{"id":19522884,"url":"https://github.com/techwatching/azureoidc","last_synced_at":"2025-08-15T17:14:23.301Z","repository":{"id":182671079,"uuid":"652349955","full_name":"TechWatching/AzureOIDC","owner":"TechWatching","description":"Infrastructure code to provision a GitHub repository with a GitHub Actions pipeline ready to deploy to Azure using oidc ","archived":false,"fork":false,"pushed_at":"2023-07-20T21:14:34.000Z","size":25,"stargazers_count":2,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-26T00:49:00.517Z","etag":null,"topics":["azure","github-actions","openid-connect","pulumi","typescript"],"latest_commit_sha":null,"homepage":"https://www.techwatching.dev/posts/azure-ready-github-repository","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/TechWatching.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2023-06-11T21:35:24.000Z","updated_at":"2023-09-21T22:24:08.000Z","dependencies_parsed_at":null,"dependency_job_id":"44529db4-72a2-4020-a46f-871f520fbd8f","html_url":"https://github.com/TechWatching/AzureOIDC","commit_stats":null,"previous_names":["techwatching/azureoidc"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/TechWatching/AzureOIDC","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TechWatching%2FAzureOIDC","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TechWatching%2FAzureOIDC/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TechWatching%2FAzureOIDC/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TechWatching%2FAzureOIDC/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/TechWatching","download_url":"https://codeload.github.com/TechWatching/AzureOIDC/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TechWatching%2FAzureOIDC/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":270602456,"owners_count":24614260,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-15T02:00:12.559Z","response_time":110,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["azure","github-actions","openid-connect","pulumi","typescript"],"created_at":"2024-11-11T00:41:25.670Z","updated_at":"2025-08-15T17:14:23.275Z","avatar_url":"https://github.com/TechWatching.png","language":"TypeScript","readme":"# Sample code for the article \"Create an Azure-Ready GitHub Repository using Pulumi\"\n\n## What is it?\n\nThis repository contains the code used in this [blog article](https://www.techwatching.dev/posts/azure-ready-github-repository) that talks about provisioning a Github repository that has everything correctly configured to provision Azure resources or deploy applications to Azure from a GitHub Actions CI/CD pipeline.\n\nThis code is a Pulumi TypeScript program that can be executed from the Pulumi CLI. When you execute it, it will provision the following resources:\n- a GitHub repository configured with several GitHub Actions secrets and an pre-configured GitHub Actions workflow\n- an Active Directory app registration, its associated Service Principal and a Federated Identity Credential\n\n![AzureOIDC](https://github.com/TechWatching/AzureOIDC/assets/15186176/f6884b45-aa8f-4fe7-97d4-25b56523e4f5)\n\nI suggest you to read [the article](https://www.techwatching.dev/posts/azure-ready-github-repository) before using this code. And if you are not familiar with Pulumi you should check their [documentation](https://www.pulumi.com/docs/) or [learning pathways](https://www.pulumi.com/learn/) too.\n\n## How to use it ?\n\n### Prerequisites\n\nYou can check [Pulumi documentation](https://www.pulumi.com/docs/get-started/azure/begin/) to set up your environment.\nYou will have to install on your machine:\n- Pulumi CLI\n- Azure CLI\n- pnpm\n- Node.js (can be done using [pnpm](https://bordeauxcoders.com/manage-multiple-nodejs-versions))\n\nYou will need an Azure subscription and access to an Azure Active Directory.\n\nYou can use any [backend](https://www.pulumi.com/docs/intro/concepts/state/) for your Pulumi program (to store the state and encrypt secrets) but I suggest you to use the default backend: the Pulumi Cloud. It's free for individuals, you will just need to create an account on Pulumi website. If you prefer to use an Azure Blob Storage backend with an Azure Key Vault as the encryption provider you can check [this article](https://www.techwatching.dev/posts/pulumi-azure-backend).\n\nBefore executing the program you need to modify the configuration of the stack (contained in the `Pulumi.dev.yaml` file) to set the Pulumi and the GitHub tokens. You can do that by executing the following commands:\n\n```pwsh\npulumi config set --secret pulumiTokenForRepository yourpulumicloudtoken\npulumi config set --secret github:token yougithubtoken\n```\n\nYou should also modify the `ìndex.ts` to use the name you want for you ressources and the author that will be used to commit the workflow file on your new GitHub repository.\n\n### Execute the Pulumi program\n\n- clone this repository\n- log on to your Azure account using Azure CLI\n- log on to your Pulumi backend using Pulumi CLI\n- install the dependencies using pnpm\n- run this command `pulumi up`\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftechwatching%2Fazureoidc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftechwatching%2Fazureoidc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftechwatching%2Fazureoidc/lists"}