Update readme

puneetsarna · puneetsarna · commit fae8551db708 · 2025-06-10T15:59:20.000-07:00
- Update the referenced nginx actions to 0.3.1 as
  cert actions do not work for 0.3.0.
- Add an excerpt around Azure RBAC describing the
  access that the service principal will need in
  order for the action to work.
diff --git a/github-action/README.md b/github-action/README.md
@@ -29,12 +29,12 @@ jobs:
       uses: actions/checkout@v2
 
     - name: 'Run Azure Login using an Azure service principal with a secret'
-      uses: azure/login@v1
+      uses: azure/login@v2
       with:
         creds: ${{ secrets.AZURE_CREDENTIALS }}
 
     - name: 'Sync the NGINX configuration from the GitHub repository to the NGINXaaS for Azure deployment'
-      uses: nginxinc/nginx-for-azure-deploy-action@v0.3.0
+      uses: nginxinc/nginx-for-azure-deploy-action@v0.3.1
       with:
         subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
         resource-group-name: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
@@ -69,14 +69,14 @@ jobs:
       uses: actions/checkout@v2
 
     - name: 'Run Azure Login using OIDC'
-      uses: azure/login@v1
+      uses: azure/login@v2
       with:
         client-id: ${{ secrets.AZURE_CLIENT_ID }}
         tenant-id: ${{ secrets.AZURE_TENANT_ID }}
         subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
 
     - name: 'Sync the NGINX configuration from the GitHub repository to the NGINXaaS for Azure deployment'
-      uses: nginxinc/nginx-for-azure-deploy-action@v0.3.0
+      uses: nginxinc/nginx-for-azure-deploy-action@v0.3.1
       with:
         subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
         resource-group-name: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
@@ -86,6 +86,9 @@ jobs:
         transformed-nginx-config-directory-path: /etc/nginx/
 ```
 
+> **Note:**
+The service principal being used for authenticating with Azure should have access to manage the NGINXaaS deployment. For simplicity, this guide assumes that the service principal has `Contributor` role to manage the deployment. Refer [prerequisites](https://docs.nginx.com/nginxaas/azure/getting-started/prerequisites/) for details.
+
 ## Handling NGINX configuration file paths
 
 To facilitate the migration of the existing NGINX configuration, NGINXaaS for Azure supports multiple-files configuration with each file uniquely identified by a file path, just like how NGINX configuration files are created and used in a self-hosting machine. An NGINX configuration file can include another file using the [include directive](https://docs.nginx.com/nginx/admin-guide/basic-functionality/managing-configuration-files/). The file path used in an `include` directive can either be an absolute path or a relative path to the [prefix path](https://www.nginx.com/resources/wiki/start/topics/tutorials/installoptions/).
@@ -101,7 +104,7 @@ To use this action to sync the configuration files from this example, the direct
 
 ```yaml
     - name: 'Sync the NGINX configuration from the GitHub repository to the NGINXaaS for Azure deployment'
-      uses: nginxinc/nginx-for-azure-deploy-action@v0.3.0
+      uses: nginxinc/nginx-for-azure-deploy-action@v0.3.1
       with:
         subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
         resource-group-name: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
@@ -133,7 +136,7 @@ The action supports an optional input `transformed-nginx-config-directory-path`
 
 ```yaml
     - name: 'Sync the NGINX configuration from the Git repository to the NGINXaaS for Azure deployment'
-      uses: nginxinc/nginx-for-azure-deploy-action@v0.3.0
+      uses: nginxinc/nginx-for-azure-deploy-action@v0.3.1
       with:
         subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
         resource-group-name: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
@@ -151,11 +154,11 @@ The transformed paths of the two configuration files in the NGINXaaS for Azure d
 
 ## Handling NGINX certificates
 
-Since certificates are secrets, it is assumed they are stored in Azure key vault. One can provide multiple certificate entries to the github action as an array of JSON objects with keys: 
+Since certificates are secrets, it is assumed they are stored in Azure key vault. One can provide multiple certificate entries to the github action as an array of JSON objects with keys:
 
 `certificateName`- A unique name for the certificate entry
 
-`keyvaultSecret`- The secret ID for the certificate on Azure key vault 
+`keyvaultSecret`- The secret ID for the certificate on Azure key vault
 
 `certificateVirtualPath`- This path must match one or more ssl_certificate directive file arguments in your Nginx configuration; and must be unique between certificates within the same deployment
 
@@ -165,7 +168,7 @@ See the example below
 
 ```yaml
 - name: "Sync NGINX certificates to NGINXaaS for Azure"
-        uses: nginxinc/nginx-for-azure-deploy-action@v0.3.0
+        uses: nginxinc/nginx-for-azure-deploy-action@v0.3.1
         with:
           subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
           resource-group-name: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
@@ -178,7 +181,7 @@ See the example below
 
 ```yaml
  - name: "Sync NGINX configuration- multi file and certificate to NGINXaaS for Azure"
-        uses: nginxinc/nginx-for-azure-deploy-action@v0.3.0
+        uses: nginxinc/nginx-for-azure-deploy-action@v0.3.1
         with:
           subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
           resource-group-name: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
@@ -188,4 +191,4 @@ See the example below
           nginx-root-config-file: nginx.conf
           transformed-nginx-config-directory-path: /etc/nginx/
           nginx-certificates: '[{"certificateName": "$NGINX_CERT_NAME", "keyvaultSecret": "https://$NGINX_VAULT_NAME.vault.azure.net/secrets/$NGINX_CERT_NAME", "certificateVirtualPath": "/etc/nginx/ssl/my-cert.crt", "keyVirtualPath": "/etc/nginx/ssl/my-cert.key"  } ]'
-```
+```
