update README with SPN auth

bangbingsyb · bangbingsyb · commit d1718c2abab4 · 2022-04-15T14:17:42.000-07:00
diff --git a/README.md b/README.md
@@ -8,7 +8,37 @@ The following example updates the configuration of a NGINX deployment in Azure e
 
 ### Sample workflow that authenticates with Azure using Azure Service Principal with a secret
 
-To be added
+```yaml
+# File: .github/workflows/nginxForAzureDeploy.yml
+
+name: Sync configuration to NGINX for Azure 
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - config/**
+
+jobs:
+  Deploy-NGINX-Configuration:
+    runs-on: ubuntu-latest
+    steps:
+    - name: 'Checkout repository'
+      uses: actions/checkout@v2
+
+    - name: 'Run Azure Login with OIDC'
+      uses: azure/login@v1
+      with:
+        creds: ${{ secrets.AZURE_CREDENTIALS }}
+
+    - name: 'Sync NGINX configuration to NGINX on Azure instance'
+      uses: nginxinc/nginx-for-azure-deploy-action@v1
+      with:
+        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+        resource-group-name: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
+        nginx-deployment-name: ${{ secrets.NGINX_DEPLOYMENT_NAME }}
+        nginx-config-file-path: ${{ secrets.NGINX_CONFIG_FILE }}
+```
 
 ### Sample workflow that authenticates with Azure using OIDC
 
@@ -27,14 +57,6 @@ permissions:
       id-token: write
       contents: read
 
-env:
-  AZURE_TENANT_ID: '<The Azure Active Directory tenant ID>'
-  AZURE_CLIENT_ID: '<The client ID of the Azure Service Principal to perform the deployment>'
-  AZURE_SUBSCRIPTION_ID: '<The Azure subscription ID of the NGINX deployment>'
-  AZURE_RESOURCE_GROUP_NAME: '<The resource group of the NGINX deployment>'
-  NGINX_DEPLOYMENT_NAME: '<The name of the NGINX deployment>'
-  NGINX_CONFIG_FILE: '<The relative path of the configuration file in the repository>'
-
 jobs:
   Deploy-NGINX-Configuration:
     runs-on: ubuntu-latest
@@ -45,14 +67,15 @@ jobs:
     - name: 'Run Azure Login with OIDC'
       uses: azure/login@v1
       with:
-        client-id: ${{ env.AZURE_CLIENT_ID }}
-        tenant-id: ${{ env.AZURE_TENANT_ID }}
-        subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }}
+        client-id: ${{ secrets.AZURE_CLIENT_ID }}
+        tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
 
     - name: 'Sync NGINX configuration to NGINX on Azure instance'
       uses: nginxinc/nginx-for-azure-deploy-action@v1
       with:
-        subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }}
-        resource-group-name: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
-        nginx-deployment-name: ${{ env.NGINX_DEPLOYMENT_NAME }}
-        nginx-config-file-path: ${{ env.NGINX_CONFIG_FILE }}
+        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+        resource-group-name: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
+        nginx-deployment-name: ${{ secrets.NGINX_DEPLOYMENT_NAME }}
+        nginx-config-file-path: ${{ secrets.NGINX_CONFIG_FILE }}
+```
