Skip to content

Testing OIDC

Testing OIDC #259

---
name: Integration tests on Fabric DW
on: # yamllint disable-line rule:truthy
workflow_dispatch:
pull_request:
branches:
- oidc_connect
permissions:
id-token: write
contents: read
jobs:
integration-tests-azure:
name: Regular
strategy:
fail-fast: false
max-parallel: 1
matrix:
profile: ["ci_azure_auto"]
python_version: ["3.11"]
msodbc_version: ["17", "18"]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Log in to the Container registry
uses: docker/[email protected]
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: List containers in GitHub Container Registry
run: docker images ghcr.io/${{ github.repository }}
- name: Pull Docker image
run: docker pull ghcr.io/microsoft/dbt-fabric:CI-3.11-msodbc17
# Azure login using federated credentials
- name: Azure login with OIDC
uses: azure/login@v2
with:
client-id: ${{ secrets.DBT_AZURE_SP_NAME }}
tenant-id: ${{ secrets.DBT_AZURE_TENANT }}
allow-no-subscriptions: true
federated-token: true
# Get an access token for a specific resource (e.g., a database)
- name: Get Azure Access Token
id: get-token
run: |
TOKEN=$(az account get-access-token --resource "https://database.windows.net//.default" --query accessToken -o tsv)
echo "::add-mask::$TOKEN" # Mask the token in the logs
echo "ACCESS_TOKEN=$TOKEN" >> $GITHUB_ENV
echo "Token fetched successfully"
# Print the token (for debugging)
- name: Print Access Token
run: |
echo "Access Token: ${{ env.ACCESS_TOKEN }}"