mirror of
https://github.com/azure/login.git
synced 2026-03-15 09:20:56 -04:00
Compare commits
1 Commits
releases/v
...
releases/v
| Author | SHA1 | Date | |
|---|---|---|---|
|
6b2456866f |
33
.github/workflows/azure-login-negative.yml
vendored
33
.github/workflows/azure-login-negative.yml
vendored
@@ -333,3 +333,36 @@ jobs:
|
||||
with:
|
||||
script: |
|
||||
core.setFailed('Last action should fail but not. Please check it.')
|
||||
|
||||
VMTest:
|
||||
strategy:
|
||||
matrix:
|
||||
os: [self_linux, self_windows]
|
||||
runs-on: ${{ matrix.os }}
|
||||
environment: Automation test
|
||||
|
||||
steps:
|
||||
- name: 'Checking out repo code'
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Set Node.js 20.x for GitHub Action
|
||||
uses: actions/setup-node@v4
|
||||
with:
|
||||
node-version: 20.x
|
||||
|
||||
- name: 'Validate build'
|
||||
run: |
|
||||
npm install
|
||||
npm run build
|
||||
|
||||
- name: Login with system-assigned managed identity without auth-type
|
||||
id: login_14
|
||||
continue-on-error: true
|
||||
uses: ./
|
||||
|
||||
- name: Check Last step failed
|
||||
if: steps.login_14.outcome == 'success'
|
||||
uses: actions/github-script@v7
|
||||
with:
|
||||
script: |
|
||||
core.setFailed('Last action should fail but not. Please check it.')
|
||||
|
||||
165
.github/workflows/azure-login-positive.yml
vendored
165
.github/workflows/azure-login-positive.yml
vendored
@@ -12,7 +12,7 @@ jobs:
|
||||
BasicTest:
|
||||
strategy:
|
||||
matrix:
|
||||
os: [ubuntu-latest, windows-latest, macos-latest]
|
||||
os: [ubuntu-latest, windows-latest, macos-latest, self_linux, self_windows]
|
||||
runs-on: ${{ matrix.os }}
|
||||
environment: Automation test
|
||||
|
||||
@@ -47,11 +47,13 @@ jobs:
|
||||
az vm list --output none
|
||||
|
||||
- name: Run Azure PowerShell
|
||||
uses: azure/powershell@v2
|
||||
uses: azure/powershell@v1
|
||||
with:
|
||||
azPSVersion: "latest"
|
||||
inlineScript: |
|
||||
$checkResult = (Get-AzContext).Environment.Name -eq 'AzureCloud'
|
||||
$checkResult = $checkResult -and ((Get-AzResourceGroup -Name GitHubAction_CI_RG).ResourceGroupName -eq 'GitHubAction_CI_RG')
|
||||
$checkResult = $checkResult -and ((Get-AzVM).Count -gt 0)
|
||||
if(-not $checkResult){
|
||||
throw "Not all checks passed!"
|
||||
}
|
||||
@@ -69,7 +71,7 @@ jobs:
|
||||
az account show --output none
|
||||
|
||||
- name: Run Azure PowerShell again
|
||||
uses: azure/powershell@v2
|
||||
uses: azure/powershell@v1
|
||||
with:
|
||||
azPSVersion: "latest"
|
||||
inlineScript: |
|
||||
@@ -92,11 +94,13 @@ jobs:
|
||||
az vm list --output none
|
||||
|
||||
- name: Run Azure PowerShell
|
||||
uses: azure/powershell@v2
|
||||
uses: azure/powershell@v1
|
||||
with:
|
||||
azPSVersion: "latest"
|
||||
inlineScript: |
|
||||
$checkResult = (Get-AzContext).Environment.Name -eq 'AzureCloud'
|
||||
$checkResult = $checkResult -and ((Get-AzResourceGroup -Name GitHubAction_CI_RG).ResourceGroupName -eq 'GitHubAction_CI_RG')
|
||||
$checkResult = $checkResult -and ((Get-AzVM).Count -gt 0)
|
||||
if(-not $checkResult){
|
||||
throw "Not all checks passed!"
|
||||
}
|
||||
@@ -160,11 +164,13 @@ jobs:
|
||||
az vm list --output none
|
||||
|
||||
- name: Run Azure PowerShell
|
||||
uses: azure/powershell@v2
|
||||
uses: azure/powershell@v1
|
||||
with:
|
||||
azPSVersion: "latest"
|
||||
inlineScript: |
|
||||
$checkResult = (Get-AzContext).Environment.Name -eq 'AzureCloud'
|
||||
$checkResult = $checkResult -and ((Get-AzResourceGroup -Name GitHubAction_CI_RG).ResourceGroupName -eq 'GitHubAction_CI_RG')
|
||||
$checkResult = $checkResult -and ((Get-AzVM).Count -gt 0)
|
||||
if(-not $checkResult){
|
||||
throw "Not all checks passed!"
|
||||
}
|
||||
@@ -183,7 +189,7 @@ jobs:
|
||||
az account show --output none
|
||||
|
||||
- name: Run Azure PowerShell again
|
||||
uses: azure/powershell@v2
|
||||
uses: azure/powershell@v1
|
||||
with:
|
||||
azPSVersion: "latest"
|
||||
inlineScript: |
|
||||
@@ -203,13 +209,13 @@ jobs:
|
||||
- name: Run Azure Cli
|
||||
shell: pwsh
|
||||
run: |
|
||||
$checkResult = (az account list --output json | ConvertFrom-Json).Count -eq 3
|
||||
$checkResult = (az account list --output json | ConvertFrom-Json).Count -eq 2
|
||||
if(-not $checkResult){
|
||||
throw "Not all checks passed!"
|
||||
}
|
||||
|
||||
- name: Run Azure PowerShell
|
||||
uses: azure/powershell@v2
|
||||
uses: azure/powershell@v1
|
||||
with:
|
||||
azPSVersion: "latest"
|
||||
inlineScript: |
|
||||
@@ -230,7 +236,7 @@ jobs:
|
||||
az account show --output none
|
||||
|
||||
- name: Run Azure PowerShell
|
||||
uses: azure/powershell@v2
|
||||
uses: azure/powershell@v1
|
||||
with:
|
||||
azPSVersion: "latest"
|
||||
inlineScript: |
|
||||
@@ -239,10 +245,13 @@ jobs:
|
||||
throw "Not all checks passed!"
|
||||
}
|
||||
|
||||
InDockerTest:
|
||||
runs-on: ubuntu-latest
|
||||
container: ubuntu:24.04
|
||||
VMTest:
|
||||
strategy:
|
||||
matrix:
|
||||
os: [self_linux, self_windows]
|
||||
runs-on: ${{ matrix.os }}
|
||||
environment: Automation test
|
||||
|
||||
steps:
|
||||
- name: 'Checking out repo code'
|
||||
uses: actions/checkout@v4
|
||||
@@ -252,64 +261,102 @@ jobs:
|
||||
with:
|
||||
node-version: 20.x
|
||||
|
||||
- name: Install Azure CLI
|
||||
run: |
|
||||
apt-get update
|
||||
apt-get install -y curl
|
||||
curl -sL https://aka.ms/InstallAzureCLIDeb | bash
|
||||
|
||||
- name: Check Azure CLI Version
|
||||
run: |
|
||||
az --version
|
||||
|
||||
- name: Install Powershell
|
||||
run: |
|
||||
apt-get update
|
||||
apt-get install -y wget
|
||||
wget https://mirror.it.ubc.ca/ubuntu/pool/main/i/icu/libicu72_72.1-3ubuntu3_amd64.deb
|
||||
dpkg -i libicu72_72.1-3ubuntu3_amd64.deb
|
||||
wget https://github.com/PowerShell/PowerShell/releases/download/v7.4.3/powershell_7.4.3-1.deb_amd64.deb
|
||||
dpkg -i powershell_7.4.3-1.deb_amd64.deb
|
||||
|
||||
- name: Check Powershell Version
|
||||
shell: pwsh
|
||||
run: |
|
||||
$PSVersionTable
|
||||
|
||||
- name: Install Azure Powershell
|
||||
shell: pwsh
|
||||
run: |
|
||||
Install-Module -Name Az -Repository PSGallery -Force
|
||||
|
||||
- name: Check Azure Powershell Version
|
||||
shell: pwsh
|
||||
run: |
|
||||
Get-Module -ListAvailable Az
|
||||
|
||||
- name: 'Validate build'
|
||||
run: |
|
||||
npm install
|
||||
npm run build
|
||||
|
||||
- name: 'Run L0 tests'
|
||||
run: |
|
||||
npm run test
|
||||
|
||||
- name: Login with individual parameters
|
||||
- name: Login with system-assigned managed identity, no subscription-id
|
||||
uses: ./
|
||||
with:
|
||||
client-id: ${{ secrets.SP1_CLIENT_ID }}
|
||||
tenant-id: ${{ secrets.SP1_TENANT_ID }}
|
||||
subscription-id: ${{ secrets.SP1_SUBSCRIPTION_ID }}
|
||||
auth-type: IDENTITY
|
||||
allow-no-subscriptions: true
|
||||
enable-AzPSSession: true
|
||||
|
||||
- name: Run Azure Cli again
|
||||
- name: Run Azure Cli
|
||||
run: |
|
||||
az group list --output none
|
||||
az account show --output none
|
||||
|
||||
- name: Run Azure PowerShell again
|
||||
uses: azure/powershell@v2
|
||||
- name: Run Azure PowerShell
|
||||
uses: azure/powershell@v1
|
||||
with:
|
||||
azPSVersion: "latest"
|
||||
inlineScript: |
|
||||
$checkResult = Get-AzResourceGroup
|
||||
$checkResult = (Get-AzContext).Environment.Name -eq 'AzureCloud'
|
||||
if(-not $checkResult){
|
||||
throw "Not all checks passed!"
|
||||
}
|
||||
|
||||
- name: Login with system-assigned managed identity, with subscription id
|
||||
uses: ./
|
||||
with:
|
||||
auth-type: IDENTITY
|
||||
subscription-id: ${{ secrets.AZURE_SUBSCRIPTIONID }}
|
||||
enable-AzPSSession: true
|
||||
|
||||
- name: Run Azure Cli
|
||||
run: |
|
||||
az account show --output none
|
||||
az group show --name GitHubAction_CI_RG --output none
|
||||
az vm list --output none
|
||||
|
||||
- name: Run Azure PowerShell
|
||||
uses: azure/powershell@v1
|
||||
with:
|
||||
azPSVersion: "latest"
|
||||
inlineScript: |
|
||||
$checkResult = (Get-AzContext).Environment.Name -eq 'AzureCloud'
|
||||
$checkResult = $checkResult -and ((Get-AzResourceGroup -Name GitHubAction_CI_RG).ResourceGroupName -eq 'GitHubAction_CI_RG')
|
||||
$checkResult = $checkResult -and ((Get-AzVM).Count -gt 0)
|
||||
if(-not $checkResult){
|
||||
throw "Not all checks passed!"
|
||||
}
|
||||
|
||||
- name: Login with tenant-level user-assigned managed identity with allow-no-subscriptions
|
||||
uses: ./
|
||||
with:
|
||||
client-id: ${{ secrets.UMI2_CLIENT_ID }}
|
||||
allow-no-subscriptions: true
|
||||
auth-type: IDENTITY
|
||||
enable-AzPSSession: true
|
||||
|
||||
- name: Run Azure Cli
|
||||
run: |
|
||||
az account show --output none
|
||||
|
||||
- name: Run Azure PowerShell
|
||||
uses: azure/powershell@v1
|
||||
with:
|
||||
azPSVersion: "latest"
|
||||
inlineScript: |
|
||||
$checkResult = (Get-AzContext).Environment.Name -eq 'AzureCloud'
|
||||
if(-not $checkResult){
|
||||
throw "Not all checks passed!"
|
||||
}
|
||||
|
||||
- name: Login with user-assigned managed identity, subscription-id
|
||||
uses: ./
|
||||
with:
|
||||
client-id: ${{ secrets.UMI1_CLIENT_ID }}
|
||||
subscription-id: ${{ secrets.UMI1_SUBSCRIPTION_ID }}
|
||||
auth-type: IDENTITY
|
||||
enable-AzPSSession: true
|
||||
|
||||
- name: Run Azure Cli
|
||||
run: |
|
||||
az account show --output none
|
||||
az group show --name GitHubAction_CI_RG --output none
|
||||
az vm list --output none
|
||||
|
||||
- name: Run Azure PowerShell
|
||||
uses: azure/powershell@v1
|
||||
with:
|
||||
azPSVersion: "latest"
|
||||
inlineScript: |
|
||||
$checkResult = (Get-AzContext).Environment.Name -eq 'AzureCloud'
|
||||
$checkResult = $checkResult -and ((Get-AzResourceGroup -Name GitHubAction_CI_RG).ResourceGroupName -eq 'GitHubAction_CI_RG')
|
||||
$checkResult = $checkResult -and ((Get-AzVM).Count -gt 0)
|
||||
if(-not $checkResult){
|
||||
throw "Not all checks passed!"
|
||||
}
|
||||
|
||||
|
||||
46
.github/workflows/azure-login-pr-check.yml
vendored
46
.github/workflows/azure-login-pr-check.yml
vendored
@@ -1,12 +1,13 @@
|
||||
name: pr-check
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
pull_request_target:
|
||||
branches:
|
||||
- master
|
||||
- 'releases/*'
|
||||
jobs:
|
||||
az-login-test:
|
||||
environment: Automation test
|
||||
runs-on: windows-latest
|
||||
steps:
|
||||
- name: Checkout from PR branch
|
||||
@@ -27,5 +28,44 @@ jobs:
|
||||
- name: Build GitHub Action
|
||||
run: npm run build
|
||||
|
||||
- name: Run mock test
|
||||
run: npm run test
|
||||
- name: 'Az CLI login with subscription'
|
||||
uses: ./
|
||||
with:
|
||||
creds: ${{ secrets.AZURE_CREDENTIALS }}
|
||||
|
||||
- run: |
|
||||
az account show --output none
|
||||
az vm list --output none
|
||||
|
||||
- name: 'Az CLI login without subscription'
|
||||
uses: ./
|
||||
with:
|
||||
creds: ${{ secrets.AZURE_CREDENTIALS_NO_SUB }}
|
||||
allow-no-subscriptions: true
|
||||
|
||||
- run: |
|
||||
az account show --output none
|
||||
# az vm list --output none
|
||||
|
||||
- name: 'Azure PowerShell login with subscription'
|
||||
uses: ./
|
||||
with:
|
||||
creds: ${{ secrets.AZURE_CREDENTIALS }}
|
||||
enable-AzPSSession: true
|
||||
|
||||
- uses: azure/powershell@v1
|
||||
with:
|
||||
inlineScript: "(Get-AzContext).Environment.Name"
|
||||
azPSVersion: "latest"
|
||||
|
||||
# - name: 'Azure PowerShell login without subscription'
|
||||
# uses: ./
|
||||
# with:
|
||||
# creds: ${{secrets.AZURE_CREDENTIALS_NO_SUB}}
|
||||
# enable-AzPSSession: true
|
||||
# allow-no-subscriptions: true
|
||||
|
||||
# - uses: azure/powershell@v1
|
||||
# with:
|
||||
# inlineScript: "Get-AzContext"
|
||||
# azPSVersion: "latest"
|
||||
|
||||
@@ -7,4 +7,3 @@ Resources:
|
||||
- [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/)
|
||||
- [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/)
|
||||
- Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns
|
||||
- Employees can reach out at [aka.ms/opensource/moderation-support](https://aka.ms/opensource/moderation-support)
|
||||
|
||||
144
README.md
144
README.md
@@ -19,7 +19,6 @@
|
||||
- [Login to Azure US Government cloud](#login-to-azure-us-government-cloud)
|
||||
- [Login to Azure Stack Hub](#login-to-azure-stack-hub)
|
||||
- [Login without subscription](#login-without-subscription)
|
||||
- [Enable/Disable the cleanup steps](#enabledisable-the-cleanup-steps)
|
||||
- [Security hardening](#security-hardening)
|
||||
- [Azure CLI dependency](#azure-cli-dependency)
|
||||
- [Reference](#reference)
|
||||
@@ -57,7 +56,7 @@ Azure Login Action supports different ways of authentication with Azure.
|
||||
|tenant-id|false|UUID||the login tenant id|
|
||||
|creds|false|string||a json string for login with an Azure service principal|
|
||||
|enable-AzPSSession|false|boolean|false|if Azure PowerShell login is enabled|
|
||||
|environment|false|string|azurecloud|the Azure Cloud environment. For cloud environments other than the public cloud, the `audience` will also need to be updated.|
|
||||
|environment|false|string|azurecloud|the Azure Cloud environment|
|
||||
|allow-no-subscriptions|false|boolean|false|if login without subscription is allowed|
|
||||
|audience|false|string|api://AzureADTokenExchange|the audience to get the JWT ID token from GitHub OIDC provider|
|
||||
|auth-type|false|string|SERVICE_PRINCIPAL|the auth type|
|
||||
@@ -127,8 +126,6 @@ By default, Azure Login Action connects to the Azure Public Cloud (`AzureCloud`)
|
||||
|
||||
To login to one of the Azure Government clouds or Azure Stack, set `environment` to one of the supported values `AzureUSGovernment` or `AzureChinaCloud` or `AzureGermanCloud` or `AzureStack`.
|
||||
|
||||
The default [`audience`](#audience) for each of these clouds is different and will also need to be set if using anything other than the public environment.
|
||||
|
||||
Refer to [Login to Azure US Government cloud](#login-to-azure-us-government-cloud) for its usage.
|
||||
|
||||
### `allow-no-subscriptions`
|
||||
@@ -156,7 +153,7 @@ Refer to [Login With System-assigned Managed Identity](#login-with-system-assign
|
||||
> - Ensure the CLI version is 2.30 or above to support login with OIDC.
|
||||
> - By default, Azure access tokens issued during OIDC based login could have limited validity. Azure access token issued by Service Principal is expected to have an expiration of 1 hour by default. And with Managed Identities, it would be 24 hours. This expiration time is further configurable in Azure. Refer to [access-token lifetime](https://learn.microsoft.com/azure/active-directory/develop/access-tokens#access-token-lifetime) for more details.
|
||||
|
||||
Before you use Azure Login Action with OIDC, you need to configure a federated identity credential on a service principal or a managed identity.
|
||||
Before you use Azure Login Action with OIDC, you need to configure a federated identity credential on an service principal or a managed identity.
|
||||
|
||||
- Prepare a service principal for Login with OIDC
|
||||
- [Create a service principal and assign a role to it](https://learn.microsoft.com/entra/identity-platform/howto-create-service-principal-portal)
|
||||
@@ -200,7 +197,7 @@ jobs:
|
||||
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
||||
|
||||
- name: Azure CLI script
|
||||
uses: azure/cli@v2
|
||||
uses: azure/CLI@v1
|
||||
with:
|
||||
azcliversion: latest
|
||||
inlineScript: |
|
||||
@@ -231,14 +228,14 @@ jobs:
|
||||
enable-AzPSSession: true
|
||||
|
||||
- name: Azure CLI script
|
||||
uses: azure/cli@v2
|
||||
uses: azure/CLI@v1
|
||||
with:
|
||||
azcliversion: latest
|
||||
inlineScript: |
|
||||
az account show
|
||||
|
||||
- name: Azure PowerShell script
|
||||
uses: azure/powershell@v2
|
||||
uses: azure/powershell@v1
|
||||
with:
|
||||
azPSVersion: "latest"
|
||||
inlineScript: |
|
||||
@@ -290,11 +287,12 @@ jobs:
|
||||
creds: ${{ secrets.AZURE_CREDENTIALS }}
|
||||
|
||||
- name: Azure CLI script
|
||||
uses: azure/cli@v2
|
||||
uses: azure/CLI@v1
|
||||
with:
|
||||
azcliversion: latest
|
||||
inlineScript: |
|
||||
az account show
|
||||
|
||||
```
|
||||
|
||||
- **The workflow sample to run both Azure CLI and Azure PowerShell**
|
||||
@@ -318,14 +316,14 @@ jobs:
|
||||
enable-AzPSSession: true
|
||||
|
||||
- name: Azure CLI script
|
||||
uses: azure/cli@v2
|
||||
uses: azure/CLI@v1
|
||||
with:
|
||||
azcliversion: latest
|
||||
inlineScript: |
|
||||
az account show
|
||||
|
||||
- name: Azure PowerShell script
|
||||
uses: azure/powershell@v2
|
||||
uses: azure/powershell@v1
|
||||
with:
|
||||
azPSVersion: "latest"
|
||||
inlineScript: |
|
||||
@@ -389,14 +387,14 @@ jobs:
|
||||
# Azure CLI Action only supports linux self-hosted runners for now.
|
||||
# If you want to execute the Azure CLI script on a windows self-hosted runner, you can execute it directly in `run`.
|
||||
- name: Azure CLI script
|
||||
uses: azure/cli@v2
|
||||
uses: azure/CLI@v1
|
||||
with:
|
||||
azcliversion: latest
|
||||
inlineScript: |
|
||||
az account show
|
||||
|
||||
- name: Azure PowerShell script
|
||||
uses: azure/powershell@v2
|
||||
uses: azure/powershell@v1
|
||||
with:
|
||||
azPSVersion: "latest"
|
||||
inlineScript: |
|
||||
@@ -456,14 +454,14 @@ jobs:
|
||||
# Azure CLI Action only supports linux self-hosted runners for now.
|
||||
# If you want to execute the Azure CLI script on a windows self-hosted runner, you can execute it directly in `run`.
|
||||
- name: Azure CLI script
|
||||
uses: azure/cli@v2
|
||||
uses: azure/CLI@v1
|
||||
with:
|
||||
azcliversion: latest
|
||||
inlineScript: |
|
||||
az account show
|
||||
|
||||
- name: Azure PowerShell script
|
||||
uses: azure/powershell@v2
|
||||
uses: azure/powershell@v1
|
||||
with:
|
||||
azPSVersion: "latest"
|
||||
inlineScript: |
|
||||
@@ -490,6 +488,7 @@ jobs:
|
||||
creds: ${{ secrets.AZURE_CREDENTIALS }}
|
||||
environment: 'AzureUSGovernment'
|
||||
enable-AzPSSession: true
|
||||
|
||||
```
|
||||
|
||||
### Login to Azure Stack Hub
|
||||
@@ -512,6 +511,7 @@ jobs:
|
||||
creds: ${{ secrets.AZURE_CREDENTIALS }}
|
||||
environment: 'AzureStack'
|
||||
enable-AzPSSession: true
|
||||
|
||||
```
|
||||
|
||||
Refer to the [Azure Stack Hub Login Action Tutorial](https://learn.microsoft.com/azure-stack/user/ci-cd-github-action-login-cli) for more detailed instructions.
|
||||
@@ -542,130 +542,20 @@ jobs:
|
||||
enable-AzPSSession: true
|
||||
|
||||
- name: Azure CLI script
|
||||
uses: azure/cli@v2
|
||||
uses: azure/CLI@v1
|
||||
with:
|
||||
azcliversion: latest
|
||||
inlineScript: |
|
||||
az account show
|
||||
|
||||
- name: Run Azure PowerShell
|
||||
uses: azure/powershell@v2
|
||||
uses: azure/powershell@v1
|
||||
with:
|
||||
azPSVersion: "latest"
|
||||
inlineScript: |
|
||||
Get-AzContext
|
||||
```
|
||||
|
||||
### Enable/Disable the cleanup steps
|
||||
|
||||
In Azure Login Action, "cleanup" means cleaning up the login context. For security reasons, we recommend users run cleanup every time. But in some scenarios, users need flexible control over cleanup.
|
||||
|
||||
Referring to [`runs` for JavaScript actions](https://docs.github.com/actions/sharing-automations/creating-actions/metadata-syntax-for-github-actions#runs-for-javascript-actions), there are 3 steps in an action: `pre:`, `main:` and `post:`. Azure Login Action only implement 2 steps: `main:` and `post:`.
|
||||
|
||||
There are 2 "cleanup" steps in Azure Login Action:
|
||||
|
||||
- cleanup in `main:`
|
||||
- It's **disabled** by default.
|
||||
- Users can enable it by setting an env variable `AZURE_LOGIN_PRE_CLEANUP` to `true`.
|
||||
- cleanup in `post:`
|
||||
- It's **enabled** by default.
|
||||
- Users can disable it by setting an env variable `AZURE_LOGIN_POST_CLEANUP` to `false`.
|
||||
|
||||
Azure Login Action use env variables to enable or disable cleanup steps. In GitHub Actions, there are three valid scopes for env variables.
|
||||
|
||||
- [env](https://docs.github.com/actions/writing-workflows/workflow-syntax-for-github-actions#env)
|
||||
- valid for all jobs in this workflow.
|
||||
- [jobs.<job_id>.env](https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idenv)
|
||||
- valid for all the steps in the job.
|
||||
- [jobs.<job_id>.steps[*].env](https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsenv)
|
||||
- only valid for the step in a job.
|
||||
|
||||
We set `jobs.<job_id>.steps[*].env` for example. Users can set `env` or `jobs.<job_id>.env` for a wider scope.
|
||||
|
||||
```yaml
|
||||
# File: .github/workflows/workflow.yml
|
||||
|
||||
on: [push]
|
||||
|
||||
name: Cleanup examples for Multiple Azure Login
|
||||
|
||||
jobs:
|
||||
|
||||
deploy:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
|
||||
# enable cleanup for the 1st Azure Login
|
||||
- name: Azure Login
|
||||
uses: azure/login@v2
|
||||
env:
|
||||
AZURE_LOGIN_PRE_CLEANUP: true
|
||||
AZURE_LOGIN_POST_CLEANUP: true
|
||||
with:
|
||||
client-id: ${{ secrets.AZURE_CLIENT_ID }}
|
||||
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
|
||||
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
||||
enable-AzPSSession: true
|
||||
|
||||
# run some actions
|
||||
|
||||
# disable cleanup for all other Azure Login
|
||||
- name: Azure Login 2
|
||||
uses: azure/login@v2
|
||||
env:
|
||||
AZURE_LOGIN_PRE_CLEANUP: false
|
||||
AZURE_LOGIN_POST_CLEANUP: false
|
||||
with:
|
||||
client-id: ${{ secrets.AZURE_CLIENT_ID_2 }}
|
||||
tenant-id: ${{ secrets.AZURE_TENANT_ID_2 }}
|
||||
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID_2 }}
|
||||
enable-AzPSSession: true
|
||||
|
||||
# run other actions
|
||||
|
||||
# disable cleanup for all other Azure Login
|
||||
- name: Azure Login 3
|
||||
uses: azure/login@v2
|
||||
env:
|
||||
AZURE_LOGIN_PRE_CLEANUP: false
|
||||
AZURE_LOGIN_POST_CLEANUP: false
|
||||
with:
|
||||
client-id: ${{ secrets.AZURE_CLIENT_ID_3 }}
|
||||
tenant-id: ${{ secrets.AZURE_TENANT_ID_3 }}
|
||||
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID_3 }}
|
||||
enable-AzPSSession: true
|
||||
|
||||
# run other actions
|
||||
```
|
||||
|
||||
```yaml
|
||||
# File: .github/workflows/workflow.yml
|
||||
|
||||
on: [push]
|
||||
|
||||
name: Disable cleanup for GitHub Hosted Runners
|
||||
|
||||
jobs:
|
||||
|
||||
deploy:
|
||||
runs-on: [ubuntu-latest, self-hosted]
|
||||
steps:
|
||||
|
||||
- name: Azure Login
|
||||
uses: azure/login@v2
|
||||
env:
|
||||
AZURE_LOGIN_PRE_CLEANUP: ${{ startsWith(runner.name, 'GitHub Actions') }}
|
||||
AZURE_LOGIN_POST_CLEANUP: ${{ startsWith(runner.name, 'GitHub Actions') }}
|
||||
with:
|
||||
client-id: ${{ secrets.AZURE_CLIENT_ID }}
|
||||
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
|
||||
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
||||
enable-AzPSSession: true
|
||||
|
||||
# run some actions
|
||||
|
||||
```
|
||||
|
||||
## Security hardening
|
||||
|
||||
> [!WARNING]
|
||||
|
||||
@@ -40,7 +40,7 @@ describe("Getting AzLogin PS script", () => {
|
||||
let loginConfig = new LoginConfig();
|
||||
loginConfig.initialize();
|
||||
return AzPSSCriptBuilder.getAzPSLoginScript(loginConfig).then(([loginMethod, loginScript]) => {
|
||||
expect(loginScript.includes("$psLoginSecrets = ConvertTo-SecureString 'client-secret' -AsPlainText -Force; $psLoginCredential = New-Object System.Management.Automation.PSCredential('client-id', $psLoginSecrets); Connect-AzAccount -ServicePrincipal -Environment 'azurecloud' -Tenant 'tenant-id' -Subscription 'subscription-id' -Credential $psLoginCredential -InformationAction Ignore | out-null;")).toBeTruthy();
|
||||
expect(loginScript.includes("$psLoginSecrets = ConvertTo-SecureString 'client-secret' -AsPlainText -Force; $psLoginCredential = New-Object System.Management.Automation.PSCredential('client-id', $psLoginSecrets); Connect-AzAccount -ServicePrincipal -Environment 'azurecloud' -Tenant 'tenant-id' -Subscription 'subscription-id' -Credential $psLoginCredential | out-null;")).toBeTruthy();
|
||||
expect(loginMethod).toBe('service principal with secret');
|
||||
});
|
||||
});
|
||||
@@ -61,7 +61,7 @@ describe("Getting AzLogin PS script", () => {
|
||||
let loginConfig = new LoginConfig();
|
||||
loginConfig.initialize();
|
||||
return AzPSSCriptBuilder.getAzPSLoginScript(loginConfig).then(([loginMethod, loginScript]) => {
|
||||
expect(loginScript.includes("$psLoginSecrets = ConvertTo-SecureString 'client-se''cret' -AsPlainText -Force; $psLoginCredential = New-Object System.Management.Automation.PSCredential('client-id', $psLoginSecrets); Connect-AzAccount -ServicePrincipal -Environment 'azurecloud' -Tenant 'tenant-id' -Subscription 'subscription-id' -Credential $psLoginCredential -InformationAction Ignore | out-null;")).toBeTruthy();
|
||||
expect(loginScript.includes("$psLoginSecrets = ConvertTo-SecureString 'client-se''cret' -AsPlainText -Force; $psLoginCredential = New-Object System.Management.Automation.PSCredential('client-id', $psLoginSecrets); Connect-AzAccount -ServicePrincipal -Environment 'azurecloud' -Tenant 'tenant-id' -Subscription 'subscription-id' -Credential $psLoginCredential | out-null;")).toBeTruthy();
|
||||
expect(loginMethod).toBe('service principal with secret');
|
||||
});
|
||||
});
|
||||
@@ -82,7 +82,7 @@ describe("Getting AzLogin PS script", () => {
|
||||
let loginConfig = new LoginConfig();
|
||||
loginConfig.initialize();
|
||||
return AzPSSCriptBuilder.getAzPSLoginScript(loginConfig).then(([loginMethod, loginScript]) => {
|
||||
expect(loginScript.includes("$psLoginSecrets = ConvertTo-SecureString 'client-secret' -AsPlainText -Force; $psLoginCredential = New-Object System.Management.Automation.PSCredential('client-id', $psLoginSecrets); Connect-AzAccount -ServicePrincipal -Environment 'azurecloud' -Tenant 'tenant-id' -Subscription 'subscription-id' -Credential $psLoginCredential -InformationAction Ignore | out-null;")).toBeTruthy();
|
||||
expect(loginScript.includes("$psLoginSecrets = ConvertTo-SecureString 'client-secret' -AsPlainText -Force; $psLoginCredential = New-Object System.Management.Automation.PSCredential('client-id', $psLoginSecrets); Connect-AzAccount -ServicePrincipal -Environment 'azurecloud' -Tenant 'tenant-id' -Subscription 'subscription-id' -Credential $psLoginCredential | out-null;")).toBeTruthy();
|
||||
expect(loginMethod).toBe('service principal with secret');
|
||||
});
|
||||
});
|
||||
@@ -100,7 +100,7 @@ describe("Getting AzLogin PS script", () => {
|
||||
loginConfig.initialize();
|
||||
jest.spyOn(loginConfig, 'getFederatedToken').mockImplementation(async () => {loginConfig.federatedToken = "fake-token";});
|
||||
return AzPSSCriptBuilder.getAzPSLoginScript(loginConfig).then(([loginMethod, loginScript]) => {
|
||||
expect(loginScript.includes("Connect-AzAccount -ServicePrincipal -Environment 'azurecloud' -Tenant 'tenant-id' -Subscription 'subscription-id' -ApplicationId 'client-id' -FederatedToken 'fake-token' -InformationAction Ignore | out-null;")).toBeTruthy();
|
||||
expect(loginScript.includes("Connect-AzAccount -ServicePrincipal -Environment 'azurecloud' -Tenant 'tenant-id' -Subscription 'subscription-id' -ApplicationId 'client-id' -FederatedToken 'fake-token' | out-null;")).toBeTruthy();
|
||||
expect(loginMethod).toBe('OIDC');
|
||||
});
|
||||
});
|
||||
@@ -115,7 +115,7 @@ describe("Getting AzLogin PS script", () => {
|
||||
let loginConfig = new LoginConfig();
|
||||
loginConfig.initialize();
|
||||
return AzPSSCriptBuilder.getAzPSLoginScript(loginConfig).then(([loginMethod, loginScript]) => {
|
||||
expect(loginScript.includes("Connect-AzAccount -Identity -Environment 'azurecloud' -Subscription 'subscription-id' -InformationAction Ignore | out-null;")).toBeTruthy();
|
||||
expect(loginScript.includes("Connect-AzAccount -Identity -Environment 'azurecloud' -Subscription 'subscription-id' | out-null;")).toBeTruthy();
|
||||
expect(loginMethod).toBe('system-assigned managed identity');
|
||||
});
|
||||
});
|
||||
@@ -130,7 +130,7 @@ describe("Getting AzLogin PS script", () => {
|
||||
let loginConfig = new LoginConfig();
|
||||
loginConfig.initialize();
|
||||
return AzPSSCriptBuilder.getAzPSLoginScript(loginConfig).then(([loginMethod, loginScript]) => {
|
||||
expect(loginScript.includes("Connect-AzAccount -Identity -Environment 'azurecloud' -InformationAction Ignore | out-null;")).toBeTruthy();
|
||||
expect(loginScript.includes("Connect-AzAccount -Identity -Environment 'azurecloud' | out-null;")).toBeTruthy();
|
||||
expect(loginMethod).toBe('system-assigned managed identity');
|
||||
});
|
||||
});
|
||||
@@ -145,7 +145,7 @@ describe("Getting AzLogin PS script", () => {
|
||||
let loginConfig = new LoginConfig();
|
||||
loginConfig.initialize();
|
||||
return AzPSSCriptBuilder.getAzPSLoginScript(loginConfig).then(([loginMethod, loginScript]) => {
|
||||
expect(loginScript.includes("Connect-AzAccount -Identity -Environment 'azurecloud' -AccountId 'client-id' -InformationAction Ignore | out-null;")).toBeTruthy();
|
||||
expect(loginScript.includes("Connect-AzAccount -Identity -Environment 'azurecloud' -AccountId 'client-id' | out-null;")).toBeTruthy();
|
||||
expect(loginMethod).toBe('user-assigned managed identity');
|
||||
});
|
||||
});
|
||||
|
||||
@@ -39,6 +39,6 @@ branding:
|
||||
color: 'blue'
|
||||
runs:
|
||||
using: 'node20'
|
||||
pre: 'lib/cleanup/index.js'
|
||||
main: 'lib/main/index.js'
|
||||
post-if: (!env.AZURE_LOGIN_POST_CLEANUP || env.AZURE_LOGIN_POST_CLEANUP != 'false')
|
||||
post: 'lib/cleanup/index.js'
|
||||
|
||||
@@ -4055,7 +4055,7 @@ class AzPSScriptBuilder {
|
||||
if (subscriptionId) {
|
||||
loginCmdlet += `-Subscription '${subscriptionId}' `;
|
||||
}
|
||||
loginCmdlet += `${cmdletSuffix} -InformationAction Ignore | out-null;`;
|
||||
loginCmdlet += `${cmdletSuffix} | out-null;`;
|
||||
return loginCmdlet;
|
||||
}
|
||||
}
|
||||
@@ -4441,8 +4441,8 @@ const AzPSUtils_1 = __nccwpck_require__(895);
|
||||
function setUserAgent() {
|
||||
let usrAgentRepo = crypto.createHash('sha256').update(`${process.env.GITHUB_REPOSITORY}`).digest('hex');
|
||||
let actionName = 'AzureLogin';
|
||||
process.env.AZURE_HTTP_USER_AGENT = (!!process.env.AZURE_HTTP_USER_AGENT ? `${process.env.AZURE_HTTP_USER_AGENT} ` : '') + `GITHUBACTIONS/${actionName}@v2_${usrAgentRepo}_${process.env.RUNNER_ENVIRONMENT}_${process.env.GITHUB_RUN_ID}`;
|
||||
process.env.AZUREPS_HOST_ENVIRONMENT = (!!process.env.AZUREPS_HOST_ENVIRONMENT ? `${process.env.AZUREPS_HOST_ENVIRONMENT} ` : '') + `GITHUBACTIONS/${actionName}@v2_${usrAgentRepo}_${process.env.RUNNER_ENVIRONMENT}_${process.env.GITHUB_RUN_ID}`;
|
||||
process.env.AZURE_HTTP_USER_AGENT = (!!process.env.AZURE_HTTP_USER_AGENT ? `${process.env.AZURE_HTTP_USER_AGENT} ` : '') + `GITHUBACTIONS/${actionName}@v1_${usrAgentRepo}`;
|
||||
process.env.AZUREPS_HOST_ENVIRONMENT = (!!process.env.AZUREPS_HOST_ENVIRONMENT ? `${process.env.AZUREPS_HOST_ENVIRONMENT} ` : '') + `GITHUBACTIONS/${actionName}@v1_${usrAgentRepo}`;
|
||||
}
|
||||
exports.setUserAgent = setUserAgent;
|
||||
function cleanupAzCLIAccounts() {
|
||||
|
||||
@@ -4001,9 +4001,9 @@ class AzureCliLogin {
|
||||
}
|
||||
}
|
||||
};
|
||||
yield this.executeAzCliCommand(["version"], true, execOptions);
|
||||
yield this.executeAzCliCommand(["--version"], true, execOptions);
|
||||
core.debug(`Azure CLI version used:\n${output}`);
|
||||
yield this.registerAzurestackEnvIfNecessary();
|
||||
this.setAzurestackEnvIfNecessary();
|
||||
yield this.executeAzCliCommand(["cloud", "set", "-n", this.loginConfig.environment], false);
|
||||
core.info(`Done setting cloud: "${this.loginConfig.environment}"`);
|
||||
if (this.loginConfig.authType === LoginConfig_1.LoginConfig.AUTH_TYPE_SERVICE_PRINCIPAL) {
|
||||
@@ -4029,7 +4029,7 @@ class AzureCliLogin {
|
||||
}
|
||||
});
|
||||
}
|
||||
registerAzurestackEnvIfNecessary() {
|
||||
setAzurestackEnvIfNecessary() {
|
||||
return __awaiter(this, void 0, void 0, function* () {
|
||||
if (this.loginConfig.environment != "azurestack") {
|
||||
return;
|
||||
@@ -4054,7 +4054,7 @@ class AzureCliLogin {
|
||||
let suffixKeyvault = ".vault" + baseUri.substring(baseUri.indexOf('.')); // keyvault suffix starts with .
|
||||
let suffixStorage = baseUri.substring(baseUri.indexOf('.') + 1); // storage suffix starts without .
|
||||
let profileVersion = "2019-03-01-hybrid";
|
||||
yield this.executeAzCliCommand(["cloud", "register", "-n", this.loginConfig.environment, "--endpoint-resource-manager", this.loginConfig.resourceManagerEndpointUrl, "--suffix-keyvault-dns", suffixKeyvault, "--suffix-storage-endpoint", suffixStorage, "--profile", profileVersion], false);
|
||||
yield this.executeAzCliCommand(["cloud", "register", "-n", this.loginConfig.environment, "--endpoint-resource-manager", `"${this.loginConfig.resourceManagerEndpointUrl}"`, "--suffix-keyvault-dns", `"${suffixKeyvault}"`, "--suffix-storage-endpoint", `"${suffixStorage}"`, "--profile", `"${profileVersion}"`], false);
|
||||
}
|
||||
catch (error) {
|
||||
core.error(`Error while trying to register cloud "${this.loginConfig.environment}"`);
|
||||
@@ -4323,7 +4323,7 @@ class AzPSScriptBuilder {
|
||||
if (subscriptionId) {
|
||||
loginCmdlet += `-Subscription '${subscriptionId}' `;
|
||||
}
|
||||
loginCmdlet += `${cmdletSuffix} -InformationAction Ignore | out-null;`;
|
||||
loginCmdlet += `${cmdletSuffix} | out-null;`;
|
||||
return loginCmdlet;
|
||||
}
|
||||
}
|
||||
@@ -4649,8 +4649,8 @@ const AzPSUtils_1 = __nccwpck_require__(1895);
|
||||
function setUserAgent() {
|
||||
let usrAgentRepo = crypto.createHash('sha256').update(`${process.env.GITHUB_REPOSITORY}`).digest('hex');
|
||||
let actionName = 'AzureLogin';
|
||||
process.env.AZURE_HTTP_USER_AGENT = (!!process.env.AZURE_HTTP_USER_AGENT ? `${process.env.AZURE_HTTP_USER_AGENT} ` : '') + `GITHUBACTIONS/${actionName}@v2_${usrAgentRepo}_${process.env.RUNNER_ENVIRONMENT}_${process.env.GITHUB_RUN_ID}`;
|
||||
process.env.AZUREPS_HOST_ENVIRONMENT = (!!process.env.AZUREPS_HOST_ENVIRONMENT ? `${process.env.AZUREPS_HOST_ENVIRONMENT} ` : '') + `GITHUBACTIONS/${actionName}@v2_${usrAgentRepo}_${process.env.RUNNER_ENVIRONMENT}_${process.env.GITHUB_RUN_ID}`;
|
||||
process.env.AZURE_HTTP_USER_AGENT = (!!process.env.AZURE_HTTP_USER_AGENT ? `${process.env.AZURE_HTTP_USER_AGENT} ` : '') + `GITHUBACTIONS/${actionName}@v1_${usrAgentRepo}`;
|
||||
process.env.AZUREPS_HOST_ENVIRONMENT = (!!process.env.AZUREPS_HOST_ENVIRONMENT ? `${process.env.AZUREPS_HOST_ENVIRONMENT} ` : '') + `GITHUBACTIONS/${actionName}@v1_${usrAgentRepo}`;
|
||||
}
|
||||
exports.setUserAgent = setUserAgent;
|
||||
function cleanupAzCLIAccounts() {
|
||||
@@ -4726,13 +4726,6 @@ function main() {
|
||||
return __awaiter(this, void 0, void 0, function* () {
|
||||
try {
|
||||
(0, Utils_1.setUserAgent)();
|
||||
const preCleanup = process.env.AZURE_LOGIN_PRE_CLEANUP;
|
||||
if ('true' == preCleanup) {
|
||||
yield (0, Utils_1.cleanupAzCLIAccounts)();
|
||||
if (core.getInput('enable-AzPSSession').toLowerCase() === "true") {
|
||||
yield (0, Utils_1.cleanupAzPSAccounts)();
|
||||
}
|
||||
}
|
||||
// prepare the login configuration
|
||||
var loginConfig = new LoginConfig_1.LoginConfig();
|
||||
yield loginConfig.initialize();
|
||||
|
||||
4
package-lock.json
generated
4
package-lock.json
generated
@@ -1,12 +1,12 @@
|
||||
{
|
||||
"name": "login",
|
||||
"version": "2.2.0",
|
||||
"version": "2.0.0",
|
||||
"lockfileVersion": 3,
|
||||
"requires": true,
|
||||
"packages": {
|
||||
"": {
|
||||
"name": "login",
|
||||
"version": "2.2.0",
|
||||
"version": "2.0.0",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@actions/core": "1.9.1",
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "login",
|
||||
"version": "2.2.0",
|
||||
"version": "2.0.0",
|
||||
"description": "Login Azure wraps the az login, allowing for Azure actions to log into Azure",
|
||||
"main": "lib/main/index.js",
|
||||
"scripts": {
|
||||
|
||||
@@ -28,10 +28,10 @@ export class AzureCliLogin {
|
||||
}
|
||||
};
|
||||
|
||||
await this.executeAzCliCommand(["version"], true, execOptions);
|
||||
await this.executeAzCliCommand(["--version"], true, execOptions);
|
||||
core.debug(`Azure CLI version used:\n${output}`);
|
||||
|
||||
await this.registerAzurestackEnvIfNecessary();
|
||||
this.setAzurestackEnvIfNecessary();
|
||||
|
||||
await this.executeAzCliCommand(["cloud", "set", "-n", this.loginConfig.environment], false);
|
||||
core.info(`Done setting cloud: "${this.loginConfig.environment}"`);
|
||||
@@ -59,7 +59,7 @@ export class AzureCliLogin {
|
||||
}
|
||||
}
|
||||
|
||||
async registerAzurestackEnvIfNecessary() {
|
||||
async setAzurestackEnvIfNecessary() {
|
||||
if (this.loginConfig.environment != "azurestack") {
|
||||
return;
|
||||
}
|
||||
@@ -85,7 +85,7 @@ export class AzureCliLogin {
|
||||
let suffixKeyvault = ".vault" + baseUri.substring(baseUri.indexOf('.')); // keyvault suffix starts with .
|
||||
let suffixStorage = baseUri.substring(baseUri.indexOf('.') + 1); // storage suffix starts without .
|
||||
let profileVersion = "2019-03-01-hybrid";
|
||||
await this.executeAzCliCommand(["cloud", "register", "-n", this.loginConfig.environment, "--endpoint-resource-manager", this.loginConfig.resourceManagerEndpointUrl, "--suffix-keyvault-dns", suffixKeyvault, "--suffix-storage-endpoint", suffixStorage, "--profile", profileVersion], false);
|
||||
await this.executeAzCliCommand(["cloud", "register", "-n", this.loginConfig.environment, "--endpoint-resource-manager", `"${this.loginConfig.resourceManagerEndpointUrl}"`, "--suffix-keyvault-dns", `"${suffixKeyvault}"`, "--suffix-storage-endpoint", `"${suffixStorage}"`, "--profile", `"${profileVersion}"`], false);
|
||||
}
|
||||
catch (error) {
|
||||
core.error(`Error while trying to register cloud "${this.loginConfig.environment}"`);
|
||||
|
||||
@@ -104,7 +104,7 @@ export default class AzPSScriptBuilder {
|
||||
if(subscriptionId){
|
||||
loginCmdlet += `-Subscription '${subscriptionId}' `;
|
||||
}
|
||||
loginCmdlet += `${cmdletSuffix} -InformationAction Ignore | out-null;`;
|
||||
loginCmdlet += `${cmdletSuffix} | out-null;`;
|
||||
return loginCmdlet;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -7,8 +7,8 @@ import { AzPSConstants, AzPSUtils } from '../PowerShell/AzPSUtils';
|
||||
export function setUserAgent(): void {
|
||||
let usrAgentRepo = crypto.createHash('sha256').update(`${process.env.GITHUB_REPOSITORY}`).digest('hex');
|
||||
let actionName = 'AzureLogin';
|
||||
process.env.AZURE_HTTP_USER_AGENT = (!!process.env.AZURE_HTTP_USER_AGENT ? `${process.env.AZURE_HTTP_USER_AGENT} ` : '') + `GITHUBACTIONS/${actionName}@v2_${usrAgentRepo}_${process.env.RUNNER_ENVIRONMENT}_${process.env.GITHUB_RUN_ID}`;
|
||||
process.env.AZUREPS_HOST_ENVIRONMENT = (!!process.env.AZUREPS_HOST_ENVIRONMENT ? `${process.env.AZUREPS_HOST_ENVIRONMENT} ` : '') + `GITHUBACTIONS/${actionName}@v2_${usrAgentRepo}_${process.env.RUNNER_ENVIRONMENT}_${process.env.GITHUB_RUN_ID}`;
|
||||
process.env.AZURE_HTTP_USER_AGENT = (!!process.env.AZURE_HTTP_USER_AGENT ? `${process.env.AZURE_HTTP_USER_AGENT} ` : '') + `GITHUBACTIONS/${actionName}@v1_${usrAgentRepo}`;
|
||||
process.env.AZUREPS_HOST_ENVIRONMENT = (!!process.env.AZUREPS_HOST_ENVIRONMENT ? `${process.env.AZUREPS_HOST_ENVIRONMENT} ` : '') + `GITHUBACTIONS/${actionName}@v1_${usrAgentRepo}`;
|
||||
}
|
||||
|
||||
export async function cleanupAzCLIAccounts(): Promise<void> {
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import * as core from '@actions/core';
|
||||
import { cleanupAzCLIAccounts, cleanupAzPSAccounts, setUserAgent } from './common/Utils';
|
||||
import { setUserAgent } from './common/Utils';
|
||||
import { AzPSLogin } from './PowerShell/AzPSLogin';
|
||||
import { LoginConfig } from './common/LoginConfig';
|
||||
import { AzureCliLogin } from './Cli/AzureCliLogin';
|
||||
@@ -7,13 +7,6 @@ import { AzureCliLogin } from './Cli/AzureCliLogin';
|
||||
async function main() {
|
||||
try {
|
||||
setUserAgent();
|
||||
const preCleanup: string = process.env.AZURE_LOGIN_PRE_CLEANUP;
|
||||
if ('true' == preCleanup) {
|
||||
await cleanupAzCLIAccounts();
|
||||
if (core.getInput('enable-AzPSSession').toLowerCase() === "true") {
|
||||
await cleanupAzPSAccounts();
|
||||
}
|
||||
}
|
||||
|
||||
// prepare the login configuration
|
||||
var loginConfig = new LoginConfig();
|
||||
|
||||
Reference in New Issue
Block a user