[7654,7658,7662],{"type":413,"tag":623,"props":7655,"children":7656},{"style":671},[7657],{"type":418,"value":3327},{"type":413,"tag":623,"props":7659,"children":7660},{"style":1058},[7661],{"type":418,"value":5595},{"type":413,"tag":623,"props":7663,"children":7664},{"style":671},[7665],{"type":418,"value":2524},{"type":413,"tag":496,"props":7667,"children":7668},{"icon":498},[7669],{"type":413,"tag":414,"props":7670,"children":7671},{},[7672,7674,7681],{"type":418,"value":7673},"Please note that could also use ",{"type":413,"tag":432,"props":7675,"children":7678},{"href":7676,"rel":7677},"https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment",[436],[7679],{"type":418,"value":7680},"environments for deployment",{"type":418,"value":7682}," and their associated secrets and variables.",{"type":413,"tag":600,"props":7684,"children":7686},{"id":7685},"create-the-github-actions-workflow",[7687],{"type":418,"value":7688},"Create the GitHub Actions workflow",{"type":413,"tag":414,"props":7690,"children":7691},{},[7692],{"type":418,"value":7693},"Everything seems to be properly configured to provision Azure resources from a GitHub Actions workflow in this new repository, except for the workflow itself. The goal here is to have a properly configured pipeline in the repository to get started provisioning Azure infrastructure.",{"type":413,"tag":414,"props":7695,"children":7696},{},[7697],{"type":418,"value":7698},"Here is such a pipeline:",{"type":413,"tag":612,"props":7700,"children":7704},{"className":7701,"code":7702,"language":7703,"meta":401,"style":401},"language-yaml shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","name: infra\n\non:\n  workflow_dispatch:\n\npermissions:\n      id-token: write\n      contents: read\njobs:\n  provision-infra:\n    runs-on: ubuntu-latest\n    steps:\n      - name: 'Az CLI login'\n        uses: azure/login@v1\n        with:\n          client-id: ${{ secrets.AZURE_CLIENT_ID }}\n          tenant-id: ${{ secrets.AZURE_TENANT_ID }}\n          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}\n\n      - name: 'Run az commands'\n        run: |\n          az account show\n          az group list\n","yaml",[7705],{"type":413,"tag":619,"props":7706,"children":7707},{"__ignoreMap":401},[7708,7724,7731,7743,7755,7762,7774,7791,7808,7820,7832,7849,7861,7891,7908,7920,7937,7954,7971,7978,8007,8025,8034],{"type":413,"tag":623,"props":7709,"children":7710},{"class":625,"line":626},[7711,7715,7719],{"type":413,"tag":623,"props":7712,"children":7713},{"style":5513},[7714],{"type":418,"value":5665},{"type":413,"tag":623,"props":7716,"children":7717},{"style":671},[7718],{"type":418,"value":3493},{"type":413,"tag":623,"props":7720,"children":7721},{"style":635},[7722],{"type":418,"value":7723}," infra\n",{"type":413,"tag":623,"props":7725,"children":7726},{"class":625,"line":1045},[7727],{"type":413,"tag":623,"props":7728,"children":7729},{"emptyLinePlaceholder":2790},[7730],{"type":418,"value":2793},{"type":413,"tag":623,"props":7732,"children":7733},{"class":625,"line":1054},[7734,7739],{"type":413,"tag":623,"props":7735,"children":7736},{"style":5580},[7737],{"type":418,"value":7738},"on",{"type":413,"tag":623,"props":7740,"children":7741},{"style":671},[7742],{"type":418,"value":3448},{"type":413,"tag":623,"props":7744,"children":7745},{"class":625,"line":1087},[7746,7751],{"type":413,"tag":623,"props":7747,"children":7748},{"style":5513},[7749],{"type":418,"value":7750},"  workflow_dispatch",{"type":413,"tag":623,"props":7752,"children":7753},{"style":671},[7754],{"type":418,"value":3448},{"type":413,"tag":623,"props":7756,"children":7757},{"class":625,"line":1104},[7758],{"type":413,"tag":623,"props":7759,"children":7760},{"emptyLinePlaceholder":2790},[7761],{"type":418,"value":2793},{"type":413,"tag":623,"props":7763,"children":7764},{"class":625,"line":1113},[7765,7770],{"type":413,"tag":623,"props":7766,"children":7767},{"style":5513},[7768],{"type":418,"value":7769},"permissions",{"type":413,"tag":623,"props":7771,"children":7772},{"style":671},[7773],{"type":418,"value":3448},{"type":413,"tag":623,"props":7775,"children":7776},{"class":625,"line":1161},[7777,7782,7786],{"type":413,"tag":623,"props":7778,"children":7779},{"style":5513},[7780],{"type":418,"value":7781},"      id-token",{"type":413,"tag":623,"props":7783,"children":7784},{"style":671},[7785],{"type":418,"value":3493},{"type":413,"tag":623,"props":7787,"children":7788},{"style":635},[7789],{"type":418,"value":7790}," write\n",{"type":413,"tag":623,"props":7792,"children":7793},{"class":625,"line":1207},[7794,7799,7803],{"type":413,"tag":623,"props":7795,"children":7796},{"style":5513},[7797],{"type":418,"value":7798},"      contents",{"type":413,"tag":623,"props":7800,"children":7801},{"style":671},[7802],{"type":418,"value":3493},{"type":413,"tag":623,"props":7804,"children":7805},{"style":635},[7806],{"type":418,"value":7807}," read\n",{"type":413,"tag":623,"props":7809,"children":7810},{"class":625,"line":1251},[7811,7816],{"type":413,"tag":623,"props":7812,"children":7813},{"style":5513},[7814],{"type":418,"value":7815},"jobs",{"type":413,"tag":623,"props":7817,"children":7818},{"style":671},[7819],{"type":418,"value":3448},{"type":413,"tag":623,"props":7821,"children":7822},{"class":625,"line":1296},[7823,7828],{"type":413,"tag":623,"props":7824,"children":7825},{"style":5513},[7826],{"type":418,"value":7827},"  provision-infra",{"type":413,"tag":623,"props":7829,"children":7830},{"style":671},[7831],{"type":418,"value":3448},{"type":413,"tag":623,"props":7833,"children":7834},{"class":625,"line":1337},[7835,7840,7844],{"type":413,"tag":623,"props":7836,"children":7837},{"style":5513},[7838],{"type":418,"value":7839},"    runs-on",{"type":413,"tag":623,"props":7841,"children":7842},{"style":671},[7843],{"type":418,"value":3493},{"type":413,"tag":623,"props":7845,"children":7846},{"style":635},[7847],{"type":418,"value":7848}," ubuntu-latest\n",{"type":413,"tag":623,"props":7850,"children":7851},{"class":625,"line":1346},[7852,7857],{"type":413,"tag":623,"props":7853,"children":7854},{"style":5513},[7855],{"type":418,"value":7856},"    steps",{"type":413,"tag":623,"props":7858,"children":7859},{"style":671},[7860],{"type":418,"value":3448},{"type":413,"tag":623,"props":7862,"children":7863},{"class":625,"line":2100},[7864,7869,7874,7878,7882,7887],{"type":413,"tag":623,"props":7865,"children":7866},{"style":671},[7867],{"type":418,"value":7868},"      -",{"type":413,"tag":623,"props":7870,"children":7871},{"style":5513},[7872],{"type":418,"value":7873}," name",{"type":413,"tag":623,"props":7875,"children":7876},{"style":671},[7877],{"type":418,"value":3493},{"type":413,"tag":623,"props":7879,"children":7880},{"style":671},[7881],{"type":418,"value":3583},{"type":413,"tag":623,"props":7883,"children":7884},{"style":635},[7885],{"type":418,"value":7886},"Az CLI login",{"type":413,"tag":623,"props":7888,"children":7889},{"style":671},[7890],{"type":418,"value":3592},{"type":413,"tag":623,"props":7892,"children":7893},{"class":625,"line":2897},[7894,7899,7903],{"type":413,"tag":623,"props":7895,"children":7896},{"style":5513},[7897],{"type":418,"value":7898},"        uses",{"type":413,"tag":623,"props":7900,"children":7901},{"style":671},[7902],{"type":418,"value":3493},{"type":413,"tag":623,"props":7904,"children":7905},{"style":635},[7906],{"type":418,"value":7907}," azure/login@v1\n",{"type":413,"tag":623,"props":7909,"children":7910},{"class":625,"line":2926},[7911,7916],{"type":413,"tag":623,"props":7912,"children":7913},{"style":5513},[7914],{"type":418,"value":7915},"        with",{"type":413,"tag":623,"props":7917,"children":7918},{"style":671},[7919],{"type":418,"value":3448},{"type":413,"tag":623,"props":7921,"children":7922},{"class":625,"line":2957},[7923,7928,7932],{"type":413,"tag":623,"props":7924,"children":7925},{"style":5513},[7926],{"type":418,"value":7927},"          client-id",{"type":413,"tag":623,"props":7929,"children":7930},{"style":671},[7931],{"type":418,"value":3493},{"type":413,"tag":623,"props":7933,"children":7934},{"style":635},[7935],{"type":418,"value":7936}," ${{ secrets.AZURE_CLIENT_ID }}\n",{"type":413,"tag":623,"props":7938,"children":7939},{"class":625,"line":2988},[7940,7945,7949],{"type":413,"tag":623,"props":7941,"children":7942},{"style":5513},[7943],{"type":418,"value":7944},"          tenant-id",{"type":413,"tag":623,"props":7946,"children":7947},{"style":671},[7948],{"type":418,"value":3493},{"type":413,"tag":623,"props":7950,"children":7951},{"style":635},[7952],{"type":418,"value":7953}," ${{ secrets.AZURE_TENANT_ID }}\n",{"type":413,"tag":623,"props":7955,"children":7956},{"class":625,"line":3045},[7957,7962,7966],{"type":413,"tag":623,"props":7958,"children":7959},{"style":5513},[7960],{"type":418,"value":7961},"          subscription-id",{"type":413,"tag":623,"props":7963,"children":7964},{"style":671},[7965],{"type":418,"value":3493},{"type":413,"tag":623,"props":7967,"children":7968},{"style":635},[7969],{"type":418,"value":7970}," ${{ secrets.AZURE_SUBSCRIPTION_ID }}\n",{"type":413,"tag":623,"props":7972,"children":7973},{"class":625,"line":7652},[7974],{"type":413,"tag":623,"props":7975,"children":7976},{"emptyLinePlaceholder":2790},[7977],{"type":418,"value":2793},{"type":413,"tag":623,"props":7979,"children":7981},{"class":625,"line":7980},20,[7982,7986,7990,7994,7998,8003],{"type":413,"tag":623,"props":7983,"children":7984},{"style":671},[7985],{"type":418,"value":7868},{"type":413,"tag":623,"props":7987,"children":7988},{"style":5513},[7989],{"type":418,"value":7873},{"type":413,"tag":623,"props":7991,"children":7992},{"style":671},[7993],{"type":418,"value":3493},{"type":413,"tag":623,"props":7995,"children":7996},{"style":671},[7997],{"type":418,"value":3583},{"type":413,"tag":623,"props":7999,"children":8000},{"style":635},[8001],{"type":418,"value":8002},"Run az commands",{"type":413,"tag":623,"props":8004,"children":8005},{"style":671},[8006],{"type":418,"value":3592},{"type":413,"tag":623,"props":8008,"children":8010},{"class":625,"line":8009},21,[8011,8016,8020],{"type":413,"tag":623,"props":8012,"children":8013},{"style":5513},[8014],{"type":418,"value":8015},"        run",{"type":413,"tag":623,"props":8017,"children":8018},{"style":671},[8019],{"type":418,"value":3493},{"type":413,"tag":623,"props":8021,"children":8022},{"style":2485},[8023],{"type":418,"value":8024}," |\n",{"type":413,"tag":623,"props":8026,"children":8028},{"class":625,"line":8027},22,[8029],{"type":413,"tag":623,"props":8030,"children":8031},{"style":635},[8032],{"type":418,"value":8033},"          az account show\n",{"type":413,"tag":623,"props":8035,"children":8037},{"class":625,"line":8036},23,[8038],{"type":413,"tag":623,"props":8039,"children":8040},{"style":635},[8041],{"type":418,"value":8042},"          az group list\n",{"type":413,"tag":414,"props":8044,"children":8045},{},[8046,8048,8054],{"type":418,"value":8047},"This workflow first authenticates to Azure using OIDC with the ",{"type":413,"tag":619,"props":8049,"children":8051},{"className":8050},[],[8052],{"type":418,"value":8053},"azure/login",{"type":418,"value":8055}," action and then performs some Azure CLI commands to interact with Azure resources. That's fine and probably enough to get you started but you surely want to provision your infrastructure using a more declarative solution than an Azure CLI script. So let's see a more interesting pipeline still authenticating via Azure OIDC but using Pulumi to provision the Azure resources.",{"type":413,"tag":612,"props":8057,"children":8059},{"className":7701,"code":8058,"language":7703,"meta":401,"style":401},"name: infra\n\non:\n  workflow_dispatch:\n\npermissions:\n  id-token: write   # required for OIDC auth\n  contents: read    # required to perform a checkout\n\njobs:\n  provision-infra:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v3\n\n      - name: Install pnpm\n        uses: pnpm/action-setup@v2\n        with:\n          version: latest\n\n      - name: Set node version to 18\n        uses: actions/setup-node@v3\n        with:\n          node-version: 18\n          cache: 'pnpm'\n      \n      - name: Install dependencies\n        run: pnpm install\n      \n      - name: Provision infrastructure\n        uses: pulumi/actions@v4.4.0\n        id: pulumi\n        with:\n          command: up\n          stack-name: dev\n        env:\n          ARM_USE_OIDC: true\n          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}\n          ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}\n          ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}\n          ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} \n",[8060],{"type":413,"tag":619,"props":8061,"children":8062},{"__ignoreMap":401},[8063,8078,8085,8096,8107,8114,8125,8148,8170,8177,8188,8199,8214,8225,8246,8253,8273,8289,8300,8317,8324,8344,8360,8371,8389,8414,8423,8444,8461,8469,8490,8507,8525,8537,8555,8573,8586,8603,8621,8639,8657],{"type":413,"tag":623,"props":8064,"children":8065},{"class":625,"line":626},[8066,8070,8074],{"type":413,"tag":623,"props":8067,"children":8068},{"style":5513},[8069],{"type":418,"value":5665},{"type":413,"tag":623,"props":8071,"children":8072},{"style":671},[8073],{"type":418,"value":3493},{"type":413,"tag":623,"props":8075,"children":8076},{"style":635},[8077],{"type":418,"value":7723},{"type":413,"tag":623,"props":8079,"children":8080},{"class":625,"line":1045},[8081],{"type":413,"tag":623,"props":8082,"children":8083},{"emptyLinePlaceholder":2790},[8084],{"type":418,"value":2793},{"type":413,"tag":623,"props":8086,"children":8087},{"class":625,"line":1054},[8088,8092],{"type":413,"tag":623,"props":8089,"children":8090},{"style":5580},[8091],{"type":418,"value":7738},{"type":413,"tag":623,"props":8093,"children":8094},{"style":671},[8095],{"type":418,"value":3448},{"type":413,"tag":623,"props":8097,"children":8098},{"class":625,"line":1087},[8099,8103],{"type":413,"tag":623,"props":8100,"children":8101},{"style":5513},[8102],{"type":418,"value":7750},{"type":413,"tag":623,"props":8104,"children":8105},{"style":671},[8106],{"type":418,"value":3448},{"type":413,"tag":623,"props":8108,"children":8109},{"class":625,"line":1104},[8110],{"type":413,"tag":623,"props":8111,"children":8112},{"emptyLinePlaceholder":2790},[8113],{"type":418,"value":2793},{"type":413,"tag":623,"props":8115,"children":8116},{"class":625,"line":1113},[8117,8121],{"type":413,"tag":623,"props":8118,"children":8119},{"style":5513},[8120],{"type":418,"value":7769},{"type":413,"tag":623,"props":8122,"children":8123},{"style":671},[8124],{"type":418,"value":3448},{"type":413,"tag":623,"props":8126,"children":8127},{"class":625,"line":1161},[8128,8133,8137,8142],{"type":413,"tag":623,"props":8129,"children":8130},{"style":5513},[8131],{"type":418,"value":8132},"  id-token",{"type":413,"tag":623,"props":8134,"children":8135},{"style":671},[8136],{"type":418,"value":3493},{"type":413,"tag":623,"props":8138,"children":8139},{"style":635},[8140],{"type":418,"value":8141}," write",{"type":413,"tag":623,"props":8143,"children":8145},{"style":8144},"--shiki-light:#90A4AE;--shiki-default:#546E7A;--shiki-dark:#676E95;--shiki-light-font-style:italic;--shiki-default-font-style:italic;--shiki-dark-font-style:italic",[8146],{"type":418,"value":8147},"   # required for OIDC auth\n",{"type":413,"tag":623,"props":8149,"children":8150},{"class":625,"line":1207},[8151,8156,8160,8165],{"type":413,"tag":623,"props":8152,"children":8153},{"style":5513},[8154],{"type":418,"value":8155},"  contents",{"type":413,"tag":623,"props":8157,"children":8158},{"style":671},[8159],{"type":418,"value":3493},{"type":413,"tag":623,"props":8161,"children":8162},{"style":635},[8163],{"type":418,"value":8164}," read",{"type":413,"tag":623,"props":8166,"children":8167},{"style":8144},[8168],{"type":418,"value":8169},"    # required to perform a checkout\n",{"type":413,"tag":623,"props":8171,"children":8172},{"class":625,"line":1251},[8173],{"type":413,"tag":623,"props":8174,"children":8175},{"emptyLinePlaceholder":2790},[8176],{"type":418,"value":2793},{"type":413,"tag":623,"props":8178,"children":8179},{"class":625,"line":1296},[8180,8184],{"type":413,"tag":623,"props":8181,"children":8182},{"style":5513},[8183],{"type":418,"value":7815},{"type":413,"tag":623,"props":8185,"children":8186},{"style":671},[8187],{"type":418,"value":3448},{"type":413,"tag":623,"props":8189,"children":8190},{"class":625,"line":1337},[8191,8195],{"type":413,"tag":623,"props":8192,"children":8193},{"style":5513},[8194],{"type":418,"value":7827},{"type":413,"tag":623,"props":8196,"children":8197},{"style":671},[8198],{"type":418,"value":3448},{"type":413,"tag":623,"props":8200,"children":8201},{"class":625,"line":1346},[8202,8206,8210],{"type":413,"tag":623,"props":8203,"children":8204},{"style":5513},[8205],{"type":418,"value":7839},{"type":413,"tag":623,"props":8207,"children":8208},{"style":671},[8209],{"type":418,"value":3493},{"type":413,"tag":623,"props":8211,"children":8212},{"style":635},[8213],{"type":418,"value":7848},{"type":413,"tag":623,"props":8215,"children":8216},{"class":625,"line":2100},[8217,8221],{"type":413,"tag":623,"props":8218,"children":8219},{"style":5513},[8220],{"type":418,"value":7856},{"type":413,"tag":623,"props":8222,"children":8223},{"style":671},[8224],{"type":418,"value":3448},{"type":413,"tag":623,"props":8226,"children":8227},{"class":625,"line":2897},[8228,8232,8237,8241],{"type":413,"tag":623,"props":8229,"children":8230},{"style":671},[8231],{"type":418,"value":7868},{"type":413,"tag":623,"props":8233,"children":8234},{"style":5513},[8235],{"type":418,"value":8236}," uses",{"type":413,"tag":623,"props":8238,"children":8239},{"style":671},[8240],{"type":418,"value":3493},{"type":413,"tag":623,"props":8242,"children":8243},{"style":635},[8244],{"type":418,"value":8245}," actions/checkout@v3\n",{"type":413,"tag":623,"props":8247,"children":8248},{"class":625,"line":2926},[8249],{"type":413,"tag":623,"props":8250,"children":8251},{"emptyLinePlaceholder":2790},[8252],{"type":418,"value":2793},{"type":413,"tag":623,"props":8254,"children":8255},{"class":625,"line":2957},[8256,8260,8264,8268],{"type":413,"tag":623,"props":8257,"children":8258},{"style":671},[8259],{"type":418,"value":7868},{"type":413,"tag":623,"props":8261,"children":8262},{"style":5513},[8263],{"type":418,"value":7873},{"type":413,"tag":623,"props":8265,"children":8266},{"style":671},[8267],{"type":418,"value":3493},{"type":413,"tag":623,"props":8269,"children":8270},{"style":635},[8271],{"type":418,"value":8272}," Install pnpm\n",{"type":413,"tag":623,"props":8274,"children":8275},{"class":625,"line":2988},[8276,8280,8284],{"type":413,"tag":623,"props":8277,"children":8278},{"style":5513},[8279],{"type":418,"value":7898},{"type":413,"tag":623,"props":8281,"children":8282},{"style":671},[8283],{"type":418,"value":3493},{"type":413,"tag":623,"props":8285,"children":8286},{"style":635},[8287],{"type":418,"value":8288}," pnpm/action-setup@v2\n",{"type":413,"tag":623,"props":8290,"children":8291},{"class":625,"line":3045},[8292,8296],{"type":413,"tag":623,"props":8293,"children":8294},{"style":5513},[8295],{"type":418,"value":7915},{"type":413,"tag":623,"props":8297,"children":8298},{"style":671},[8299],{"type":418,"value":3448},{"type":413,"tag":623,"props":8301,"children":8302},{"class":625,"line":7652},[8303,8308,8312],{"type":413,"tag":623,"props":8304,"children":8305},{"style":5513},[8306],{"type":418,"value":8307},"          version",{"type":413,"tag":623,"props":8309,"children":8310},{"style":671},[8311],{"type":418,"value":3493},{"type":413,"tag":623,"props":8313,"children":8314},{"style":635},[8315],{"type":418,"value":8316}," latest\n",{"type":413,"tag":623,"props":8318,"children":8319},{"class":625,"line":7980},[8320],{"type":413,"tag":623,"props":8321,"children":8322},{"emptyLinePlaceholder":2790},[8323],{"type":418,"value":2793},{"type":413,"tag":623,"props":8325,"children":8326},{"class":625,"line":8009},[8327,8331,8335,8339],{"type":413,"tag":623,"props":8328,"children":8329},{"style":671},[8330],{"type":418,"value":7868},{"type":413,"tag":623,"props":8332,"children":8333},{"style":5513},[8334],{"type":418,"value":7873},{"type":413,"tag":623,"props":8336,"children":8337},{"style":671},[8338],{"type":418,"value":3493},{"type":413,"tag":623,"props":8340,"children":8341},{"style":635},[8342],{"type":418,"value":8343}," Set node version to 18\n",{"type":413,"tag":623,"props":8345,"children":8346},{"class":625,"line":8027},[8347,8351,8355],{"type":413,"tag":623,"props":8348,"children":8349},{"style":5513},[8350],{"type":418,"value":7898},{"type":413,"tag":623,"props":8352,"children":8353},{"style":671},[8354],{"type":418,"value":3493},{"type":413,"tag":623,"props":8356,"children":8357},{"style":635},[8358],{"type":418,"value":8359}," actions/setup-node@v3\n",{"type":413,"tag":623,"props":8361,"children":8362},{"class":625,"line":8036},[8363,8367],{"type":413,"tag":623,"props":8364,"children":8365},{"style":5513},[8366],{"type":418,"value":7915},{"type":413,"tag":623,"props":8368,"children":8369},{"style":671},[8370],{"type":418,"value":3448},{"type":413,"tag":623,"props":8372,"children":8374},{"class":625,"line":8373},24,[8375,8380,8384],{"type":413,"tag":623,"props":8376,"children":8377},{"style":5513},[8378],{"type":418,"value":8379},"          node-version",{"type":413,"tag":623,"props":8381,"children":8382},{"style":671},[8383],{"type":418,"value":3493},{"type":413,"tag":623,"props":8385,"children":8386},{"style":3551},[8387],{"type":418,"value":8388}," 18\n",{"type":413,"tag":623,"props":8390,"children":8392},{"class":625,"line":8391},25,[8393,8398,8402,8406,8410],{"type":413,"tag":623,"props":8394,"children":8395},{"style":5513},[8396],{"type":418,"value":8397},"          cache",{"type":413,"tag":623,"props":8399,"children":8400},{"style":671},[8401],{"type":418,"value":3493},{"type":413,"tag":623,"props":8403,"children":8404},{"style":671},[8405],{"type":418,"value":3583},{"type":413,"tag":623,"props":8407,"children":8408},{"style":635},[8409],{"type":418,"value":362},{"type":413,"tag":623,"props":8411,"children":8412},{"style":671},[8413],{"type":418,"value":3592},{"type":413,"tag":623,"props":8415,"children":8417},{"class":625,"line":8416},26,[8418],{"type":413,"tag":623,"props":8419,"children":8420},{"style":1058},[8421],{"type":418,"value":8422},"      \n",{"type":413,"tag":623,"props":8424,"children":8426},{"class":625,"line":8425},27,[8427,8431,8435,8439],{"type":413,"tag":623,"props":8428,"children":8429},{"style":671},[8430],{"type":418,"value":7868},{"type":413,"tag":623,"props":8432,"children":8433},{"style":5513},[8434],{"type":418,"value":7873},{"type":413,"tag":623,"props":8436,"children":8437},{"style":671},[8438],{"type":418,"value":3493},{"type":413,"tag":623,"props":8440,"children":8441},{"style":635},[8442],{"type":418,"value":8443}," Install dependencies\n",{"type":413,"tag":623,"props":8445,"children":8447},{"class":625,"line":8446},28,[8448,8452,8456],{"type":413,"tag":623,"props":8449,"children":8450},{"style":5513},[8451],{"type":418,"value":8015},{"type":413,"tag":623,"props":8453,"children":8454},{"style":671},[8455],{"type":418,"value":3493},{"type":413,"tag":623,"props":8457,"children":8458},{"style":635},[8459],{"type":418,"value":8460}," pnpm install\n",{"type":413,"tag":623,"props":8462,"children":8464},{"class":625,"line":8463},29,[8465],{"type":413,"tag":623,"props":8466,"children":8467},{"style":1058},[8468],{"type":418,"value":8422},{"type":413,"tag":623,"props":8470,"children":8472},{"class":625,"line":8471},30,[8473,8477,8481,8485],{"type":413,"tag":623,"props":8474,"children":8475},{"style":671},[8476],{"type":418,"value":7868},{"type":413,"tag":623,"props":8478,"children":8479},{"style":5513},[8480],{"type":418,"value":7873},{"type":413,"tag":623,"props":8482,"children":8483},{"style":671},[8484],{"type":418,"value":3493},{"type":413,"tag":623,"props":8486,"children":8487},{"style":635},[8488],{"type":418,"value":8489}," Provision infrastructure\n",{"type":413,"tag":623,"props":8491,"children":8493},{"class":625,"line":8492},31,[8494,8498,8502],{"type":413,"tag":623,"props":8495,"children":8496},{"style":5513},[8497],{"type":418,"value":7898},{"type":413,"tag":623,"props":8499,"children":8500},{"style":671},[8501],{"type":418,"value":3493},{"type":413,"tag":623,"props":8503,"children":8504},{"style":635},[8505],{"type":418,"value":8506}," pulumi/actions@v4.4.0\n",{"type":413,"tag":623,"props":8508,"children":8510},{"class":625,"line":8509},32,[8511,8516,8520],{"type":413,"tag":623,"props":8512,"children":8513},{"style":5513},[8514],{"type":418,"value":8515},"        id",{"type":413,"tag":623,"props":8517,"children":8518},{"style":671},[8519],{"type":418,"value":3493},{"type":413,"tag":623,"props":8521,"children":8522},{"style":635},[8523],{"type":418,"value":8524}," pulumi\n",{"type":413,"tag":623,"props":8526,"children":8528},{"class":625,"line":8527},33,[8529,8533],{"type":413,"tag":623,"props":8530,"children":8531},{"style":5513},[8532],{"type":418,"value":7915},{"type":413,"tag":623,"props":8534,"children":8535},{"style":671},[8536],{"type":418,"value":3448},{"type":413,"tag":623,"props":8538,"children":8540},{"class":625,"line":8539},34,[8541,8546,8550],{"type":413,"tag":623,"props":8542,"children":8543},{"style":5513},[8544],{"type":418,"value":8545},"          command",{"type":413,"tag":623,"props":8547,"children":8548},{"style":671},[8549],{"type":418,"value":3493},{"type":413,"tag":623,"props":8551,"children":8552},{"style":635},[8553],{"type":418,"value":8554}," up\n",{"type":413,"tag":623,"props":8556,"children":8558},{"class":625,"line":8557},35,[8559,8564,8568],{"type":413,"tag":623,"props":8560,"children":8561},{"style":5513},[8562],{"type":418,"value":8563},"          stack-name",{"type":413,"tag":623,"props":8565,"children":8566},{"style":671},[8567],{"type":418,"value":3493},{"type":413,"tag":623,"props":8569,"children":8570},{"style":635},[8571],{"type":418,"value":8572}," dev\n",{"type":413,"tag":623,"props":8574,"children":8576},{"class":625,"line":8575},36,[8577,8582],{"type":413,"tag":623,"props":8578,"children":8579},{"style":5513},[8580],{"type":418,"value":8581},"        env",{"type":413,"tag":623,"props":8583,"children":8584},{"style":671},[8585],{"type":418,"value":3448},{"type":413,"tag":623,"props":8587,"children":8589},{"class":625,"line":8588},37,[8590,8595,8599],{"type":413,"tag":623,"props":8591,"children":8592},{"style":5513},[8593],{"type":418,"value":8594},"          ARM_USE_OIDC",{"type":413,"tag":623,"props":8596,"children":8597},{"style":671},[8598],{"type":418,"value":3493},{"type":413,"tag":623,"props":8600,"children":8601},{"style":5580},[8602],{"type":418,"value":5583},{"type":413,"tag":623,"props":8604,"children":8606},{"class":625,"line":8605},38,[8607,8612,8616],{"type":413,"tag":623,"props":8608,"children":8609},{"style":5513},[8610],{"type":418,"value":8611},"          PULUMI_ACCESS_TOKEN",{"type":413,"tag":623,"props":8613,"children":8614},{"style":671},[8615],{"type":418,"value":3493},{"type":413,"tag":623,"props":8617,"children":8618},{"style":635},[8619],{"type":418,"value":8620}," ${{ secrets.PULUMI_ACCESS_TOKEN }}\n",{"type":413,"tag":623,"props":8622,"children":8624},{"class":625,"line":8623},39,[8625,8630,8634],{"type":413,"tag":623,"props":8626,"children":8627},{"style":5513},[8628],{"type":418,"value":8629},"          ARM_CLIENT_ID",{"type":413,"tag":623,"props":8631,"children":8632},{"style":671},[8633],{"type":418,"value":3493},{"type":413,"tag":623,"props":8635,"children":8636},{"style":635},[8637],{"type":418,"value":8638}," ${{ secrets.ARM_CLIENT_ID }}\n",{"type":413,"tag":623,"props":8640,"children":8642},{"class":625,"line":8641},40,[8643,8648,8652],{"type":413,"tag":623,"props":8644,"children":8645},{"style":5513},[8646],{"type":418,"value":8647},"          ARM_TENANT_ID",{"type":413,"tag":623,"props":8649,"children":8650},{"style":671},[8651],{"type":418,"value":3493},{"type":413,"tag":623,"props":8653,"children":8654},{"style":635},[8655],{"type":418,"value":8656}," ${{ secrets.ARM_TENANT_ID }}\n",{"type":413,"tag":623,"props":8658,"children":8660},{"class":625,"line":8659},41,[8661,8666,8670],{"type":413,"tag":623,"props":8662,"children":8663},{"style":5513},[8664],{"type":418,"value":8665},"          ARM_SUBSCRIPTION_ID",{"type":413,"tag":623,"props":8667,"children":8668},{"style":671},[8669],{"type":418,"value":3493},{"type":413,"tag":623,"props":8671,"children":8672},{"style":635},[8673],{"type":418,"value":8674}," ${{ secrets.ARM_SUBSCRIPTION_ID }}\n",{"type":413,"tag":414,"props":8676,"children":8677},{},[8678,8680,8686],{"type":418,"value":8679},"A permission section is required with 2 settings (more details ",{"type":413,"tag":432,"props":8681,"children":8684},{"href":8682,"rel":8683},"https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings",[436],[8685],{"type":418,"value":542},{"type":418,"value":8687},"):",{"type":413,"tag":443,"props":8689,"children":8690},{},[8691,8702],{"type":413,"tag":447,"props":8692,"children":8693},{},[8694,8700],{"type":413,"tag":619,"props":8695,"children":8697},{"className":8696},[],[8698],{"type":418,"value":8699},"id-token: write",{"type":418,"value":8701}," ➡️ needed to request the OIDC token",{"type":413,"tag":447,"props":8703,"children":8704},{},[8705,8711],{"type":413,"tag":619,"props":8706,"children":8708},{"className":8707},[],[8709],{"type":418,"value":8710},"contents: read",{"type":418,"value":8712}," ➡️ needed to perform checkout action",{"type":413,"tag":496,"props":8714,"children":8715},{"icon":498},[8716],{"type":413,"tag":414,"props":8717,"children":8718},{},[8719],{"type":418,"value":8720},"When you start to specify specific permissions, you have to specify all the permissions you need for the job because the default permissions won't apply anymore.",{"type":413,"tag":414,"props":8722,"children":8723},{},[8724,8726,8732,8734,8740,8742,8748],{"type":418,"value":8725},"The 3 steps following the checkout step are actions to specify the Node.js version to use, install and correctly configure ",{"type":413,"tag":432,"props":8727,"children":8730},{"href":8728,"rel":8729},"https://bordeauxcoders.com/series/pnpm-101",[436],[8731],{"type":418,"value":362},{"type":418,"value":8733},". We assume here the infrastructure will be provisioned using TypeScript (and Pulumi of course) but there would have been similar steps with other runtimes/languages (a ",{"type":413,"tag":619,"props":8735,"children":8737},{"className":8736},[],[8738],{"type":418,"value":8739},"setup-dotnet",{"type":418,"value":8741}," and a ",{"type":413,"tag":619,"props":8743,"children":8745},{"className":8744},[],[8746],{"type":418,"value":8747},"dotnet retore",{"type":418,"value":8749}," action for .NET for instance).",{"type":413,"tag":414,"props":8751,"children":8752},{},[8753,8755,8760,8762,8767,8769,8775,8777,8782],{"type":418,"value":8754},"The last action is the Pulumi action to provision the infrastructure by running the ",{"type":413,"tag":619,"props":8756,"children":8758},{"className":8757},[],[8759],{"type":418,"value":4573},{"type":418,"value":8761}," on the ",{"type":413,"tag":619,"props":8763,"children":8765},{"className":8764},[],[8766],{"type":418,"value":747},{"type":418,"value":8768}," stack. We can see that this action uses environment variables whose values are based on the GitHub Actions secrets we defined earlier. To tell Pulumi to use OIDC, we just have to set the ",{"type":413,"tag":619,"props":8770,"children":8772},{"className":8771},[],[8773],{"type":418,"value":8774},"ARM_USE_OIDC",{"type":418,"value":8776}," environment variable to ",{"type":413,"tag":619,"props":8778,"children":8780},{"className":8779},[],[8781],{"type":418,"value":5711},{"type":418,"value":1404},{"type":413,"tag":612,"props":8784,"children":8786},{"className":7701,"code":8785,"language":7703,"meta":401,"style":401},"        env:\n          ARM_USE_OIDC: true\n          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}\n          ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}\n          ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}\n          ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} \n",[8787],{"type":413,"tag":619,"props":8788,"children":8789},{"__ignoreMap":401},[8790,8801,8816,8831,8846,8861],{"type":413,"tag":623,"props":8791,"children":8792},{"class":625,"line":626},[8793,8797],{"type":413,"tag":623,"props":8794,"children":8795},{"style":5513},[8796],{"type":418,"value":8581},{"type":413,"tag":623,"props":8798,"children":8799},{"style":671},[8800],{"type":418,"value":3448},{"type":413,"tag":623,"props":8802,"children":8803},{"class":625,"line":1045},[8804,8808,8812],{"type":413,"tag":623,"props":8805,"children":8806},{"style":5513},[8807],{"type":418,"value":8594},{"type":413,"tag":623,"props":8809,"children":8810},{"style":671},[8811],{"type":418,"value":3493},{"type":413,"tag":623,"props":8813,"children":8814},{"style":5580},[8815],{"type":418,"value":5583},{"type":413,"tag":623,"props":8817,"children":8818},{"class":625,"line":1054},[8819,8823,8827],{"type":413,"tag":623,"props":8820,"children":8821},{"style":5513},[8822],{"type":418,"value":8611},{"type":413,"tag":623,"props":8824,"children":8825},{"style":671},[8826],{"type":418,"value":3493},{"type":413,"tag":623,"props":8828,"children":8829},{"style":635},[8830],{"type":418,"value":8620},{"type":413,"tag":623,"props":8832,"children":8833},{"class":625,"line":1087},[8834,8838,8842],{"type":413,"tag":623,"props":8835,"children":8836},{"style":5513},[8837],{"type":418,"value":8629},{"type":413,"tag":623,"props":8839,"children":8840},{"style":671},[8841],{"type":418,"value":3493},{"type":413,"tag":623,"props":8843,"children":8844},{"style":635},[8845],{"type":418,"value":8638},{"type":413,"tag":623,"props":8847,"children":8848},{"class":625,"line":1104},[8849,8853,8857],{"type":413,"tag":623,"props":8850,"children":8851},{"style":5513},[8852],{"type":418,"value":8647},{"type":413,"tag":623,"props":8854,"children":8855},{"style":671},[8856],{"type":418,"value":3493},{"type":413,"tag":623,"props":8858,"children":8859},{"style":635},[8860],{"type":418,"value":8656},{"type":413,"tag":623,"props":8862,"children":8863},{"class":625,"line":1113},[8864,8868,8872],{"type":413,"tag":623,"props":8865,"children":8866},{"style":5513},[8867],{"type":418,"value":8665},{"type":413,"tag":623,"props":8869,"children":8870},{"style":671},[8871],{"type":418,"value":3493},{"type":413,"tag":623,"props":8873,"children":8874},{"style":635},[8875],{"type":418,"value":8674},{"type":413,"tag":414,"props":8877,"children":8878},{},[8879,8881,8887,8889,8896],{"type":418,"value":8880},"A GitHub Actions secret we did not talk about is ",{"type":413,"tag":619,"props":8882,"children":8884},{"className":8883},[],[8885],{"type":418,"value":8886},"PULUMI_ACCESS_TOKEN",{"type":418,"value":8888}," that is a ",{"type":413,"tag":432,"props":8890,"children":8893},{"href":8891,"rel":8892},"https://www.pulumi.com/docs/pulumi-cloud/access-management/access-tokens/",[436],[8894],{"type":418,"value":8895},"Pulumi access token",{"type":418,"value":8897}," to use Pulumi Cloud as our backend to store the infrastructure state and encrypt secrets. This token should be:",{"type":413,"tag":6988,"props":8899,"children":8900},{},[8901,8913,8924],{"type":413,"tag":447,"props":8902,"children":8903},{},[8904,8906,8912],{"type":418,"value":8905},"Created from Pulumi Cloud (following the documentation ",{"type":413,"tag":432,"props":8907,"children":8910},{"href":8908,"rel":8909},"https://www.pulumi.com/docs/pulumi-cloud/access-management/access-tokens/#personal-access-tokens",[436],[8911],{"type":418,"value":542},{"type":418,"value":5595},{"type":413,"tag":447,"props":8914,"children":8915},{},[8916,8918],{"type":418,"value":8917},"Stored in the stack configuration using the following command ",{"type":413,"tag":619,"props":8919,"children":8921},{"className":8920},[],[8922],{"type":418,"value":8923},"pulumi config set pulumiTokenForRepository ******* --secret",{"type":413,"tag":447,"props":8925,"children":8926},{},[8927,8929],{"type":418,"value":8928},"Stored in a GitHub Actions secret using this code",{"type":413,"tag":612,"props":8930,"children":8932},{"className":5390,"code":8931,"language":357,"meta":401,"style":401},"new github.ActionsSecret(\"pulumiAccessToken\", {\n  repository: repository.name,\n  secretName: \"PULUMI_ACCESS_TOKEN\",\n  plaintextValue: config.requireSecret(\"pulumiTokenForRepository\"),\n});\n",[8933],{"type":413,"tag":619,"props":8934,"children":8935},{"__ignoreMap":401},[8936,8980,9007,9034,9083],{"type":413,"tag":623,"props":8937,"children":8938},{"class":625,"line":626},[8939,8943,8947,8951,8955,8959,8963,8968,8972,8976],{"type":413,"tag":623,"props":8940,"children":8941},{"style":671},[8942],{"type":418,"value":2857},{"type":413,"tag":623,"props":8944,"children":8945},{"style":1058},[8946],{"type":418,"value":5472},{"type":413,"tag":623,"props":8948,"children":8949},{"style":671},[8950],{"type":418,"value":1404},{"type":413,"tag":623,"props":8952,"children":8953},{"style":1407},[8954],{"type":418,"value":7247},{"type":413,"tag":623,"props":8956,"children":8957},{"style":1058},[8958],{"type":418,"value":1018},{"type":413,"tag":623,"props":8960,"children":8961},{"style":671},[8962],{"type":418,"value":1023},{"type":413,"tag":623,"props":8964,"children":8965},{"style":635},[8966],{"type":418,"value":8967},"pulumiAccessToken",{"type":413,"tag":623,"props":8969,"children":8970},{"style":671},[8971],{"type":418,"value":1023},{"type":413,"tag":623,"props":8973,"children":8974},{"style":671},[8975],{"type":418,"value":1037},{"type":413,"tag":623,"props":8977,"children":8978},{"style":671},[8979],{"type":418,"value":5507},{"type":413,"tag":623,"props":8981,"children":8982},{"class":625,"line":1045},[8983,8987,8991,8995,8999,9003],{"type":413,"tag":623,"props":8984,"children":8985},{"style":5513},[8986],{"type":418,"value":7069},{"type":413,"tag":623,"props":8988,"children":8989},{"style":671},[8990],{"type":418,"value":3493},{"type":413,"tag":623,"props":8992,"children":8993},{"style":1058},[8994],{"type":418,"value":1390},{"type":413,"tag":623,"props":8996,"children":8997},{"style":671},[8998],{"type":418,"value":1404},{"type":413,"tag":623,"props":9000,"children":9001},{"style":1058},[9002],{"type":418,"value":5665},{"type":413,"tag":623,"props":9004,"children":9005},{"style":671},[9006],{"type":418,"value":1084},{"type":413,"tag":623,"props":9008,"children":9009},{"class":625,"line":1054},[9010,9014,9018,9022,9026,9030],{"type":413,"tag":623,"props":9011,"children":9012},{"style":5513},[9013],{"type":418,"value":7306},{"type":413,"tag":623,"props":9015,"children":9016},{"style":671},[9017],{"type":418,"value":3493},{"type":413,"tag":623,"props":9019,"children":9020},{"style":671},[9021],{"type":418,"value":674},{"type":413,"tag":623,"props":9023,"children":9024},{"style":635},[9025],{"type":418,"value":8886},{"type":413,"tag":623,"props":9027,"children":9028},{"style":671},[9029],{"type":418,"value":1023},{"type":413,"tag":623,"props":9031,"children":9032},{"style":671},[9033],{"type":418,"value":1084},{"type":413,"tag":623,"props":9035,"children":9036},{"class":625,"line":1087},[9037,9041,9045,9049,9053,9058,9062,9066,9071,9075,9079],{"type":413,"tag":623,"props":9038,"children":9039},{"style":5513},[9040],{"type":418,"value":7334},{"type":413,"tag":623,"props":9042,"children":9043},{"style":671},[9044],{"type":418,"value":3493},{"type":413,"tag":623,"props":9046,"children":9047},{"style":1058},[9048],{"type":418,"value":879},{"type":413,"tag":623,"props":9050,"children":9051},{"style":671},[9052],{"type":418,"value":1404},{"type":413,"tag":623,"props":9054,"children":9055},{"style":1407},[9056],{"type":418,"value":9057},"requireSecret",{"type":413,"tag":623,"props":9059,"children":9060},{"style":1058},[9061],{"type":418,"value":1018},{"type":413,"tag":623,"props":9063,"children":9064},{"style":671},[9065],{"type":418,"value":1023},{"type":413,"tag":623,"props":9067,"children":9068},{"style":635},[9069],{"type":418,"value":9070},"pulumiTokenForRepository",{"type":413,"tag":623,"props":9072,"children":9073},{"style":671},[9074],{"type":418,"value":1023},{"type":413,"tag":623,"props":9076,"children":9077},{"style":1058},[9078],{"type":418,"value":5595},{"type":413,"tag":623,"props":9080,"children":9081},{"style":671},[9082],{"type":418,"value":1084},{"type":413,"tag":623,"props":9084,"children":9085},{"class":625,"line":1104},[9086,9090,9094],{"type":413,"tag":623,"props":9087,"children":9088},{"style":671},[9089],{"type":418,"value":3327},{"type":413,"tag":623,"props":9091,"children":9092},{"style":1058},[9093],{"type":418,"value":5595},{"type":413,"tag":623,"props":9095,"children":9096},{"style":671},[9097],{"type":418,"value":2524},{"type":413,"tag":414,"props":9099,"children":9100},{},[9101],{"type":418,"value":9102},"The last thing to do is to add this workflow file to the GitHub repository:",{"type":413,"tag":612,"props":9104,"children":9106},{"className":5390,"code":9105,"language":357,"meta":401,"style":401},"import { readFileSync } from \"fs\";\n\nconst pipelineContent = readFileSync(\"main.yml\", \"utf-8\");\nnew github.RepositoryFile(\"pipelineRepositoryFile\", {\n  repository: repository.name,\n  branch: \"main\",\n  file: \".github/workflows/main.yml\",\n  content: pipelineContent,\n  commitMessage: \"Add preconfigured pipeline file\",\n  commitAuthor: \"Alexandre Nédélec\",\n  commitEmail: \"15186176+TechWatching@users.noreply.github.com\",\n  overwriteOnCreate: true,\n});\n",[9107],{"type":413,"tag":619,"props":9108,"children":9109},{"__ignoreMap":401},[9110,9151,9158,9220,9265,9292,9320,9349,9370,9398,9427,9456,9477],{"type":413,"tag":623,"props":9111,"children":9112},{"class":625,"line":626},[9113,9117,9121,9126,9130,9134,9138,9143,9147],{"type":413,"tag":623,"props":9114,"children":9115},{"style":2485},[9116],{"type":418,"value":5403},{"type":413,"tag":623,"props":9118,"children":9119},{"style":671},[9120],{"type":418,"value":5852},{"type":413,"tag":623,"props":9122,"children":9123},{"style":1058},[9124],{"type":418,"value":9125}," readFileSync",{"type":413,"tag":623,"props":9127,"children":9128},{"style":671},[9129],{"type":418,"value":5879},{"type":413,"tag":623,"props":9131,"children":9132},{"style":2485},[9133],{"type":418,"value":6443},{"type":413,"tag":623,"props":9135,"children":9136},{"style":671},[9137],{"type":418,"value":674},{"type":413,"tag":623,"props":9139,"children":9140},{"style":635},[9141],{"type":418,"value":9142},"fs",{"type":413,"tag":623,"props":9144,"children":9145},{"style":671},[9146],{"type":418,"value":1023},{"type":413,"tag":623,"props":9148,"children":9149},{"style":671},[9150],{"type":418,"value":2524},{"type":413,"tag":623,"props":9152,"children":9153},{"class":625,"line":1045},[9154],{"type":413,"tag":623,"props":9155,"children":9156},{"emptyLinePlaceholder":2790},[9157],{"type":418,"value":2793},{"type":413,"tag":623,"props":9159,"children":9160},{"class":625,"line":1054},[9161,9165,9170,9174,9178,9182,9186,9191,9195,9199,9203,9208,9212,9216],{"type":413,"tag":623,"props":9162,"children":9163},{"style":2854},[9164],{"type":418,"value":5454},{"type":413,"tag":623,"props":9166,"children":9167},{"style":1058},[9168],{"type":418,"value":9169}," pipelineContent ",{"type":413,"tag":623,"props":9171,"children":9172},{"style":671},[9173],{"type":418,"value":1066},{"type":413,"tag":623,"props":9175,"children":9176},{"style":1407},[9177],{"type":418,"value":9125},{"type":413,"tag":623,"props":9179,"children":9180},{"style":1058},[9181],{"type":418,"value":1018},{"type":413,"tag":623,"props":9183,"children":9184},{"style":671},[9185],{"type":418,"value":1023},{"type":413,"tag":623,"props":9187,"children":9188},{"style":635},[9189],{"type":418,"value":9190},"main.yml",{"type":413,"tag":623,"props":9192,"children":9193},{"style":671},[9194],{"type":418,"value":1023},{"type":413,"tag":623,"props":9196,"children":9197},{"style":671},[9198],{"type":418,"value":1037},{"type":413,"tag":623,"props":9200,"children":9201},{"style":671},[9202],{"type":418,"value":674},{"type":413,"tag":623,"props":9204,"children":9205},{"style":635},[9206],{"type":418,"value":9207},"utf-8",{"type":413,"tag":623,"props":9209,"children":9210},{"style":671},[9211],{"type":418,"value":1023},{"type":413,"tag":623,"props":9213,"children":9214},{"style":1058},[9215],{"type":418,"value":5595},{"type":413,"tag":623,"props":9217,"children":9218},{"style":671},[9219],{"type":418,"value":2524},{"type":413,"tag":623,"props":9221,"children":9222},{"class":625,"line":1087},[9223,9227,9231,9235,9240,9244,9248,9253,9257,9261],{"type":413,"tag":623,"props":9224,"children":9225},{"style":671},[9226],{"type":418,"value":2857},{"type":413,"tag":623,"props":9228,"children":9229},{"style":1058},[9230],{"type":418,"value":5472},{"type":413,"tag":623,"props":9232,"children":9233},{"style":671},[9234],{"type":418,"value":1404},{"type":413,"tag":623,"props":9236,"children":9237},{"style":1407},[9238],{"type":418,"value":9239},"RepositoryFile",{"type":413,"tag":623,"props":9241,"children":9242},{"style":1058},[9243],{"type":418,"value":1018},{"type":413,"tag":623,"props":9245,"children":9246},{"style":671},[9247],{"type":418,"value":1023},{"type":413,"tag":623,"props":9249,"children":9250},{"style":635},[9251],{"type":418,"value":9252},"pipelineRepositoryFile",{"type":413,"tag":623,"props":9254,"children":9255},{"style":671},[9256],{"type":418,"value":1023},{"type":413,"tag":623,"props":9258,"children":9259},{"style":671},[9260],{"type":418,"value":1037},{"type":413,"tag":623,"props":9262,"children":9263},{"style":671},[9264],{"type":418,"value":5507},{"type":413,"tag":623,"props":9266,"children":9267},{"class":625,"line":1104},[9268,9272,9276,9280,9284,9288],{"type":413,"tag":623,"props":9269,"children":9270},{"style":5513},[9271],{"type":418,"value":7069},{"type":413,"tag":623,"props":9273,"children":9274},{"style":671},[9275],{"type":418,"value":3493},{"type":413,"tag":623,"props":9277,"children":9278},{"style":1058},[9279],{"type":418,"value":1390},{"type":413,"tag":623,"props":9281,"children":9282},{"style":671},[9283],{"type":418,"value":1404},{"type":413,"tag":623,"props":9285,"children":9286},{"style":1058},[9287],{"type":418,"value":5665},{"type":413,"tag":623,"props":9289,"children":9290},{"style":671},[9291],{"type":418,"value":1084},{"type":413,"tag":623,"props":9293,"children":9294},{"class":625,"line":1113},[9295,9300,9304,9308,9312,9316],{"type":413,"tag":623,"props":9296,"children":9297},{"style":5513},[9298],{"type":418,"value":9299},"  branch",{"type":413,"tag":623,"props":9301,"children":9302},{"style":671},[9303],{"type":418,"value":3493},{"type":413,"tag":623,"props":9305,"children":9306},{"style":671},[9307],{"type":418,"value":674},{"type":413,"tag":623,"props":9309,"children":9310},{"style":635},[9311],{"type":418,"value":4782},{"type":413,"tag":623,"props":9313,"children":9314},{"style":671},[9315],{"type":418,"value":1023},{"type":413,"tag":623,"props":9317,"children":9318},{"style":671},[9319],{"type":418,"value":1084},{"type":413,"tag":623,"props":9321,"children":9322},{"class":625,"line":1161},[9323,9328,9332,9336,9341,9345],{"type":413,"tag":623,"props":9324,"children":9325},{"style":5513},[9326],{"type":418,"value":9327},"  file",{"type":413,"tag":623,"props":9329,"children":9330},{"style":671},[9331],{"type":418,"value":3493},{"type":413,"tag":623,"props":9333,"children":9334},{"style":671},[9335],{"type":418,"value":674},{"type":413,"tag":623,"props":9337,"children":9338},{"style":635},[9339],{"type":418,"value":9340},".github/workflows/main.yml",{"type":413,"tag":623,"props":9342,"children":9343},{"style":671},[9344],{"type":418,"value":1023},{"type":413,"tag":623,"props":9346,"children":9347},{"style":671},[9348],{"type":418,"value":1084},{"type":413,"tag":623,"props":9350,"children":9351},{"class":625,"line":1207},[9352,9357,9361,9366],{"type":413,"tag":623,"props":9353,"children":9354},{"style":5513},[9355],{"type":418,"value":9356},"  content",{"type":413,"tag":623,"props":9358,"children":9359},{"style":671},[9360],{"type":418,"value":3493},{"type":413,"tag":623,"props":9362,"children":9363},{"style":1058},[9364],{"type":418,"value":9365}," pipelineContent",{"type":413,"tag":623,"props":9367,"children":9368},{"style":671},[9369],{"type":418,"value":1084},{"type":413,"tag":623,"props":9371,"children":9372},{"class":625,"line":1251},[9373,9378,9382,9386,9390,9394],{"type":413,"tag":623,"props":9374,"children":9375},{"style":5513},[9376],{"type":418,"value":9377},"  commitMessage",{"type":413,"tag":623,"props":9379,"children":9380},{"style":671},[9381],{"type":418,"value":3493},{"type":413,"tag":623,"props":9383,"children":9384},{"style":671},[9385],{"type":418,"value":674},{"type":413,"tag":623,"props":9387,"children":9388},{"style":635},[9389],{"type":418,"value":3841},{"type":413,"tag":623,"props":9391,"children":9392},{"style":671},[9393],{"type":418,"value":1023},{"type":413,"tag":623,"props":9395,"children":9396},{"style":671},[9397],{"type":418,"value":1084},{"type":413,"tag":623,"props":9399,"children":9400},{"class":625,"line":1296},[9401,9406,9410,9414,9419,9423],{"type":413,"tag":623,"props":9402,"children":9403},{"style":5513},[9404],{"type":418,"value":9405},"  commitAuthor",{"type":413,"tag":623,"props":9407,"children":9408},{"style":671},[9409],{"type":418,"value":3493},{"type":413,"tag":623,"props":9411,"children":9412},{"style":671},[9413],{"type":418,"value":674},{"type":413,"tag":623,"props":9415,"children":9416},{"style":635},[9417],{"type":418,"value":9418},"Alexandre Nédélec",{"type":413,"tag":623,"props":9420,"children":9421},{"style":671},[9422],{"type":418,"value":1023},{"type":413,"tag":623,"props":9424,"children":9425},{"style":671},[9426],{"type":418,"value":1084},{"type":413,"tag":623,"props":9428,"children":9429},{"class":625,"line":1337},[9430,9435,9439,9443,9448,9452],{"type":413,"tag":623,"props":9431,"children":9432},{"style":5513},[9433],{"type":418,"value":9434},"  commitEmail",{"type":413,"tag":623,"props":9436,"children":9437},{"style":671},[9438],{"type":418,"value":3493},{"type":413,"tag":623,"props":9440,"children":9441},{"style":671},[9442],{"type":418,"value":674},{"type":413,"tag":623,"props":9444,"children":9445},{"style":635},[9446],{"type":418,"value":9447},"15186176+TechWatching@users.noreply.github.com",{"type":413,"tag":623,"props":9449,"children":9450},{"style":671},[9451],{"type":418,"value":1023},{"type":413,"tag":623,"props":9453,"children":9454},{"style":671},[9455],{"type":418,"value":1084},{"type":413,"tag":623,"props":9457,"children":9458},{"class":625,"line":1346},[9459,9464,9468,9473],{"type":413,"tag":623,"props":9460,"children":9461},{"style":5513},[9462],{"type":418,"value":9463},"  overwriteOnCreate",{"type":413,"tag":623,"props":9465,"children":9466},{"style":671},[9467],{"type":418,"value":3493},{"type":413,"tag":623,"props":9469,"children":9470},{"style":5580},[9471],{"type":418,"value":9472}," true",{"type":413,"tag":623,"props":9474,"children":9475},{"style":671},[9476],{"type":418,"value":1084},{"type":413,"tag":623,"props":9478,"children":9479},{"class":625,"line":2100},[9480,9484,9488],{"type":413,"tag":623,"props":9481,"children":9482},{"style":671},[9483],{"type":418,"value":3327},{"type":413,"tag":623,"props":9485,"children":9486},{"style":1058},[9487],{"type":418,"value":5595},{"type":413,"tag":623,"props":9489,"children":9490},{"style":671},[9491],{"type":418,"value":2524},{"type":413,"tag":414,"props":9493,"children":9494},{},[9495],{"type":418,"value":9496},"This code:",{"type":413,"tag":6988,"props":9498,"children":9499},{},[9500,9512,9524],{"type":413,"tag":447,"props":9501,"children":9502},{},[9503,9505,9510],{"type":418,"value":9504},"reads the ",{"type":413,"tag":619,"props":9506,"children":9508},{"className":9507},[],[9509],{"type":418,"value":9190},{"type":418,"value":9511}," file that contains the workflow we saw previously",{"type":413,"tag":447,"props":9513,"children":9514},{},[9515,9517,9522],{"type":418,"value":9516},"creates a file with this content in the repository in the ",{"type":413,"tag":619,"props":9518,"children":9520},{"className":9519},[],[9521],{"type":418,"value":4800},{"type":418,"value":9523}," folder for the GitHub Actions workflows",{"type":413,"tag":447,"props":9525,"children":9526},{},[9527],{"type":418,"value":9528},"makes a commit when creating the file (or modifying it)",{"type":413,"tag":496,"props":9530,"children":9531},{"icon":557},[9532],{"type":413,"tag":414,"props":9533,"children":9534},{},[9535,9537,9543,9545,9550],{"type":418,"value":9536},"To read the YAML file, I use the ",{"type":413,"tag":619,"props":9538,"children":9540},{"className":9539},[],[9541],{"type":418,"value":9542},"readFileSync",{"type":418,"value":9544}," method from the File System API ",{"type":413,"tag":619,"props":9546,"children":9548},{"className":9547},[],[9549],{"type":418,"value":9142},{"type":418,"value":9551},". That's one of the things I love about Pulumi: you use the things you already know and that already exist in your ecosystem. No need to look for a module or wait for someone to write one, there is probably something standard or a popular community library you can use.",{"type":413,"tag":420,"props":9553,"children":9555},{"id":9554},"test-the-azure-ready-github-repository",[9556],{"type":418,"value":9557},"Test the Azure-Ready GitHub Repository",{"type":413,"tag":414,"props":9559,"children":9560},{},[9561,9563,9568],{"type":418,"value":9562},"Now that the infrastructure code to provision the Azure-Ready GitHub repository is written, let's run it with the ",{"type":413,"tag":619,"props":9564,"children":9566},{"className":9565},[],[9567],{"type":418,"value":4573},{"type":418,"value":9569}," command and see if it works!",{"type":413,"tag":414,"props":9571,"children":9572},{},[9573],{"type":413,"tag":487,"props":9574,"children":9578},{"alt":9575,"className":9576,"src":9577,"width":591},"Ouput of the pulumi up command with all the resources created.",[491,492],"/posts/images/azurereadygithub_pulumi_1.webp",[],{"type":413,"tag":414,"props":9580,"children":9581},{},[9582],{"type":418,"value":9583},"All the resources are correctly created and our new GitHub repository is ready to be used.",{"type":413,"tag":414,"props":9585,"children":9586},{},[9587],{"type":413,"tag":487,"props":9588,"children":9592},{"alt":9589,"className":9590,"src":9591},"Picture of the Azure Ready GitHub repository",[491,492],"/posts/images/azurereadygithub_github_2.webp",[],{"type":413,"tag":414,"props":9594,"children":9595},{},[9596],{"type":418,"value":9597},"Let's clone it.",{"type":413,"tag":612,"props":9599,"children":9601},{"className":614,"code":9600,"language":616,"meta":401,"style":401},"git clone https://github.com/TechWatching/azure-ready-repository; cd azure-ready-repository\n",[9602],{"type":413,"tag":619,"props":9603,"children":9604},{"__ignoreMap":401},[9605],{"type":413,"tag":623,"props":9606,"children":9607},{"class":625,"line":626},[9608,9612,9617,9622,9627,9632],{"type":413,"tag":623,"props":9609,"children":9610},{"style":630},[9611],{"type":418,"value":241},{"type":413,"tag":623,"props":9613,"children":9614},{"style":635},[9615],{"type":418,"value":9616}," clone",{"type":413,"tag":623,"props":9618,"children":9619},{"style":635},[9620],{"type":418,"value":9621}," https://github.com/TechWatching/azure-ready-repository",{"type":413,"tag":623,"props":9623,"children":9624},{"style":671},[9625],{"type":418,"value":9626},";",{"type":413,"tag":623,"props":9628,"children":9629},{"style":1407},[9630],{"type":418,"value":9631}," cd",{"type":413,"tag":623,"props":9633,"children":9634},{"style":635},[9635],{"type":418,"value":9636}," azure-ready-repository\n",{"type":413,"tag":414,"props":9638,"children":9639},{},[9640],{"type":418,"value":9641},"We want to verify that the GitHub project is properly configured and can provision Azure resources from its GitHub Actions workflow.",{"type":413,"tag":414,"props":9643,"children":9644},{},[9645],{"type":418,"value":9646},"Let's add some infrastructure code that provisions a few Azure resources to check that:",{"type":413,"tag":612,"props":9648,"children":9650},{"className":614,"code":9649,"language":616,"meta":401,"style":401},"pulumi new azure-typescript -n \"AzureReadyGitHuRepository\" -y --force\n",[9651],{"type":413,"tag":619,"props":9652,"children":9653},{"__ignoreMap":401},[9654],{"type":413,"tag":623,"props":9655,"children":9656},{"class":625,"line":626},[9657,9661,9665,9670,9674,9678,9683,9687,9692],{"type":413,"tag":623,"props":9658,"children":9659},{"style":630},[9660],{"type":418,"value":311},{"type":413,"tag":623,"props":9662,"children":9663},{"style":635},[9664],{"type":418,"value":638},{"type":413,"tag":623,"props":9666,"children":9667},{"style":635},[9668],{"type":418,"value":9669}," azure-typescript",{"type":413,"tag":623,"props":9671,"children":9672},{"style":635},[9673],{"type":418,"value":648},{"type":413,"tag":623,"props":9675,"children":9676},{"style":671},[9677],{"type":418,"value":674},{"type":413,"tag":623,"props":9679,"children":9680},{"style":635},[9681],{"type":418,"value":9682},"AzureReadyGitHuRepository",{"type":413,"tag":623,"props":9684,"children":9685},{"style":671},[9686],{"type":418,"value":1023},{"type":413,"tag":623,"props":9688,"children":9689},{"style":635},[9690],{"type":418,"value":9691}," -y",{"type":413,"tag":623,"props":9693,"children":9694},{"style":635},[9695],{"type":418,"value":9696}," --force\n",{"type":413,"tag":414,"props":9698,"children":9699},{},[9700,9701,9707],{"type":418,"value":6304},{"type":413,"tag":619,"props":9702,"children":9704},{"className":9703},[],[9705],{"type":418,"value":9706},"--force",{"type":418,"value":9708}," option allows us to create the code within a non-empty directory.",{"type":413,"tag":414,"props":9710,"children":9711},{},[9712,9714,9720],{"type":418,"value":9713},"I used the ",{"type":413,"tag":619,"props":9715,"children":9717},{"className":9716},[],[9718],{"type":418,"value":9719},"azure-typescript",{"type":418,"value":9721}," template that creates a storage account and outputs retrieve its primary access key.",{"type":413,"tag":496,"props":9723,"children":9724},{"icon":952},[9725],{"type":413,"tag":414,"props":9726,"children":9727},{},[9728,9730,9737],{"type":418,"value":9729},"In the SDK, the outputs of the function that lists the storage access keys are not currently marked as secrets. There is currently an ",{"type":413,"tag":432,"props":9731,"children":9734},{"href":9732,"rel":9733},"https://github.com/pulumi/pulumi-azure-native/issues/2408",[436],[9735],{"type":418,"value":9736},"open issue",{"type":418,"value":9738}," to change that but in the meantime, I have just modified the code to label the stack output as secret ensuring its encryption.",{"type":413,"tag":414,"props":9740,"children":9741},{},[9742,9744,9750,9752,9758],{"type":418,"value":9743},"Let's run a ",{"type":413,"tag":619,"props":9745,"children":9747},{"className":9746},[],[9748],{"type":418,"value":9749},"pnpm install",{"type":418,"value":9751}," to install the dependencies and generate the ",{"type":413,"tag":619,"props":9753,"children":9755},{"className":9754},[],[9756],{"type":418,"value":9757},"pnpm-lock.yaml",{"type":418,"value":9759}," file. Then, we can push the code to GitHub and run the pipeline to see how it goes.",{"type":413,"tag":414,"props":9761,"children":9762},{},[9763],{"type":413,"tag":487,"props":9764,"children":9768},{"alt":9765,"className":9766,"src":9767},"Logs of the pipeline run showing that the workflow successfully created a storage account.",[491,492],"/posts/images/azurereadygithub_github_3.webp",[],{"type":413,"tag":414,"props":9770,"children":9771},{},[9772],{"type":418,"value":9773},"That's it, we succeeded to provision a storage account from our new GitHub repository whose creation and configuration were entirely automated using Pulumi.",{"type":413,"tag":420,"props":9775,"children":9776},{"id":4624},[9777],{"type":418,"value":4627},{"type":413,"tag":600,"props":9779,"children":9781},{"id":9780},"additional-information",[9782],{"type":418,"value":9783},"Additional information",{"type":413,"tag":414,"props":9785,"children":9786},{},[9787],{"type":418,"value":9788},"There are different platforms you can use to host your Git repositories: GitHub, GitLab, and Azure DevOps to name a few. We use GitHub in this article but you can easily apply the same logic with other platforms (Pulumi has providers for GitLab and Azure DevOps as well).",{"type":413,"tag":414,"props":9790,"children":9791},{},[9792],{"type":418,"value":9793},"Even though the Azure-Ready GitHub repository is provisioned using Pulumi, there's nothing stopping you from using another Infrastructure as Code solution that supports Azure OIDC (such as Azure CLI, which was mentioned in the article, Azure Bicep, or even Terraform) in the GitHub Actions workflow of the created repository. You don't even have to provision infrastructure; you can use this workflow to simply deploy an application to an existing Azure resource.",{"type":413,"tag":600,"props":9795,"children":9797},{"id":9796},"potential-enhancements",[9798],{"type":418,"value":9799},"Potential Enhancements",{"type":413,"tag":414,"props":9801,"children":9802},{},[9803],{"type":418,"value":9804},"There are many aspects that could be improved in the infrastructure code provisioning the Azure-Ready GitHub repository, but I believe the current solution serves as a good starting point. Nevertheless, here are some ideas for potential enhancements:",{"type":413,"tag":443,"props":9806,"children":9807},{},[9808,9813,9818],{"type":413,"tag":447,"props":9809,"children":9810},{},[9811],{"type":418,"value":9812},"make additional items, such as the commit author, configurable",{"type":413,"tag":447,"props":9814,"children":9815},{},[9816],{"type":418,"value":9817},"authorize an environment and not only a branch to retrieve an Azure token",{"type":413,"tag":447,"props":9819,"children":9820},{},[9821],{"type":418,"value":9822},"use environment variables/secrets instead of variable/secrets at the repository scope",{"type":413,"tag":414,"props":9824,"children":9825},{},[9826],{"type":418,"value":9827},"I think it would be interesting as well to put that code behind an API or a Web application using Pulumi Automation API to have a self-service solution to create Azure-Ready GitHub repository on the fly.",{"type":413,"tag":600,"props":9829,"children":9831},{"id":9830},"related-articles",[9832],{"type":418,"value":9833},"Related articles",{"type":413,"tag":414,"props":9835,"children":9836},{},[9837],{"type":418,"value":9838},"Here are some articles on the same topic I wanted to mention:",{"type":413,"tag":443,"props":9840,"children":9841},{},[9842,9873,9901],{"type":413,"tag":447,"props":9843,"children":9844},{},[9845,9855,9857,9862,9866,9871],{"type":413,"tag":432,"props":9846,"children":9849},{"href":9847,"rel":9848},"https://leebriggs.co.uk/blog/2022/01/23/gha-cloud-credentials",[436],[9850],{"type":413,"tag":521,"props":9851,"children":9852},{},[9853],{"type":418,"value":9854},"Stop using static cloud credentials in GitHub Actions",{"type":418,"value":9856}," ",{"type":413,"tag":521,"props":9858,"children":9859},{},[9860],{"type":418,"value":9861},"by Lee Briggs",{"type":413,"tag":9863,"props":9864,"children":9865},"br",{},[],{"type":413,"tag":521,"props":9867,"children":9868},{},[9869],{"type":418,"value":9870},"➡️",{"type":418,"value":9872}," This post provides examples for configuring OIDC authentication with GitHub Actions for AWS, Azure, and GCP. The code for Azure is quite similar to the code I showed here. Yet, it doesn't go so far as to initialize a pipeline ready to deploy resources with Pulumi. Anyway, it's awesome to have the code for all 3 major providers.",{"type":413,"tag":447,"props":9874,"children":9875},{},[9876,9886,9887,9892,9895,9899],{"type":413,"tag":432,"props":9877,"children":9880},{"href":9878,"rel":9879},"https://xaviergeerinck.com/2023/05/16/configuring-github-actions-to-azure-authentication-with-oidc/",[436],[9881],{"type":413,"tag":521,"props":9882,"children":9883},{},[9884],{"type":418,"value":9885},"Configuring GitHub Actions to Azure authentication with OIDC",{"type":418,"value":9856},{"type":413,"tag":521,"props":9888,"children":9889},{},[9890],{"type":418,"value":9891},"by Xavier Geerinck",{"type":413,"tag":9863,"props":9893,"children":9894},{},[],{"type":413,"tag":521,"props":9896,"children":9897},{},[9898],{"type":418,"value":9870},{"type":418,"value":9900},"This post also shows how to configure OIDC authentication with GitHub Actions and Azure but using an Azure CLI script. Although the GitHub repository creation and configuration are done manually, automating the Azure part with a few lines of script is nice.",{"type":413,"tag":447,"props":9902,"children":9903},{},[9904,9914,9915,9920,9923],{"type":413,"tag":432,"props":9905,"children":9908},{"href":9906,"rel":9907},"https://samcogan.com/getting-rid-of-passwords-for-deployment-with-pulumi-oidc-support/",[436],[9909],{"type":413,"tag":521,"props":9910,"children":9911},{},[9912],{"type":418,"value":9913},"Getting Rid of Passwords for Deployment with Pulumi OIDC Support",{"type":418,"value":9856},{"type":413,"tag":521,"props":9916,"children":9917},{},[9918],{"type":418,"value":9919},"by Sam Cogan",{"type":413,"tag":9863,"props":9921,"children":9922},{},[],{"type":418,"value":9924},"\n➡️ If you don't care about automating everything and simply want to configure OIDC authentication through the Azure portal, that's the post you will want to read. There is also an example of a pipeline to provision Azure infrastructure using a .NET Pulumi program.",{"type":413,"tag":600,"props":9926,"children":9928},{"id":9927},"complete-code-solution",[9929],{"type":418,"value":9930},"Complete code solution",{"type":413,"tag":414,"props":9932,"children":9933},{},[9934],{"type":418,"value":9935},"In this article, I aimed to provide a step-by-step explanation of how to automate the creation of a GitHub repository with a properly configured workflow to interact with Azure using OpenID Connect. Consequently, the article turned out to be quite lengthy. I apologize for that, but I didn't want to present the code without adequate explanation.",{"type":413,"tag":414,"props":9937,"children":9938},{},[9939],{"type":418,"value":9940},"Anyway, now that we've covered everything, here is the complete code, which is just 75 lines long:",{"type":413,"tag":612,"props":9942,"children":9944},{"className":5390,"code":9943,"language":357,"meta":401,"style":401},"import * as pulumi from \"@pulumi/pulumi\";\nimport * as github from \"@pulumi/github\";\nimport * as azuread from \"@pulumi/azuread\";\nimport * as authorization from \"@pulumi/azure-native/authorization\";\nimport { azureBuiltInRoles } from \"./builtInRoles\";\nimport { readFileSync } from \"fs\";\n\nconst config = new pulumi.Config();\n\nconst repository = new github.Repository(\"azure-ready-repository\", {\n  name: \"azure-ready-repository\",\n  visibility: \"public\",\n  autoInit: true\n});\n\nexport const repositoryCloneUrl = repository.httpCloneUrl;\n\nconst aadApplication = new azuread.Application(\"AzureReadyApp\", { displayName: \"Azure Ready App\" });\nconst servicePrincipal = new azuread.ServicePrincipal(\"AzureReadyServicePrincipal\", {\n  applicationId: aadApplication.applicationId,\n});\nnew azuread.ApplicationFederatedIdentityCredential(\"AzureReadyAppFederatedIdentityCredential\", {\n  applicationObjectId: aadApplication.objectId,\n  displayName: \"AzureReadyDeploys\",\n  description: \"Deployments for azure-ready-repository\",\n  audiences: [\"api://AzureADTokenExchange\"],\n  issuer: \"https://token.actions.githubusercontent.com\",\n  subject: pulumi.interpolate`repo:${repository.fullName}:ref:refs/heads/main`,\n});\n\nconst azureConfig = pulumi.output(authorization.getClientConfig());\nconst subscriptionId = azureConfig.subscriptionId;\n\nnew authorization.RoleAssignment(\"contributor\", {\n  principalId: servicePrincipal.id,\n  principalType: authorization.PrincipalType.ServicePrincipal,\n  roleDefinitionId: azureBuiltInRoles.contributor,\n  scope: pulumi.interpolate`/subscriptions/${subscriptionId}`,\n});\n\nnew github.ActionsSecret(\"tenantId\", {\n  repository: repository.name,\n  secretName: \"ARM_TENANT_ID\",\n  plaintextValue: azureConfig.tenantId,\n});\n\nnew github.ActionsSecret(\"subscriptionId\", {\n  repository: repository.name,\n  secretName: \"ARM_SUBSCRIPTION_ID\",\n  plaintextValue: azureConfig.subscriptionId,\n});\n\nnew github.ActionsSecret(\"clientId\", {\n  repository: repository.name,\n  secretName: \"ARM_CLIENT_ID\",\n  plaintextValue: aadApplication.applicationId,\n});\n\nnew github.ActionsSecret(\"pulumiAccessToken\", {\n  repository: repository.name,\n  secretName: \"PULUMI_ACCESS_TOKEN\",\n  plaintextValue: config.requireSecret(\"pulumiTokenForRepository\"),\n});\n\nconst pipelineContent = readFileSync(\"main.yml\", \"utf-8\");\nnew github.RepositoryFile(\"pipelineRepositoryFile\", {\n  repository: repository.name,\n  branch: \"main\",\n  file: \".github/workflows/main.yml\",\n  content: pipelineContent,\n  commitMessage: \"Add preconfigured pipeline file\",\n  commitAuthor: \"Alexandre Nédélec\",\n  commitEmail: \"15186176+TechWatching@users.noreply.github.com\",\n  overwriteOnCreate: true,\n});\n",[9945],{"type":413,"tag":619,"props":9946,"children":9947},{"__ignoreMap":401},[9948,9989,10028,10067,10106,10145,10184,10191,10230,10237,10292,10319,10346,10361,10376,10383,10418,10425,10512,10567,10594,10609,10652,10679,10706,10733,10768,10795,10858,10873,10880,10927,10958,10965,11008,11035,11070,11097,11144,11159,11166,11209,11237,11265,11293,11309,11317,11361,11389,11417,11445,11461,11469,11513,11541,11569,11597,11613,11621,11665,11693,11721,11769,11785,11793,11853,11897,11925,11953,11981,12001,12029,12057,12085,12105],{"type":413,"tag":623,"props":9949,"children":9950},{"class":625,"line":626},[9951,9955,9959,9963,9968,9972,9976,9981,9985],{"type":413,"tag":623,"props":9952,"children":9953},{"style":2485},[9954],{"type":418,"value":5403},{"type":413,"tag":623,"props":9956,"children":9957},{"style":671},[9958],{"type":418,"value":5408},{"type":413,"tag":623,"props":9960,"children":9961},{"style":2485},[9962],{"type":418,"value":5413},{"type":413,"tag":623,"props":9964,"children":9965},{"style":1058},[9966],{"type":418,"value":9967}," pulumi ",{"type":413,"tag":623,"props":9969,"children":9970},{"style":2485},[9971],{"type":418,"value":5423},{"type":413,"tag":623,"props":9973,"children":9974},{"style":671},[9975],{"type":418,"value":674},{"type":413,"tag":623,"props":9977,"children":9978},{"style":635},[9979],{"type":418,"value":9980},"@pulumi/pulumi",{"type":413,"tag":623,"props":9982,"children":9983},{"style":671},[9984],{"type":418,"value":1023},{"type":413,"tag":623,"props":9986,"children":9987},{"style":671},[9988],{"type":418,"value":2524},{"type":413,"tag":623,"props":9990,"children":9991},{"class":625,"line":1045},[9992,9996,10000,10004,10008,10012,10016,10020,10024],{"type":413,"tag":623,"props":9993,"children":9994},{"style":2485},[9995],{"type":418,"value":5403},{"type":413,"tag":623,"props":9997,"children":9998},{"style":671},[9999],{"type":418,"value":5408},{"type":413,"tag":623,"props":10001,"children":10002},{"style":2485},[10003],{"type":418,"value":5413},{"type":413,"tag":623,"props":10005,"children":10006},{"style":1058},[10007],{"type":418,"value":5418},{"type":413,"tag":623,"props":10009,"children":10010},{"style":2485},[10011],{"type":418,"value":5423},{"type":413,"tag":623,"props":10013,"children":10014},{"style":671},[10015],{"type":418,"value":674},{"type":413,"tag":623,"props":10017,"children":10018},{"style":635},[10019],{"type":418,"value":5313},{"type":413,"tag":623,"props":10021,"children":10022},{"style":671},[10023],{"type":418,"value":1023},{"type":413,"tag":623,"props":10025,"children":10026},{"style":671},[10027],{"type":418,"value":2524},{"type":413,"tag":623,"props":10029,"children":10030},{"class":625,"line":1054},[10031,10035,10039,10043,10047,10051,10055,10059,10063],{"type":413,"tag":623,"props":10032,"children":10033},{"style":2485},[10034],{"type":418,"value":5403},{"type":413,"tag":623,"props":10036,"children":10037},{"style":671},[10038],{"type":418,"value":5408},{"type":413,"tag":623,"props":10040,"children":10041},{"style":2485},[10042],{"type":418,"value":5413},{"type":413,"tag":623,"props":10044,"children":10045},{"style":1058},[10046],{"type":418,"value":5765},{"type":413,"tag":623,"props":10048,"children":10049},{"style":2485},[10050],{"type":418,"value":5423},{"type":413,"tag":623,"props":10052,"children":10053},{"style":671},[10054],{"type":418,"value":674},{"type":413,"tag":623,"props":10056,"children":10057},{"style":635},[10058],{"type":418,"value":5308},{"type":413,"tag":623,"props":10060,"children":10061},{"style":671},[10062],{"type":418,"value":1023},{"type":413,"tag":623,"props":10064,"children":10065},{"style":671},[10066],{"type":418,"value":2524},{"type":413,"tag":623,"props":10068,"children":10069},{"class":625,"line":1087},[10070,10074,10078,10082,10086,10090,10094,10098,10102],{"type":413,"tag":623,"props":10071,"children":10072},{"style":2485},[10073],{"type":418,"value":5403},{"type":413,"tag":623,"props":10075,"children":10076},{"style":671},[10077],{"type":418,"value":5408},{"type":413,"tag":623,"props":10079,"children":10080},{"style":2485},[10081],{"type":418,"value":5413},{"type":413,"tag":623,"props":10083,"children":10084},{"style":1058},[10085],{"type":418,"value":6397},{"type":413,"tag":623,"props":10087,"children":10088},{"style":2485},[10089],{"type":418,"value":5423},{"type":413,"tag":623,"props":10091,"children":10092},{"style":671},[10093],{"type":418,"value":674},{"type":413,"tag":623,"props":10095,"children":10096},{"style":635},[10097],{"type":418,"value":6410},{"type":413,"tag":623,"props":10099,"children":10100},{"style":671},[10101],{"type":418,"value":1023},{"type":413,"tag":623,"props":10103,"children":10104},{"style":671},[10105],{"type":418,"value":2524},{"type":413,"tag":623,"props":10107,"children":10108},{"class":625,"line":1104},[10109,10113,10117,10121,10125,10129,10133,10137,10141],{"type":413,"tag":623,"props":10110,"children":10111},{"style":2485},[10112],{"type":418,"value":5403},{"type":413,"tag":623,"props":10114,"children":10115},{"style":671},[10116],{"type":418,"value":5852},{"type":413,"tag":623,"props":10118,"children":10119},{"style":1058},[10120],{"type":418,"value":6434},{"type":413,"tag":623,"props":10122,"children":10123},{"style":671},[10124],{"type":418,"value":5879},{"type":413,"tag":623,"props":10126,"children":10127},{"style":2485},[10128],{"type":418,"value":6443},{"type":413,"tag":623,"props":10130,"children":10131},{"style":671},[10132],{"type":418,"value":674},{"type":413,"tag":623,"props":10134,"children":10135},{"style":635},[10136],{"type":418,"value":6452},{"type":413,"tag":623,"props":10138,"children":10139},{"style":671},[10140],{"type":418,"value":1023},{"type":413,"tag":623,"props":10142,"children":10143},{"style":671},[10144],{"type":418,"value":2524},{"type":413,"tag":623,"props":10146,"children":10147},{"class":625,"line":1113},[10148,10152,10156,10160,10164,10168,10172,10176,10180],{"type":413,"tag":623,"props":10149,"children":10150},{"style":2485},[10151],{"type":418,"value":5403},{"type":413,"tag":623,"props":10153,"children":10154},{"style":671},[10155],{"type":418,"value":5852},{"type":413,"tag":623,"props":10157,"children":10158},{"style":1058},[10159],{"type":418,"value":9125},{"type":413,"tag":623,"props":10161,"children":10162},{"style":671},[10163],{"type":418,"value":5879},{"type":413,"tag":623,"props":10165,"children":10166},{"style":2485},[10167],{"type":418,"value":6443},{"type":413,"tag":623,"props":10169,"children":10170},{"style":671},[10171],{"type":418,"value":674},{"type":413,"tag":623,"props":10173,"children":10174},{"style":635},[10175],{"type":418,"value":9142},{"type":413,"tag":623,"props":10177,"children":10178},{"style":671},[10179],{"type":418,"value":1023},{"type":413,"tag":623,"props":10181,"children":10182},{"style":671},[10183],{"type":418,"value":2524},{"type":413,"tag":623,"props":10185,"children":10186},{"class":625,"line":1161},[10187],{"type":413,"tag":623,"props":10188,"children":10189},{"emptyLinePlaceholder":2790},[10190],{"type":418,"value":2793},{"type":413,"tag":623,"props":10192,"children":10193},{"class":625,"line":1207},[10194,10198,10202,10206,10210,10214,10218,10222,10226],{"type":413,"tag":623,"props":10195,"children":10196},{"style":2854},[10197],{"type":418,"value":5454},{"type":413,"tag":623,"props":10199,"children":10200},{"style":1058},[10201],{"type":418,"value":6701},{"type":413,"tag":623,"props":10203,"children":10204},{"style":671},[10205],{"type":418,"value":1066},{"type":413,"tag":623,"props":10207,"children":10208},{"style":671},[10209],{"type":418,"value":638},{"type":413,"tag":623,"props":10211,"children":10212},{"style":1058},[10213],{"type":418,"value":6229},{"type":413,"tag":623,"props":10215,"children":10216},{"style":671},[10217],{"type":418,"value":1404},{"type":413,"tag":623,"props":10219,"children":10220},{"style":1407},[10221],{"type":418,"value":6722},{"type":413,"tag":623,"props":10223,"children":10224},{"style":1058},[10225],{"type":418,"value":6727},{"type":413,"tag":623,"props":10227,"children":10228},{"style":671},[10229],{"type":418,"value":2524},{"type":413,"tag":623,"props":10231,"children":10232},{"class":625,"line":1251},[10233],{"type":413,"tag":623,"props":10234,"children":10235},{"emptyLinePlaceholder":2790},[10236],{"type":418,"value":2793},{"type":413,"tag":623,"props":10238,"children":10239},{"class":625,"line":1296},[10240,10244,10248,10252,10256,10260,10264,10268,10272,10276,10280,10284,10288],{"type":413,"tag":623,"props":10241,"children":10242},{"style":2854},[10243],{"type":418,"value":5454},{"type":413,"tag":623,"props":10245,"children":10246},{"style":1058},[10247],{"type":418,"value":5459},{"type":413,"tag":623,"props":10249,"children":10250},{"style":671},[10251],{"type":418,"value":1066},{"type":413,"tag":623,"props":10253,"children":10254},{"style":671},[10255],{"type":418,"value":638},{"type":413,"tag":623,"props":10257,"children":10258},{"style":1058},[10259],{"type":418,"value":5472},{"type":413,"tag":623,"props":10261,"children":10262},{"style":671},[10263],{"type":418,"value":1404},{"type":413,"tag":623,"props":10265,"children":10266},{"style":1407},[10267],{"type":418,"value":5481},{"type":413,"tag":623,"props":10269,"children":10270},{"style":1058},[10271],{"type":418,"value":1018},{"type":413,"tag":623,"props":10273,"children":10274},{"style":671},[10275],{"type":418,"value":1023},{"type":413,"tag":623,"props":10277,"children":10278},{"style":635},[10279],{"type":418,"value":5494},{"type":413,"tag":623,"props":10281,"children":10282},{"style":671},[10283],{"type":418,"value":1023},{"type":413,"tag":623,"props":10285,"children":10286},{"style":671},[10287],{"type":418,"value":1037},{"type":413,"tag":623,"props":10289,"children":10290},{"style":671},[10291],{"type":418,"value":5507},{"type":413,"tag":623,"props":10293,"children":10294},{"class":625,"line":1337},[10295,10299,10303,10307,10311,10315],{"type":413,"tag":623,"props":10296,"children":10297},{"style":5513},[10298],{"type":418,"value":5516},{"type":413,"tag":623,"props":10300,"children":10301},{"style":671},[10302],{"type":418,"value":3493},{"type":413,"tag":623,"props":10304,"children":10305},{"style":671},[10306],{"type":418,"value":674},{"type":413,"tag":623,"props":10308,"children":10309},{"style":635},[10310],{"type":418,"value":5494},{"type":413,"tag":623,"props":10312,"children":10313},{"style":671},[10314],{"type":418,"value":1023},{"type":413,"tag":623,"props":10316,"children":10317},{"style":671},[10318],{"type":418,"value":1084},{"type":413,"tag":623,"props":10320,"children":10321},{"class":625,"line":1346},[10322,10326,10330,10334,10338,10342],{"type":413,"tag":623,"props":10323,"children":10324},{"style":5513},[10325],{"type":418,"value":5544},{"type":413,"tag":623,"props":10327,"children":10328},{"style":671},[10329],{"type":418,"value":3493},{"type":413,"tag":623,"props":10331,"children":10332},{"style":671},[10333],{"type":418,"value":674},{"type":413,"tag":623,"props":10335,"children":10336},{"style":635},[10337],{"type":418,"value":5557},{"type":413,"tag":623,"props":10339,"children":10340},{"style":671},[10341],{"type":418,"value":1023},{"type":413,"tag":623,"props":10343,"children":10344},{"style":671},[10345],{"type":418,"value":1084},{"type":413,"tag":623,"props":10347,"children":10348},{"class":625,"line":2100},[10349,10353,10357],{"type":413,"tag":623,"props":10350,"children":10351},{"style":5513},[10352],{"type":418,"value":5573},{"type":413,"tag":623,"props":10354,"children":10355},{"style":671},[10356],{"type":418,"value":3493},{"type":413,"tag":623,"props":10358,"children":10359},{"style":5580},[10360],{"type":418,"value":5583},{"type":413,"tag":623,"props":10362,"children":10363},{"class":625,"line":2897},[10364,10368,10372],{"type":413,"tag":623,"props":10365,"children":10366},{"style":671},[10367],{"type":418,"value":3327},{"type":413,"tag":623,"props":10369,"children":10370},{"style":1058},[10371],{"type":418,"value":5595},{"type":413,"tag":623,"props":10373,"children":10374},{"style":671},[10375],{"type":418,"value":2524},{"type":413,"tag":623,"props":10377,"children":10378},{"class":625,"line":2926},[10379],{"type":413,"tag":623,"props":10380,"children":10381},{"emptyLinePlaceholder":2790},[10382],{"type":418,"value":2793},{"type":413,"tag":623,"props":10384,"children":10385},{"class":625,"line":2957},[10386,10390,10394,10398,10402,10406,10410,10414],{"type":413,"tag":623,"props":10387,"children":10388},{"style":2485},[10389],{"type":418,"value":5614},{"type":413,"tag":623,"props":10391,"children":10392},{"style":2854},[10393],{"type":418,"value":5619},{"type":413,"tag":623,"props":10395,"children":10396},{"style":1058},[10397],{"type":418,"value":5624},{"type":413,"tag":623,"props":10399,"children":10400},{"style":671},[10401],{"type":418,"value":1066},{"type":413,"tag":623,"props":10403,"children":10404},{"style":1058},[10405],{"type":418,"value":1390},{"type":413,"tag":623,"props":10407,"children":10408},{"style":671},[10409],{"type":418,"value":1404},{"type":413,"tag":623,"props":10411,"children":10412},{"style":1058},[10413],{"type":418,"value":5641},{"type":413,"tag":623,"props":10415,"children":10416},{"style":671},[10417],{"type":418,"value":2524},{"type":413,"tag":623,"props":10419,"children":10420},{"class":625,"line":2988},[10421],{"type":413,"tag":623,"props":10422,"children":10423},{"emptyLinePlaceholder":2790},[10424],{"type":418,"value":2793},{"type":413,"tag":623,"props":10426,"children":10427},{"class":625,"line":3045},[10428,10432,10436,10440,10444,10448,10452,10456,10460,10464,10468,10472,10476,10480,10484,10488,10492,10496,10500,10504,10508],{"type":413,"tag":623,"props":10429,"children":10430},{"style":2854},[10431],{"type":418,"value":5454},{"type":413,"tag":623,"props":10433,"children":10434},{"style":1058},[10435],{"type":418,"value":5804},{"type":413,"tag":623,"props":10437,"children":10438},{"style":671},[10439],{"type":418,"value":1066},{"type":413,"tag":623,"props":10441,"children":10442},{"style":671},[10443],{"type":418,"value":638},{"type":413,"tag":623,"props":10445,"children":10446},{"style":1058},[10447],{"type":418,"value":5817},{"type":413,"tag":623,"props":10449,"children":10450},{"style":671},[10451],{"type":418,"value":1404},{"type":413,"tag":623,"props":10453,"children":10454},{"style":1407},[10455],{"type":418,"value":5826},{"type":413,"tag":623,"props":10457,"children":10458},{"style":1058},[10459],{"type":418,"value":1018},{"type":413,"tag":623,"props":10461,"children":10462},{"style":671},[10463],{"type":418,"value":1023},{"type":413,"tag":623,"props":10465,"children":10466},{"style":635},[10467],{"type":418,"value":5839},{"type":413,"tag":623,"props":10469,"children":10470},{"style":671},[10471],{"type":418,"value":1023},{"type":413,"tag":623,"props":10473,"children":10474},{"style":671},[10475],{"type":418,"value":1037},{"type":413,"tag":623,"props":10477,"children":10478},{"style":671},[10479],{"type":418,"value":5852},{"type":413,"tag":623,"props":10481,"children":10482},{"style":5513},[10483],{"type":418,"value":5857},{"type":413,"tag":623,"props":10485,"children":10486},{"style":671},[10487],{"type":418,"value":3493},{"type":413,"tag":623,"props":10489,"children":10490},{"style":671},[10491],{"type":418,"value":674},{"type":413,"tag":623,"props":10493,"children":10494},{"style":635},[10495],{"type":418,"value":5870},{"type":413,"tag":623,"props":10497,"children":10498},{"style":671},[10499],{"type":418,"value":1023},{"type":413,"tag":623,"props":10501,"children":10502},{"style":671},[10503],{"type":418,"value":5879},{"type":413,"tag":623,"props":10505,"children":10506},{"style":1058},[10507],{"type":418,"value":5595},{"type":413,"tag":623,"props":10509,"children":10510},{"style":671},[10511],{"type":418,"value":2524},{"type":413,"tag":623,"props":10513,"children":10514},{"class":625,"line":7652},[10515,10519,10523,10527,10531,10535,10539,10543,10547,10551,10555,10559,10563],{"type":413,"tag":623,"props":10516,"children":10517},{"style":2854},[10518],{"type":418,"value":5454},{"type":413,"tag":623,"props":10520,"children":10521},{"style":1058},[10522],{"type":418,"value":5899},{"type":413,"tag":623,"props":10524,"children":10525},{"style":671},[10526],{"type":418,"value":1066},{"type":413,"tag":623,"props":10528,"children":10529},{"style":671},[10530],{"type":418,"value":638},{"type":413,"tag":623,"props":10532,"children":10533},{"style":1058},[10534],{"type":418,"value":5817},{"type":413,"tag":623,"props":10536,"children":10537},{"style":671},[10538],{"type":418,"value":1404},{"type":413,"tag":623,"props":10540,"children":10541},{"style":1407},[10542],{"type":418,"value":2950},{"type":413,"tag":623,"props":10544,"children":10545},{"style":1058},[10546],{"type":418,"value":1018},{"type":413,"tag":623,"props":10548,"children":10549},{"style":671},[10550],{"type":418,"value":1023},{"type":413,"tag":623,"props":10552,"children":10553},{"style":635},[10554],{"type":418,"value":2730},{"type":413,"tag":623,"props":10556,"children":10557},{"style":671},[10558],{"type":418,"value":1023},{"type":413,"tag":623,"props":10560,"children":10561},{"style":671},[10562],{"type":418,"value":1037},{"type":413,"tag":623,"props":10564,"children":10565},{"style":671},[10566],{"type":418,"value":5507},{"type":413,"tag":623,"props":10568,"children":10569},{"class":625,"line":7980},[10570,10574,10578,10582,10586,10590],{"type":413,"tag":623,"props":10571,"children":10572},{"style":5513},[10573],{"type":418,"value":5952},{"type":413,"tag":623,"props":10575,"children":10576},{"style":671},[10577],{"type":418,"value":3493},{"type":413,"tag":623,"props":10579,"children":10580},{"style":1058},[10581],{"type":418,"value":2615},{"type":413,"tag":623,"props":10583,"children":10584},{"style":671},[10585],{"type":418,"value":1404},{"type":413,"tag":623,"props":10587,"children":10588},{"style":1058},[10589],{"type":418,"value":5969},{"type":413,"tag":623,"props":10591,"children":10592},{"style":671},[10593],{"type":418,"value":1084},{"type":413,"tag":623,"props":10595,"children":10596},{"class":625,"line":8009},[10597,10601,10605],{"type":413,"tag":623,"props":10598,"children":10599},{"style":671},[10600],{"type":418,"value":3327},{"type":413,"tag":623,"props":10602,"children":10603},{"style":1058},[10604],{"type":418,"value":5595},{"type":413,"tag":623,"props":10606,"children":10607},{"style":671},[10608],{"type":418,"value":2524},{"type":413,"tag":623,"props":10610,"children":10611},{"class":625,"line":8027},[10612,10616,10620,10624,10628,10632,10636,10640,10644,10648],{"type":413,"tag":623,"props":10613,"children":10614},{"style":671},[10615],{"type":418,"value":2857},{"type":413,"tag":623,"props":10617,"children":10618},{"style":1058},[10619],{"type":418,"value":5817},{"type":413,"tag":623,"props":10621,"children":10622},{"style":671},[10623],{"type":418,"value":1404},{"type":413,"tag":623,"props":10625,"children":10626},{"style":1407},[10627],{"type":418,"value":6036},{"type":413,"tag":623,"props":10629,"children":10630},{"style":1058},[10631],{"type":418,"value":1018},{"type":413,"tag":623,"props":10633,"children":10634},{"style":671},[10635],{"type":418,"value":1023},{"type":413,"tag":623,"props":10637,"children":10638},{"style":635},[10639],{"type":418,"value":6049},{"type":413,"tag":623,"props":10641,"children":10642},{"style":671},[10643],{"type":418,"value":1023},{"type":413,"tag":623,"props":10645,"children":10646},{"style":671},[10647],{"type":418,"value":1037},{"type":413,"tag":623,"props":10649,"children":10650},{"style":671},[10651],{"type":418,"value":5507},{"type":413,"tag":623,"props":10653,"children":10654},{"class":625,"line":8036},[10655,10659,10663,10667,10671,10675],{"type":413,"tag":623,"props":10656,"children":10657},{"style":5513},[10658],{"type":418,"value":6069},{"type":413,"tag":623,"props":10660,"children":10661},{"style":671},[10662],{"type":418,"value":3493},{"type":413,"tag":623,"props":10664,"children":10665},{"style":1058},[10666],{"type":418,"value":2615},{"type":413,"tag":623,"props":10668,"children":10669},{"style":671},[10670],{"type":418,"value":1404},{"type":413,"tag":623,"props":10672,"children":10673},{"style":1058},[10674],{"type":418,"value":6086},{"type":413,"tag":623,"props":10676,"children":10677},{"style":671},[10678],{"type":418,"value":1084},{"type":413,"tag":623,"props":10680,"children":10681},{"class":625,"line":8373},[10682,10686,10690,10694,10698,10702],{"type":413,"tag":623,"props":10683,"children":10684},{"style":5513},[10685],{"type":418,"value":6098},{"type":413,"tag":623,"props":10687,"children":10688},{"style":671},[10689],{"type":418,"value":3493},{"type":413,"tag":623,"props":10691,"children":10692},{"style":671},[10693],{"type":418,"value":674},{"type":413,"tag":623,"props":10695,"children":10696},{"style":635},[10697],{"type":418,"value":3176},{"type":413,"tag":623,"props":10699,"children":10700},{"style":671},[10701],{"type":418,"value":1023},{"type":413,"tag":623,"props":10703,"children":10704},{"style":671},[10705],{"type":418,"value":1084},{"type":413,"tag":623,"props":10707,"children":10708},{"class":625,"line":8391},[10709,10713,10717,10721,10725,10729],{"type":413,"tag":623,"props":10710,"children":10711},{"style":5513},[10712],{"type":418,"value":6126},{"type":413,"tag":623,"props":10714,"children":10715},{"style":671},[10716],{"type":418,"value":3493},{"type":413,"tag":623,"props":10718,"children":10719},{"style":671},[10720],{"type":418,"value":674},{"type":413,"tag":623,"props":10722,"children":10723},{"style":635},[10724],{"type":418,"value":3204},{"type":413,"tag":623,"props":10726,"children":10727},{"style":671},[10728],{"type":418,"value":1023},{"type":413,"tag":623,"props":10730,"children":10731},{"style":671},[10732],{"type":418,"value":1084},{"type":413,"tag":623,"props":10734,"children":10735},{"class":625,"line":8416},[10736,10740,10744,10748,10752,10756,10760,10764],{"type":413,"tag":623,"props":10737,"children":10738},{"style":5513},[10739],{"type":418,"value":6154},{"type":413,"tag":623,"props":10741,"children":10742},{"style":671},[10743],{"type":418,"value":3493},{"type":413,"tag":623,"props":10745,"children":10746},{"style":1058},[10747],{"type":418,"value":6163},{"type":413,"tag":623,"props":10749,"children":10750},{"style":671},[10751],{"type":418,"value":1023},{"type":413,"tag":623,"props":10753,"children":10754},{"style":635},[10755],{"type":418,"value":3238},{"type":413,"tag":623,"props":10757,"children":10758},{"style":671},[10759],{"type":418,"value":1023},{"type":413,"tag":623,"props":10761,"children":10762},{"style":1058},[10763],{"type":418,"value":1137},{"type":413,"tag":623,"props":10765,"children":10766},{"style":671},[10767],{"type":418,"value":1084},{"type":413,"tag":623,"props":10769,"children":10770},{"class":625,"line":8425},[10771,10775,10779,10783,10787,10791],{"type":413,"tag":623,"props":10772,"children":10773},{"style":5513},[10774],{"type":418,"value":6191},{"type":413,"tag":623,"props":10776,"children":10777},{"style":671},[10778],{"type":418,"value":3493},{"type":413,"tag":623,"props":10780,"children":10781},{"style":671},[10782],{"type":418,"value":674},{"type":413,"tag":623,"props":10784,"children":10785},{"style":635},[10786],{"type":418,"value":6204},{"type":413,"tag":623,"props":10788,"children":10789},{"style":671},[10790],{"type":418,"value":1023},{"type":413,"tag":623,"props":10792,"children":10793},{"style":671},[10794],{"type":418,"value":1084},{"type":413,"tag":623,"props":10796,"children":10797},{"class":625,"line":8446},[10798,10802,10806,10810,10814,10818,10822,10826,10830,10834,10838,10842,10846,10850,10854],{"type":413,"tag":623,"props":10799,"children":10800},{"style":5513},[10801],{"type":418,"value":6220},{"type":413,"tag":623,"props":10803,"children":10804},{"style":671},[10805],{"type":418,"value":3493},{"type":413,"tag":623,"props":10807,"children":10808},{"style":1058},[10809],{"type":418,"value":6229},{"type":413,"tag":623,"props":10811,"children":10812},{"style":671},[10813],{"type":418,"value":1404},{"type":413,"tag":623,"props":10815,"children":10816},{"style":1407},[10817],{"type":418,"value":6238},{"type":413,"tag":623,"props":10819,"children":10820},{"style":671},[10821],{"type":418,"value":6243},{"type":413,"tag":623,"props":10823,"children":10824},{"style":635},[10825],{"type":418,"value":6248},{"type":413,"tag":623,"props":10827,"children":10828},{"style":671},[10829],{"type":418,"value":6253},{"type":413,"tag":623,"props":10831,"children":10832},{"style":1058},[10833],{"type":418,"value":6258},{"type":413,"tag":623,"props":10835,"children":10836},{"style":671},[10837],{"type":418,"value":1404},{"type":413,"tag":623,"props":10839,"children":10840},{"style":1058},[10841],{"type":418,"value":6267},{"type":413,"tag":623,"props":10843,"children":10844},{"style":671},[10845],{"type":418,"value":3327},{"type":413,"tag":623,"props":10847,"children":10848},{"style":635},[10849],{"type":418,"value":6276},{"type":413,"tag":623,"props":10851,"children":10852},{"style":671},[10853],{"type":418,"value":6243},{"type":413,"tag":623,"props":10855,"children":10856},{"style":671},[10857],{"type":418,"value":1084},{"type":413,"tag":623,"props":10859,"children":10860},{"class":625,"line":8463},[10861,10865,10869],{"type":413,"tag":623,"props":10862,"children":10863},{"style":671},[10864],{"type":418,"value":3327},{"type":413,"tag":623,"props":10866,"children":10867},{"style":1058},[10868],{"type":418,"value":5595},{"type":413,"tag":623,"props":10870,"children":10871},{"style":671},[10872],{"type":418,"value":2524},{"type":413,"tag":623,"props":10874,"children":10875},{"class":625,"line":8471},[10876],{"type":413,"tag":623,"props":10877,"children":10878},{"emptyLinePlaceholder":2790},[10879],{"type":418,"value":2793},{"type":413,"tag":623,"props":10881,"children":10882},{"class":625,"line":8492},[10883,10887,10891,10895,10899,10903,10907,10911,10915,10919,10923],{"type":413,"tag":623,"props":10884,"children":10885},{"style":2854},[10886],{"type":418,"value":5454},{"type":413,"tag":623,"props":10888,"children":10889},{"style":1058},[10890],{"type":418,"value":6808},{"type":413,"tag":623,"props":10892,"children":10893},{"style":671},[10894],{"type":418,"value":1066},{"type":413,"tag":623,"props":10896,"children":10897},{"style":1058},[10898],{"type":418,"value":6229},{"type":413,"tag":623,"props":10900,"children":10901},{"style":671},[10902],{"type":418,"value":1404},{"type":413,"tag":623,"props":10904,"children":10905},{"style":1407},[10906],{"type":418,"value":5679},{"type":413,"tag":623,"props":10908,"children":10909},{"style":1058},[10910],{"type":418,"value":6829},{"type":413,"tag":623,"props":10912,"children":10913},{"style":671},[10914],{"type":418,"value":1404},{"type":413,"tag":623,"props":10916,"children":10917},{"style":1407},[10918],{"type":418,"value":6838},{"type":413,"tag":623,"props":10920,"children":10921},{"style":1058},[10922],{"type":418,"value":6843},{"type":413,"tag":623,"props":10924,"children":10925},{"style":671},[10926],{"type":418,"value":2524},{"type":413,"tag":623,"props":10928,"children":10929},{"class":625,"line":8509},[10930,10934,10938,10942,10946,10950,10954],{"type":413,"tag":623,"props":10931,"children":10932},{"style":2854},[10933],{"type":418,"value":5454},{"type":413,"tag":623,"props":10935,"children":10936},{"style":1058},[10937],{"type":418,"value":6743},{"type":413,"tag":623,"props":10939,"children":10940},{"style":671},[10941],{"type":418,"value":1066},{"type":413,"tag":623,"props":10943,"children":10944},{"style":1058},[10945],{"type":418,"value":2137},{"type":413,"tag":623,"props":10947,"children":10948},{"style":671},[10949],{"type":418,"value":1404},{"type":413,"tag":623,"props":10951,"children":10952},{"style":1058},[10953],{"type":418,"value":3033},{"type":413,"tag":623,"props":10955,"children":10956},{"style":671},[10957],{"type":418,"value":2524},{"type":413,"tag":623,"props":10959,"children":10960},{"class":625,"line":8527},[10961],{"type":413,"tag":623,"props":10962,"children":10963},{"emptyLinePlaceholder":2790},[10964],{"type":418,"value":2793},{"type":413,"tag":623,"props":10966,"children":10967},{"class":625,"line":8539},[10968,10972,10976,10980,10984,10988,10992,10996,11000,11004],{"type":413,"tag":623,"props":10969,"children":10970},{"style":671},[10971],{"type":418,"value":2857},{"type":413,"tag":623,"props":10973,"children":10974},{"style":1058},[10975],{"type":418,"value":6479},{"type":413,"tag":623,"props":10977,"children":10978},{"style":671},[10979],{"type":418,"value":1404},{"type":413,"tag":623,"props":10981,"children":10982},{"style":1407},[10983],{"type":418,"value":6488},{"type":413,"tag":623,"props":10985,"children":10986},{"style":1058},[10987],{"type":418,"value":1018},{"type":413,"tag":623,"props":10989,"children":10990},{"style":671},[10991],{"type":418,"value":1023},{"type":413,"tag":623,"props":10993,"children":10994},{"style":635},[10995],{"type":418,"value":2875},{"type":413,"tag":623,"props":10997,"children":10998},{"style":671},[10999],{"type":418,"value":1023},{"type":413,"tag":623,"props":11001,"children":11002},{"style":671},[11003],{"type":418,"value":1037},{"type":413,"tag":623,"props":11005,"children":11006},{"style":671},[11007],{"type":418,"value":5507},{"type":413,"tag":623,"props":11009,"children":11010},{"class":625,"line":8557},[11011,11015,11019,11023,11027,11031],{"type":413,"tag":623,"props":11012,"children":11013},{"style":5513},[11014],{"type":418,"value":6520},{"type":413,"tag":623,"props":11016,"children":11017},{"style":671},[11018],{"type":418,"value":3493},{"type":413,"tag":623,"props":11020,"children":11021},{"style":1058},[11022],{"type":418,"value":2076},{"type":413,"tag":623,"props":11024,"children":11025},{"style":671},[11026],{"type":418,"value":1404},{"type":413,"tag":623,"props":11028,"children":11029},{"style":1058},[11030],{"type":418,"value":6537},{"type":413,"tag":623,"props":11032,"children":11033},{"style":671},[11034],{"type":418,"value":1084},{"type":413,"tag":623,"props":11036,"children":11037},{"class":625,"line":8575},[11038,11042,11046,11050,11054,11058,11062,11066],{"type":413,"tag":623,"props":11039,"children":11040},{"style":5513},[11041],{"type":418,"value":6549},{"type":413,"tag":623,"props":11043,"children":11044},{"style":671},[11045],{"type":418,"value":3493},{"type":413,"tag":623,"props":11047,"children":11048},{"style":1058},[11049],{"type":418,"value":6479},{"type":413,"tag":623,"props":11051,"children":11052},{"style":671},[11053],{"type":418,"value":1404},{"type":413,"tag":623,"props":11055,"children":11056},{"style":1058},[11057],{"type":418,"value":6566},{"type":413,"tag":623,"props":11059,"children":11060},{"style":671},[11061],{"type":418,"value":1404},{"type":413,"tag":623,"props":11063,"children":11064},{"style":1058},[11065],{"type":418,"value":2950},{"type":413,"tag":623,"props":11067,"children":11068},{"style":671},[11069],{"type":418,"value":1084},{"type":413,"tag":623,"props":11071,"children":11072},{"class":625,"line":8588},[11073,11077,11081,11085,11089,11093],{"type":413,"tag":623,"props":11074,"children":11075},{"style":5513},[11076],{"type":418,"value":6586},{"type":413,"tag":623,"props":11078,"children":11079},{"style":671},[11080],{"type":418,"value":3493},{"type":413,"tag":623,"props":11082,"children":11083},{"style":1058},[11084],{"type":418,"value":6434},{"type":413,"tag":623,"props":11086,"children":11087},{"style":671},[11088],{"type":418,"value":1404},{"type":413,"tag":623,"props":11090,"children":11091},{"style":1058},[11092],{"type":418,"value":2875},{"type":413,"tag":623,"props":11094,"children":11095},{"style":671},[11096],{"type":418,"value":1084},{"type":413,"tag":623,"props":11098,"children":11099},{"class":625,"line":8605},[11100,11104,11108,11112,11116,11120,11124,11128,11132,11136,11140],{"type":413,"tag":623,"props":11101,"children":11102},{"style":5513},[11103],{"type":418,"value":6614},{"type":413,"tag":623,"props":11105,"children":11106},{"style":671},[11107],{"type":418,"value":3493},{"type":413,"tag":623,"props":11109,"children":11110},{"style":1058},[11111],{"type":418,"value":6229},{"type":413,"tag":623,"props":11113,"children":11114},{"style":671},[11115],{"type":418,"value":1404},{"type":413,"tag":623,"props":11117,"children":11118},{"style":1407},[11119],{"type":418,"value":6238},{"type":413,"tag":623,"props":11121,"children":11122},{"style":671},[11123],{"type":418,"value":6243},{"type":413,"tag":623,"props":11125,"children":11126},{"style":635},[11127],{"type":418,"value":2451},{"type":413,"tag":623,"props":11129,"children":11130},{"style":671},[11131],{"type":418,"value":6253},{"type":413,"tag":623,"props":11133,"children":11134},{"style":1058},[11135],{"type":418,"value":3033},{"type":413,"tag":623,"props":11137,"children":11138},{"style":671},[11139],{"type":418,"value":6651},{"type":413,"tag":623,"props":11141,"children":11142},{"style":671},[11143],{"type":418,"value":1084},{"type":413,"tag":623,"props":11145,"children":11146},{"class":625,"line":8623},[11147,11151,11155],{"type":413,"tag":623,"props":11148,"children":11149},{"style":671},[11150],{"type":418,"value":3327},{"type":413,"tag":623,"props":11152,"children":11153},{"style":1058},[11154],{"type":418,"value":5595},{"type":413,"tag":623,"props":11156,"children":11157},{"style":671},[11158],{"type":418,"value":2524},{"type":413,"tag":623,"props":11160,"children":11161},{"class":625,"line":8641},[11162],{"type":413,"tag":623,"props":11163,"children":11164},{"emptyLinePlaceholder":2790},[11165],{"type":418,"value":2793},{"type":413,"tag":623,"props":11167,"children":11168},{"class":625,"line":8659},[11169,11173,11177,11181,11185,11189,11193,11197,11201,11205],{"type":413,"tag":623,"props":11170,"children":11171},{"style":671},[11172],{"type":418,"value":2857},{"type":413,"tag":623,"props":11174,"children":11175},{"style":1058},[11176],{"type":418,"value":5472},{"type":413,"tag":623,"props":11178,"children":11179},{"style":671},[11180],{"type":418,"value":1404},{"type":413,"tag":623,"props":11182,"children":11183},{"style":1407},[11184],{"type":418,"value":7247},{"type":413,"tag":623,"props":11186,"children":11187},{"style":1058},[11188],{"type":418,"value":1018},{"type":413,"tag":623,"props":11190,"children":11191},{"style":671},[11192],{"type":418,"value":1023},{"type":413,"tag":623,"props":11194,"children":11195},{"style":635},[11196],{"type":418,"value":2215},{"type":413,"tag":623,"props":11198,"children":11199},{"style":671},[11200],{"type":418,"value":1023},{"type":413,"tag":623,"props":11202,"children":11203},{"style":671},[11204],{"type":418,"value":1037},{"type":413,"tag":623,"props":11206,"children":11207},{"style":671},[11208],{"type":418,"value":5507},{"type":413,"tag":623,"props":11210,"children":11212},{"class":625,"line":11211},42,[11213,11217,11221,11225,11229,11233],{"type":413,"tag":623,"props":11214,"children":11215},{"style":5513},[11216],{"type":418,"value":7069},{"type":413,"tag":623,"props":11218,"children":11219},{"style":671},[11220],{"type":418,"value":3493},{"type":413,"tag":623,"props":11222,"children":11223},{"style":1058},[11224],{"type":418,"value":1390},{"type":413,"tag":623,"props":11226,"children":11227},{"style":671},[11228],{"type":418,"value":1404},{"type":413,"tag":623,"props":11230,"children":11231},{"style":1058},[11232],{"type":418,"value":5665},{"type":413,"tag":623,"props":11234,"children":11235},{"style":671},[11236],{"type":418,"value":1084},{"type":413,"tag":623,"props":11238,"children":11240},{"class":625,"line":11239},43,[11241,11245,11249,11253,11257,11261],{"type":413,"tag":623,"props":11242,"children":11243},{"style":5513},[11244],{"type":418,"value":7306},{"type":413,"tag":623,"props":11246,"children":11247},{"style":671},[11248],{"type":418,"value":3493},{"type":413,"tag":623,"props":11250,"children":11251},{"style":671},[11252],{"type":418,"value":674},{"type":413,"tag":623,"props":11254,"children":11255},{"style":635},[11256],{"type":418,"value":7110},{"type":413,"tag":623,"props":11258,"children":11259},{"style":671},[11260],{"type":418,"value":1023},{"type":413,"tag":623,"props":11262,"children":11263},{"style":671},[11264],{"type":418,"value":1084},{"type":413,"tag":623,"props":11266,"children":11268},{"class":625,"line":11267},44,[11269,11273,11277,11281,11285,11289],{"type":413,"tag":623,"props":11270,"children":11271},{"style":5513},[11272],{"type":418,"value":7334},{"type":413,"tag":623,"props":11274,"children":11275},{"style":671},[11276],{"type":418,"value":3493},{"type":413,"tag":623,"props":11278,"children":11279},{"style":1058},[11280],{"type":418,"value":2137},{"type":413,"tag":623,"props":11282,"children":11283},{"style":671},[11284],{"type":418,"value":1404},{"type":413,"tag":623,"props":11286,"children":11287},{"style":1058},[11288],{"type":418,"value":2215},{"type":413,"tag":623,"props":11290,"children":11291},{"style":671},[11292],{"type":418,"value":1084},{"type":413,"tag":623,"props":11294,"children":11296},{"class":625,"line":11295},45,[11297,11301,11305],{"type":413,"tag":623,"props":11298,"children":11299},{"style":671},[11300],{"type":418,"value":3327},{"type":413,"tag":623,"props":11302,"children":11303},{"style":1058},[11304],{"type":418,"value":5595},{"type":413,"tag":623,"props":11306,"children":11307},{"style":671},[11308],{"type":418,"value":2524},{"type":413,"tag":623,"props":11310,"children":11312},{"class":625,"line":11311},46,[11313],{"type":413,"tag":623,"props":11314,"children":11315},{"emptyLinePlaceholder":2790},[11316],{"type":418,"value":2793},{"type":413,"tag":623,"props":11318,"children":11320},{"class":625,"line":11319},47,[11321,11325,11329,11333,11337,11341,11345,11349,11353,11357],{"type":413,"tag":623,"props":11322,"children":11323},{"style":671},[11324],{"type":418,"value":2857},{"type":413,"tag":623,"props":11326,"children":11327},{"style":1058},[11328],{"type":418,"value":5472},{"type":413,"tag":623,"props":11330,"children":11331},{"style":671},[11332],{"type":418,"value":1404},{"type":413,"tag":623,"props":11334,"children":11335},{"style":1407},[11336],{"type":418,"value":7247},{"type":413,"tag":623,"props":11338,"children":11339},{"style":1058},[11340],{"type":418,"value":1018},{"type":413,"tag":623,"props":11342,"children":11343},{"style":671},[11344],{"type":418,"value":1023},{"type":413,"tag":623,"props":11346,"children":11347},{"style":635},[11348],{"type":418,"value":3033},{"type":413,"tag":623,"props":11350,"children":11351},{"style":671},[11352],{"type":418,"value":1023},{"type":413,"tag":623,"props":11354,"children":11355},{"style":671},[11356],{"type":418,"value":1037},{"type":413,"tag":623,"props":11358,"children":11359},{"style":671},[11360],{"type":418,"value":5507},{"type":413,"tag":623,"props":11362,"children":11364},{"class":625,"line":11363},48,[11365,11369,11373,11377,11381,11385],{"type":413,"tag":623,"props":11366,"children":11367},{"style":5513},[11368],{"type":418,"value":7069},{"type":413,"tag":623,"props":11370,"children":11371},{"style":671},[11372],{"type":418,"value":3493},{"type":413,"tag":623,"props":11374,"children":11375},{"style":1058},[11376],{"type":418,"value":1390},{"type":413,"tag":623,"props":11378,"children":11379},{"style":671},[11380],{"type":418,"value":1404},{"type":413,"tag":623,"props":11382,"children":11383},{"style":1058},[11384],{"type":418,"value":5665},{"type":413,"tag":623,"props":11386,"children":11387},{"style":671},[11388],{"type":418,"value":1084},{"type":413,"tag":623,"props":11390,"children":11392},{"class":625,"line":11391},49,[11393,11397,11401,11405,11409,11413],{"type":413,"tag":623,"props":11394,"children":11395},{"style":5513},[11396],{"type":418,"value":7306},{"type":413,"tag":623,"props":11398,"children":11399},{"style":671},[11400],{"type":418,"value":3493},{"type":413,"tag":623,"props":11402,"children":11403},{"style":671},[11404],{"type":418,"value":674},{"type":413,"tag":623,"props":11406,"children":11407},{"style":635},[11408],{"type":418,"value":7466},{"type":413,"tag":623,"props":11410,"children":11411},{"style":671},[11412],{"type":418,"value":1023},{"type":413,"tag":623,"props":11414,"children":11415},{"style":671},[11416],{"type":418,"value":1084},{"type":413,"tag":623,"props":11418,"children":11420},{"class":625,"line":11419},50,[11421,11425,11429,11433,11437,11441],{"type":413,"tag":623,"props":11422,"children":11423},{"style":5513},[11424],{"type":418,"value":7334},{"type":413,"tag":623,"props":11426,"children":11427},{"style":671},[11428],{"type":418,"value":3493},{"type":413,"tag":623,"props":11430,"children":11431},{"style":1058},[11432],{"type":418,"value":2137},{"type":413,"tag":623,"props":11434,"children":11435},{"style":671},[11436],{"type":418,"value":1404},{"type":413,"tag":623,"props":11438,"children":11439},{"style":1058},[11440],{"type":418,"value":3033},{"type":413,"tag":623,"props":11442,"children":11443},{"style":671},[11444],{"type":418,"value":1084},{"type":413,"tag":623,"props":11446,"children":11448},{"class":625,"line":11447},51,[11449,11453,11457],{"type":413,"tag":623,"props":11450,"children":11451},{"style":671},[11452],{"type":418,"value":3327},{"type":413,"tag":623,"props":11454,"children":11455},{"style":1058},[11456],{"type":418,"value":5595},{"type":413,"tag":623,"props":11458,"children":11459},{"style":671},[11460],{"type":418,"value":2524},{"type":413,"tag":623,"props":11462,"children":11464},{"class":625,"line":11463},52,[11465],{"type":413,"tag":623,"props":11466,"children":11467},{"emptyLinePlaceholder":2790},[11468],{"type":418,"value":2793},{"type":413,"tag":623,"props":11470,"children":11472},{"class":625,"line":11471},53,[11473,11477,11481,11485,11489,11493,11497,11501,11505,11509],{"type":413,"tag":623,"props":11474,"children":11475},{"style":671},[11476],{"type":418,"value":2857},{"type":413,"tag":623,"props":11478,"children":11479},{"style":1058},[11480],{"type":418,"value":5472},{"type":413,"tag":623,"props":11482,"children":11483},{"style":671},[11484],{"type":418,"value":1404},{"type":413,"tag":623,"props":11486,"children":11487},{"style":1407},[11488],{"type":418,"value":7247},{"type":413,"tag":623,"props":11490,"children":11491},{"style":1058},[11492],{"type":418,"value":1018},{"type":413,"tag":623,"props":11494,"children":11495},{"style":671},[11496],{"type":418,"value":1023},{"type":413,"tag":623,"props":11498,"children":11499},{"style":635},[11500],{"type":418,"value":7555},{"type":413,"tag":623,"props":11502,"children":11503},{"style":671},[11504],{"type":418,"value":1023},{"type":413,"tag":623,"props":11506,"children":11507},{"style":671},[11508],{"type":418,"value":1037},{"type":413,"tag":623,"props":11510,"children":11511},{"style":671},[11512],{"type":418,"value":5507},{"type":413,"tag":623,"props":11514,"children":11516},{"class":625,"line":11515},54,[11517,11521,11525,11529,11533,11537],{"type":413,"tag":623,"props":11518,"children":11519},{"style":5513},[11520],{"type":418,"value":7069},{"type":413,"tag":623,"props":11522,"children":11523},{"style":671},[11524],{"type":418,"value":3493},{"type":413,"tag":623,"props":11526,"children":11527},{"style":1058},[11528],{"type":418,"value":1390},{"type":413,"tag":623,"props":11530,"children":11531},{"style":671},[11532],{"type":418,"value":1404},{"type":413,"tag":623,"props":11534,"children":11535},{"style":1058},[11536],{"type":418,"value":5665},{"type":413,"tag":623,"props":11538,"children":11539},{"style":671},[11540],{"type":418,"value":1084},{"type":413,"tag":623,"props":11542,"children":11544},{"class":625,"line":11543},55,[11545,11549,11553,11557,11561,11565],{"type":413,"tag":623,"props":11546,"children":11547},{"style":5513},[11548],{"type":418,"value":7306},{"type":413,"tag":623,"props":11550,"children":11551},{"style":671},[11552],{"type":418,"value":3493},{"type":413,"tag":623,"props":11554,"children":11555},{"style":671},[11556],{"type":418,"value":674},{"type":413,"tag":623,"props":11558,"children":11559},{"style":635},[11560],{"type":418,"value":7614},{"type":413,"tag":623,"props":11562,"children":11563},{"style":671},[11564],{"type":418,"value":1023},{"type":413,"tag":623,"props":11566,"children":11567},{"style":671},[11568],{"type":418,"value":1084},{"type":413,"tag":623,"props":11570,"children":11572},{"class":625,"line":11571},56,[11573,11577,11581,11585,11589,11593],{"type":413,"tag":623,"props":11574,"children":11575},{"style":5513},[11576],{"type":418,"value":7334},{"type":413,"tag":623,"props":11578,"children":11579},{"style":671},[11580],{"type":418,"value":3493},{"type":413,"tag":623,"props":11582,"children":11583},{"style":1058},[11584],{"type":418,"value":2615},{"type":413,"tag":623,"props":11586,"children":11587},{"style":671},[11588],{"type":418,"value":1404},{"type":413,"tag":623,"props":11590,"children":11591},{"style":1058},[11592],{"type":418,"value":5969},{"type":413,"tag":623,"props":11594,"children":11595},{"style":671},[11596],{"type":418,"value":1084},{"type":413,"tag":623,"props":11598,"children":11600},{"class":625,"line":11599},57,[11601,11605,11609],{"type":413,"tag":623,"props":11602,"children":11603},{"style":671},[11604],{"type":418,"value":3327},{"type":413,"tag":623,"props":11606,"children":11607},{"style":1058},[11608],{"type":418,"value":5595},{"type":413,"tag":623,"props":11610,"children":11611},{"style":671},[11612],{"type":418,"value":2524},{"type":413,"tag":623,"props":11614,"children":11616},{"class":625,"line":11615},58,[11617],{"type":413,"tag":623,"props":11618,"children":11619},{"emptyLinePlaceholder":2790},[11620],{"type":418,"value":2793},{"type":413,"tag":623,"props":11622,"children":11624},{"class":625,"line":11623},59,[11625,11629,11633,11637,11641,11645,11649,11653,11657,11661],{"type":413,"tag":623,"props":11626,"children":11627},{"style":671},[11628],{"type":418,"value":2857},{"type":413,"tag":623,"props":11630,"children":11631},{"style":1058},[11632],{"type":418,"value":5472},{"type":413,"tag":623,"props":11634,"children":11635},{"style":671},[11636],{"type":418,"value":1404},{"type":413,"tag":623,"props":11638,"children":11639},{"style":1407},[11640],{"type":418,"value":7247},{"type":413,"tag":623,"props":11642,"children":11643},{"style":1058},[11644],{"type":418,"value":1018},{"type":413,"tag":623,"props":11646,"children":11647},{"style":671},[11648],{"type":418,"value":1023},{"type":413,"tag":623,"props":11650,"children":11651},{"style":635},[11652],{"type":418,"value":8967},{"type":413,"tag":623,"props":11654,"children":11655},{"style":671},[11656],{"type":418,"value":1023},{"type":413,"tag":623,"props":11658,"children":11659},{"style":671},[11660],{"type":418,"value":1037},{"type":413,"tag":623,"props":11662,"children":11663},{"style":671},[11664],{"type":418,"value":5507},{"type":413,"tag":623,"props":11666,"children":11668},{"class":625,"line":11667},60,[11669,11673,11677,11681,11685,11689],{"type":413,"tag":623,"props":11670,"children":11671},{"style":5513},[11672],{"type":418,"value":7069},{"type":413,"tag":623,"props":11674,"children":11675},{"style":671},[11676],{"type":418,"value":3493},{"type":413,"tag":623,"props":11678,"children":11679},{"style":1058},[11680],{"type":418,"value":1390},{"type":413,"tag":623,"props":11682,"children":11683},{"style":671},[11684],{"type":418,"value":1404},{"type":413,"tag":623,"props":11686,"children":11687},{"style":1058},[11688],{"type":418,"value":5665},{"type":413,"tag":623,"props":11690,"children":11691},{"style":671},[11692],{"type":418,"value":1084},{"type":413,"tag":623,"props":11694,"children":11696},{"class":625,"line":11695},61,[11697,11701,11705,11709,11713,11717],{"type":413,"tag":623,"props":11698,"children":11699},{"style":5513},[11700],{"type":418,"value":7306},{"type":413,"tag":623,"props":11702,"children":11703},{"style":671},[11704],{"type":418,"value":3493},{"type":413,"tag":623,"props":11706,"children":11707},{"style":671},[11708],{"type":418,"value":674},{"type":413,"tag":623,"props":11710,"children":11711},{"style":635},[11712],{"type":418,"value":8886},{"type":413,"tag":623,"props":11714,"children":11715},{"style":671},[11716],{"type":418,"value":1023},{"type":413,"tag":623,"props":11718,"children":11719},{"style":671},[11720],{"type":418,"value":1084},{"type":413,"tag":623,"props":11722,"children":11724},{"class":625,"line":11723},62,[11725,11729,11733,11737,11741,11745,11749,11753,11757,11761,11765],{"type":413,"tag":623,"props":11726,"children":11727},{"style":5513},[11728],{"type":418,"value":7334},{"type":413,"tag":623,"props":11730,"children":11731},{"style":671},[11732],{"type":418,"value":3493},{"type":413,"tag":623,"props":11734,"children":11735},{"style":1058},[11736],{"type":418,"value":879},{"type":413,"tag":623,"props":11738,"children":11739},{"style":671},[11740],{"type":418,"value":1404},{"type":413,"tag":623,"props":11742,"children":11743},{"style":1407},[11744],{"type":418,"value":9057},{"type":413,"tag":623,"props":11746,"children":11747},{"style":1058},[11748],{"type":418,"value":1018},{"type":413,"tag":623,"props":11750,"children":11751},{"style":671},[11752],{"type":418,"value":1023},{"type":413,"tag":623,"props":11754,"children":11755},{"style":635},[11756],{"type":418,"value":9070},{"type":413,"tag":623,"props":11758,"children":11759},{"style":671},[11760],{"type":418,"value":1023},{"type":413,"tag":623,"props":11762,"children":11763},{"style":1058},[11764],{"type":418,"value":5595},{"type":413,"tag":623,"props":11766,"children":11767},{"style":671},[11768],{"type":418,"value":1084},{"type":413,"tag":623,"props":11770,"children":11772},{"class":625,"line":11771},63,[11773,11777,11781],{"type":413,"tag":623,"props":11774,"children":11775},{"style":671},[11776],{"type":418,"value":3327},{"type":413,"tag":623,"props":11778,"children":11779},{"style":1058},[11780],{"type":418,"value":5595},{"type":413,"tag":623,"props":11782,"children":11783},{"style":671},[11784],{"type":418,"value":2524},{"type":413,"tag":623,"props":11786,"children":11788},{"class":625,"line":11787},64,[11789],{"type":413,"tag":623,"props":11790,"children":11791},{"emptyLinePlaceholder":2790},[11792],{"type":418,"value":2793},{"type":413,"tag":623,"props":11794,"children":11796},{"class":625,"line":11795},65,[11797,11801,11805,11809,11813,11817,11821,11825,11829,11833,11837,11841,11845,11849],{"type":413,"tag":623,"props":11798,"children":11799},{"style":2854},[11800],{"type":418,"value":5454},{"type":413,"tag":623,"props":11802,"children":11803},{"style":1058},[11804],{"type":418,"value":9169},{"type":413,"tag":623,"props":11806,"children":11807},{"style":671},[11808],{"type":418,"value":1066},{"type":413,"tag":623,"props":11810,"children":11811},{"style":1407},[11812],{"type":418,"value":9125},{"type":413,"tag":623,"props":11814,"children":11815},{"style":1058},[11816],{"type":418,"value":1018},{"type":413,"tag":623,"props":11818,"children":11819},{"style":671},[11820],{"type":418,"value":1023},{"type":413,"tag":623,"props":11822,"children":11823},{"style":635},[11824],{"type":418,"value":9190},{"type":413,"tag":623,"props":11826,"children":11827},{"style":671},[11828],{"type":418,"value":1023},{"type":413,"tag":623,"props":11830,"children":11831},{"style":671},[11832],{"type":418,"value":1037},{"type":413,"tag":623,"props":11834,"children":11835},{"style":671},[11836],{"type":418,"value":674},{"type":413,"tag":623,"props":11838,"children":11839},{"style":635},[11840],{"type":418,"value":9207},{"type":413,"tag":623,"props":11842,"children":11843},{"style":671},[11844],{"type":418,"value":1023},{"type":413,"tag":623,"props":11846,"children":11847},{"style":1058},[11848],{"type":418,"value":5595},{"type":413,"tag":623,"props":11850,"children":11851},{"style":671},[11852],{"type":418,"value":2524},{"type":413,"tag":623,"props":11854,"children":11856},{"class":625,"line":11855},66,[11857,11861,11865,11869,11873,11877,11881,11885,11889,11893],{"type":413,"tag":623,"props":11858,"children":11859},{"style":671},[11860],{"type":418,"value":2857},{"type":413,"tag":623,"props":11862,"children":11863},{"style":1058},[11864],{"type":418,"value":5472},{"type":413,"tag":623,"props":11866,"children":11867},{"style":671},[11868],{"type":418,"value":1404},{"type":413,"tag":623,"props":11870,"children":11871},{"style":1407},[11872],{"type":418,"value":9239},{"type":413,"tag":623,"props":11874,"children":11875},{"style":1058},[11876],{"type":418,"value":1018},{"type":413,"tag":623,"props":11878,"children":11879},{"style":671},[11880],{"type":418,"value":1023},{"type":413,"tag":623,"props":11882,"children":11883},{"style":635},[11884],{"type":418,"value":9252},{"type":413,"tag":623,"props":11886,"children":11887},{"style":671},[11888],{"type":418,"value":1023},{"type":413,"tag":623,"props":11890,"children":11891},{"style":671},[11892],{"type":418,"value":1037},{"type":413,"tag":623,"props":11894,"children":11895},{"style":671},[11896],{"type":418,"value":5507},{"type":413,"tag":623,"props":11898,"children":11900},{"class":625,"line":11899},67,[11901,11905,11909,11913,11917,11921],{"type":413,"tag":623,"props":11902,"children":11903},{"style":5513},[11904],{"type":418,"value":7069},{"type":413,"tag":623,"props":11906,"children":11907},{"style":671},[11908],{"type":418,"value":3493},{"type":413,"tag":623,"props":11910,"children":11911},{"style":1058},[11912],{"type":418,"value":1390},{"type":413,"tag":623,"props":11914,"children":11915},{"style":671},[11916],{"type":418,"value":1404},{"type":413,"tag":623,"props":11918,"children":11919},{"style":1058},[11920],{"type":418,"value":5665},{"type":413,"tag":623,"props":11922,"children":11923},{"style":671},[11924],{"type":418,"value":1084},{"type":413,"tag":623,"props":11926,"children":11928},{"class":625,"line":11927},68,[11929,11933,11937,11941,11945,11949],{"type":413,"tag":623,"props":11930,"children":11931},{"style":5513},[11932],{"type":418,"value":9299},{"type":413,"tag":623,"props":11934,"children":11935},{"style":671},[11936],{"type":418,"value":3493},{"type":413,"tag":623,"props":11938,"children":11939},{"style":671},[11940],{"type":418,"value":674},{"type":413,"tag":623,"props":11942,"children":11943},{"style":635},[11944],{"type":418,"value":4782},{"type":413,"tag":623,"props":11946,"children":11947},{"style":671},[11948],{"type":418,"value":1023},{"type":413,"tag":623,"props":11950,"children":11951},{"style":671},[11952],{"type":418,"value":1084},{"type":413,"tag":623,"props":11954,"children":11956},{"class":625,"line":11955},69,[11957,11961,11965,11969,11973,11977],{"type":413,"tag":623,"props":11958,"children":11959},{"style":5513},[11960],{"type":418,"value":9327},{"type":413,"tag":623,"props":11962,"children":11963},{"style":671},[11964],{"type":418,"value":3493},{"type":413,"tag":623,"props":11966,"children":11967},{"style":671},[11968],{"type":418,"value":674},{"type":413,"tag":623,"props":11970,"children":11971},{"style":635},[11972],{"type":418,"value":9340},{"type":413,"tag":623,"props":11974,"children":11975},{"style":671},[11976],{"type":418,"value":1023},{"type":413,"tag":623,"props":11978,"children":11979},{"style":671},[11980],{"type":418,"value":1084},{"type":413,"tag":623,"props":11982,"children":11984},{"class":625,"line":11983},70,[11985,11989,11993,11997],{"type":413,"tag":623,"props":11986,"children":11987},{"style":5513},[11988],{"type":418,"value":9356},{"type":413,"tag":623,"props":11990,"children":11991},{"style":671},[11992],{"type":418,"value":3493},{"type":413,"tag":623,"props":11994,"children":11995},{"style":1058},[11996],{"type":418,"value":9365},{"type":413,"tag":623,"props":11998,"children":11999},{"style":671},[12000],{"type":418,"value":1084},{"type":413,"tag":623,"props":12002,"children":12004},{"class":625,"line":12003},71,[12005,12009,12013,12017,12021,12025],{"type":413,"tag":623,"props":12006,"children":12007},{"style":5513},[12008],{"type":418,"value":9377},{"type":413,"tag":623,"props":12010,"children":12011},{"style":671},[12012],{"type":418,"value":3493},{"type":413,"tag":623,"props":12014,"children":12015},{"style":671},[12016],{"type":418,"value":674},{"type":413,"tag":623,"props":12018,"children":12019},{"style":635},[12020],{"type":418,"value":3841},{"type":413,"tag":623,"props":12022,"children":12023},{"style":671},[12024],{"type":418,"value":1023},{"type":413,"tag":623,"props":12026,"children":12027},{"style":671},[12028],{"type":418,"value":1084},{"type":413,"tag":623,"props":12030,"children":12032},{"class":625,"line":12031},72,[12033,12037,12041,12045,12049,12053],{"type":413,"tag":623,"props":12034,"children":12035},{"style":5513},[12036],{"type":418,"value":9405},{"type":413,"tag":623,"props":12038,"children":12039},{"style":671},[12040],{"type":418,"value":3493},{"type":413,"tag":623,"props":12042,"children":12043},{"style":671},[12044],{"type":418,"value":674},{"type":413,"tag":623,"props":12046,"children":12047},{"style":635},[12048],{"type":418,"value":9418},{"type":413,"tag":623,"props":12050,"children":12051},{"style":671},[12052],{"type":418,"value":1023},{"type":413,"tag":623,"props":12054,"children":12055},{"style":671},[12056],{"type":418,"value":1084},{"type":413,"tag":623,"props":12058,"children":12060},{"class":625,"line":12059},73,[12061,12065,12069,12073,12077,12081],{"type":413,"tag":623,"props":12062,"children":12063},{"style":5513},[12064],{"type":418,"value":9434},{"type":413,"tag":623,"props":12066,"children":12067},{"style":671},[12068],{"type":418,"value":3493},{"type":413,"tag":623,"props":12070,"children":12071},{"style":671},[12072],{"type":418,"value":674},{"type":413,"tag":623,"props":12074,"children":12075},{"style":635},[12076],{"type":418,"value":9447},{"type":413,"tag":623,"props":12078,"children":12079},{"style":671},[12080],{"type":418,"value":1023},{"type":413,"tag":623,"props":12082,"children":12083},{"style":671},[12084],{"type":418,"value":1084},{"type":413,"tag":623,"props":12086,"children":12088},{"class":625,"line":12087},74,[12089,12093,12097,12101],{"type":413,"tag":623,"props":12090,"children":12091},{"style":5513},[12092],{"type":418,"value":9463},{"type":413,"tag":623,"props":12094,"children":12095},{"style":671},[12096],{"type":418,"value":3493},{"type":413,"tag":623,"props":12098,"children":12099},{"style":5580},[12100],{"type":418,"value":9472},{"type":413,"tag":623,"props":12102,"children":12103},{"style":671},[12104],{"type":418,"value":1084},{"type":413,"tag":623,"props":12106,"children":12108},{"class":625,"line":12107},75,[12109,12113,12117],{"type":413,"tag":623,"props":12110,"children":12111},{"style":671},[12112],{"type":418,"value":3327},{"type":413,"tag":623,"props":12114,"children":12115},{"style":1058},[12116],{"type":418,"value":5595},{"type":413,"tag":623,"props":12118,"children":12119},{"style":671},[12120],{"type":418,"value":2524},{"type":413,"tag":414,"props":12122,"children":12123},{},[12124,12125,12131],{"type":418,"value":4660},{"type":413,"tag":432,"props":12126,"children":12129},{"href":12127,"rel":12128},"https://github.com/TechWatching/AzureOIDC",[436],[12130],{"type":418,"value":4670},{"type":418,"value":1404},{"type":413,"tag":414,"props":12133,"children":12134},{},[12135],{"type":418,"value":12136},"I hope you enjoyed this article. Please feel free to share your thoughts in the comments, ask questions, or make suggestions. Keep learning.",{"type":413,"tag":4673,"props":12138,"children":12139},{},[12140],{"type":418,"value":4677},{"title":401,"searchDepth":1045,"depth":1045,"links":12142},[12143,12149,12150,12159,12160],{"id":4729,"depth":1045,"text":4732,"children":12144},[12145,12146,12147,12148],{"id":4754,"depth":1054,"text":4757},{"id":4814,"depth":1054,"text":4817},{"id":4897,"depth":1054,"text":4900},{"id":4999,"depth":1054,"text":5002},{"id":5014,"depth":1045,"text":5017},{"id":5082,"depth":1045,"text":5085,"children":12151},[12152,12153,12154,12156,12157,12158],{"id":5088,"depth":1054,"text":5091},{"id":5316,"depth":1054,"text":5319},{"id":5724,"depth":1054,"text":12155},"Create the identity in Azure Active Directory for the GitHub Actions workflow",{"id":6357,"depth":1054,"text":6360},{"id":6973,"depth":1054,"text":6976},{"id":7685,"depth":1054,"text":7688},{"id":9554,"depth":1045,"text":9557},{"id":4624,"depth":1045,"text":4627,"children":12161},[12162,12163,12164,12165],{"id":9780,"depth":1054,"text":9783},{"id":9796,"depth":1054,"text":9799},{"id":9830,"depth":1054,"text":9833},{"id":9927,"depth":1054,"text":9930},"content:1.posts:53.azure-ready-github-repository.md","1.posts/53.azure-ready-github-repository.md",1716749600739]