Add OIDC auth to infra repo

[gdams]

as part of adoptium/infrastructure#3217

I'll send the secret to @netomi

[eclipse-otterdog]

This is your friendly self-service bot.

Thank you for raising a pull request to update the configuration of your GitHub organization.
You can manually add reviewers to this PR to eventually enable auto-merging.

The following conditions need to fulfilled for auto-merging to be available:

• valid configuration
• approved by a project lead
• does not require any secrets
• does not update settings only accessible via the GitHub Web UI
• does not remove any resource

Otterdog commands and options

You can trigger otterdog actions by commenting on this PR:

• /otterdog team-info checks the team / org membership for the PR author
• /otterdog validate validates the configuration change
• /otterdog validate info validates the configuration change, printing also validation infos
• /otterdog check-sync checks if the base ref is in sync with live settings
• /otterdog merge merges and applies the changes if the PR is eligible for auto-merging (only accessible for the author)
• /otterdog done notifies the self-service bot that a required manual apply operation has been performed (only accessible for members of the admin team)
• /otterdog apply re-apply a previously failed attempt (only accessible for members of the admin team)

[eclipse-otterdog]

This is your friendly self-service bot.

The author (gdams) of this PR is associated with this organization in the role of MEMBER.

Additionally, gdams is a member of the following teams:

• adoptium.net

• adoptium.net-collaborators

• adoptium-committers

• adoptium-aqavit-committers

• adoptium-aqavit-project-leads

• adoptium-temurin-committers

• adoptium-temurin-project-leads

• adoptium-incubator-committers

• adoptium-mc-committers

• adoptium-mc-project-leads

• adoptium-aqavit-security

• adoptium-mc-security

• adoptium-temurin-security

[eclipse-otterdog]

This is your friendly self-service bot. The current configuration is in-sync with the live settings. 🚀

[eclipse-otterdog]

This is your friendly self-service bot.
Please find below the validation of the requested configuration changes:

Diff for c07070c

Organization adoptium[id=adoptium]
  there have been 4 validation infos, enable verbose output with '-v' to to display them.

  
!   repository[name=".eclipsefdn"] {
!     custom_properties = {
+      eclipse_project   = "adoptium"
      }
!   }

  
!   repository[name=".github"] {
!     custom_properties = {
+      eclipse_project   = "adoptium"
      }
!   }

  
!   repository[name="adoptium"] {
!     custom_properties = {
+      eclipse_project   = "adoptium"
      }
!   }

  
!   repository[name="adoptium.net"] {
!     custom_properties = {
+      eclipse_project   = "adoptium"
      }
!   }

  
!   repository[name="adoptium.net-redesign"] {
!     custom_properties = {
+      eclipse_project   = "adoptium"
      }
!   }

  
!   repository[name="api.adoptium.net"] {
!     custom_properties = {
+      eclipse_project   = "adoptium"
      }
!   }

  
!   repository[name="blog.adoptium.net"] {
!     custom_properties = {
+      eclipse_project   = "adoptium"
      }
!   }

  
!   repository[name="dash.adoptium.net"] {
!     custom_properties = {
+      eclipse_project   = "adoptium"
      }
!   }

  
!   repository[name="documentation"] {
!     custom_properties = {
+      eclipse_project   = "adoptium"
      }
!   }

  
!   repository[name="documentation-services"] {
!     custom_properties = {
+      eclipse_project   = "adoptium"
      }
!   }

+  add repo_secret[name="AZURE_CLIENT_ID_OIDC", repository="infrastructure"] {
+    name                              = "AZURE_CLIENT_ID_OIDC"
+    value                             = "pass:bots/adoptium/azure/azure-client-id-oidc-infra"
+  }

+  add repo_secret[name="AZURE_SUBSCRIPTION_ID", repository="infrastructure"] {
+    name                              = "AZURE_SUBSCRIPTION_ID"
+    value                             = "pass:bots/adoptium/azure/azure-subscription-id"
+  }

+  add repo_secret[name="AZURE_TENANT_ID", repository="infrastructure"] {
+    name                              = "AZURE_TENANT_ID"
+    value                             = "pass:bots/adoptium/azure/azure-tenant-id"
+  }

  
!   repository[name="marketplace-api.adoptium.net"] {
!     custom_properties = {
+      eclipse_project   = "adoptium"
      }
!   }

  
!   repository[name="obsolete---adoptium.net"] {
!     custom_properties = {
+      eclipse_project   = "adoptium"
      }
!   }

  
!   repository[name="secrets"] {
!     custom_properties = {
+      eclipse_project   = "adoptium"
      }
!   }
  
  Plan: 3 to add, 13 to change, 0 to delete.

Warnings

• some of requested changes require secrets, need to apply these changes manually

cc @adoptium/eclipsefdn-security

cc @adoptium/eclipsefdn-releng

[eclipse-otterdog]

This is your friendly self-service bot.

The following changes have been successfully applied:

Organization adoptium[id=adoptium]
  there have been 4 validation infos, enable verbose output with '-v' to to display them.

  
!   repository[name=".eclipsefdn"] {
!     custom_properties = {
+      eclipse_project   = "adoptium"
      }
!   }

  
!   repository[name=".github"] {
!     custom_properties = {
+      eclipse_project   = "adoptium"
      }
!   }

  
!   repository[name="adoptium"] {
!     custom_properties = {
+      eclipse_project   = "adoptium"
      }
!   }

  
!   repository[name="adoptium.net"] {
!     custom_properties = {
+      eclipse_project   = "adoptium"
      }
!   }

  
!   repository[name="adoptium.net-redesign"] {
!     custom_properties = {
+      eclipse_project   = "adoptium"
      }
!   }

  
!   repository[name="api.adoptium.net"] {
!     custom_properties = {
+      eclipse_project   = "adoptium"
      }
!   }

  
!   repository[name="blog.adoptium.net"] {
!     custom_properties = {
+      eclipse_project   = "adoptium"
      }
!   }

  
!   repository[name="dash.adoptium.net"] {
!     custom_properties = {
+      eclipse_project   = "adoptium"
      }
!   }

  
!   repository[name="documentation"] {
!     custom_properties = {
+      eclipse_project   = "adoptium"
      }
!   }

  
!   repository[name="documentation-services"] {
!     custom_properties = {
+      eclipse_project   = "adoptium"
      }
!   }

  
!   repository[name="marketplace-api.adoptium.net"] {
!     custom_properties = {
+      eclipse_project   = "adoptium"
      }
!   }

  
!   repository[name="obsolete---adoptium.net"] {
!     custom_properties = {
+      eclipse_project   = "adoptium"
      }
!   }

  
!   repository[name="secrets"] {
!     custom_properties = {
+      eclipse_project   = "adoptium"
      }
!   }

  
  Applying changes:


  Done.
  
  Executed plan: 0 added, 13 changed, 0 deleted.

Note

The pull request was only partially applied as it requires some access to secrets or the Web UI,
please apply the remaining changes manually and confirm with replying with /otterdog done.

cc @adoptium/eclipsefdn-security

cc @adoptium/eclipsefdn-releng

[netomi]

/otterdog done

[eclipse-otterdog]

This is your friendly self-service bot. The PR has been marked as being completed.

[netomi]

The problem that the custom_properties were shown again in the diff view has been fixed in eclipse-csi/otterdog@46dd16d

This was because the eclipse_project property has a default value if it is not set but this default value was not coerced when doing the diff