static-web-apps-cli icon indicating copy to clipboard operation
static-web-apps-cli copied to clipboard

Published 20 hours ago verified publisher icon Azure

feat: Support Azure CLI credential

Open shibayan opened this issue 8 months ago • 9 comments

The current static-web-apps-deploy task does not support Service Principal, so we always need to use tokens for deployment, but it is very time consuming to configure everything when deploying to multiple SWAs.

If the SWA CLI supports Azure CLI login (azure/login action), deployment would be very simple.

Close #751

shibayan avatar Nov 04 '23 07:11 shibayan

@manekinekko @v1212 @cjk7989 @IvanJobs any updates? This is important for improvements in static web apps deployment

rhuanbarreto avatar Dec 12 '23 17:12 rhuanbarreto

@manekinekko @v1212 @cjk7989 @IvanJobs I would be happy to have this feature reviewed as I believe it is something that many, including myself, have been waiting for.

shibayan avatar Feb 05 '24 17:02 shibayan

Thanks @shibayan, sorry for the delay. I'll test the changes from my side and publish in the next release (maybe version 1.1.8). Could you give some details about the scenario how you login swa using Azure CLI?

cjk7989 avatar Mar 06 '24 08:03 cjk7989

@cjk7989 Thanks, I believe the biggest scenario where we want to use Azure CLI credentials from SWA CLI is OpenID Connect (Federated Credential) in GitHub Actions as per #751 #715.

Web App deployments use Federated Credentials via Azure CLI, but since they are not available for Static Web Apps deployments, it is necessary to manage deployment tokens separately.

shibayan avatar Mar 06 '24 08:03 shibayan

Just to raise my case. I'm using the CLI directly because I have a monorepo deploying many different static websites. So I already use the azure login action in github actions to issue a token against azure management.

rhuanbarreto avatar Mar 06 '24 08:03 rhuanbarreto

Hi @shibayan, sorry for the delay and thanks for the great contribution! I plan to test it from my side and apply the feature in the next release. Could you share a complete scenario how do you set up azure login in GitHub Actions?

cjk7989 avatar Mar 07 '24 08:03 cjk7989

@cjk7989 In a monolipo configuration, it is not reasonable to manage credentials such as deployment tokens separately, since a single repository contains multiple applications and deployment is required for each.

The following is a workflow for a simple application I am running, which uses Federated Credential authentication in combination with Azure Login for the Web App, so only one set of credentials is needed, making the configuration even more secure.

  • https://github.com/shibayan/appserviceinfo/blob/master/.github/workflows/backend-deploy.yml

The following is a deployment to Static Web App. The standard Action is provided as a Docker Image that includes a build environment, so the overhead is large for configurations where you want to build in advance and leave deployment to the user, so deployment is done using the SWA CLI.

  • https://github.com/shibayan/appserviceinfo/blob/master/.github/workflows/frontend-deploy.yml

Since deployments to the same resource group will be made, we believe it is a common requirement that deployments to Static Web App use the same authentication information as Web App to reduce administration.

Although not a public project, the business is developing four SWAs in monolipo and deployments require four deployment tokens. It is extremely difficult to manage these four without making mistakes.

shibayan avatar Mar 07 '24 09:03 shibayan

Any news on this PR, I would really appreciate if this feature can be merged as I really need to use the local Azure credentials?

KoblerS avatar Apr 04 '24 12:04 KoblerS

@manekinekko @v1212 @cjk7989 @IvanJobs we really need this in order to simplify our CI workflows. How can we find a way to prioritize this?

rhuanbarreto avatar Apr 08 '24 14:04 rhuanbarreto

Any updates?

shibayan avatar May 19 '24 06:05 shibayan