Skip to content

Commit 657e331

Browse files
paulanunes85paulanunes85
committed
chore(ci): add explicit remediation guidance for OIDC bootstrap permission failures
1 parent 6dee9f0 commit 657e331

1 file changed

Lines changed: 6 additions & 1 deletion

File tree

.github/workflows/oidc-bootstrap.yml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -66,7 +66,12 @@ jobs:
6666
}
6767
JSON
6868
69-
az ad app federated-credential create --id "${APP_OBJECT_ID}" --parameters /tmp/federated-credential.json 1>/dev/null
69+
if ! az ad app federated-credential create --id "${APP_OBJECT_ID}" --parameters /tmp/federated-credential.json 1>/dev/null; then
70+
echo "::error::Failed to create federated credential for ${TARGET_OWNER}/${TARGET_REPO}."
71+
echo "::error::The identity behind AZURE_CLIENT_ID needs Entra permission to manage application credentials (for example: Application Administrator or Cloud Application Administrator)."
72+
echo "::error::Required subject: ${SUBJECT}"
73+
exit 1
74+
fi
7075
7176
echo "Created federated credential ${SAFE_NAME}"
7277
echo "Subject: ${SUBJECT}"

0 commit comments

Comments
 (0)