diff --git a/.github/workflows/localization.yml b/.github/workflows/localization.yml index 740d7ef9b..21c5a53e4 100644 --- a/.github/workflows/localization.yml +++ b/.github/workflows/localization.yml @@ -1,5 +1,10 @@ on: workflow_dispatch +permissions: + id-token: write + contents: write + pull-requests: write + jobs: Localize: runs-on: ubuntu-22.04 @@ -7,12 +12,40 @@ jobs: steps: - uses: actions/checkout@v3 + + - name: Get access token for TouchDown Build + id: get-token + run: | + # 1. Get the GitHub OIDC federated token + FEDERATED_TOKEN=$(curl -s -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \ + "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=api://AzureADTokenExchange" | jq -r '.value') + + # 2. Exchange it for a TouchDown Build access token (v2.0 endpoint) + RESPONSE=$(curl -s -X POST \ + "https://login.microsoftonline.com/${{ secrets.AZURE_TENANT_ID }}/oauth2/v2.0/token" \ + -H "Content-Type: application/x-www-form-urlencoded" \ + -d "client_id=${{ secrets.AZURE_CLIENT_ID }}" \ + -d "scope=https://prdtrs01.onmicrosoft.com/touchdownbuildservice_prod/.default" \ + -d "client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer" \ + -d "client_assertion=$FEDERATED_TOKEN" \ + -d "grant_type=client_credentials") + + TOKEN=$(echo "$RESPONSE" | jq -r '.access_token') + + if [ "$TOKEN" = "null" ] || [ -z "$TOKEN" ]; then + echo "ERROR: Failed to get access token" + echo "$RESPONSE" | jq . + exit 1 + fi + + echo "::add-mask::$TOKEN" + echo "TD_ACCESS_TOKEN=$TOKEN" >> "$GITHUB_ENV" + echo "Token acquired successfully (length: ${#TOKEN})" - shell: bash name: Localize env: TDBUILD_TEAM_ID: ${{ secrets.TDBUILD_TEAM_ID }} - TDBUILD_AAD_APPLICATION_CLIENT_ID: ${{ secrets.TDBUILD_AAD_APPLICATION_CLIENT_ID }} - TDBUILD_AAD_APPLICATION_CLIENT_SECRET: ${{ secrets.TDBUILD_AAD_APPLICATION_CLIENT_SECRET }} + TD_ACCESS_TOKEN: ${{ env.TD_ACCESS_TOKEN }} run: ./localize.sh - name: Create Pull Request env: diff --git a/GetLocalizedFiles.sh b/GetLocalizedFiles.sh index c4235c0a3..72c730e87 100755 --- a/GetLocalizedFiles.sh +++ b/GetLocalizedFiles.sh @@ -64,10 +64,9 @@ jsonParseCmd=`awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'$KEY'\042/){print $(i+1 echo $jsonParseCmd } -function oauthToken() { -tokenFetchCmd=`curl -sw "%{http_code}" -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "client_id=$alias&resource=https://microsoft.onmicrosoft.com/$tokenServer&client_secret=$password&grant_type=client_credentials" "https://login.microsoftonline.com/microsoft.onmicrosoft.com/oauth2/token"` -tokenValue=`echo $tokenFetchCmd | jsonValue access_token 1` -echo $tokenValue +function oauthToken () +{ + echo "$alias" } if [ -d $filePath ]; then @@ -155,7 +154,7 @@ then echo "Deleting values-$folderWithoutTrailingSlash from ${resDir} as it already exists" rm -r "${resDir}/values-${folderWithoutTrailingSlash}" fi - + mv $folder "${outputDirectory}/values-${folderWithoutTrailingSlash}" mv ${valuesDir}/values-${folderWithoutTrailingSlash} $resDir diff --git a/localize.sh b/localize.sh index 39ed4d6ac..e70ea8ebd 100755 --- a/localize.sh +++ b/localize.sh @@ -6,32 +6,27 @@ if [ -z $TDBUILD_TEAM_ID ]; then read TDBUILD_TEAM_ID fi -if [ -z $TDBUILD_AAD_APPLICATION_CLIENT_ID ]; then - printf "Alias: " - read TDBUILD_AAD_APPLICATION_CLIENT_ID +if [ -z "$TD_ACCESS_TOKEN" ]; then + echo "ERROR: TD_ACCESS_TOKEN is not set. Run azure/login first." + exit 1 fi -if [ -z $TDBUILD_AAD_APPLICATION_CLIENT_SECRET ]; then - stty -echo - printf "Password: " - read TDBUILD_AAD_APPLICATION_CLIENT_SECRET - stty echo - printf "\n" -fi +echo "Using Team ID: $TDBUILD_TEAM_ID" +echo "Using pre-fetched OIDC token (length: ${#TD_ACCESS_TOKEN})" -./GetLocalizedFiles.sh -t $TDBUILD_TEAM_ID -u -a $TDBUILD_AAD_APPLICATION_CLIENT_ID -p $TDBUILD_AAD_APPLICATION_CLIENT_SECRET -f FluentUI.Demo/src/main/res/values -r demo -o FluentUI.Demo/src/main/res/values -./GetLocalizedFiles.sh -t $TDBUILD_TEAM_ID -u -a $TDBUILD_AAD_APPLICATION_CLIENT_ID -p $TDBUILD_AAD_APPLICATION_CLIENT_SECRET -f fluentui_calendar/src/main/res/values -r fluentui_calendar -o fluentui_calendar/src/main/res/values -./GetLocalizedFiles.sh -t $TDBUILD_TEAM_ID -u -a $TDBUILD_AAD_APPLICATION_CLIENT_ID -p $TDBUILD_AAD_APPLICATION_CLIENT_SECRET -f fluentui_ccb/src/main/res/values -r fluentui_ccb -o fluentui_ccb/src/main/res/values -./GetLocalizedFiles.sh -t $TDBUILD_TEAM_ID -u -a $TDBUILD_AAD_APPLICATION_CLIENT_ID -p $TDBUILD_AAD_APPLICATION_CLIENT_SECRET -f fluentui_controls/src/main/res/values -r fluentui_controls -o fluentui_controls/src/main/res/values -./GetLocalizedFiles.sh -t $TDBUILD_TEAM_ID -u -a $TDBUILD_AAD_APPLICATION_CLIENT_ID -p $TDBUILD_AAD_APPLICATION_CLIENT_SECRET -f fluentui_core/src/main/res/values -r fluentui_core -o fluentui_core/src/main/res/values -./GetLocalizedFiles.sh -t $TDBUILD_TEAM_ID -u -a $TDBUILD_AAD_APPLICATION_CLIENT_ID -p $TDBUILD_AAD_APPLICATION_CLIENT_SECRET -f fluentui_drawer/src/main/res/values -r fluentui_drawer -o fluentui_drawer/src/main/res/values -./GetLocalizedFiles.sh -t $TDBUILD_TEAM_ID -u -a $TDBUILD_AAD_APPLICATION_CLIENT_ID -p $TDBUILD_AAD_APPLICATION_CLIENT_SECRET -f fluentui_listitem/src/main/res/values -r fluentui_listitem -o fluentui_listitem/src/main/res/values -./GetLocalizedFiles.sh -t $TDBUILD_TEAM_ID -u -a $TDBUILD_AAD_APPLICATION_CLIENT_ID -p $TDBUILD_AAD_APPLICATION_CLIENT_SECRET -f fluentui_menus/src/main/res/values -r fluentui_menus -o fluentui_menus/src/main/res/values -./GetLocalizedFiles.sh -t $TDBUILD_TEAM_ID -u -a $TDBUILD_AAD_APPLICATION_CLIENT_ID -p $TDBUILD_AAD_APPLICATION_CLIENT_SECRET -f fluentui_notification/src/main/res/values -r fluentui_notification -o fluentui_notification/src/main/res/values -./GetLocalizedFiles.sh -t $TDBUILD_TEAM_ID -u -a $TDBUILD_AAD_APPLICATION_CLIENT_ID -p $TDBUILD_AAD_APPLICATION_CLIENT_SECRET -f fluentui_others/src/main/res/values -r fluentui_others -o fluentui_others/src/main/res/values -./GetLocalizedFiles.sh -t $TDBUILD_TEAM_ID -u -a $TDBUILD_AAD_APPLICATION_CLIENT_ID -p $TDBUILD_AAD_APPLICATION_CLIENT_SECRET -f fluentui_peoplepicker/src/main/res/values -r fluentui_peoplepicker -o fluentui_peoplepicker/src/main/res/values -./GetLocalizedFiles.sh -t $TDBUILD_TEAM_ID -u -a $TDBUILD_AAD_APPLICATION_CLIENT_ID -p $TDBUILD_AAD_APPLICATION_CLIENT_SECRET -f fluentui_persona/src/main/res/values -r fluentui_persona -o fluentui_persona/src/main/res/values -./GetLocalizedFiles.sh -t $TDBUILD_TEAM_ID -u -a $TDBUILD_AAD_APPLICATION_CLIENT_ID -p $TDBUILD_AAD_APPLICATION_CLIENT_SECRET -f fluentui_progress/src/main/res/values -r fluentui_progress -o fluentui_progress/src/main/res/values -./GetLocalizedFiles.sh -t $TDBUILD_TEAM_ID -u -a $TDBUILD_AAD_APPLICATION_CLIENT_ID -p $TDBUILD_AAD_APPLICATION_CLIENT_SECRET -f fluentui_tablayout/src/main/res/values -r fluentui_tablayout -o fluentui_tablayout/src/main/res/values -./GetLocalizedFiles.sh -t $TDBUILD_TEAM_ID -u -a $TDBUILD_AAD_APPLICATION_CLIENT_ID -p $TDBUILD_AAD_APPLICATION_CLIENT_SECRET -f fluentui_topappbars/src/main/res/values -r fluentui_topappbars -o fluentui_topappbars/src/main/res/values -./GetLocalizedFiles.sh -t $TDBUILD_TEAM_ID -u -a $TDBUILD_AAD_APPLICATION_CLIENT_ID -p $TDBUILD_AAD_APPLICATION_CLIENT_SECRET -f fluentui_transients/src/main/res/values -r fluentui_transients -o fluentui_transients/src/main/res/values +./GetLocalizedFiles.sh -t $TDBUILD_TEAM_ID -u -a $TD_ACCESS_TOKEN -f FluentUI.Demo/src/main/res/values -r demo -o FluentUI.Demo/src/main/res/values +./GetLocalizedFiles.sh -t $TDBUILD_TEAM_ID -u -a $TD_ACCESS_TOKEN -f fluentui_calendar/src/main/res/values -r fluentui_calendar -o fluentui_calendar/src/main/res/values +./GetLocalizedFiles.sh -t $TDBUILD_TEAM_ID -u -a $TD_ACCESS_TOKEN -f fluentui_ccb/src/main/res/values -r fluentui_ccb -o fluentui_ccb/src/main/res/values +./GetLocalizedFiles.sh -t $TDBUILD_TEAM_ID -u -a $TD_ACCESS_TOKEN -f fluentui_controls/src/main/res/values -r fluentui_controls -o fluentui_controls/src/main/res/values +./GetLocalizedFiles.sh -t $TDBUILD_TEAM_ID -u -a $TD_ACCESS_TOKEN -f fluentui_core/src/main/res/values -r fluentui_core -o fluentui_core/src/main/res/values +./GetLocalizedFiles.sh -t $TDBUILD_TEAM_ID -u -a $TD_ACCESS_TOKEN -f fluentui_drawer/src/main/res/values -r fluentui_drawer -o fluentui_drawer/src/main/res/values +./GetLocalizedFiles.sh -t $TDBUILD_TEAM_ID -u -a $TD_ACCESS_TOKEN -f fluentui_listitem/src/main/res/values -r fluentui_listitem -o fluentui_listitem/src/main/res/values +./GetLocalizedFiles.sh -t $TDBUILD_TEAM_ID -u -a $TD_ACCESS_TOKEN -f fluentui_menus/src/main/res/values -r fluentui_menus -o fluentui_menus/src/main/res/values +./GetLocalizedFiles.sh -t $TDBUILD_TEAM_ID -u -a $TD_ACCESS_TOKEN -f fluentui_notification/src/main/res/values -r fluentui_notification -o fluentui_notification/src/main/res/values +./GetLocalizedFiles.sh -t $TDBUILD_TEAM_ID -u -a $TD_ACCESS_TOKEN -f fluentui_others/src/main/res/values -r fluentui_others -o fluentui_others/src/main/res/values +./GetLocalizedFiles.sh -t $TDBUILD_TEAM_ID -u -a $TD_ACCESS_TOKEN -f fluentui_peoplepicker/src/main/res/values -r fluentui_peoplepicker -o fluentui_peoplepicker/src/main/res/values +./GetLocalizedFiles.sh -t $TDBUILD_TEAM_ID -u -a $TD_ACCESS_TOKEN -f fluentui_persona/src/main/res/values -r fluentui_persona -o fluentui_persona/src/main/res/values +./GetLocalizedFiles.sh -t $TDBUILD_TEAM_ID -u -a $TD_ACCESS_TOKEN -f fluentui_progress/src/main/res/values -r fluentui_progress -o fluentui_progress/src/main/res/values +./GetLocalizedFiles.sh -t $TDBUILD_TEAM_ID -u -a $TD_ACCESS_TOKEN -f fluentui_tablayout/src/main/res/values -r fluentui_tablayout -o fluentui_tablayout/src/main/res/values +./GetLocalizedFiles.sh -t $TDBUILD_TEAM_ID -u -a $TD_ACCESS_TOKEN -f fluentui_topappbars/src/main/res/values -r fluentui_topappbars -o fluentui_topappbars/src/main/res/values +./GetLocalizedFiles.sh -t $TDBUILD_TEAM_ID -u -a $TD_ACCESS_TOKEN -f fluentui_transients/src/main/res/values -r fluentui_transients -o fluentui_transients/src/main/res/values