Merge branch 'master' into BALAGA-GAYATRI-patch-2

This is to pick from forked branch

.github/CODEOWNERS

@@ -0,0 +1 @@
+@kaverma @kanika1894 @BALAGA-GAYATRI @pulkitaggarwl 

.github/workflows/auto-triage-issues

@@ -0,0 +1,21 @@
+name: "Auto-Labelling Issues"
+on:
+  issues:
+    types: [opened, edited]
+
+jobs:
+  auto_label:
+    runs-on: ubuntu-latest
+    name: Auto-Labelling Issues
+    steps:
+    - name: Label Step
+      uses: larrylawl/Auto-Github-Issue-Labeller@v1.0
+      with:
+        GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+        REPOSITORY: ${{github.repository}}
+        DELTA: "7"
+        CONFIDENCE: "2"
+        FEATURE: "enhancement"
+        BUG: "bug"
+        DOCS: "documentation"
+        

.github/workflows/azure-login-pr-check.yml

@@ -0,0 +1,72 @@
+name: pr-check
+
+on:
+  pull_request_target:
+    branches:
+      - master
+      - 'releases/*'
+jobs:
+   az-login-test:
+     environment: Automation test
+     runs-on: windows-latest
+     steps:
+       - name: Checkout from PR branch  
+         uses: actions/checkout@v2
+         with: 
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+          ref: ${{ github.event.pull_request.head.ref }}
+
+         # Using 12.x version as an example
+       - name: Set Node.js 12.x for GitHub Action
+         uses: actions/setup-node@v1
+         with:
+           node-version: 12.x
+
+       - name: installing node_modules
+         run: npm install 
+
+       - name: Build GitHub Action
+         run: npm run build
+         
+       - name: 'Az CLI login with subscription'
+         uses: ./
+         with:
+            creds: ${{ secrets.AZURE_CREDENTIALS }}
+          
+       - run: |
+             az account show
+  #          az webapp list
+
+       - name: 'Az CLI login without subscription'
+         uses: ./
+         with:
+           creds: ${{ secrets.AZURE_CREDENTIALS_NO_SUB }}
+           allow-no-subscriptions: true
+
+       - run: |
+           az account show
+
+       - name: 'Azure PowerShell login with subscription'
+         uses: ./
+         with:
+           creds: ${{ secrets.AZURE_CREDENTIALS }}
+           enable-AzPSSession: true
+
+       - uses: azure/powershell@v1
+         with:
+           inlineScript: "Get-AzContext"
+           azPSVersion: "latest"
+
+       - name: 'Azure PowerShell login without subscription'
+         uses: ./
+         with:
+           creds: ${{secrets.AZURE_CREDENTIALS_NO_SUB}}
+           enable-AzPSSession: true
+           allow-no-subscriptions: true
+
+       - uses: azure/powershell@v1
+         with:
+           inlineScript: "Get-AzContext"
+           azPSVersion: "latest"
+          
+      

.github/workflows/defaultLabels.yml

@@ -0,0 +1,36 @@
+name: setting-default-labels
+
+# Controls when the action will run. 
+on:
+  schedule:
+  - cron: "0 0/3 * * *"
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  build:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+          
+      - uses: actions/stale@v3
+        name: Setting issue as idle
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          stale-issue-message: 'This issue is idle because it has been open for 14 days with no activity.'
+          stale-issue-label: 'idle'
+          days-before-stale: 14
+          days-before-close: -1
+          operations-per-run: 100
+          exempt-issue-labels: 'backlog'
+          
+      - uses: actions/stale@v3
+        name: Setting PR as idle
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          stale-pr-message: 'This PR is idle because it has been open for 14 days with no activity.'
+          stale-pr-label: 'idle'
+          days-before-stale: 14
+          days-before-close: -1
+          operations-per-run: 100

README.md

@@ -180,10 +180,38 @@ The following steps describe how to create the service principal, assign the rol
 
 4. In your repository, use **Add secret** to create a new secret named `AZURE_CREDENTIALS` (as shown in the example workflow), or using whatever name is in your workflow file.
 
+NOTE: While adding secret `AZURE_CREDENTIALS` make sure to add like this 
+
+         {"clientId": "<GUID>",
+          "clientSecret": "<GUID>",
+          "subscriptionId": "<GUID>",
+          "tenantId": "<GUID>",
+          (...)}
+
+   instead of  
+
+        {
+            "clientId": "<GUID>",
+            "clientSecret": "<GUID>",
+            "subscriptionId": "<GUID>",
+            "tenantId": "<GUID>",
+            (...)
+        }
+
+   to prevent unnecessary masking of `{ } ` in your logs which are in dictionary form.
+     
 5. Paste the entire JSON object produced by the `az ad sp create-for-rbac` command as the secret value and save the secret.
 
 NOTE: to manage service principals created with `az ad sp create-for-rbac`, visit the [Azure portal](https://portal.azure.com), navigate to your Azure Active Directory, then select **Manage** > **App registrations** on the left-hand menu. Your service principal should appear in the list. Select a principal to navigate to its properties. You can also manage role assignments using the [az role assignment](https://docs.microsoft.com/cli/azure/role/assignment?view=azure-cli-latest) command.
 
+NOTE: Currently there is no support for passing in the Subscription ID, Tenant ID, Client ID, and Client Secret as individual parameters instead of bundled in a single JSON object (creds).
+However, a simple workaround for users who need this option can be:
+```yaml
+  - uses: Azure/login@v1.1
+    with:
+      creds: '{"clientId":"${{ secrets.CLIENT_ID }}","clientSecret":"${{ secrets.CLIENT_SECRET }}","subscriptionId":"${{ secrets.SUBSCRIPTION_ID }}","tenantId":"${{ secrets.TENANT_ID }}"}'
+```
+In a similar way, any additional parameter can be addded to creds such as resourceManagerEndpointUrl for Azure Stack, for example.
 ## Support for using `allow-no-subscriptions` flag with az login
 
 Capability has been added to support access to tenants without subscriptions. This can be useful to run tenant level commands, such as `az ad`. The action accepts an optional parameter `allow-no-subscriptions` which is `false` by default.
@@ -206,7 +234,19 @@ jobs:
         creds: ${{ secrets.AZURE_CREDENTIALS }}
         allow-no-subscriptions: true
 ```
+## Az logout and security hardening
 
+This action doesn't implement ```az logout``` by default at the end of execution. However there is no way of tampering the credentials or account information because the github hosted runner is on a VM that will get reimaged for every customer run which gets everything deleted. But if the runner is self-hosted which is not github provided it is recommended to manually logout at the end of the workflow as shown below. More details on security of the runners can be found [here](https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#hardening-for-self-hosted-runners).
+```
+- name: Azure CLI script
+  uses: azure/CLI@v1
+  with:
+    azcliversion: 2.0.72
+    inlineScript: |
+      az logout
+      az cache purge
+      az account clear
+```
 # Contributing
 
 This project welcomes contributions and suggestions.  Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com. 
@@ -215,4 +255,4 @@ For detailed developer guidelines, visit [developer guidelines for azure actions
 
 When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
 
-This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
+This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments

package-lock.json

@@ -3331,9 +3331,9 @@
       }
     },
     "lodash": {
-      "version": "4.17.19",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.19.tgz",
-      "integrity": "sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ==",
+      "version": "4.17.21",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
+      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
       "dev": true
     },
     "lodash.memoize": {
@@ -3724,9 +3724,9 @@
       "dev": true
     },
     "path-parse": {
-      "version": "1.0.6",
-      "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.6.tgz",
-      "integrity": "sha512-GSmOT2EbHrINBf9SR7CDELwlJ8AENk3Qn7OikK4nFYAu3Ote2+JYNVvkpAEQm3/TLNEJFD/xZJjzyxg3KBWOzw==",
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz",
+      "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==",
       "dev": true
     },
     "performance-now": {
@@ -4975,9 +4975,9 @@
       }
     },
     "ws": {
-      "version": "7.2.3",
-      "resolved": "https://registry.npmjs.org/ws/-/ws-7.2.3.tgz",
-      "integrity": "sha512-HTDl9G9hbkNDk98naoR/cHDws7+EyYMOdL1BmjsZXRUjf7d+MficC4B7HLUPlSiho0vg+CWKrGIt/VJBd1xunQ==",
+      "version": "7.5.0",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.0.tgz",
+      "integrity": "sha512-6ezXvzOZupqKj4jUqbQ9tXuJNo+BR2gU8fFRk3XCP3e0G6WT414u5ELe6Y0vtp7kmSJ3F7YWObSNr1ESsgi4vw==",
       "dev": true
     },
     "xml-name-validator": {
@@ -5003,9 +5003,9 @@
       "integrity": "sha512-fg03WRxtkCV6ohClePNAECYsmpKKTv5L8y/X3Dn1hQrec3POx2jHZ/0P2qQ6HvsrU1BmeqXcof3NGGueG6LxwQ=="
     },
     "y18n": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.0.tgz",
-      "integrity": "sha512-r9S/ZyXu/Xu9q1tYlpsLIsa3EeLXXk0VwlxqTcFRfg9EhMW+17kbt9G0NrgCmhGb5vT2hyhJZLfDGx+7+5Uj/w==",
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.1.tgz",
+      "integrity": "sha512-wNcy4NvjMYL8gogWWYAO7ZFWFfHcbdbE57tZO8e4cbpj8tfUcwrwqSl3ad8HxpYWCdXcJUCeKKZS62Av1affwQ==",
       "dev": true
     },
     "yargs": {