Merge pull request #20 from docusign/cvarma/updates-hosting-setup

Author: cvarma2

src/content/docs/infrastructure/hosting-setup.mdx

@@ -157,7 +157,92 @@ To enable continuous deployment from a GitHub repository, follow the steps in th
 
 </section>
 
-**Example Implementation:** [1fe Starter App CI Workflow](https://github.com/docusign/1fe-starter-app/blob/main/.github/workflows/ci.yml)
+### Example Implementation: [1fe Starter App CI Workflow](https://github.com/docusign/1fe-starter-app/blob/main/.github/workflows/ci.yml)
+
+
+##### GitHub Secrets Configuration for the 1fe Starter App CI Workflow
+
+Your CI/CD workflow requires several secrets to deploy to Azure Web App hosting. These secrets are referenced in the [1fe-starter-app CI workflow](https://github.com/docusign/1fe-starter-app/blob/main/.github/workflows/ci.yml#L24-L30):
+
+```yaml
+SSH_PRIVATE_1FE: ${{ secrets.SSH_PRIVATE_1FE }}
+AKAMAI_NS_SSH_PRIVATE_KEY: ${{ secrets.AKAMAI_NS_SSH_PRIVATE_KEY }}
+AZUREAPPSERVICE_CLIENTID: ${{ secrets.AZUREAPPSERVICE_CLIENTID }}
+AZUREAPPSERVICE_TENANTID: ${{ secrets.AZUREAPPSERVICE_TENANTID }}
+AZUREAPPSERVICE_SUBSCRIPTIONID: ${{ secrets.AZUREAPPSERVICE_SUBSCRIPTIONID }}
+AZURE_RESOURCE_GROUP: ${{ secrets.AZURE_RESOURCE_GROUP }}
+NPM_TOKEN_READONLY: ${{ secrets.NPM_TOKEN_READONLY_1FE }}
+```
+
+### Required Secrets
+
+<section>
+
+**Azure Web App Deployment:**
+- `AZUREAPPSERVICE_CLIENTID` - Service Principal Client ID for Azure authentication
+- `AZUREAPPSERVICE_TENANTID` - Azure AD Tenant ID
+- `AZUREAPPSERVICE_SUBSCRIPTIONID` - Your Azure Subscription ID
+- `AZURE_RESOURCE_GROUP` - Resource group containing your Azure Web App
+
+**SSH Keys:**
+- `SSH_PRIVATE_1FE` - Private SSH key for deployment access
+- `AKAMAI_NS_SSH_PRIVATE_KEY` - Akamai NetStorage SSH private key for CDN uploads
+
+**Package Registry:**
+- `NPM_TOKEN_READONLY` - Read-only NPM token for accessing private packages
+
+</section>
+
+### How to Configure Secrets
+
+<section>
+
+1. **Navigate to Repository Settings**  
+   Go to your GitHub repository → **Settings** → **Secrets and variables** → **Actions**
+
+2. **Add Each Secret**  
+   Click **"New repository secret"** and add each secret with the exact name shown above
+
+3. **Obtain Secret Values:**
+
+**Azure Service Principal Credentials:**
+
+To get the Azure secrets, you need to create a Service Principal and gather Azure subscription information:
+
+**Via Azure CLI:**
+```bash
+# Login to Azure
+az login
+
+# Get your subscription ID
+az account show --query id --output tsv
+
+# Get your tenant ID  
+az account show --query tenantId --output tsv
+
+# Create Service Principal with Contributor role
+az ad sp create-for-rbac --name "1fe-deployment-sp" \
+  --role contributor \
+  --scopes /subscriptions/{your-subscription-id}/resourceGroups/{your-resource-group-name}
+```
+
+This command outputs JSON containing your `AZUREAPPSERVICE_CLIENTID` (`appId`) and creates the service principal.
+
+**Via Azure Portal:**
+1. **Subscription ID**: Azure Portal → Subscriptions → Copy your subscription ID
+2. **Tenant ID**: Azure Portal → Azure Active Directory → Properties → Directory ID  
+3. **Service Principal**: Azure Portal → Azure Active Directory → App registrations → New registration
+4. **Resource Group**: The name of your existing Azure resource group containing your Web App
+
+**Other Credentials:**
+   - **SSH keys**: Generate using `ssh-keygen -t rsa -b 4096` or obtain from your infrastructure team
+   - **NPM token**: Create in NPM registry settings or obtain from your DevOps team
+
+</section>
+
+:::tip[Team Coordination]
+These secrets may already be configured by your DevOps or infrastructure team. Check with them before creating new credentials to avoid duplicating access keys.
+:::
 
 #### <FaMicrosoft style={{ display: 'inline', marginRight: '0.5rem', verticalAlign: 'middle', color: '#0078D4' }} /> Step 4: Add and Configure a Custom Domain
 
@@ -166,33 +251,36 @@ Your Web App has a default domain (e.g., `1fe-demo.azurewebsites.net`), but you
 
 **Setup Instructions:**
 
-1. **Navigate to Your Web App Resource**
-   - In the Azure Portal, navigate to your Web App resource
+<section>
 
-2. **Access Custom Domains Section**
-   - In the left-hand menu, select **Custom domains**
+1. **Navigate to Your Web App Resource**  
+   In the Azure Portal, navigate to your Web App resource
+
+2. **Access Custom Domains Section**  
+   In the left-hand menu, select **Custom domains**
 
-3. **Start Adding Custom Domain**
-   - Click **+ Add custom domain**
+3. **Start Adding Custom Domain**  
+   Click **+ Add custom domain**
 
-4. **Select Your DNS Provider**
-   - **Domain provider**: Select your DNS provider (e.g., GoDaddy, Cloudflare)
+4. **Select Your DNS Provider**  
+   **Domain provider**: Select your DNS provider (e.g., GoDaddy, Cloudflare)
 
-5. **Enter Your Domain Name**
-   - Enter the domain name you want to use (e.g., `demo.yourdomain.com`)
+5. **Enter Your Domain Name**  
+   Enter the domain name you want to use (e.g., `demo.yourdomain.com`)
 
-6. **Review DNS Record Requirements**
-   - The portal will provide you with DNS record information to validate ownership
+6. **Review DNS Record Requirements**  
+   The portal will provide you with DNS record information to validate ownership
 
-7. **Create Required DNS Records**
-   - You will need to create a TXT and/or a CNAME record with your domain registrar
-   - Use the DNS information provided by Azure
+7. **Create Required DNS Records**  
+   Create a TXT and/or a CNAME record with your domain registrar using the DNS information provided by Azure
 
-8. **Validate Domain Ownership**
-   - Once the DNS records are created, click **Validate** in the Azure Portal
+8. **Validate Domain Ownership**  
+   Once the DNS records are created, click **Validate** in the Azure Portal
 
-9. **Complete Domain Addition**
-   - After validation is successful, click **Add custom domain**
+9. **Complete Domain Addition**  
+   After validation is successful, click **Add custom domain**
+
+</section>
 
 :::note[App Service Plan Requirement]
 Your App Service plan must be a paid tier (e.g., Basic, Standard, Premium) to add a custom domain. The Free (F1) and Shared (D1) tiers do not support custom domains.