Merge branch 'master' into dependabot/npm_and_yarn/lodash-4.17.19

Create issue-label-bot.yaml

.github/issue-label-bot.yaml

@@ -0,0 +1,4 @@
+label-alias:
+  bug: 'bug'
+  feature_request: 'enhancement'
+  question: 'question'

.github/workflows/ci.yml

@@ -12,7 +12,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
         matrix:
-          os: [windows-latest, ubuntu-latest, macos-latest]
+          os: [windows-latest, ubuntu-latest]
     steps:
 
     - name: 'Checking out repo code'
@@ -25,4 +25,4 @@ jobs:
         
     - name: 'Run L0 tests'
       run: |
-        npm run test
+        npm run test

.github/workflows/codeql.yml

@@ -0,0 +1,52 @@
+name: "Code scanning - action"
+
+on:
+  push:
+  pull_request:
+  schedule:
+    - cron: '0 19 * * 0'
+
+jobs:
+  CodeQL-Build:
+
+    # CodeQL runs on ubuntu-latest and windows-latest
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+      with:
+        # We must fetch at least the immediate parents so that if this is
+        # a pull request then we can checkout the head.
+        fetch-depth: 2
+
+    # If this run was triggered by a pull request event, then checkout
+    # the head of the pull request instead of the merge commit.
+    - run: git checkout HEAD^2
+      if: ${{ github.event_name == 'pull_request' }}
+      
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      # Override language selection by uncommenting this and choosing your languages
+      # with:
+      #   languages: go, javascript, csharp, python, cpp, java
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1

README.md

@@ -1,150 +1,139 @@
-# GitHub Actions for deploying to Azure
+# GitHub Actions for deploying to Azure
-
+
-## Automate your GitHub workflows using Azure Actions
+## Automate your GitHub workflows using Azure Actions
-
+
-[GitHub Actions](https://help.github.com/en/articles/about-github-actions)  gives you the flexibility to build an automated software development lifecycle workflow. 
+[GitHub Actions](https://help.github.com/en/articles/about-github-actions) gives you the flexibility to build an automated software development lifecycle workflow. 
-
+
-With [GitHub Actions for Azure](https://github.com/Azure/actions/) you can create workflows that you can set up in your repository to build, test, package, release and **deploy** to Azure. 
+With [GitHub Actions for Azure](https://github.com/Azure/actions/) you can create workflows that you can set up in your repository to build, test, package, release and **deploy** to Azure.
-
+
-# GitHub Action for Azure Login
+NOTE: you must have write permissions to the repository in question. If you're using a sample repository from Microsoft, be sure to first fork the repository to your own GitHub account.
-With the Azure login Action, you can automate your workflow to do an Azure login using [Azure service principal](https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals) and run Az CLI and Azure PowerShell scripts.
+
-
+Get started today with a [free Azure account](https://azure.com/free/open-source).
-By default, only az cli login will be done. In addition to az cli, you can login using Az module to run Azure PowerShell scripts by setting enable-AzPSSession to true.
+
-
+# GitHub Action for Azure Login
-Get started today with a [free Azure account](https://azure.com/free/open-source)!
+
-
+With the Azure login Action, you can automate your workflow to do an Azure login using [Azure service principal](https://docs.microsoft.com/azure/active-directory/develop/app-objects-and-service-principals) and run Azure CLI and Azure PowerShell scripts.
-This repository contains GitHub Action for [Azure Login](https://github.com/Azure/login/blob/master/action.yml).
+
-
+By default, the action only logs in with the Azure CLI (using the `az login` command). To log in with the Az PowerShell module, set `enable-AzPSSession` to true.
-## Sample workflow that uses Azure login action to run az cli
+
-
+This repository contains GitHub Action for [Azure Login](https://github.com/Azure/login/blob/master/action.yml).
-```yaml
+
-
+## Sample workflow that uses Azure login action to run az cli
-# File: .github/workflows/workflow.yml
+
-
+```yaml
-on: [push]
+# File: .github/workflows/workflow.yml
-
+
-name: AzureLoginSample
+on: [push]
-
+
-jobs:
+name: AzureLoginSample
-
+
-  build-and-deploy:
+jobs:
-    runs-on: ubuntu-latest
+
-    steps:
+  build-and-deploy:
-    
+    runs-on: ubuntu-latest
-    - uses: azure/login@v1.1
+    steps:
-      with:
+
-        creds: ${{ secrets.AZURE_CREDENTIALS }}
+    - uses: azure/login@v1.1
-    
+      with:
-    - run: |
+        creds: ${{ secrets.AZURE_CREDENTIALS }}
-        az webapp list --query "[?state=='Running']"
+
-
+    - run: |
-```
+        az webapp list --query "[?state=='Running']"
-
+```
-## Sample workflow that uses Azure login action to run Azure PowerShell
+
-
+## Sample workflow that uses Azure login action to run Azure PowerShell
-```yaml
+
-
+```yaml
-# File: .github/workflows/workflow.yml
+# File: .github/workflows/workflow.yml
-
+
-on: [push]
+on: [push]
-
+
-name: AzurePowerShellSample
+name: AzurePowerShellSample
-
+
-jobs:
+jobs:
-
+
-  build-and-deploy:
+  build-and-deploy:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest
-    steps:
+    steps:
-    
+
-    - name: Login via Az module
+    - name: Login via Az module
-      uses: azure/login@v1.1
+      uses: azure/login@v1.1
-      with:
+      with:
-        creds: ${{secrets.AZURE_CREDENTIALS}}
+        creds: ${{secrets.AZURE_CREDENTIALS}}
-        enable-AzPSSession: true 
+        enable-AzPSSession: true 
-    
+
-    - name: Run Az CLI script
+    - name: Run Az CLI script
-      run: |
+      run: |
-        az webapp list --query "[?state=='Running']"
+        az webapp list --query "[?state=='Running']"
-   
+
-    - name: Run Azure PowerShell script
+    - name: Run Azure PowerShell script
-      uses: azure/powershell@v1
+      uses: azure/powershell@v1
-      with:
+      with:
-        azPSVersion: '3.1.0'
+        azPSVersion: '3.1.0'
-        inlineScript: |
+        inlineScript: |
-          Get-AzVM -ResourceGroupName "ActionsDemo"
+          Get-AzVM -ResourceGroupName "ActionsDemo"
-        
+```
-     
+
-        
+Refer to the [Azure PowerShell](https://github.com/azure/powershell) Github action to run your Azure PowerShell scripts.
-```
+
-
+## Configure deployment credentials:
-Refer [Azure PowerShell](https://github.com/azure/powershell) Github action to run your Azure PowerShell scripts.
+
-
+The previous sample workflows depend on a [secrets](https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets) named `AZURE_CREDENTIALS` in your repository. The value of this secret is expected to be a JSON object that represents a service principal (an identifer for an application or process) that authenticates the workflow with Azure.
-## Configure deployment credentials:
+
-
+To function correctly, this service principal must be assigned the [Contributor]((https://docs.microsoft.com/azure/role-based-access-control/built-in-roles#contributor)) role for the web app or the resource group that contains the web app.
-For any credentials like Azure Service Principal, Publish Profile etc add them as [secrets](https://help.github.com/en/articles/virtual-environments-for-github-actions#creating-and-using-secrets-encrypted-variables) in the GitHub repository and then use them in the workflow.
+
-
+The following steps describe how to create the service principal, assign the role, and create a secret in your repository with the resulting credentials.
-The above example uses user-level credentials i.e., Azure Service Principal for deployment. 
+
-
+1. Open the Azure Cloud Shell at [https://shell.azure.com](https://shell.azure.com). You can alternately use the [Azure CLI](https://docs.microsoft.com/cli/azure/install-azure-cli?view=azure-cli-latest) if you've installed it locally. (For more information on Cloud Shell, see the [Cloud Shell Overview](https://docs.microsoft.com/azure/cloud-shell/overview).)
-Follow the steps to configure the secret:
+  
-  * Define a new secret under your repository settings, Add secret menu
+2. Use the [az ad dp create-for-rbac](https://docs.microsoft.com/cli/azure/ad/sp?view=azure-cli-latest#az_ad_sp_create_for_rbac) command to create a service principal and assign a Contributor role:
-  * Store the output of the below [az cli](https://docs.microsoft.com/en-us/cli/azure/?view=azure-cli-latest) command as the value of secret variable, for example 'AZURE_CREDENTIALS'
+
-```bash  
+    ```azurecli
-
+    az ad sp create-for-rbac --name "{sp-name}" --sdk-auth --role contributor \
-   az ad sp create-for-rbac --name "myApp" --role contributor \
+        --scopes /subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Web/sites/{app-name}
-                            --scopes /subscriptions/{subscription-id}/resourceGroups/{resource-group} \
+    ```
-                            --sdk-auth
+
-                            
+    Replace the following:
-  # Replace {subscription-id}, {resource-group} with the subscription, resource group details
+      * `{sp-name}` with a suitable name for your service principal, such as the name of the app itself. The name must be unique within your organization.
-
+      * `{subscription-id}` with the subscription you want to use
-  # The command should output a JSON object similar to this:
+      * `{resource-group}` the resource group containing the web app.
-
+      * `{app-name}` with the name of the web app.
-  {
+
-    "clientId": "<GUID>",
+    This command invokes Azure Active Directory (via the `ad` part of the command) to create a service principal (via `sp`) specifically for [Role-Based Access Control (RBAC)](https://docs.microsoft.com/azure/role-based-access-control/overview) (via `create-for-rbac`).
-    "clientSecret": "<GUID>",
+
-    "subscriptionId": "<GUID>",
+    The `--role` argument specifies the permissions to grant to the service principal at the specified `--scope`. In this case, you grant the built-in [Contributor](https://docs.microsoft.com/azure/role-based-access-control/built-in-roles#contributor) role at the scope of the web app in the specified resource group in the specified subscription.
-    "tenantId": "<GUID>",
+
-    (...)
+    If desired, you can omit the part of the scope starting with `/providers/...` to grant the service principal the Contributor role for the entire resource group:
-  }
+
-  
+    ```azurecli  
-```
+    az ad sp create-for-rbac --name "{sp-name}" --sdk-auth --role contributor \
-  * Now in the workflow file in your branch: `.github/workflows/workflow.yml` replace the secret in Azure login action with your secret (Refer to the example above)
+        --scopes /subscriptions/{subscription-id}/resourceGroups/{resource-group}
-
+    ```
-
+
-# Azure Login metadata file
+    For security purposes, however, it's always preferable to grant permissions at the most restrictive scope possible.
-
+
-```yaml
+3. When complete, the `az ad sp create-for-rbac` command displays JSON output in the following form (which is specified by the `--sdk-auth` argument):
-
+
-# action.yml
+    ```json
-
+    {
-# Login to Azure subscription
+      "clientId": "<GUID>",
-name: 'Azure Login'
+      "clientSecret": "<GUID>",
-description: 'Authenticate to Azure and run your Az CLI or Az PowerShell based Actions or scripts. github.com/Azure/Actions'
+      "subscriptionId": "<GUID>",
-inputs: 
+      "tenantId": "<GUID>",
-  creds:
+      (...)
-    description: 'Paste output of `az ad sp create-for-rbac` as value of secret variable: AZURE_CREDENTIALS'
+    }
-    required: true
+    ```
-  enable-AzPSSession: 
+
-    description: 'Set this value to true to enable Azure PowerShell Login in addition to Az CLI login'
+4. In your repository, use **Add secret** to create a new secret named `AZURE_CREDENTIALS` (as shown in the example workflow), or using whatever name is in your workflow file.
-    required: false
+
-    default: false
+5. Paste the entire JSON object produced by the `az ad sp create-for-rbac` command as the secret value and save the secret.
-branding:
+
-  icon: 'login.svg'
+NOTE: to manage service principals created with `az ad sp create-for-rbac`, visit the [Azure portal](https://portal.azure.com), navigate to your Azure Active Directory, then select **Manage** > **App registrations** on the left-hand menu. Your service principal should appear in the list. Select a principal to navigate to its properties. You can also manage role assignments using the [az role assignment](https://docs.microsoft.com/cli/azure/role/assignment?view=azure-cli-latest) command.
-  color: 'blue'
+
-runs:
+# Contributing
-  using: 'node12'
+
-  main: 'lib/main.js'
+This project welcomes contributions and suggestions.  Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
-```
+
-
+When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
-# Contributing
+
-
+This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
-This project welcomes contributions and suggestions.  Most contributions require you to agree to a
-Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
-the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
-
-When you submit a pull request, a CLA bot will automatically determine whether you need to provide
-a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions
-provided by the bot. You will only need to do this once across all repos using our CLA.
-
-This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
-For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
-contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "login",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
@@ -3331,9 +3331,9 @@
       }
     },
     "lodash": {
-      "version": "4.17.15",
+      "version": "4.17.19",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.19.tgz",
-      "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==",
+      "integrity": "sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ==",
       "dev": true
     },
     "lodash.memoize": {

package.json

@@ -1,6 +1,6 @@
 {
   "name": "login",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "description": "Login Azure wraps the az login, allowing for Azure actions to log into Azure",
   "main": "lib/main.js",
   "scripts": {