Skip to content

oidc vars to devcontainer#4871

Merged
tamirkamara merged 4 commits intomainfrom
tamirkamara/oidc-to-devcontainer
Feb 10, 2026
Merged

oidc vars to devcontainer#4871
tamirkamara merged 4 commits intomainfrom
tamirkamara/oidc-to-devcontainer

Conversation

@tamirkamara
Copy link
Collaborator

@tamirkamara tamirkamara commented Feb 10, 2026

What is being addressed

We had issues with terraform fails to use oidc outside the 5 min expiration.

How is this addressed

  • Pass Github's OIDC vars directly to the devcontainer, and have terraform use it directly.

@tamirkamara
Copy link
Collaborator Author

tamirkamara commented Feb 10, 2026

/test-extended

@github-actions
Copy link

github-actions bot commented Feb 10, 2026
edited
Loading

Unit Test Results

0 tests   0 ✅  0s ⏱️
0 suites  0 💤
0 files    0 ❌

Results for commit c1ead67.

♻️ This comment has been updated with latest results.

@github-actions
Copy link

github-actions bot commented Feb 10, 2026

🤖 pr-bot 🤖

🏃 Running extended tests: https://github.com/microsoft/AzureTRE/actions/runs/21862032173 (with refid 8680660d)

(in response to this comment from @tamirkamara)

@tamirkamara tamirkamara marked this pull request as ready for review February 10, 2026 13:10
@tamirkamara tamirkamara requested a review from a team as a code owner February 10, 2026 13:10
Copilot AI review requested due to automatic review settings February 10, 2026 13:10
@tamirkamara
Copy link
Collaborator Author

tamirkamara commented Feb 10, 2026

/test-force-approve
Important tests passed, failures are around destroy and such which are unrelated to this pr.

@github-actions
Copy link

github-actions bot commented Feb 10, 2026

🤖 pr-bot 🤖

✅ Marking tests as complete (for commit 122c0f4)

(in response to this comment from @tamirkamara)

marrobi
marrobi approved these changes Feb 10, 2026
View reviewed changes
Copy link
Member

@marrobi marrobi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lets give this a go, hopefully it improves things.

Copilot AI reviewed Feb 10, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR aims to improve CI/devcontainer Terraform authentication reliability by passing GitHub Actions OIDC variables into the devcontainer so Terraform can fetch tokens on demand (rather than relying on a short-lived pre-fetched token).

Changes:

  • Removes the “write OIDC token to /tmp and mount it” approach from the devcontainer composite action and instead forwards GitHub’s OIDC request env vars.
  • Updates the devcontainer run command to set ARM_USE_OIDC=true and pass ACTIONS_ID_TOKEN_REQUEST_* into the container.
  • Simplifies bootstrap_azure_env.sh automation login logic and adds a CHANGELOG entry.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 5 comments.

File Description
devops/scripts/bootstrap_azure_env.sh Removes OIDC-based az login in automation and keeps only client-secret login, which impacts CI bootstrap flows.
CHANGELOG.md Adds an Unreleased entry describing the change.
.github/actions/devcontainer_run_command/action.yml Switches from mounting a pre-fetched OIDC token file to passing OIDC request env vars + ARM_USE_OIDC into the devcontainer; also mounts $HOME/.azure.

tamirkamara and others added 2 commits February 10, 2026 13:21
@tamirkamara
remove use_cli
6669c91
@tamirkamara
Update CHANGELOG.md
c1ead67 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@tamirkamara
Copy link
Collaborator Author

tamirkamara commented Feb 10, 2026

/test

@github-actions
Copy link

github-actions bot commented Feb 10, 2026

🤖 pr-bot 🤖

🏃 Running tests: https://github.com/microsoft/AzureTRE/actions/runs/21866719591 (with refid 8680660d)

(in response to this comment from @tamirkamara)

JC-wk
JC-wk approved these changes Feb 10, 2026
View reviewed changes
Copy link
Collaborator

@JC-wk JC-wk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

makes sense to me

@tamirkamara tamirkamara merged commit 7e58d31 into main Feb 10, 2026
14 checks passed
@tamirkamara tamirkamara deleted the tamirkamara/oidc-to-devcontainer branch February 10, 2026 14:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@marrobi marrobi marrobi approved these changes

@JC-wk JC-wk JC-wk approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tamirkamara @marrobi @JC-wk