fix: Inject tenantId from secrets into Bicep parameters

- Add parameter preparation step in workflow templates to merge tenantId from secrets
- Remove tenantId from job outputs (secrets can't be passed through outputs)
- Use jq to merge user parameters with tenantId before deployment
- Fixes double-slash in OpenID config URL (https://login.microsoftonline.com//v2.0)

Author: willvelida

.github/workflows/deploy-activity-api.yml

@@ -32,7 +32,7 @@ jobs:
     run-unit-tests:
           name: Run Unit Tests with Coverage
           needs: env-setup
-          uses: willvelida/biotrackr/.github/workflows/template-dotnet-run-unit-tests.yml@main
+          uses: willvelida/biotrackr/.github/workflows/template-dotnet-run-unit-tests.yml@013-apim-managed-identity
           with:
             dotnet-version: ${{ needs.env-setup.outputs.dotnet-version }}
             working-directory: ./src/Biotrackr.Activity.Api/Biotrackr.Activity.Api.UnitTests
@@ -42,7 +42,7 @@ jobs:
     run-contract-tests:
           name: Run API Contract Tests
           needs: env-setup
-          uses: willvelida/biotrackr/.github/workflows/template-dotnet-run-contract-tests.yml@main
+          uses: willvelida/biotrackr/.github/workflows/template-dotnet-run-contract-tests.yml@013-apim-managed-identity
           with:
             dotnet-version: ${{ needs.env-setup.outputs.dotnet-version }}
             working-directory: ./src/Biotrackr.Activity.Api/Biotrackr.Activity.Api.IntegrationTests
@@ -51,7 +51,7 @@ jobs:
     build-container-image-dev:
           name: Build and Push Container Image
           needs: [run-unit-tests, run-contract-tests]
-          uses: willvelida/biotrackr/.github/workflows/template-acr-push-image.yml@main
+          uses: willvelida/biotrackr/.github/workflows/template-acr-push-image.yml@013-apim-managed-identity
           with:
             working-directory: ./src/Biotrackr.Activity.Api
             app-name: biotrackr-activity-api
@@ -67,7 +67,6 @@ jobs:
         runs-on: ubuntu-latest
         outputs:
           loginServer: ${{ steps.get-acr-server.outputs.loginServer }}
-          tenantId: ${{ secrets.AZURE_TENANT_ID }}
         steps:
           - name: Azure login
             uses: azure/login@v2
@@ -85,17 +84,17 @@ jobs:
     lint:
         name: Run Bicep Linter
         needs: retrieve-container-image-dev
-        uses: willvelida/biotrackr/.github/workflows/template-bicep-linter.yml@main
+        uses: willvelida/biotrackr/.github/workflows/template-bicep-linter.yml@013-apim-managed-identity
         with:
             template-file: './infra/apps/activity-api/main.bicep'
 
     validate:
         name: Validate Template
         needs: [lint, retrieve-container-image-dev]
-        uses: willvelida/biotrackr/.github/workflows/template-bicep-validate.yml@main
+        uses: willvelida/biotrackr/.github/workflows/template-bicep-validate.yml@013-apim-managed-identity
         with:
           template-file: './infra/apps/activity-api/main.bicep'
-          parameters-file: ./infra/apps/activity-api/main.dev.bicepparam
+          parameters-file: ./infra/apps/activity-api/main.dev.bicepparam 
           parameters: '{"imageName": "${{ needs.retrieve-container-image-dev.outputs.loginServer }}/biotrackr-activity-api:${{ github.sha }}"}'
           scope: resourceGroup
         secrets:
@@ -107,12 +106,12 @@ jobs:
     preview:
         name: Preview Changes
         needs: [validate, retrieve-container-image-dev]
-        uses: willvelida/biotrackr/.github/workflows/template-bicep-whatif.yml@main
+        uses: willvelida/biotrackr/.github/workflows/template-bicep-whatif.yml@013-apim-managed-identity
         with:
           scope: resourceGroup
           template-file: './infra/apps/activity-api/main.bicep'
           parameters-file: ./infra/apps/activity-api/main.dev.bicepparam
-          parameters: '{"imageName": "${{ needs.retrieve-container-image-dev.outputs.loginServer }}/biotrackr-activity-api:${{ github.sha }}", "tenantId": "${{ needs.retrieve-container-image-dev.outputs.tenantId }}"}'
+          parameters: '{"imageName": "${{ needs.retrieve-container-image-dev.outputs.loginServer }}/biotrackr-activity-api:${{ github.sha }}"}'
         secrets:
           client-id: ${{ secrets.AZURE_CLIENT_ID }}
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
@@ -122,11 +121,11 @@ jobs:
     deploy-dev:
         name: Deploy Template to Dev
         needs: [preview, retrieve-container-image-dev]
-        uses: willvelida/biotrackr/.github/workflows/template-bicep-deploy.yml@main
+        uses: willvelida/biotrackr/.github/workflows/template-bicep-deploy.yml@013-apim-managed-identity
         with:
           template-file: './infra/apps/activity-api/main.bicep'
           parameters-file: ./infra/apps/activity-api/main.dev.bicepparam
-          parameters: '{"imageName": "${{ needs.retrieve-container-image-dev.outputs.loginServer }}/biotrackr-activity-api:${{ github.sha }}", "tenantId": "${{ needs.retrieve-container-image-dev.outputs.tenantId }}"}'
+          parameters: '{"imageName": "${{ needs.retrieve-container-image-dev.outputs.loginServer }}/biotrackr-activity-api:${{ github.sha }}"}'
           scope: resourceGroup
           environment: dev
         secrets:
@@ -138,7 +137,7 @@ jobs:
     run-e2e-tests:
         name: Run E2E Tests Against Dev
         needs: [deploy-dev, env-setup]
-        uses: willvelida/biotrackr/.github/workflows/template-dotnet-run-e2e-tests.yml@main
+        uses: willvelida/biotrackr/.github/workflows/template-dotnet-run-e2e-tests.yml@013-apim-managed-identity
         with:
           dotnet-version: ${{ needs.env-setup.outputs.dotnet-version }}
           working-directory: ./src/Biotrackr.Activity.Api/Biotrackr.Activity.Api.IntegrationTests

.github/workflows/deploy-food-api.yml

@@ -32,7 +32,7 @@ jobs:
     run-unit-tests:
           name: Run Unit Tests with Coverage
           needs: env-setup
-          uses: willvelida/biotrackr/.github/workflows/template-dotnet-run-unit-tests.yml@main
+          uses: willvelida/biotrackr/.github/workflows/template-dotnet-run-unit-tests.yml@013-apim-managed-identity
           with:
             dotnet-version: ${{ needs.env-setup.outputs.dotnet-version }}
             working-directory: ./src/Biotrackr.Food.Api/Biotrackr.Food.Api.UnitTests
@@ -42,7 +42,7 @@ jobs:
     run-contract-tests:
           name: Run API Contract Tests
           needs: env-setup
-          uses: willvelida/biotrackr/.github/workflows/template-dotnet-run-contract-tests.yml@main
+          uses: willvelida/biotrackr/.github/workflows/template-dotnet-run-contract-tests.yml@013-apim-managed-identity
           with:
             dotnet-version: ${{ needs.env-setup.outputs.dotnet-version }}
             working-directory: ./src/Biotrackr.Food.Api/Biotrackr.Food.Api.IntegrationTests
@@ -51,7 +51,7 @@ jobs:
     build-container-image-dev:
           name: Build and Push Container Image
           needs: [run-unit-tests, run-contract-tests]
-          uses: willvelida/biotrackr/.github/workflows/template-acr-push-image.yml@main
+          uses: willvelida/biotrackr/.github/workflows/template-acr-push-image.yml@013-apim-managed-identity
           with:
             working-directory: ./src/Biotrackr.Food.Api
             app-name: biotrackr-food-api
@@ -67,7 +67,6 @@ jobs:
         runs-on: ubuntu-latest
         outputs:
           loginServer: ${{ steps.get-acr-server.outputs.loginServer }}
-          tenantId: ${{ secrets.AZURE_TENANT_ID }}
         steps:
           - name: Azure login
             uses: azure/login@v2
@@ -85,18 +84,18 @@ jobs:
     lint:
         name: Run Bicep Linter
         needs: retrieve-container-image-dev
-        uses: willvelida/biotrackr/.github/workflows/template-bicep-linter.yml@main
+        uses: willvelida/biotrackr/.github/workflows/template-bicep-linter.yml@013-apim-managed-identity
         with:
             template-file: './infra/apps/food-api/main.bicep'
 
     validate:
         name: Validate Template
         needs: [lint, retrieve-container-image-dev]
-        uses: willvelida/biotrackr/.github/workflows/template-bicep-validate.yml@main
+        uses: willvelida/biotrackr/.github/workflows/template-bicep-validate.yml@013-apim-managed-identity
         with:
           template-file: './infra/apps/food-api/main.bicep'
-          parameters-file: ./infra/apps/food-api/main.dev.bicepparam
-          parameters: '{"imageName": "${{ needs.retrieve-container-image-dev.outputs.loginServer }}/biotrackr-food-api:${{ github.sha }}", "tenantId": "${{ needs.retrieve-container-image-dev.outputs.tenantId }}"}'
+          parameters-file: ./infra/apps/food-api/main.dev.bicepparam 
+          parameters: '{"imageName": "${{ needs.retrieve-container-image-dev.outputs.loginServer }}/biotrackr-food-api:${{ github.sha }}"}'
           scope: resourceGroup
         secrets:
           client-id: ${{ secrets.AZURE_CLIENT_ID }}
@@ -107,12 +106,12 @@ jobs:
     preview:
         name: Preview Changes
         needs: [validate, retrieve-container-image-dev]
-        uses: willvelida/biotrackr/.github/workflows/template-bicep-whatif.yml@main
+        uses: willvelida/biotrackr/.github/workflows/template-bicep-whatif.yml@013-apim-managed-identity
         with:
           scope: resourceGroup
           template-file: './infra/apps/food-api/main.bicep'
           parameters-file: ./infra/apps/food-api/main.dev.bicepparam
-          parameters: '{"imageName": "${{ needs.retrieve-container-image-dev.outputs.loginServer }}/biotrackr-food-api:${{ github.sha }}", "tenantId": "${{ needs.retrieve-container-image-dev.outputs.tenantId }}"}'
+          parameters: '{"imageName": "${{ needs.retrieve-container-image-dev.outputs.loginServer }}/biotrackr-food-api:${{ github.sha }}"}'
         secrets:
           client-id: ${{ secrets.AZURE_CLIENT_ID }}
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
@@ -122,11 +121,11 @@ jobs:
     deploy-dev:
         name: Deploy Template to Dev
         needs: [preview, retrieve-container-image-dev]
-        uses: willvelida/biotrackr/.github/workflows/template-bicep-deploy.yml@main
+        uses: willvelida/biotrackr/.github/workflows/template-bicep-deploy.yml@013-apim-managed-identity
         with:
           template-file: './infra/apps/food-api/main.bicep'
           parameters-file: ./infra/apps/food-api/main.dev.bicepparam
-          parameters: '{"imageName": "${{ needs.retrieve-container-image-dev.outputs.loginServer }}/biotrackr-food-api:${{ github.sha }}", "tenantId": "${{ needs.retrieve-container-image-dev.outputs.tenantId }}"}'
+          parameters: '{"imageName": "${{ needs.retrieve-container-image-dev.outputs.loginServer }}/biotrackr-food-api:${{ github.sha }}"}'
           scope: resourceGroup
           environment: dev
         secrets:
@@ -138,7 +137,7 @@ jobs:
     run-e2e-tests:
         name: Run E2E Tests Against Dev
         needs: [deploy-dev, env-setup]
-        uses: willvelida/biotrackr/.github/workflows/template-dotnet-run-e2e-tests.yml@main
+        uses: willvelida/biotrackr/.github/workflows/template-dotnet-run-e2e-tests.yml@013-apim-managed-identity
         with:
           dotnet-version: ${{ needs.env-setup.outputs.dotnet-version }}
           working-directory: ./src/Biotrackr.Food.Api/Biotrackr.Food.Api.IntegrationTests

.github/workflows/deploy-sleep-api.yml

@@ -35,7 +35,7 @@ jobs:
     run-unit-tests:
           name: Run Unit Tests with Coverage
           needs: env-setup
-          uses: willvelida/biotrackr/.github/workflows/template-dotnet-run-unit-tests.yml@main
+          uses: willvelida/biotrackr/.github/workflows/template-dotnet-run-unit-tests.yml@013-apim-managed-identity
           with:
             dotnet-version: ${{ needs.env-setup.outputs.dotnet-version }}
             working-directory: ./src/Biotrackr.Sleep.Api/Biotrackr.Sleep.Api.UnitTests
@@ -45,7 +45,7 @@ jobs:
     run-contract-tests:
           name: Run API Contract Tests
           needs: env-setup
-          uses: willvelida/biotrackr/.github/workflows/template-dotnet-run-contract-tests.yml@main
+          uses: willvelida/biotrackr/.github/workflows/template-dotnet-run-contract-tests.yml@013-apim-managed-identity
           with:
             dotnet-version: ${{ needs.env-setup.outputs.dotnet-version }}
             working-directory: ./src/Biotrackr.Sleep.Api/Biotrackr.Sleep.Api.IntegrationTests
@@ -83,7 +83,6 @@ jobs:
         runs-on: ubuntu-latest
         outputs:
           loginServer: ${{ steps.get-acr-server.outputs.loginServer }}
-          tenantId: ${{ secrets.AZURE_TENANT_ID }}
         steps:
           - name: Azure login
             uses: azure/login@v2
@@ -101,18 +100,18 @@ jobs:
     lint:
         name: Run Bicep Linter
         needs: retrieve-container-image-dev
-        uses: willvelida/biotrackr/.github/workflows/template-bicep-linter.yml@main
+        uses: willvelida/biotrackr/.github/workflows/template-bicep-linter.yml@013-apim-managed-identity
         with:
             template-file: './infra/apps/sleep-api/main.bicep'
 
     validate:
         name: Validate Template
         needs: [lint, retrieve-container-image-dev]
-        uses: willvelida/biotrackr/.github/workflows/template-bicep-validate.yml@main
+        uses: willvelida/biotrackr/.github/workflows/template-bicep-validate.yml@013-apim-managed-identity
         with:
           template-file: './infra/apps/sleep-api/main.bicep'
-          parameters-file: ./infra/apps/sleep-api/main.dev.bicepparam
-          parameters: '{"imageName": "${{ needs.retrieve-container-image-dev.outputs.loginServer }}/biotrackr-sleep-api:${{ github.sha }}", "tenantId": "${{ needs.retrieve-container-image-dev.outputs.tenantId }}"}'
+          parameters-file: ./infra/apps/sleep-api/main.dev.bicepparam 
+          parameters: '{"imageName": "${{ needs.retrieve-container-image-dev.outputs.loginServer }}/biotrackr-sleep-api:${{ github.sha }}"}'
           scope: resourceGroup
         secrets:
           client-id: ${{ secrets.AZURE_CLIENT_ID }}
@@ -123,11 +122,11 @@ jobs:
     preview:
         name: Preview Changes
         needs: [validate, retrieve-container-image-dev]
-        uses: willvelida/biotrackr/.github/workflows/template-bicep-whatif.yml@main
+        uses: willvelida/biotrackr/.github/workflows/template-bicep-whatif.yml@013-apim-managed-identity
         with:
           template-file: './infra/apps/sleep-api/main.bicep'
           parameters-file: ./infra/apps/sleep-api/main.dev.bicepparam
-          parameters: '{"imageName": "${{ needs.retrieve-container-image-dev.outputs.loginServer }}/biotrackr-sleep-api:${{ github.sha }}", "tenantId": "${{ needs.retrieve-container-image-dev.outputs.tenantId }}"}'
+          parameters: '{"imageName": "${{ needs.retrieve-container-image-dev.outputs.loginServer }}/biotrackr-sleep-api:${{ github.sha }}"}'
           scope: resourceGroup
         secrets:
           client-id: ${{ secrets.AZURE_CLIENT_ID }}
@@ -138,11 +137,11 @@ jobs:
     deploy-dev:
         name: Deploy Template to Dev
         needs: [preview, retrieve-container-image-dev]
-        uses: willvelida/biotrackr/.github/workflows/template-bicep-deploy.yml@main
+        uses: willvelida/biotrackr/.github/workflows/template-bicep-deploy.yml@013-apim-managed-identity
         with:
           template-file: './infra/apps/sleep-api/main.bicep'
           parameters-file: ./infra/apps/sleep-api/main.dev.bicepparam
-          parameters: '{"imageName": "${{ needs.retrieve-container-image-dev.outputs.loginServer }}/biotrackr-sleep-api:${{ github.sha }}", "tenantId": "${{ needs.retrieve-container-image-dev.outputs.tenantId }}"}'
+          parameters: '{"imageName": "${{ needs.retrieve-container-image-dev.outputs.loginServer }}/biotrackr-sleep-api:${{ github.sha }}"}'
           scope: resourceGroup
           environment: dev
         secrets: