{"id":20811,"date":"2023-05-02T16:11:31","date_gmt":"2023-05-02T12:41:31","guid":{"rendered":"https:\/\/nabfollower.com\/blog\/azure-workload-identity-federation-and-github-actions-pf7\/"},"modified":"2023-05-02T16:11:31","modified_gmt":"2023-05-02T12:41:31","slug":"azure-workload-identity-federation-and-github-actions-pf7","status":"publish","type":"post","link":"https:\/\/nabfollower.com\/blog\/azure-workload-identity-federation-and-github-actions-pf7\/","title":{"rendered":"Azure Workload Identity Federation \u0648 GitHub Actions"},"content":{"rendered":"<div data-article-id=\"1451468\" id=\"article-body\">\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter-rtl ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">\u0641\u0647\u0631\u0633\u062a \u0645\u0637\u0627\u0644\u0628<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/nabfollower.com\/blog\/azure-workload-identity-federation-and-github-actions-pf7\/#%D8%B2%D9%86%D8%AF%DA%AF%DB%8C_%D8%B3%D8%AE%D8%AA_%DB%8C%DA%A9_GitHub_Action\" >\u0632\u0646\u062f\u06af\u06cc \u0633\u062e\u062a \u06cc\u06a9 GitHub Action<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/nabfollower.com\/blog\/azure-workload-identity-federation-and-github-actions-pf7\/#%D8%AF%D8%B1_%D8%A7%D8%A8%D8%AA%D8%AF%D8%A7_%D9%85%D8%AF%DB%8C%D8%B1_%D8%B3%D8%B1%D9%88%DB%8C%D8%B3_%D8%A7%D8%B3%D8%AA\" >\u062f\u0631 \u0627\u0628\u062a\u062f\u0627 \u0645\u062f\u06cc\u0631 \u0633\u0631\u0648\u06cc\u0633 \u0627\u0633\u062a<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/nabfollower.com\/blog\/azure-workload-identity-federation-and-github-actions-pf7\/#%D8%A7%D8%B3%D8%AA%D9%81%D8%A7%D8%AF%D9%87_%D8%A7%D8%B2_%D8%B1%D8%A7%D8%B2%D9%87%D8%A7_%D8%AF%D8%B1_GitHub_Actions\" >\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0631\u0627\u0632\u0647\u0627 \u062f\u0631 GitHub Actions<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/nabfollower.com\/blog\/azure-workload-identity-federation-and-github-actions-pf7\/#%D9%81%D8%AF%D8%B1%D8%A7%D8%B3%DB%8C%D9%88%D9%86_%D9%87%D9%88%DB%8C%D8%AA_%D8%AD%D8%AC%D9%85_%DA%A9%D8%A7%D8%B1\" >\u0641\u062f\u0631\u0627\u0633\u06cc\u0648\u0646 \u0647\u0648\u06cc\u062a \u062d\u062c\u0645 \u06a9\u0627\u0631<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"%D8%B2%D9%86%D8%AF%DA%AF%DB%8C_%D8%B3%D8%AE%D8%AA_%DB%8C%DA%A9_GitHub_Action\"><\/span>\n<p>  \u0632\u0646\u062f\u06af\u06cc \u0633\u062e\u062a \u06cc\u06a9 GitHub Action<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>GitHub Actions (\u0627\u0633\u0646\u0627\u062f \u062f\u0631 \u0627\u06cc\u0646\u062c\u0627) \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0631\u0627\u06cc \u0627\u06cc\u062c\u0627\u062f \u06a9\u0644 \u0645\u062d\u06cc\u0637 \u062f\u0631 Azure \u0648 \u0628\u0647 \u0637\u0648\u0631 \u06a9\u0644\u06cc\u060c \u062a\u0639\u0627\u0645\u0644 \u0628\u0627 \u067e\u0644\u062a \u0641\u0631\u0645 Azure \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0634\u0648\u062f.<br \/>\u0627\u0645\u0627 GitHub Actions \u062e\u0627\u0631\u062c \u0627\u0632 \u0645\u0633\u062a\u0627\u062c\u0631 Azure \u0634\u0645\u0627 (&#8220;\u067e\u0627\u062f\u0634\u0627\u0647\u06cc&#8221; \u0634\u0645\u0627) \u0627\u062c\u0631\u0627 \u0645\u06cc \u0634\u0648\u062f \u0648 \u0628\u0647 \u0647\u0645\u06cc\u0646 \u062f\u0644\u06cc\u0644 \u0628\u0627\u06cc\u062f \u062a\u0648\u0633\u0637 Azure Active Directory \u0634\u0645\u0627 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0634\u0648\u062f \u0648 \u0645\u0627\u0646\u0646\u062f \u0647\u0645\u0647 \u0628\u0631\u0646\u0627\u0645\u0647 \u0647\u0627\u06cc\u06cc \u06a9\u0647 \u062e\u0627\u0631\u062c \u0627\u0632 \u0645\u0633\u062a\u0627\u062c\u0631 \u0634\u0645\u0627 \u0627\u062c\u0631\u0627 \u0645\u06cc \u0634\u0648\u0646\u062f\u060c \u0645\u06cc \u062a\u0648\u0627\u0646\u0646\u062f \u0627\u0632 \u06cc\u06a9 Service Principal \u0628\u0631\u0627\u06cc \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u0646\u062f.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"%D8%AF%D8%B1_%D8%A7%D8%A8%D8%AA%D8%AF%D8%A7_%D9%85%D8%AF%DB%8C%D8%B1_%D8%B3%D8%B1%D9%88%DB%8C%D8%B3_%D8%A7%D8%B3%D8%AA\"><\/span>\n<p>  \u062f\u0631 \u0627\u0628\u062a\u062f\u0627 \u0645\u062f\u06cc\u0631 \u0633\u0631\u0648\u06cc\u0633 \u0627\u0633\u062a<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u0627\u0648\u0644\u06cc\u0646 \u0642\u062f\u0645\u06cc \u06a9\u0647 \u0628\u0627\u06cc\u062f \u0628\u0631\u0627\u06cc \u0627\u06cc\u0645\u0646 \u0633\u0627\u0632\u06cc \u0627\u06a9\u0634\u0646 \u0647\u0627\u06cc GitHub \u062e\u0648\u062f \u062f\u0631 Azure \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u06cc\u062f\u060c \u0627\u06cc\u062c\u0627\u062f \u06cc\u06a9 Service Principal \u0627\u0633\u062a.<br \/>\u0634\u0645\u0627 \u0631\u0627\u0647 \u0647\u0627\u06cc \u0645\u062e\u062a\u0644\u0641\u06cc \u0628\u0631\u0627\u06cc \u0627\u0646\u062c\u0627\u0645 \u0627\u06cc\u0646 \u06a9\u0627\u0631 \u062f\u0627\u0631\u06cc\u062f\u060c \u0627\u0645\u0627 \u0627\u06af\u0631 \u0645\u06cc \u062e\u0648\u0627\u0647\u06cc\u062f \u0627\u0632 \u067e\u0648\u0631\u062a\u0627\u0644 Azure \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f\u060c \u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u062f \u0627\u0632 \u0635\u0641\u062d\u0647 \u0627\u06a9\u062a\u06cc\u0648 \u062f\u0627\u06cc\u0631\u06a9\u062a\u0648\u0631\u06cc \u0634\u0631\u0648\u0639 \u06a9\u0646\u06cc\u062f\u060c <em>&#8220;\u062b\u0628\u062a \u0628\u0631\u0646\u0627\u0645\u0647&#8221;<\/em> \u062a\u06cc\u063a\u0647 \u0648 <em>&#8220;\u062b\u0628\u062a \u0646\u0627\u0645 \u062c\u062f\u06cc\u062f&#8221;<\/em> \u062f\u06a9\u0645\u0647:<\/p>\n<p><\/p>\n<p>\u067e\u0648\u0631\u062a\u0627\u0644 Azure \u0628\u0627\u0632 \u0645\u06cc \u0634\u0648\u062f <em>&#8220;\u062b\u0628\u062a \u062f\u0631\u062e\u0648\u0627\u0633\u062a&#8221;<\/em> \u0635\u0641\u062d\u0647 \u0648 \u062a\u0646\u0647\u0627 \u06a9\u0627\u0631\u06cc \u06a9\u0647 \u0628\u0627\u06cc\u062f \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u06cc\u062f \u0627\u06cc\u0646 \u0627\u0633\u062a \u06a9\u0647 \u06cc\u06a9 \u0646\u0627\u0645 \u0628\u0647 Principal Service \u062e\u0648\u062f \u0628\u062f\u0647\u06cc\u062f \u0648 \u0631\u0648\u06cc \u0622\u0646 \u06a9\u0644\u06cc\u06a9 \u06a9\u0646\u06cc\u062f <em>&#8220;\u062b\u0628\u062a \u0646\u0627\u0645&#8221;<\/em> \u062f\u06a9\u0645\u0647.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/nabfollower.com\/blog\/wp-content\/uploads\/2023\/05\/1683031290_25_Azure-Workload-Identity-Federation-\u0648-GitHub-Actions.png\" alt=\"\u0635\u0641\u062d\u0647 \u0627\u06cc\u062c\u0627\u062f \u0633\u0631\u0648\u06cc\u0633 \u0627\u0635\u0644\u06cc\" loading=\"lazy\" width=\"800\" height=\"614\" title=\"\"><\/p>\n<p>\u062f\u0631 \u06cc\u06a9 \u062f\u0642\u06cc\u0642\u0647\u060c \u0634\u0645\u0627 Principal Service \u062e\u0648\u062f \u0631\u0627 \u062e\u0648\u0627\u0647\u06cc\u062f \u062f\u0627\u0634\u062a \u0648 \u067e\u0648\u0631\u062a\u0627\u0644 \u0622\u0646 \u0631\u0627 \u0628\u0647 \u0634\u0645\u0627 \u0646\u0634\u0627\u0646 \u0645\u06cc \u062f\u0647\u062f <em>&#8220;\u0628\u0631\u0631\u0633\u06cc \u0627\u062c\u0645\u0627\u0644\u06cc&#8221;<\/em> \u0635\u0641\u062d\u0647 \u0627\u06cc \u06a9\u0647 \u062f\u0631 \u0622\u0646 \u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u062f \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0645\u0641\u06cc\u062f\u06cc \u0628\u0631\u0627\u06cc \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u0627\u06a9\u0634\u0646 \u0647\u0627\u06cc GitHub \u062e\u0648\u062f \u067e\u06cc\u062f\u0627 \u06a9\u0646\u06cc\u062f.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/nabfollower.com\/blog\/wp-content\/uploads\/2023\/05\/1683031290_901_Azure-Workload-Identity-Federation-\u0648-GitHub-Actions.png\" alt=\"\u0635\u0641\u062d\u0647 \u0646\u0645\u0627\u06cc \u06a9\u0644\u06cc \u0633\u0631\u0648\u06cc\u0633 \u0627\u0635\u0644\u06cc\" loading=\"lazy\" width=\"800\" height=\"493\" title=\"\"><\/p>\n<p>\u0645\u062a\u0623\u0633\u0641\u0627\u0646\u0647\u060c \u0627\u0635\u0644 \u062e\u062f\u0645\u0627\u062a \u0628\u0647 \u062a\u0646\u0647\u0627\u06cc\u06cc \u0628\u0631\u0627\u06cc \u0631\u0633\u06cc\u062f\u0646 \u0628\u0647 \u0647\u062f\u0641 \u0645\u0627 \u06a9\u0627\u0641\u06cc \u0646\u06cc\u0633\u062a.  \u0645\u0627 \u0628\u0627\u06cc\u062f \u06cc\u06a9 \u0631\u0627\u0632 \u0631\u0627 \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u06cc\u0645 \u06a9\u0647 Actions \u0645\u0627 \u0628\u0627\u06cc\u062f \u0628\u062f\u0627\u0646\u062f \u062a\u0627 \u0628\u062a\u0648\u0627\u0646\u062f \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0634\u0648\u062f\u060c \u0648 \u06cc\u06a9 \u0646\u0642\u0634 RBAC (\u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0628\u06cc\u0634\u062a\u0631 \u062f\u0631 \u0627\u06cc\u0646\u062c\u0627) \u0628\u0631\u0627\u06cc \u0645\u062f\u06cc\u0631 \u0633\u0631\u0648\u06cc\u0633 \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u06cc\u0645 \u062a\u0627 \u0645\u062c\u0648\u0632\u0647\u0627\u06cc \u0645\u0646\u0627\u0633\u0628 \u0628\u0631\u0627\u06cc \u0645\u062f\u06cc\u0631\u06cc\u062a \u0645\u0646\u0627\u0628\u0639 \u062f\u0631 \u0627\u0634\u062a\u0631\u0627\u06a9\u200c\u0647\u0627\u06cc \u0645\u0627 \u0631\u0627 \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f.<\/p>\n<p>\u0627\u0646\u062c\u0627\u0645 \u0647\u0631 \u062f\u0648 \u0627\u06cc\u0646 \u0639\u0645\u0644\u06cc\u0627\u062a \u0622\u0633\u0627\u0646 \u0627\u0633\u062a: \u0628\u0631\u0627\u06cc \u0627\u06cc\u062c\u0627\u062f \u06cc\u06a9 \u0631\u0627\u0632 \u0628\u0631\u0627\u06cc \u0645\u062f\u06cc\u0631 \u0633\u0631\u0648\u06cc\u0633\u060c \u0628\u0627\u06cc\u062f \u0631\u0648\u06cc \u0622\u0646 \u06a9\u0644\u06cc\u06a9 \u06a9\u0646\u06cc\u062f <em>&#8220;\u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 \u0647\u0627 \u0648 \u0627\u0633\u0631\u0627\u0631&#8221;<\/em> \u062a\u06cc\u063a\u0647 \u0631\u0627 \u0628\u0627\u0632 \u06a9\u0646\u06cc\u062f <em>&#8220;\u0631\u0627\u0632\u0647\u0627\u06cc \u0645\u0634\u062a\u0631\u06cc&#8221;<\/em> \u0631\u0627 \u0628\u0631\u06af\u0647 \u0648 \u0631\u0648\u06cc \u0622\u0646 \u06a9\u0644\u06cc\u06a9 \u06a9\u0646\u06cc\u062f <em>&#8220;\u0631\u0627\u0632 \u0645\u0634\u062a\u0631\u06cc \u062c\u062f\u06cc\u062f&#8221;<\/em> \u062f\u06a9\u0645\u0647.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/nabfollower.com\/blog\/wp-content\/uploads\/2023\/05\/1683031290_337_Azure-Workload-Identity-Federation-\u0648-GitHub-Actions.png\" alt=\"\u0635\u0641\u062d\u0647 \u06af\u0648\u0627\u0647\u06cc \u0647\u0627 \u0648 \u0627\u0633\u0631\u0627\u0631\" loading=\"lazy\" width=\"800\" height=\"477\" title=\"\"><\/p>\n<p>\u0628\u0631\u0627\u06cc \u0627\u0641\u0632\u0648\u062f\u0646 \u0631\u0627\u0632 \u062c\u062f\u06cc\u062f\u060c \u0641\u0642\u0637 \u062a\u0648\u0636\u06cc\u062d\u0627\u062a \u0631\u0627 \u0648\u06cc\u0631\u0627\u06cc\u0634 \u06a9\u0646\u06cc\u062f (\u0645\u0646 \u067e\u06cc\u0634\u0646\u0647\u0627\u062f \u0645\u06cc \u06a9\u0646\u0645 \u0627\u0632 \u062a\u0648\u0636\u06cc\u062d\u0627\u062a\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f \u06a9\u0647 \u06a9\u0648\u062a\u0627\u0647 \u0627\u0633\u062a \u0627\u0645\u0627 \u062a\u0648\u0636\u06cc\u062d \u0645\u06cc \u062f\u0647\u062f \u06a9\u0647 \u0631\u0627\u0632 \u0631\u0627 \u0628\u0631\u0627\u06cc \u0686\u0647 \u06a9\u0627\u0631\u0628\u0631\u062f\u06cc \u0627\u06cc\u062c\u0627\u062f \u0645\u06cc \u06a9\u0646\u06cc\u062f) \u0648 \u0645\u062f\u062a \u0632\u0645\u0627\u0646. <\/p>\n<p><img decoding=\"async\" src=\"https:\/\/nabfollower.com\/blog\/wp-content\/uploads\/2023\/05\/1683031290_347_Azure-Workload-Identity-Federation-\u0648-GitHub-Actions.png\" alt=\"\u062e\u0644\u0642 \u06cc\u06a9 \u0631\u0627\u0632 \u062c\u062f\u06cc\u062f\" loading=\"lazy\" width=\"800\" height=\"461\" title=\"\"><\/p>\n<p>\u067e\u0633 \u0627\u0632 \u0627\u06cc\u062c\u0627\u062f \u0645\u062e\u0641\u06cc \u0628\u0647 \u06cc\u0627\u062f \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u06cc\u062f \u06a9\u0647 \u0627\u0631\u0632\u0634 \u0622\u0646 \u0631\u0627 \u06cc\u0627\u062f\u062f\u0627\u0634\u062a \u06a9\u0646\u06cc\u062f\u060c \u0632\u06cc\u0631\u0627 \u0641\u0642\u0637 \u0628\u0644\u0627\u0641\u0627\u0635\u0644\u0647 \u067e\u0633 \u0627\u0632 \u0627\u06cc\u062c\u0627\u062f \u0642\u0627\u0628\u0644 \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u0633\u062a.<br \/>\u06cc\u06a9 \u0631\u0627\u0632 \u0639\u0627\u062f\u062a \u0628\u062f (\u06cc\u0627 \u0627\u06af\u0631 \u0627\u0632 \u0645\u0646\u0638\u0631 \u0627\u0645\u0646\u06cc\u062a\u06cc \u0628\u0647 \u0622\u0646 \u0646\u06af\u0627\u0647 \u06a9\u0646\u06cc\u0645 \u062e\u0648\u0628 \u0627\u0633\u062a) \u062f\u0627\u0634\u062a\u0646 \u0636\u0631\u0628 \u0627\u0644\u0627\u062c\u0644 \u0627\u0633\u062a.  \u062d\u062f\u0627\u06a9\u062b\u0631 \u0645\u062f\u062a \u0632\u0645\u0627\u0646\u06cc \u06a9\u0647 \u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u062f \u0627\u0646\u062a\u062e\u0627\u0628 \u06a9\u0646\u06cc\u062f \u0628\u0631\u0627\u0628\u0631 \u0628\u0627 \u062f\u0648 \u0633\u0627\u0644 \u0627\u0633\u062a \u0648 \u0628\u062f\u06cc\u0647\u06cc \u0627\u0633\u062a \u06a9\u0647 \u0628\u0627\u06cc\u062f \u0645\u0637\u0645\u0626\u0646 \u0634\u0648\u06cc\u062f \u06a9\u0647 \u0647\u0631\u06a9\u0633\u06cc \u06a9\u0647 \u0627\u0632 Principal \u0633\u0631\u0648\u06cc\u0633 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc \u06a9\u0646\u062f (\u062f\u0631 \u0645\u0648\u0631\u062f \u0645\u0627 \u0627\u06a9\u0634\u0646 GitHub) \u0647\u0645\u06cc\u0634\u0647 \u0631\u0627\u0632 \u0628\u0647 \u0631\u0648\u0632 \u0634\u062f\u0647 \u0631\u0627 \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f.<br \/>\u0628\u0647 \u0637\u0648\u0631 \u062e\u0644\u0627\u0635\u0647\u060c \u0631\u0627\u0632 \u0628\u0627\u06cc\u062f \u0645\u062f\u06cc\u0631\u06cc\u062a \u0634\u0648\u062f \u0648 \u0627\u06af\u0631 \u0627\u0642\u062f\u0627\u0645\u0627\u062a \u0632\u06cc\u0627\u062f\u06cc \u0648\u062c\u0648\u062f \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f \u06a9\u0647 \u0627\u0632 \u0622\u0646 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc \u06a9\u0646\u0646\u062f \u06cc\u0627 \u0627\u06af\u0631 \u0645\u0627 Principals \u062e\u062f\u0645\u0627\u062a \u0632\u06cc\u0627\u062f\u06cc \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u06cc\u0645\u060c \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u06a9\u0627\u0631 \u0632\u06cc\u0627\u062f\u06cc \u0631\u0627 \u0634\u0627\u0645\u0644 \u0634\u0648\u062f.<br \/>\u0628\u0647 \u0647\u0645\u06cc\u0646 \u062f\u0644\u06cc\u0644 \u0627\u0633\u062a \u06a9\u0647\u060c \u0628\u0631\u0627\u06cc \u0645\u062b\u0627\u0644\u060c \u0627\u0632 \u0634\u0646\u0627\u0633\u0647 \u0647\u0627\u06cc \u0645\u062f\u06cc\u0631\u06cc\u062a \u0634\u062f\u0647 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc \u06a9\u0646\u06cc\u062f <br \/>\u0648\u0642\u062a\u06cc \u0645\u06cc \u062e\u0648\u0627\u0647\u06cc\u062f \u062a\u0639\u0627\u0645\u0644 \u0628\u06cc\u0646 \u062f\u0648 \u0633\u0631\u0648\u06cc\u0633 \u0631\u0627 \u062f\u0631 Azure \u0627\u06cc\u0645\u0646 \u06a9\u0646\u06cc\u062f &#8230;. \u0627\u0645\u0627 GitHub Actions \u0634\u0645\u0627 \u062f\u0631 Azure \u0646\u06cc\u0633\u062a!!  \ud83d\ude1f<br \/>\u0633\u0647 \u06af\u0627\u0646\u0647 \u0627\u0631\u0632\u0634 \u0647\u0627 <code>ApplicationID<\/code>\u060c <code>TenantID<\/code> \u0648 <code>SecretValue<\/code> \u0627\u0639\u062a\u0628\u0627\u0631\u0646\u0627\u0645\u0647 \u0647\u0627\u06cc \u0627\u0635\u0644\u06cc \u0633\u0631\u0648\u06cc\u0633 \u0647\u0633\u062a\u0646\u062f \u06a9\u0647 \u062f\u0631 \u0627\u06a9\u0634\u0646 GitHub \u062e\u0648\u062f \u0628\u0647 \u0622\u0646 \u0646\u06cc\u0627\u0632 \u062f\u0627\u0631\u06cc\u062f.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"%D8%A7%D8%B3%D8%AA%D9%81%D8%A7%D8%AF%D9%87_%D8%A7%D8%B2_%D8%B1%D8%A7%D8%B2%D9%87%D8%A7_%D8%AF%D8%B1_GitHub_Actions\"><\/span>\n<p>  \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0631\u0627\u0632\u0647\u0627 \u062f\u0631 GitHub Actions<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u0642\u0628\u0644 \u0627\u0632 \u0627\u06cc\u0646\u06a9\u0647 \u0628\u0647 \u0634\u0645\u0627 \u0646\u0634\u0627\u0646 \u062f\u0647\u06cc\u0645 \u06a9\u0647 \u0686\u06af\u0648\u0646\u0647 \u0627\u0632 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0631\u0627\u0632 \u062f\u0631 \u0627\u06a9\u0634\u0646\u200c\u0647\u0627\u06cc GitHub \u0628\u0647 \u0644\u0637\u0641 \u0634\u0646\u0627\u0633\u0647\u200c\u0647\u0627\u06cc \u0628\u0627\u0631 \u06a9\u0627\u0631\u06cc \u0641\u062f\u0631\u0627\u0644 \u0627\u062c\u062a\u0646\u0627\u0628 \u06a9\u0646\u06cc\u062f\u060c \u0628\u06cc\u0627\u06cc\u06cc\u062f \u0628\u0628\u06cc\u0646\u06cc\u0645 \u0686\u0647 \u0645\u0631\u0627\u062d\u0644\u06cc \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f \u06a9\u0647 \u0628\u0647 \u0644\u0637\u0641 \u0627\u0639\u062a\u0628\u0627\u0631 \u0645\u062f\u06cc\u0631 \u0633\u0631\u0648\u06cc\u0633\u060c \u0628\u0647 \u0627\u06a9\u0634\u0646\u200c\u0647\u0627\u06cc GitHub \u0627\u062c\u0627\u0632\u0647 \u062a\u0639\u0627\u0645\u0644 \u0628\u0627 Azure \u0631\u0627 \u0645\u06cc\u200c\u062f\u0647\u062f.<br \/>\u0628\u0647 \u0627\u06a9\u0634\u0646 \u0633\u0627\u062f\u0647 GitHub \u0632\u06cc\u0631 \u0646\u06af\u0627\u0647 \u06a9\u0646\u06cc\u062f:<\/p>\n<div class=\"highlight js-code-highlight\">\n<pre class=\"highlight yaml\"><code><span class=\"na\">name<\/span><span class=\"pi\">:<\/span> <span class=\"s\">WIF App registration with Secret<\/span>\n\n<span class=\"na\">on<\/span><span class=\"pi\">:<\/span>\n  <span class=\"s\">workflow_dispatch<\/span>\n\n<span class=\"na\">env<\/span><span class=\"pi\">:<\/span> \n  <span class=\"na\">LOCATION<\/span><span class=\"pi\">:<\/span> <span class=\"s2\">\"<\/span><span class=\"s\">northeurope\"<\/span>\n  <span class=\"na\">RESOURCE_GROUP_NAME<\/span><span class=\"pi\">:<\/span> <span class=\"s2\">\"<\/span><span class=\"s\">WIF-AppReg-Secret\"<\/span>\n  <span class=\"na\">SUBSCRIPTION_ID<\/span><span class=\"pi\">:<\/span> <span class=\"s2\">\"<\/span><span class=\"s\">********-****-****-****-************\"<\/span> \n\n<span class=\"na\">jobs<\/span><span class=\"pi\">:<\/span>\n    <span class=\"na\">job01<\/span><span class=\"pi\">:<\/span>\n        <span class=\"na\">runs-on<\/span><span class=\"pi\">:<\/span> <span class=\"s\">ubuntu-latest<\/span>\n        <span class=\"na\">steps<\/span><span class=\"pi\">:<\/span>\n        <span class=\"pi\">-<\/span> <span class=\"na\">uses<\/span><span class=\"pi\">:<\/span> <span class=\"s\">Azure\/login@v1<\/span>\n          <span class=\"na\">with<\/span><span class=\"pi\">:<\/span>\n            <span class=\"na\">creds<\/span><span class=\"pi\">:<\/span> <span class=\"s\">${{ secrets.AZURE_CREDENTIALS }}<\/span>\n            <span class=\"na\">allow-no-subscriptions<\/span><span class=\"pi\">:<\/span> <span class=\"no\">true<\/span>\n        <span class=\"pi\">-<\/span> <span class=\"na\">name<\/span><span class=\"pi\">:<\/span> <span class=\"s\">Create resource group<\/span>\n          <span class=\"na\">uses<\/span><span class=\"pi\">:<\/span> <span class=\"s\">azure\/CLI@v1<\/span>\n          <span class=\"na\">with<\/span><span class=\"pi\">:<\/span>\n            <span class=\"na\">inlineScript<\/span><span class=\"pi\">:<\/span> <span class=\"pi\">|<\/span>\n                <span class=\"s\">az group create --location ${{ env.LOCATION }} --name ${{ env.RESOURCE_GROUP_NAME }} --subscription ${{ env.SUBSCRIPTION_ID }}<\/span>\n<\/code><\/pre>\n<div class=\"highlight__panel js-actions-panel\">\n<div class=\"highlight__panel-action js-fullscreen-code-action\">\n    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-on\"><title>\u0648\u0627\u0631\u062f \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M16 3h6v6h-2V5h-4V3zM2 3h6v2H4v4H2V3zm18 16v-4h2v6h-6v-2h4zM4 19h4v2H2v-6h2v4z\"\/>\n<\/svg><\/p>\n<p>    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-off\"><title>\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M18 7h4v2h-6V3h2v4zM8 9H2V7h4V3h2v6zm10 8v4h-2v-6h6v2h-4zM8 15v6H6v-4H2v-2h6z\"\/>\n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n<p>\u0627\u06cc\u0646 \u0627\u06a9\u0634\u0646 \u0627\u0632 \u062f\u0648 \u0639\u0645\u0644 \u0628\u0631\u0627\u06cc \u0628\u0627\u0632 \u06a9\u0631\u062f\u0646 \u06cc\u06a9 \u062c\u0644\u0633\u0647 \u062a\u0623\u06cc\u06cc\u062f \u0634\u062f\u0647 \u062f\u0631 Azure \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc \u06a9\u0646\u062f (<code>Azure\/login@v1<\/code>) \u0648 \u06cc\u06a9 \u062f\u0633\u062a\u0648\u0631 \u0633\u0627\u062f\u0647 Azure CLI \u0631\u0627 \u0627\u062c\u0631\u0627 \u06a9\u0646\u06cc\u062f (<code>azure\/CLI@v1<\/code>) \u0628\u0631\u0627\u06cc \u0627\u06cc\u062c\u0627\u062f \u06cc\u06a9 \u06af\u0631\u0648\u0647 \u0645\u0646\u0627\u0628\u0639.<br \/>\u0628\u0631\u0627\u06cc \u0628\u0627\u0632 \u06a9\u0631\u062f\u0646 \u06cc\u06a9 \u062c\u0644\u0633\u0647 \u062a\u0623\u06cc\u06cc\u062f \u0634\u062f\u0647 \u062f\u0631 Azure\u060c \u0628\u0647 \u0627\u0639\u062a\u0628\u0627\u0631\u0646\u0627\u0645\u0647 \u0646\u06cc\u0627\u0632 \u062f\u0627\u0631\u06cc\u062f \u0648 \u0627\u0639\u062a\u0628\u0627\u0631\u0646\u0627\u0645\u0647 \u0647\u0627 \u062a\u0648\u0633\u0637 \u0633\u0647 \u06af\u0627\u0646\u0647 \u0642\u0628\u0644\u06cc \u0646\u0634\u0627\u0646 \u062f\u0627\u062f\u0647 \u0645\u06cc \u0634\u0648\u0646\u062f. <code>ApplicationID<\/code>\u060c <code>TenantID<\/code> \u0648 <code>SecretValue<\/code> \u0642\u0628\u0644\u0627 \u0630\u06a9\u0631 \u06a9\u0631\u062f\u06cc\u0645<br \/>\u0634\u0645\u0627 \u0628\u0627\u06cc\u062f JSON \u0632\u06cc\u0631 \u0631\u0627 \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u06cc\u062f (\u0634\u0646\u0627\u0633\u0647 \u0647\u0627\u06cc \u0645\u0646\u0627\u0633\u0628 \u0631\u0627 \u062c\u0627\u06cc\u06af\u0632\u06cc\u0646 \u06a9\u0646\u06cc\u062f <code>clientId<\/code>\u060c <code>clientSecret<\/code> \u0648 <code>tenantId<\/code> \u062e\u0648\u0627\u0635):<\/p>\n<div class=\"highlight js-code-highlight\">\n<pre class=\"highlight json\"><code><span class=\"p\">{<\/span><span class=\"w\"> \n    <\/span><span class=\"nl\">\"clientId\"<\/span><span class=\"p\">:<\/span><span class=\"w\"> <\/span><span class=\"s2\">\"********-****-****-****-************\"<\/span><span class=\"p\">,<\/span><span class=\"w\">\n    <\/span><span class=\"nl\">\"clientSecret\"<\/span><span class=\"p\">:<\/span><span class=\"w\"> <\/span><span class=\"s2\">\"Lsu************************bAe\"<\/span><span class=\"p\">,<\/span><span class=\"w\"> \n    <\/span><span class=\"nl\">\"tenantId\"<\/span><span class=\"p\">:<\/span><span class=\"w\"> <\/span><span class=\"s2\">\"********-****-****-****-************\"<\/span><span class=\"w\"> \n<\/span><span class=\"p\">}<\/span><span class=\"w\">\n<\/span><\/code><\/pre>\n<div class=\"highlight__panel js-actions-panel\">\n<div class=\"highlight__panel-action js-fullscreen-code-action\">\n    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-on\"><title>\u0648\u0627\u0631\u062f \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M16 3h6v6h-2V5h-4V3zM2 3h6v2H4v4H2V3zm18 16v-4h2v6h-6v-2h4zM4 19h4v2H2v-6h2v4z\"\/>\n<\/svg><\/p>\n<p>    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-off\"><title>\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M18 7h4v2h-6V3h2v4zM8 9H2V7h4V3h2v6zm10 8v4h-2v-6h6v2h-4zM8 15v6H6v-4H2v-2h6z\"\/>\n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n<p>\u0648 \u06cc\u06a9 Action Secret \u0628\u0647 \u0646\u0627\u0645 \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u06cc\u062f <code>AZURE_CREDENTIALS<\/code> \u06a9\u0647 \u0634\u0627\u0645\u0644 JSON \u0642\u0628\u0644\u06cc \u0627\u0633\u062a \u06a9\u0647 \u062f\u0631 \u062a\u0635\u0648\u06cc\u0631 \u0632\u06cc\u0631 \u0646\u0634\u0627\u0646 \u062f\u0627\u062f\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a:<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/nabfollower.com\/blog\/wp-content\/uploads\/2023\/05\/1683031291_781_Azure-Workload-Identity-Federation-\u0648-GitHub-Actions.png\" alt=\"\u0627\u06cc\u062c\u0627\u062f \u06cc\u06a9 \u0627\u06a9\u0634\u0646 \u0631\u0627\u0632\" loading=\"lazy\" width=\"800\" height=\"476\" title=\"\"><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/nabfollower.com\/blog\/wp-content\/uploads\/2023\/05\/1683031291_429_Azure-Workload-Identity-Federation-\u0648-GitHub-Actions.png\" alt=\"\u0635\u0641\u062d\u0647 \u0645\u062e\u0641\u06cc AZURE_CREDENTIALS\" loading=\"lazy\" width=\"800\" height=\"456\" title=\"\"><\/p>\n<p>\u0622\u0633\u0627\u0646 \u0627\u0633\u062a \u0627\u0645\u0627&#8230; <code>clientSecret<\/code>\u0647\u0631 \u0628\u0627\u0631 \u06a9\u0647 \u0631\u0627\u0632 \u062f\u0631 \u062b\u0628\u062a \u0628\u0631\u0646\u0627\u0645\u0647 \u062a\u063a\u06cc\u06cc\u0631 \u0645\u06cc \u06a9\u0646\u062f\u060c \u0648\u06cc\u0698\u06af\u06cc \u0628\u0627\u06cc\u062f \u0628\u0647 \u0631\u0648\u0632 \u0634\u0648\u062f (\u062f\u0631 \u0648\u0627\u0642\u0639 \u06a9\u0644 \u0631\u0627\u0632 \u062f\u0631 GitHub \u0628\u0627\u06cc\u062f \u0628\u0647 \u0631\u0648\u0632 \u0634\u0648\u062f \u0632\u06cc\u0631\u0627 \u0631\u0627\u0632\u0647\u0627 \u062f\u0631 GitHub \u0642\u0627\u0628\u0644 \u062a\u063a\u06cc\u06cc\u0631 \u0646\u06cc\u0633\u062a\u0646\u062f \u0648 \u0641\u0642\u0637 \u0628\u0627\u0632\u0646\u0648\u06cc\u0633\u06cc \u0645\u06cc \u0634\u0648\u0646\u062f).  \u0648 \u062f\u0631 \u0646\u0647\u0627\u06cc\u062a\u060c \u0634\u0645\u0627 \u0628\u0627\u06cc\u062f \u0645\u0631\u0627\u0642\u0628 \u0628\u0627\u0634\u06cc\u062f <code>clientSecret<\/code> (\u0648 \u0647\u0645\u0686\u0646\u06cc\u0646 <code>clientId<\/code> \u0648 <code>tenantId<\/code>) \u0632\u06cc\u0631\u0627 \u0627\u06af\u0631 \u06a9\u0633\u06cc \u0622\u0646 \u0645\u0642\u0627\u062f\u06cc\u0631 \u0631\u0627 \u062f\u0632\u062f\u06cc\u062f\u0647 \u0628\u0627\u0634\u062f\u060c \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u062b\u0628\u062a \u0646\u0627\u0645 \u0628\u0631\u0646\u0627\u0645\u0647 \u0634\u0645\u0627 \u0631\u0627 \u062c\u0639\u0644 \u06a9\u0646\u062f \u0648 \u0641\u06a9\u0631 \u062e\u0648\u0628\u06cc \u0646\u06cc\u0633\u062a!!<\/p>\n<h2><span class=\"ez-toc-section\" id=\"%D9%81%D8%AF%D8%B1%D8%A7%D8%B3%DB%8C%D9%88%D9%86_%D9%87%D9%88%DB%8C%D8%AA_%D8%AD%D8%AC%D9%85_%DA%A9%D8%A7%D8%B1\"><\/span>\n<p>  \u0641\u062f\u0631\u0627\u0633\u06cc\u0648\u0646 \u0647\u0648\u06cc\u062a \u062d\u062c\u0645 \u06a9\u0627\u0631<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u0627\u06cc\u0646 \u0631\u0648\u06cc\u06a9\u0631\u062f \u0628\u0631\u0627\u06cc \u0627\u0639\u062a\u0645\u0627\u062f \u0628\u0647 \u062a\u0648\u06a9\u0646\u200c\u0647\u0627\u06cc \u0627\u0631\u0627\u0626\u0647\u200c\u062f\u0647\u0646\u062f\u0647 \u0647\u0648\u06cc\u062a \u062e\u0627\u0631\u062c\u06cc\u060c \u0645\u0627\u0646\u0646\u062f GitHub \u06cc\u0627 Google (\u06cc\u0627 \u0645\u0648\u0627\u0631\u062f \u062f\u06cc\u06af\u0631 \u062f\u0631 \u0622\u06cc\u0646\u062f\u0647) \u0645\u062a\u0648\u0644\u062f \u0634\u062f. <br \/>\u0627\u0628\u062a\u062f\u0627 \u06cc\u06a9 \u0631\u0627\u0628\u0637\u0647 \u0628\u06cc\u0646 \u0647\u0648\u06cc\u062a (\u06a9\u0647 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u06cc\u06a9 \u0647\u0648\u06cc\u062a \u0645\u062f\u06cc\u0631\u06cc\u062a \u0634\u062f\u0647 \u06cc\u0627 \u062b\u0628\u062a \u0628\u0631\u0646\u0627\u0645\u0647 \u0628\u0627\u0634\u062f) \u0648 \u0627\u0631\u0627\u0626\u0647 \u062f\u0647\u0646\u062f\u0647 \u0647\u0648\u06cc\u062a \u062e\u0627\u0631\u062c\u06cc \u0627\u06cc\u062c\u0627\u062f \u0645\u06cc \u06a9\u0646\u06cc\u062f.<br \/>\u0647\u0646\u06af\u0627\u0645\u06cc \u06a9\u0647 \u0627\u06cc\u0646 \u0631\u0627\u0628\u0637\u0647 \u0627\u06cc\u062c\u0627\u062f \u0634\u062f\u060c \u0647\u0631 \u0628\u0627\u0631 \u06a9\u0647 \u062d\u062c\u0645 \u06a9\u0627\u0631\u06cc \u0645\u06cc \u062e\u0648\u0627\u0647\u062f \u062e\u0648\u062f \u0631\u0627 \u062f\u0631 \u0628\u0631\u0627\u0628\u0631 AzureAD \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u06a9\u0646\u062f\u060c \u06cc\u06a9 \u062a\u0648\u06a9\u0646 \u0631\u0627 \u0627\u0632 IdP \u062e\u0627\u0631\u062c\u06cc \u0628\u0627\u0632\u06cc\u0627\u0628\u06cc \u0645\u06cc \u06a9\u0646\u062f \u0648 \u0627\u0632 \u0622\u0646 \u0628\u0631\u0627\u06cc \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u062a\u0648\u06a9\u0646 \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u0632 AAD \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc \u06a9\u0646\u062f.<br \/>\u0627\u06cc\u0646 \u062c\u0627\u062f\u0648 \u0646\u06cc\u0633\u062a\u060c \u062f\u0631 \u067e\u0634\u062a \u0635\u062d\u0646\u0647\u060c AzureAD \u0627\u0632 OpenID Connect \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc \u06a9\u0646\u062f (\u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0628\u06cc\u0634\u062a\u0631 \u062f\u0631 \u0627\u06cc\u0646\u062c\u0627).<\/p>\n<p>GitHub Actions \u06cc\u06a9\u06cc \u0627\u0632 \u0633\u0646\u0627\u0631\u06cc\u0648\u0647\u0627\u06cc\u06cc \u0627\u0633\u062a \u06a9\u0647 \u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u062f \u0627\u0632 \u0627\u06cc\u0646 \u0631\u0648\u06cc\u06a9\u0631\u062f \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f.<br \/>\u0628\u0631\u0627\u06cc \u0627\u06cc\u062c\u0627\u062f \u0631\u0627\u0628\u0637\u0647 \u0628\u06cc\u0646 \u062b\u0628\u062a \u0628\u0631\u0646\u0627\u0645\u0647 \u0648 GitHub\u060c \u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u062f \u0622\u0646 \u0631\u0627 \u0628\u0627\u0632 \u06a9\u0646\u06cc\u062f <em>&#8220;\u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 \u0647\u0627 \u0648 \u0627\u0633\u0631\u0627\u0631&#8221;<\/em> blade \u0628\u0631\u0627\u06cc \u062b\u0628\u062a \u0628\u0631\u0646\u0627\u0645\u0647 (\u0647\u0645\u0627\u0646\u0637\u0648\u0631 \u06a9\u0647 \u062f\u0631 \u0631\u0648\u06cc\u06a9\u0631\u062f \u0627\u0639\u062a\u0628\u0627\u0631\u0646\u0627\u0645\u0647 \u06a9\u0627\u0645\u0644 \u0627\u0646\u062c\u0627\u0645 \u062f\u0627\u062f\u06cc\u062f) \u0648 \u062f\u0631 \u0639\u0648\u0636 \u06cc\u06a9 \u0631\u0627\u0632 \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u06cc\u062f\u060c \u0627\u0632 <em>&#8220;\u0645\u062f\u0627\u0631\u06a9 \u0641\u062f\u0631\u0627\u0644&#8221;<\/em> \u0628\u0631\u06af\u0647<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/nabfollower.com\/blog\/wp-content\/uploads\/2023\/05\/1683031291_510_Azure-Workload-Identity-Federation-\u0648-GitHub-Actions.png\" alt=\"\u0628\u0631\u06af\u0647 \u0627\u0639\u062a\u0628\u0627\u0631\u0646\u0627\u0645\u0647\u200c\u0647\u0627\u06cc \u0641\u062f\u0631\u0627\u0644 \u062f\u0631 \u062a\u06cc\u063a\u0647 \u06af\u0648\u0627\u0647\u06cc\u200c\u0647\u0627 \u0648 \u0627\u0633\u0631\u0627\u0631\" loading=\"lazy\" width=\"800\" height=\"469\" title=\"\"><\/p>\n<p>\u0631\u0627 <em>&#8220;\u0627\u0641\u0632\u0648\u062f\u0646 \u0627\u0639\u062a\u0628\u0627\u0631&#8221;<\/em> \u062f\u06a9\u0645\u0647 \u0635\u0641\u062d\u0647 \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u0627\u0639\u062a\u0645\u0627\u062f \u0631\u0627 \u0628\u0627\u0632 \u0645\u06cc \u06a9\u0646\u062f:<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/nabfollower.com\/blog\/wp-content\/uploads\/2023\/05\/1683031291_720_Azure-Workload-Identity-Federation-\u0648-GitHub-Actions.png\" alt=\"\u0635\u0641\u062d\u0647 \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u0627\u0639\u062a\u0645\u0627\u062f\" loading=\"lazy\" width=\"800\" height=\"483\" title=\"\"><\/p>\n<p>\u062f\u0631 \u0635\u0641\u062d\u0647 \u0642\u0628\u0644\u060c \u0628\u0627\u06cc\u062f \u0645\u062e\u0632\u0646 \u0645\u0648\u0631\u062f \u0627\u0639\u062a\u0645\u0627\u062f \u062e\u0648\u062f \u0631\u0627 \u0627\u0632 \u0646\u0638\u0631 \u0633\u0627\u0632\u0645\u0627\u0646 (\u06cc\u0627 \u0646\u0627\u0645 \u06a9\u0627\u0631\u0628\u0631\u06cc) \u0648 \u0646\u0627\u0645 \u0645\u062e\u0632\u0646 \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u06a9\u0646\u06cc\u062f.<br \/>\u0633\u067e\u0633 \u0628\u0627\u06cc\u062f \u0646\u0647\u0627\u062f\u06cc \u0631\u0627 \u06a9\u0647 \u0645\u06cc\u200c\u062e\u0648\u0627\u0647\u06cc\u062f \u0628\u0647 \u0622\u0646 \u0627\u0639\u062a\u0645\u0627\u062f \u06a9\u0646\u06cc\u062f \u0648 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u0627\u0646\u062a\u062e\u0627\u0628 \u06a9\u0646\u06cc\u062f\u060c \u0627\u0646\u062a\u062e\u0627\u0628 \u06a9\u0646\u06cc\u062f <code>Environment<\/code>\u060c <code>Branch<\/code>\u060c <code>Pull request<\/code> \u06cc\u0627 <code>Tag<\/code>.  \u0645\u0642\u062f\u0627\u0631\u06cc \u06a9\u0647 \u0627\u0646\u062a\u062e\u0627\u0628 \u0645\u06cc\u200c\u06a9\u0646\u06cc\u062f \u0628\u0627\u06cc\u062f \u062a\u0646\u0638\u06cc\u0645\u0627\u062a GitHub Actions \u0634\u0645\u0627 \u0628\u0627\u0634\u062f.  \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u0645\u062b\u0627\u0644\u060c \u0627\u06af\u0631 \u0647\u0631 \u0628\u0627\u0631 \u06a9\u0647 \u0634\u062e\u0635\u06cc \u06cc\u06a9 \u06a9\u062f \u062c\u062f\u06cc\u062f \u0631\u0627 \u062f\u0631 \u0634\u0627\u062e\u0647 \u0627\u0635\u0644\u06cc \u0641\u0634\u0627\u0631 \u0645\u06cc \u062f\u0647\u06cc\u062f\u060c \u0627\u0642\u062f\u0627\u0645 \u0634\u0645\u0627 \u0634\u0631\u0648\u0639 \u0645\u06cc \u0634\u0648\u062f\u060c \u0634\u0645\u0627 \u0627\u0646\u062a\u062e\u0627\u0628 \u0645\u06cc \u06a9\u0646\u06cc\u062f <code>branch<\/code> \u0646\u0648\u0639 \u0645\u0648\u062c\u0648\u062f\u06cc\u062a \u0648 \u062f\u0631\u062c <code>main<\/code> \u062f\u0631 \u0646\u0627\u0645 \u0634\u0639\u0628\u0647 \u062f\u0631 \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc.<br \/>\u0645\u0642\u062f\u0627\u0631\u06cc \u06a9\u0647 \u0628\u0631\u0627\u06cc \u0646\u0648\u0639 \u0645\u0648\u062c\u0648\u062f\u06cc\u062a \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u06cc\u062f \u062a\u0648\u0633\u0637 \u062c\u0631\u06cc\u0627\u0646 OIDC \u0628\u0631\u0627\u06cc \u062b\u0628\u062a \u062f\u0627\u0645\u0646\u0647 \u062f\u0631\u062e\u0648\u0627\u0633\u062a\u200c\u0647\u0627\u06cc OIDC \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f.<br \/>\u0647\u0646\u06af\u0627\u0645\u06cc \u06a9\u0647 \u0631\u0627\u0628\u0637\u0647 \u0627\u0639\u062a\u0645\u0627\u062f \u0627\u06cc\u062c\u0627\u062f \u06a9\u0631\u062f\u06cc\u062f\u060c \u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u062f \u0627\u0636\u0627\u0641\u0647 \u06a9\u0646\u06cc\u062f <code>clientId<\/code> \u0648 <code>tenantId<\/code> \u0645\u0642\u0627\u062f\u06cc\u0631 \u0631\u0627 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u0627\u0633\u0631\u0627\u0631 \u0639\u0645\u0644 \u062f\u0631 \u0645\u062e\u0632\u0646 \u0642\u0631\u0627\u0631 \u062f\u0647\u06cc\u062f \u0648 \u0627\u06a9\u0634\u0646 \u0632\u06cc\u0631 \u0631\u0627 \u0628\u0646\u0648\u06cc\u0633\u06cc\u062f:<\/p>\n<div class=\"highlight js-code-highlight\">\n<pre class=\"highlight yaml\"><code><span class=\"na\">name<\/span><span class=\"pi\">:<\/span> <span class=\"s\">WIF App registration with federation<\/span>\n\n<span class=\"na\">permissions<\/span><span class=\"pi\">:<\/span>\n  <span class=\"na\">id-token<\/span><span class=\"pi\">:<\/span> <span class=\"s\">write<\/span> <span class=\"c1\"># This is required for requesting the JWT<\/span>\n  <span class=\"na\">contents<\/span><span class=\"pi\">:<\/span> <span class=\"s\">read<\/span>  <span class=\"c1\"># This is required for actions\/checkout<\/span>\n\n<span class=\"na\">on<\/span><span class=\"pi\">:<\/span>\n  <span class=\"na\">push<\/span><span class=\"pi\">:<\/span>\n    <span class=\"na\">branches<\/span><span class=\"pi\">:<\/span>\n    <span class=\"pi\">-<\/span> <span class=\"s\">main<\/span>\n<span class=\"na\">env<\/span><span class=\"pi\">:<\/span> \n  <span class=\"na\">LOCATION<\/span><span class=\"pi\">:<\/span> <span class=\"s2\">\"<\/span><span class=\"s\">northeurope\"<\/span>\n  <span class=\"na\">RESOURCE_GROUP_NAME<\/span><span class=\"pi\">:<\/span> <span class=\"s2\">\"<\/span><span class=\"s\">WIF-AppReg-Federation\"<\/span>\n\n<span class=\"na\">jobs<\/span><span class=\"pi\">:<\/span>\n    <span class=\"na\">job01<\/span><span class=\"pi\">:<\/span>\n        <span class=\"na\">runs-on<\/span><span class=\"pi\">:<\/span> <span class=\"s\">ubuntu-latest<\/span>\n        <span class=\"na\">steps<\/span><span class=\"pi\">:<\/span>\n        <span class=\"pi\">-<\/span> <span class=\"na\">uses<\/span><span class=\"pi\">:<\/span> <span class=\"s\">Azure\/login@v1<\/span>\n          <span class=\"na\">with<\/span><span class=\"pi\">:<\/span>\n            <span class=\"na\">client-id<\/span><span class=\"pi\">:<\/span> <span class=\"s\">${{ secrets.AZURE_CLIENT_ID }}<\/span>\n            <span class=\"na\">tenant-id<\/span><span class=\"pi\">:<\/span> <span class=\"s\">${{ secrets.AZURE_TENANT_ID }}<\/span>\n            <span class=\"na\">subscription-id<\/span><span class=\"pi\">:<\/span> <span class=\"s\">${{ secrets.AZURE_SUBSCRIPTION_ID }}<\/span>\n        <span class=\"pi\">-<\/span> <span class=\"na\">name<\/span><span class=\"pi\">:<\/span> <span class=\"s\">Creat resource group<\/span>\n          <span class=\"na\">uses<\/span><span class=\"pi\">:<\/span> <span class=\"s\">azure\/CLI@v1<\/span>\n          <span class=\"na\">with<\/span><span class=\"pi\">:<\/span>\n            <span class=\"na\">inlineScript<\/span><span class=\"pi\">:<\/span> <span class=\"pi\">|<\/span>\n                <span class=\"s\">az group create --location ${{ env.LOCATION }} --name ${{ env.RESOURCE_GROUP_NAME }}<\/span>\n\n<\/code><\/pre>\n<div class=\"highlight__panel js-actions-panel\">\n<div class=\"highlight__panel-action js-fullscreen-code-action\">\n    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-on\"><title>\u0648\u0627\u0631\u062f \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M16 3h6v6h-2V5h-4V3zM2 3h6v2H4v4H2V3zm18 16v-4h2v6h-6v-2h4zM4 19h4v2H2v-6h2v4z\"\/>\n<\/svg><\/p>\n<p>    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-off\"><title>\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M18 7h4v2h-6V3h2v4zM8 9H2V7h4V3h2v6zm10 8v4h-2v-6h6v2h-4zM8 15v6H6v-4H2v-2h6z\"\/>\n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n<p>\u0627\u06cc\u0646 \u0639\u0645\u0644 \u062f\u0642\u06cc\u0642\u0627\u064b \u0647\u0645\u0627\u0646 \u0639\u0645\u0644\u06cc\u0627\u062a \u0642\u0628\u0644\u06cc \u0631\u0627 \u0627\u0646\u062c\u0627\u0645 \u0645\u06cc \u062f\u0647\u062f\u060c \u0627\u0645\u0627 \u062f\u0631 \u0627\u06cc\u0646\u062c\u0627 \u0634\u0645\u0627 \u0647\u06cc\u0686 \u06a9\u062f\u0627\u0645 \u0631\u0627 \u0646\u062f\u0627\u0631\u06cc\u062f <code>clientSecret<\/code> \u0628\u0631\u0627\u06cc \u0645\u062f\u06cc\u0631\u06cc\u062a. <\/p>\n<p><strong>\u062a\u0648\u062c\u0647 \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u06cc\u062f<\/strong>: \u0628\u0647 \u0645\u062c\u0648\u0632\u0647\u0627\u06cc \u0639\u0645\u0644 \u0642\u0628\u0644\u06cc \u062a\u0648\u062c\u0647 \u06a9\u0646\u06cc\u062f.  \u0627\u06af\u0631 \u0645\u06cc \u062e\u0648\u0627\u0647\u06cc\u062f \u06a9\u0647 \u0627\u06cc\u0646 \u0639\u0645\u0644 \u0628\u062a\u0648\u0627\u0646\u062f \u0631\u0645\u0632 \u0631\u0627 \u0627\u0632 IdP \u0628\u0627\u0632\u06cc\u0627\u0628\u06cc \u06a9\u0646\u062f\u060c \u0622\u0646\u0647\u0627 \u0627\u062c\u0628\u0627\u0631\u06cc \u0647\u0633\u062a\u0646\u062f.  \u0627\u06af\u0631 \u0622\u0646\u0647\u0627 \u0631\u0627 \u062d\u0630\u0641 \u06a9\u0646\u06cc\u062f\u060c \u06cc\u06a9 \u062e\u0637\u0627 \u062f\u0631\u06cc\u0627\u0641\u062a \u0645\u06cc \u06a9\u0646\u06cc\u062f!!<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>\u0632\u0646\u062f\u06af\u06cc \u0633\u062e\u062a \u06cc\u06a9 GitHub Action GitHub Actions (\u0627\u0633\u0646\u0627\u062f \u062f\u0631 \u0627\u06cc\u0646\u062c\u0627) \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0631\u0627\u06cc \u0627\u06cc\u062c\u0627\u062f \u06a9\u0644 \u0645\u062d\u06cc\u0637 \u062f\u0631 Azure \u0648 \u0628\u0647 \u0637\u0648\u0631 \u06a9\u0644\u06cc\u060c \u062a\u0639\u0627\u0645\u0644 \u0628\u0627 \u067e\u0644\u062a \u0641\u0631\u0645 Azure \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0634\u0648\u062f.\u0627\u0645\u0627 GitHub Actions \u062e\u0627\u0631\u062c \u0627\u0632 \u0645\u0633\u062a\u0627\u062c\u0631 Azure \u0634\u0645\u0627 (&#8220;\u067e\u0627\u062f\u0634\u0627\u0647\u06cc&#8221; \u0634\u0645\u0627) \u0627\u062c\u0631\u0627 \u0645\u06cc \u0634\u0648\u062f \u0648 \u0628\u0647 \u0647\u0645\u06cc\u0646 \u062f\u0644\u06cc\u0644 \u0628\u0627\u06cc\u062f \u062a\u0648\u0633\u0637 Azure Active Directory \u0634\u0645\u0627 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0634\u0648\u062f \u0648 &hellip;<\/p>\n","protected":false},"author":2,"featured_media":20812,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","footnotes":""},"categories":[339],"tags":[],"class_list":["post-20811","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-dev"],"_links":{"self":[{"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/posts\/20811","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/comments?post=20811"}],"version-history":[{"count":0,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/posts\/20811\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/media\/20812"}],"wp:attachment":[{"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/media?parent=20811"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/categories?post=20811"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/tags?post=20811"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}