-
Notifications
You must be signed in to change notification settings - Fork 0
141 lines (132 loc) · 7.87 KB
/
deploy_b2c_policies.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
name: Deploy Azure AD B2C Policies and Configuration
on:
push:
branches:
- master
env:
B2C_SERVICE_PRINCIPAL_CLIENT_ID: "93dccd52-34c5-4f81-8582-8ec5128c57c7"
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Read appsettings.json
id: get_appsettings
uses: juliangruber/read-file-action@v1
with:
path: ./policies/appsettings.json
- name: Get policy settings from appsettings.json
id: parse_appsettings
uses: gr2m/[email protected]
with:
json: ${{ steps.get_appsettings.outputs.content }}
Production: "Environments[0].Production"
Tenant: "Environments[0].Tenant"
PolicyPrefix: "Environments[0].PolicySettings.PolicyPrefix"
DeploymentMode: "Environments[0].PolicySettings.DeploymentMode"
DeveloperMode: "Environments[0].PolicySettings.DeveloperMode"
AppInsightsInstrumentationKey: "Environments[0].PolicySettings.AppInsightsInstrumentationKey"
IdentityExperienceFrameworkAppId: "Environments[0].PolicySettings.IdentityExperienceFrameworkAppId"
ProxyIdentityExperienceFrameworkAppId: "Environments[0].PolicySettings.ProxyIdentityExperienceFrameworkAppId"
FacebookClientId: "Environments[0].PolicySettings.FacebookClientId"
FacebookClientSecretKeyContainer: "Environments[0].PolicySettings.FacebookClientSecretKeyContainer"
GoogleClientId: "Environments[0].PolicySettings.GoogleClientId"
GoogleClientSecretKeyContainer: "Environments[0].PolicySettings.GoogleClientSecretKeyContainer"
MicrosoftAccountClientId: "Environments[0].PolicySettings.MicrosoftAccountClientId"
MicrosoftAccountClientSecretKeyContainer: "Environments[0].PolicySettings.MicrosoftAccountClientSecretKeyContainer"
PassDisplayName: "Environments[0].PolicySettings.PassDisplayName"
PassDescription: "Environments[0].PolicySettings.PassDescription"
PassClientId: "Environments[0].PolicySettings.PassClientId"
PassClientSecretKeyContainer: "Environments[0].PolicySettings.PassClientSecretKeyContainer"
PassAuthEndpoint: "Environments[0].PolicySettings.PassAuthEndpoint"
PassTokenEndpoint: "Environments[0].PolicySettings.PassTokenEndpoint"
PassClaimsEndpoint: "Environments[0].PolicySettings.PassClaimsEndpoint"
PassClaimsDecryptionEndpoint: "Environments[0].PolicySettings.PassClaimsDecryptionEndpoint"
CustomTemplateUrl: "Environments[0].PolicySettings.CustomTemplateUrl"
- name: Replace tokens in B2C policies
uses: cschleiden/[email protected]
with:
tokenPrefix: "{Settings:"
tokenSuffix: "}"
files: "policies/*.xml"
env:
Production: ${{ steps.parse_appsettings.outputs.Production }}
Tenant: ${{ steps.parse_appsettings.outputs.Tenant }}
PolicyPrefix: ${{ steps.parse_appsettings.outputs.PolicyPrefix }}
DeploymentMode: ${{ steps.parse_appsettings.outputs.DeploymentMode }}
DeveloperMode: ${{ steps.parse_appsettings.outputs.DeveloperMode }}
AppInsightsInstrumentationKey: ${{ steps.parse_appsettings.outputs.AppInsightsInstrumentationKey }}
IdentityExperienceFrameworkAppId: ${{ steps.parse_appsettings.outputs.IdentityExperienceFrameworkAppId }}
ProxyIdentityExperienceFrameworkAppId: ${{ steps.parse_appsettings.outputs.ProxyIdentityExperienceFrameworkAppId }}
FacebookClientId: ${{ steps.parse_appsettings.outputs.FacebookClientId }}
FacebookClientSecretKeyContainer: ${{ steps.parse_appsettings.outputs.FacebookClientSecretKeyContainer }}
GoogleClientId: ${{ steps.parse_appsettings.outputs.GoogleClientId }}
GoogleClientSecretKeyContainer: ${{ steps.parse_appsettings.outputs.GoogleClientSecretKeyContainer }}
MicrosoftAccountClientId: ${{ steps.parse_appsettings.outputs.MicrosoftAccountClientId }}
MicrosoftAccountClientSecretKeyContainer: ${{ steps.parse_appsettings.outputs.MicrosoftAccountClientSecretKeyContainer }}
PassDisplayName: ${{ steps.parse_appsettings.outputs.PassDisplayName }}
PassDescription: ${{ steps.parse_appsettings.outputs.PassDescription }}
PassClientId: ${{ steps.parse_appsettings.outputs.PassClientId }}
PassClientSecretKeyContainer: ${{ steps.parse_appsettings.outputs.PassClientSecretKeyContainer }}
PassAuthEndpoint: ${{ steps.parse_appsettings.outputs.PassAuthEndpoint }}
PassTokenEndpoint: ${{ steps.parse_appsettings.outputs.PassTokenEndpoint }}
PassClaimsEndpoint: ${{ steps.parse_appsettings.outputs.PassClaimsEndpoint }}
PassClaimsDecryptionEndpoint: ${{ steps.parse_appsettings.outputs.PassClaimsDecryptionEndpoint }}
CustomTemplateUrl: ${{ steps.parse_appsettings.outputs.CustomTemplateUrl }}
- name: Upload Facebook Client Secret
uses: azure-ad-b2c/deploy-trustframework-keyset-secret@v1
with:
name: ${{ steps.parse_appsettings.outputs.FacebookClientSecretKeyContainer }}
value: ${{ secrets.FACEBOOK_CLIENT_SECRET }}
tenant: ${{ steps.parse_appsettings.outputs.Tenant }}
clientId: ${{ env.B2C_SERVICE_PRINCIPAL_CLIENT_ID }}
clientSecret: ${{ secrets.B2C_SERVICE_PRINCIPAL_CLIENT_SECRET }}
- name: Upload Google Client Secret
uses: azure-ad-b2c/deploy-trustframework-keyset-secret@v1
with:
name: ${{ steps.parse_appsettings.outputs.GoogleClientSecretKeyContainer }}
value: ${{ secrets.GOOGLE_CLIENT_SECRET }}
tenant: ${{ steps.parse_appsettings.outputs.Tenant }}
clientId: ${{ env.B2C_SERVICE_PRINCIPAL_CLIENT_ID }}
clientSecret: ${{ secrets.B2C_SERVICE_PRINCIPAL_CLIENT_SECRET }}
- name: Upload Microsoft Account Client Secret
uses: azure-ad-b2c/deploy-trustframework-keyset-secret@v1
with:
name: ${{ steps.parse_appsettings.outputs.MicrosoftAccountClientSecretKeyContainer }}
value: ${{ secrets.MICROSOFTACCOUNT_CLIENT_SECRET }}
tenant: ${{ steps.parse_appsettings.outputs.Tenant }}
clientId: ${{ env.B2C_SERVICE_PRINCIPAL_CLIENT_ID }}
clientSecret: ${{ secrets.B2C_SERVICE_PRINCIPAL_CLIENT_SECRET }}
- name: Upload PASS Client Secret
uses: azure-ad-b2c/deploy-trustframework-keyset-secret@v1
with:
name: ${{ steps.parse_appsettings.outputs.PassClientSecretKeyContainer }}
value: ${{ secrets.PASS_CLIENT_SECRET }}
tenant: ${{ steps.parse_appsettings.outputs.Tenant }}
clientId: ${{ env.B2C_SERVICE_PRINCIPAL_CLIENT_ID }}
clientSecret: ${{ secrets.B2C_SERVICE_PRINCIPAL_CLIENT_SECRET }}
- name: Upload TrustFrameworkBase Policy
uses: azure-ad-b2c/deploy-trustframework-policy@v1
with:
file: "policies/TrustFrameworkBase.xml"
policy: ${{ steps.parse_appsettings.outputs.PolicyPrefix }}TrustFrameworkBase
tenant: ${{ steps.parse_appsettings.outputs.Tenant }}
clientId: ${{ env.B2C_SERVICE_PRINCIPAL_CLIENT_ID }}
clientSecret: ${{ secrets.B2C_SERVICE_PRINCIPAL_CLIENT_SECRET }}
- name: Upload TrustFrameworkExtensions Policy
uses: azure-ad-b2c/deploy-trustframework-policy@v1
with:
file: "policies/TrustFrameworkExtensions.xml"
policy: ${{ steps.parse_appsettings.outputs.PolicyPrefix }}TrustFrameworkExtensions
tenant: ${{ steps.parse_appsettings.outputs.Tenant }}
clientId: ${{ env.B2C_SERVICE_PRINCIPAL_CLIENT_ID }}
clientSecret: ${{ secrets.B2C_SERVICE_PRINCIPAL_CLIENT_SECRET }}
- name: Upload SignUpOrSignin Policy
uses: azure-ad-b2c/deploy-trustframework-policy@v1
with:
file: "policies/SignUpOrSignin.xml"
policy: ${{ steps.parse_appsettings.outputs.PolicyPrefix }}signup_signin
tenant: ${{ steps.parse_appsettings.outputs.Tenant }}
clientId: ${{ env.B2C_SERVICE_PRINCIPAL_CLIENT_ID }}
clientSecret: ${{ secrets.B2C_SERVICE_PRINCIPAL_CLIENT_SECRET }}