https://github.com/thesoftwarehouse/terraform-azure-github-oidc

https://github.com/thesoftwarehouse/terraform-azure-github-oidc

Last synced: 3 months ago
JSON representation

• Host: GitHub
• URL: https://github.com/thesoftwarehouse/terraform-azure-github-oidc
• Owner: TheSoftwareHouse
• Created: 2025-09-01T09:07:13.000Z (9 months ago)
• Default Branch: main
• Last Pushed: 2025-09-01T09:17:57.000Z (9 months ago)
• Last Synced: 2025-10-10T07:22:20.667Z (8 months ago)
• Language: HCL
• Size: 2.93 KB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# GitHub Actions OIDC

This module provisions an Azure AD Application for GitHub Actions OIDC and creates a federated identity credential on it.

## Usage

```hcl

module "github_oidc" {

  source = "git@github.com:TheSoftwareHouse/terraform-azure-github-oidc.git?ref=v1.0.0"

  display_name = "github-actions-ci"

  github_org  = "my-org"

  github_repo = "my-repo"

  description = "Federated identity for GitHub Actions in my-org/my-repo"

  role_scope = "resource-group-id"

  role_name  = "Contributor"

}

```

## Inputs

| Name          | Type   | Default | Required | Description                                                                                   |

|---------------|--------|:-------:|:--------:|-----------------------------------------------------------------------------------------------|

| `display_name`  | string | —       | yes      | Name for the Azure AD Application **and** its federated identity credential.   |

| `github_org`    | string | —       | yes      | GitHub organization (or user) owning the repository.                                         |

| `github_repo`   | string | —       | yes      | GitHub repository name to federate (used in the OIDC subject pattern).                       |

| `description`   | string | `""`    | no       | Optional description for the federated identity credential.                                   |

| `role_scope`    | string | —       | yes      | ARM scope (full resource ID) at which to assign the single RBAC role.                        |

| `role_name`     | string | —       | yes      | Built-in role definition name to assign (e.g. `"Contributor"`, `"Reader"`, etc.).            |

## Outputs

| Name                          | Description                                                       |

|-------------------------------|-------------------------------------------------------------------|

| `service_principal`              | Object of the created Azure Service Principal.                    |

| `azuread_application`                   | Object of the created Azure AD Application.              |