[Feature Request] BREAKING change: Discuss CI environment secrets naming #1565
Description
Description
This discussion needs to take place before issues #1450 #1465 #1085
- [Feature Request] BREAKING change: Authenticate to Azure from GH with OpenID Connect #1450 Leverage same naming documented here https://docs.microsoft.com/en-us/azure/azure-resource-manager/bicep/deploy-github-actions?tabs=openid%2CCLI#configure-the-github-secrets
GitHub/ADO Secret Active Directory Application AZURE_CLIENT_ID Application (client) ID AZURE_TENANT_ID Directory (tenant) ID AZURE_SUBSCRIPTION_ID Subscription ID - [Feature Request] BREAKING change: Rename
DEPLOYMENT_SP_IDtoDEPLOYMENT_SPN_ENTAPP_OBJID#1465 Discuss a name consistent with the above - [Feature Request] BREAKING change: Add options to split validation and publication resources #1085 Discuss if we want the same SP to deploy to both subscriptions (requires ownership on both) or if we want to support 2 different SP each mapped to a different subscription. Depending on that decision:
- 2 subs, 1 SP -> the subscription secret decided above needs to be duplicated, e.g. AZURE_SUBSCRIPTION_ID_VALIDATION, AZURE_SUBSCRIPTION_ID_PUBLISHING
- 2 subs, 2 SPs -> Also AZURE_CLIENT_ID need to be duplicated e.g. AZURE_CLIENT_ID_VALIDATION, AZURE_CLIENT_ID_PUBLISHING. Secret decided at point 2 doesn't need to be duplicated since it's only used for validation purposes