📚 Documentation needed for commit test

[github-actions]

Summary

Commit 6530536 introduces OIDC-based keyless authentication for GitHub Actions via a User-Assigned Managed Identity (UAMI), which is a significant security and infrastructure change that requires documentation.

What Changed

infra/identity.tf (60 additions)

• New UAMI resource: azurerm_user_assigned_identity.workload (uami-agentic-workload)
• 4 GitHub Actions OIDC federated credentials: env:copilot, env:demo, branch:main, pull_request
• 2 Azure role assignments: Contributor on RG, AKS Cluster Admin

infra/outputs.tf (17 additions)

• uami_client_id, uami_principal_id, github_actions_env_vars, oidc_issuer_url

Why Documentation is Needed

• New integration (Azure OIDC + GitHub Actions) ✅
• Security configuration change ✅
• New Terraform outputs users must act on ✅
• Breaking change (no static credentials) ✅

Recommended Documentation Updates

1. README.md — Add OIDC/UAMI setup section
2. New infra/README.md — Document identity.tf, outputs, role assignments
3. GitHub Actions workflow docs — ARM_USE_OIDC usage

⚠️ Breaking / Migration Notes

This change moves away from service principal secrets. Workflows using ARM_CLIENT_SECRET must be updated to use ARM_USE_OIDC: true.

Reference

• Commit: 653053615c03ca44d21dc3cf1e723a334b91c199
• Files: infra/identity.tf, infra/outputs.tf