diff --git a/.github/workflows/azure-dev.yml b/.github/workflows/azure-dev.yml index 37c68ac..b017f0b 100644 --- a/.github/workflows/azure-dev.yml +++ b/.github/workflows/azure-dev.yml @@ -73,6 +73,8 @@ jobs: run: azd provision --no-prompt env: AZD_INITIAL_ENVIRONMENT_CONFIG: ${{ secrets.AZD_INITIAL_ENVIRONMENT_CONFIG }} + AUTH_CLIENT_ID: ${{ secrets.AUTH_CLIENT_ID }} + AUTH_CLIENT_SECRET: ${{ secrets.AUTH_CLIENT_SECRET }} - name: Build application run: pnpm nx build website diff --git a/infra/app/ddd-2024.bicep b/infra/app/ddd-2024.bicep index 7b5314c..36fef6c 100644 --- a/infra/app/ddd-2024.bicep +++ b/infra/app/ddd-2024.bicep @@ -125,3 +125,27 @@ output defaultDomain string = containerAppsEnvironment.properties.defaultDomain output name string = app.name output uri string = 'https://${app.properties.configuration.ingress.fqdn}' output id string = app.id + +resource authConfig 'Microsoft.App/containerApps/authConfigs@2023-11-02-preview' = if (environment == 'dev') { + name: 'authconfig' + parent: containerAppResource + properties: { + globalValidation: { + unauthenticatedClientAction: 'RedirectToLoginPage' + } + identityProviders: { + azureActiveDirectory: { + enabled: true + registration: { + clientId: authClientId + clientSecretSettingName: authClientSecret + openIdIssuer: 'https://login.microsoftonline.com/${subscription().tenantId}/v2.0' + } + } + } + platform: { + enabled: true + runtimeVersion: 'v2' + } + } +} diff --git a/infra/main.parameters.json b/infra/main.parameters.json index 79f129a..35a32af 100644 --- a/infra/main.parameters.json +++ b/infra/main.parameters.json @@ -11,6 +11,12 @@ "ddd2024Exists": { "value": "${SERVICE_DDD_2024_RESOURCE_EXISTS=false}" }, + "authClientId": { + "value": "${AUTH_CLIENT_ID}" + }, + "authClientSecret": { + "value": "${AUTH_CLIENT_SECRET}" + }, "ddd2024Definition": { "value": { "settings": [ @@ -34,4 +40,4 @@ "value": "${AZURE_PRINCIPAL_ID}" } } -} \ No newline at end of file +}