Merge pull request #346 from DFE-Digital/oidc-smoke-test-3

[2151] Fix update domains job
DFE-Digital · Jan 10, 2025 · 8c39bb5 · 8c39bb5
2 parents cbedfe3 + 8a4fd93
commit 8c39bb5
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/.github/workflows/deploy-cluster.yml b/.github/workflows/deploy-cluster.yml
@@ -135,6 +135,9 @@ jobs:
       max-parallel: 1
       matrix:
         environment: [development, production]
+    permissions:
+      id-token: write # Required for OIDC authentication to Azure
+
     steps:
     - uses: actions/checkout@v4
 

diff --git a/documentation/platform-faq.md b/documentation/platform-faq.md
@@ -1,9 +1,15 @@
 # Platform FAQ
 
 ## Github actions OIDC
-- ```
+- Terraform *azurerm* provider:
+  ```
   Error: Error building ARM Config: obtain subscription(***) from Azure CLI: parsing json result from the Azure CLI: waiting for the Azure CLI: exit status 1:   ERROR: Please run 'az login' to setup account.
   ```
+  *azure/login* Github actions:
+  ```
+  Error: Please make sure to give write permissions to id-token in the workflow.
+  Error: Login failed with Error: Error message: Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable. Double check if the 'auth-type' is correct. Refer to https://github.com/Azure/login#readme for more information.
+  ```
   - The permissions block may be missing. See [deploy-to-aks example](https://github.com/DFE-Digital/github-actions/tree/master/deploy-to-aks#example).
 - ```
   Warning: Can't add secret mask for empty string in ##[add-mask] command.