Skip to content

azurerm_container_registry - Deprecated trust_policy_enabled #19416

azurerm_container_registry - Deprecated trust_policy_enabled

azurerm_container_registry - Deprecated trust_policy_enabled #19416

Workflow file for this run

---
name: Provider Tests
on:
pull_request:
types: ["opened", "synchronize"]
paths:
- '.github/workflows/provider-test.yaml'
- 'internal/**.go'
- 'vendor/github.com/hashicorp/go-azure-sdk/sdk/auth/**'
- 'vendor/github.com/hashicorp/go-azure-sdk/sdk/environments/**'
permissions:
contents: read
id-token: write
pull-requests: write
jobs:
secrets-check:
runs-on: ubuntu-latest
outputs:
available: "${{ steps.check-secrets.outputs.available }}"
steps:
# we check for the ACTIONS_ID_TOKEN_REQUEST_URL variable as a proxy for other secrets
# it will be unset when running for a PR from a fork, in which case we don't run these tests
- id: check-secrets
run: |
if [[ "${ACTIONS_ID_TOKEN_REQUEST_URL}" == "" ]]; then
echo "available=false" | tee ${GITHUB_OUTPUT}
else
echo "available=true" | tee ${GITHUB_OUTPUT}
fi
provider-tests:
runs-on: custom-linux-large
needs: [secrets-check]
if: needs.secrets-check.outputs.available == 'true'
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Install Go
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6
with:
go-version-file: ./.go-version
- name: Azure CLI login (using OIDC)
uses: azure/login@532459ea530d8321f2fb9bb10d1e0bcf23869a43 # v3
with:
client-id: ${{ secrets.ARM_CLIENT_ID }}
tenant-id: ${{ secrets.ARM_TENANT_ID }}
subscription-id: ${{ secrets.ARM_SUBSCRIPTION_ID }}
allow-no-subscriptions: true
- name: Set OIDC Token
run: |
echo "ARM_OIDC_TOKEN=$(curl -H "Accept: application/json; api-version=2.0" -H "Authorization: Bearer ${ACTIONS_ID_TOKEN_REQUEST_TOKEN}" -H "Content-Type: application/json" -G --data-urlencode "audience=api://AzureADTokenExchange" "${ACTIONS_ID_TOKEN_REQUEST_URL}" | jq -r '.value')" >>${GITHUB_ENV}
- name: Set OIDC Token File Path
run: echo "${ARM_OIDC_TOKEN}" >"${RUNNER_TEMP}/oidc-token.jwt" && echo "ARM_OIDC_TOKEN_FILE_PATH=${RUNNER_TEMP}/oidc-token.jwt" >>${GITHUB_ENV}
- name: Set Client ID Path
run: echo "${{ secrets.ARM_CLIENT_ID }}" >"${RUNNER_TEMP}/client-id" && echo "ARM_CLIENT_ID_PATH=${RUNNER_TEMP}/client-id" >>${GITHUB_ENV}
- name: Set Client Secret Path
run: echo "${{ secrets.ARM_CLIENT_SECRET }}" >"${RUNNER_TEMP}/client-secret" && echo "ARM_CLIENT_SECRET_PATH=${RUNNER_TEMP}/client-secret" >>${GITHUB_ENV}
- name: Run provider tests
run: make testacc TEST=./internal/provider TESTARGS="-run '^TestAcc'"
env:
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
ARM_CLIENT_CERTIFICATE: ${{ secrets.ARM_CLIENT_CERTIFICATE }}
ARM_CLIENT_CERTIFICATE_PASSWORD: ${{ secrets.ARM_CLIENT_CERTIFICATE_PASSWORD }}
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
- name: Clean Up OIDC Token File Path
run: rm -f "${RUNNER_TEMP}/oidc-token.jwt"
if: always()
- name: Clean Up Client ID Path
run: rm -f "${RUNNER_TEMP}/client-id"
if: always()
- name: Clean Up Client Secret Path
run: rm -f "${RUNNER_TEMP}/client-secret"
if: always()
save-artifacts-on-fail:
needs: provider-tests
if: ${{ failure() }}
uses: ./.github/workflows/save-artifacts.yaml
comment-on-fail:

Check failure on line 92 in .github/workflows/provider-test.yaml

View workflow run for this annotation

GitHub Actions / Provider Tests

Invalid workflow file

The workflow is not valid. .github/workflows/provider-test.yaml (Line: 92, Col: 3): Error calling workflow 'hashicorp/terraform-provider-azurerm/.github/workflows/comment-ci-failure.yaml@d072431c723c6dcc06a2854a0cbc85917fe3cb58'. The workflow is requesting 'issues: write', but is only allowed 'issues: none'.
needs: provider-tests
if: ${{ failure() }}
uses: ./.github/workflows/comment-ci-failure.yaml
comment-outdated-on-pass:
needs: provider-tests
if: ${{ success() }}
uses: ./.github/workflows/comment-ci-failure-outdated.yaml