add await to setazurestack

* Add details about setting "audience" parameter when "environment" is not public cloud

* Remove extra added space

.github/workflows/azure-login-negative.yml

@@ -21,10 +21,10 @@ jobs:
     - name: 'Checking out repo code'
       uses: actions/checkout@v4
 
-    - name: Set Node.js 16.x for GitHub Action
+    - name: Set Node.js 20.x for GitHub Action
       uses: actions/setup-node@v4
       with:
-        node-version: 16.x
+        node-version: 20.x
 
     - name: 'Validate build'
       run: |
@@ -84,10 +84,10 @@ jobs:
     - name: 'Checking out repo code'
       uses: actions/checkout@v4
 
-    - name: Set Node.js 16.x for GitHub Action
+    - name: Set Node.js 20.x for GitHub Action
       uses: actions/setup-node@v4
       with:
-        node-version: 16.x
+        node-version: 20.x
 
     - name: 'Validate build'
       run: |
@@ -345,10 +345,10 @@ jobs:
     - name: 'Checking out repo code'
       uses: actions/checkout@v4
 
-    - name: Set Node.js 16.x for GitHub Action
+    - name: Set Node.js 20.x for GitHub Action
       uses: actions/setup-node@v4
       with:
-        node-version: 16.x
+        node-version: 20.x
 
     - name: 'Validate build'
       run: |

.github/workflows/azure-login-positive.yml

@@ -20,10 +20,10 @@ jobs:
     - name: 'Checking out repo code'
       uses: actions/checkout@v4
 
-    - name: Set Node.js 16.x for GitHub Action
+    - name: Set Node.js 20.x for GitHub Action
       uses: actions/setup-node@v4
       with:
-        node-version: 16.x
+        node-version: 20.x
 
     - name: 'Validate build'
       run: |
@@ -116,10 +116,10 @@ jobs:
     - name: 'Checking out repo code'
       uses: actions/checkout@v4
 
-    - name: Set Node.js 16.x for GitHub Action
+    - name: Set Node.js 20.x for GitHub Action
       uses: actions/setup-node@v4
       with:
-        node-version: 16.x
+        node-version: 20.x
 
     - name: 'Validate build'
       run: |
@@ -219,7 +219,7 @@ jobs:
       with:
         azPSVersion: "latest"
         inlineScript: |
-            $checkResult = (Get-AzContext -ListAvailable).Count -eq 2
+            $checkResult = (Get-AzContext).Environment.Name -eq 'AzureCloud'
             if(-not $checkResult){
               throw "Not all checks passed!"
             }
@@ -256,10 +256,10 @@ jobs:
     - name: 'Checking out repo code'
       uses: actions/checkout@v4
 
-    - name: Set Node.js 16.x for GitHub Action
+    - name: Set Node.js 20.x for GitHub Action
       uses: actions/setup-node@v4
       with:
-        node-version: 16.x
+        node-version: 20.x
 
     - name: 'Validate build'
       run: |

.github/workflows/azure-login-pr-check.yml

@@ -1,13 +1,12 @@
 name: pr-check
 
 on:
-  pull_request_target:
+  pull_request:
     branches:
       - master
       - 'releases/*'
 jobs:
    az-login-test:
-     environment: Automation test
      runs-on: windows-latest
      steps:
        - name: Checkout from PR branch  
@@ -16,11 +15,11 @@ jobs:
           repository: ${{ github.event.pull_request.head.repo.full_name }}
           ref: ${{ github.event.pull_request.head.ref }}
 
-         # Using 16.x version as an example
-       - name: Set Node.js 16.x for GitHub Action
+         # Using 20.x version as an example
+       - name: Set Node.js 20.x for GitHub Action
          uses: actions/setup-node@v4
          with:
-           node-version: 16.x
+           node-version: 20.x
 
        - name: installing node_modules
          run: npm install 
@@ -28,44 +27,5 @@ jobs:
        - name: Build GitHub Action
          run: npm run build
          
-       - name: 'Az CLI login with subscription'
-         uses: ./
-         with:
-            creds: ${{ secrets.AZURE_CREDENTIALS }}
-          
-       - run: |
-             az account show --output none
-             az vm list --output none
-
-       - name: 'Az CLI login without subscription'
-         uses: ./
-         with:
-           creds: ${{ secrets.AZURE_CREDENTIALS_NO_SUB }}
-           allow-no-subscriptions: true
-
-       - run: |
-             az account show --output none
-       #     az vm list --output none
-
-       - name: 'Azure PowerShell login with subscription'
-         uses: ./
-         with:
-           creds: ${{ secrets.AZURE_CREDENTIALS }}
-           enable-AzPSSession: true
-
-       - uses: azure/powershell@v1
-         with:
-           inlineScript: "(Get-AzContext).Environment.Name"
-           azPSVersion: "latest"
-
-      #  - name: 'Azure PowerShell login without subscription'
-      #    uses: ./
-      #    with:
-      #      creds: ${{secrets.AZURE_CREDENTIALS_NO_SUB}}
-      #      enable-AzPSSession: true
-      #      allow-no-subscriptions: true
-
-      #  - uses: azure/powershell@v1
-      #    with:
-      #      inlineScript: "Get-AzContext"
-      #      azPSVersion: "latest"
+       - name: Run mock test
+         run: npm run test

.github/workflows/ci.yml

@@ -20,16 +20,16 @@ jobs:
     - name: 'Checking out repo code'
       uses: actions/checkout@v4
 
-    - name: Set Node.js 16.x for GitHub Action
+    - name: Set Node.js 20.x for GitHub Action
       uses: actions/setup-node@v4
       with:
-        node-version: 16.x
+        node-version: 20.x
 
     - name: 'Validate build'
       run: |
         npm install
         npm run build
-        
+
     - name: 'Run L0 tests'
       run: |
         npm run test

.github/workflows/codeql.yml

@@ -6,6 +6,11 @@ on:
   schedule:
     - cron: '0 19 * * 0'
 
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
 jobs:
   CodeQL-Build:
 
@@ -18,14 +23,14 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: javascript
 
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -39,4 +44,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3

.github/workflows/markdownlint.yml

@@ -11,7 +11,7 @@ jobs:
       - name: Use Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: 16.x
+          node-version: 20.x
       - name: Run Markdownlint
         run: |
           npm i -g markdownlint-cli2

CODE_OF_CONDUCT.md

@@ -7,3 +7,4 @@ Resources:
 - [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/)
 - [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/)
 - Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns
+- Employees can reach out at [aka.ms/opensource/moderation-support](https://aka.ms/opensource/moderation-support)

README.md

@@ -19,7 +19,7 @@
     - [Login to Azure US Government cloud](#login-to-azure-us-government-cloud)
     - [Login to Azure Stack Hub](#login-to-azure-stack-hub)
     - [Login without subscription](#login-without-subscription)
-  - [Az logout and security hardening](#az-logout-and-security-hardening)
+  - [Security hardening](#security-hardening)
   - [Azure CLI dependency](#azure-cli-dependency)
   - [Reference](#reference)
     - [GitHub Action](#github-action)
@@ -56,7 +56,7 @@ Azure Login Action supports different ways of authentication with Azure.
 |tenant-id|false|UUID||the login tenant id|
 |creds|false|string||a json string for login with an Azure service principal|
 |enable-AzPSSession|false|boolean|false|if Azure PowerShell login is enabled|
-|environment|false|string|azurecloud|the Azure Cloud environment|
+|environment|false|string|azurecloud|the Azure Cloud environment. For cloud environments other than the public cloud, the `audience` will also need to be updated.|
 |allow-no-subscriptions|false|boolean|false|if login without subscription is allowed|
 |audience|false|string|api://AzureADTokenExchange|the audience to get the JWT ID token from GitHub OIDC provider|
 |auth-type|false|string|SERVICE_PRINCIPAL|the auth type|
@@ -126,6 +126,8 @@ By default, Azure Login Action connects to the Azure Public Cloud (`AzureCloud`)
 
 To login to one of the Azure Government clouds or Azure Stack, set `environment` to one of the supported values `AzureUSGovernment` or `AzureChinaCloud` or `AzureGermanCloud` or `AzureStack`.
 
+The default [`audience`](#audience) for each of these clouds is different and will also need to be set if using anything other than the public environment.
+
 Refer to [Login to Azure US Government cloud](#login-to-azure-us-government-cloud) for its usage.
 
 ### `allow-no-subscriptions`
@@ -183,21 +185,21 @@ name: Run Azure Login with OIDC
 on: [push]
 
 permissions:
-      id-token: write
-      contents: read
-jobs: 
+  id-token: write
+  contents: read
+jobs:
   build-and-deploy:
     runs-on: ubuntu-latest
     steps:
       - name: Azure login
-        uses: azure/login@v1
+        uses: azure/login@v2
         with:
           client-id: ${{ secrets.AZURE_CLIENT_ID }}
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
           subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-  
+
       - name: Azure CLI script
-        uses: azure/CLI@v1
+        uses: azure/cli@v2
         with:
           azcliversion: latest
           inlineScript: |
@@ -213,29 +215,29 @@ name: Run Azure Login with OIDC
 on: [push]
 
 permissions:
-      id-token: write
-      contents: read
-jobs: 
+  id-token: write
+  contents: read
+jobs:
   build-and-deploy:
     runs-on: ubuntu-latest
     steps:
       - name: Azure login
-        uses: azure/login@v1
+        uses: azure/login@v2
         with:
           client-id: ${{ secrets.AZURE_CLIENT_ID }}
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
           subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
           enable-AzPSSession: true
-  
+
       - name: Azure CLI script
-        uses: azure/CLI@v1
+        uses: azure/cli@v2
         with:
           azcliversion: latest
           inlineScript: |
             az account show
 
       - name: Azure PowerShell script
-        uses: azure/powershell@v1
+        uses: azure/powershell@v2
         with:
           azPSVersion: "latest"
           inlineScript: |
@@ -281,18 +283,17 @@ jobs:
   build-and-deploy:
     runs-on: ubuntu-latest
     steps:
-    
-    - uses: azure/login@v1
+
+    - uses: azure/login@v2
       with:
         creds: ${{ secrets.AZURE_CREDENTIALS }}
-    
+
     - name: Azure CLI script
-      uses: azure/CLI@v1
+      uses: azure/cli@v2
       with:
         azcliversion: latest
         inlineScript: |
           az account show
-
 ```
 
 - **The workflow sample to run both Azure CLI and Azure PowerShell**
@@ -309,21 +310,21 @@ jobs:
   build-and-deploy:
     runs-on: ubuntu-latest
     steps:
-    
-    - uses: azure/login@v1
+
+    - uses: azure/login@v2
       with:
         creds: ${{ secrets.AZURE_CREDENTIALS }}
         enable-AzPSSession: true
-    
+
     - name: Azure CLI script
-      uses: azure/CLI@v1
+      uses: azure/cli@v2
       with:
         azcliversion: latest
         inlineScript: |
           az account show
 
     - name: Azure PowerShell script
-      uses: azure/powershell@v1
+      uses: azure/powershell@v2
       with:
         azPSVersion: "latest"
         inlineScript: |
@@ -333,7 +334,7 @@ jobs:
 If you want to pass subscription ID, tenant ID, client ID, and client secret as individual parameters instead of bundling them in a single JSON object to address the [security concerns](https://docs.github.com/actions/security-guides/encrypted-secrets), below snippet can help with the same.
 
 ```yaml
-  - uses: Azure/login@v1
+  - uses: azure/login@v2
     with:
       creds: '{"clientId":"${{ secrets.AZURE_CLIENT_ID }}","clientSecret":"${{ secrets.AZURE_CLIENT_SECRET }}","subscriptionId":"${{ secrets.AZURE_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.AZURE_TENANT_ID }}"}'
 ```
@@ -372,29 +373,29 @@ Now you can try the workflow to login with system-assigned managed identity.
 name: Run Azure Login with System-assigned Managed Identity
 on: [push]
 
-jobs: 
+jobs:
   build-and-deploy:
     runs-on: self-hosted
     steps:
       - name: Azure login
-        uses: azure/login@v1
+        uses: azure/login@v2
         with:
-          auth-type: IDENTITY          
+          auth-type: IDENTITY
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
           subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
           enable-AzPSSession: true
 
-      # Azure CLI Action only supports linux self-hosted runners for now. 
-      # If you want to execute the Azure CLI script on a windows self-hosted runner, you can execute it directly in `run`.  
+      # Azure CLI Action only supports linux self-hosted runners for now.
+      # If you want to execute the Azure CLI script on a windows self-hosted runner, you can execute it directly in `run`.
       - name: Azure CLI script
-        uses: azure/CLI@v1
+        uses: azure/cli@v2
         with:
           azcliversion: latest
           inlineScript: |
             az account show
 
       - name: Azure PowerShell script
-        uses: azure/powershell@v1
+        uses: azure/powershell@v2
         with:
           azPSVersion: "latest"
           inlineScript: |
@@ -438,30 +439,30 @@ Now you can try the workflow to login with user-assigned managed identity.
 name: Run Azure Login with User-assigned Managed Identity
 on: [push]
 
-jobs: 
+jobs:
   build-and-deploy:
     runs-on: self-hosted
     steps:
       - name: Azure login
-        uses: azure/login@v1
+        uses: azure/login@v2
         with:
           auth-type: IDENTITY
-          client-id: ${{ secrets.AZURE_CLIENT_ID }}          
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
           subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
           enable-AzPSSession: true
 
-      # Azure CLI Action only supports linux self-hosted runners for now. 
-      # If you want to execute the Azure CLI script on a windows self-hosted runner, you can execute it directly in `run`. 
+      # Azure CLI Action only supports linux self-hosted runners for now.
+      # If you want to execute the Azure CLI script on a windows self-hosted runner, you can execute it directly in `run`.
       - name: Azure CLI script
-        uses: azure/CLI@v1
+        uses: azure/cli@v2
         with:
           azcliversion: latest
           inlineScript: |
             az account show
 
       - name: Azure PowerShell script
-        uses: azure/powershell@v1
+        uses: azure/powershell@v2
         with:
           azPSVersion: "latest"
           inlineScript: |
@@ -482,13 +483,12 @@ jobs:
   build-and-deploy:
     runs-on: ubuntu-latest
     steps:
-    
-    - uses: azure/login@v1
+
+    - uses: azure/login@v2
       with:
         creds: ${{ secrets.AZURE_CREDENTIALS }}
         environment: 'AzureUSGovernment'
         enable-AzPSSession: true
-    
 ```
 
 ### Login to Azure Stack Hub
@@ -505,13 +505,12 @@ jobs:
   build-and-deploy:
     runs-on: ubuntu-latest
     steps:
-    
-    - uses: azure/login@v1
+
+    - uses: azure/login@v2
       with:
         creds: ${{ secrets.AZURE_CREDENTIALS }}
         environment: 'AzureStack'
         enable-AzPSSession: true
-    
 ```
 
 Refer to the [Azure Stack Hub Login Action Tutorial](https://learn.microsoft.com/azure-stack/user/ci-cd-github-action-login-cli) for more detailed instructions.
@@ -534,7 +533,7 @@ jobs:
     steps:
 
     - name: Azure Login
-      uses: azure/login@v1
+      uses: azure/login@v2
       with:
         client-id: ${{ secrets.AZURE_CLIENT_ID }}
         tenant-id: ${{ secrets.AZURE_TENANT_ID }}
@@ -542,41 +541,24 @@ jobs:
         enable-AzPSSession: true
 
     - name: Azure CLI script
-      uses: azure/CLI@v1
+      uses: azure/cli@v2
       with:
         azcliversion: latest
         inlineScript: |
           az account show
 
     - name: Run Azure PowerShell
-      uses: azure/powershell@v1
+      uses: azure/powershell@v2
       with:
         azPSVersion: "latest"
         inlineScript: |
           Get-AzContext
 ```
 
-## Az logout and security hardening
+## Security hardening
 
-This action doesn't implement ```az logout``` by default at the end of execution. However, there is no way to tamper with the credentials or account information because the GitHub-hosted runner is on a VM that will get re-imaged for every customer run, which deletes everything. But if the runner is self-hosted (not provided by GitHub), it is recommended to manually log out at the end of the workflow, as shown below. More details on security of the runners can be found [here](https://docs.github.com/actions/learn-github-actions/security-hardening-for-github-actions#hardening-for-self-hosted-runners).
-
-```yaml
-- name: Azure CLI script
-  uses: azure/CLI@v1
-  with:
-    inlineScript: |
-      az logout
-      az cache purge
-      az account clear
-
-- name: Azure PowerShell script
-  uses: azure/powershell@v1
-  with:
-    azPSVersion: "latest"
-    inlineScript: |
-      Clear-AzContext -Scope Process
-      Clear-AzContext -Scope CurrentUser
-```
+> [!WARNING]
+> When using self hosted runners it is possible to have multiple runners on a single VM. Currently if your runners share a single user on the VM each runner will share the same credentials. That means in detail that each runner is able to change the permissions of another run. As a workaround we propose to use one single VM user per runner. If you start the runner as a service, do not forget to add the [optional user argument](https://docs.github.com/actions/hosting-your-own-runners/managing-self-hosted-runners/configuring-the-self-hosted-runner-application-as-a-service#installing-the-service)
 
 ## Azure CLI dependency
 

__tests__/LoginConfig.test.ts

@@ -96,7 +96,7 @@ describe("LoginConfig Test", () => {
         expect(loginConfig.servicePrincipalId).toBe("client-id");
         expect(loginConfig.servicePrincipalSecret).toBe("client-secret");
         expect(loginConfig.tenantId).toBe("tenant-id");
-        expect(loginConfig.subscriptionId).toBe("");
+        expect(loginConfig.subscriptionId).toBe(undefined);
     });
 
     test('initialize with creds', async () => {

__tests__/PowerShell/AzPSScriptBuilder.test.ts

@@ -40,7 +40,7 @@ describe("Getting AzLogin PS script", () => {
         let loginConfig = new LoginConfig();
         loginConfig.initialize();
         return AzPSSCriptBuilder.getAzPSLoginScript(loginConfig).then(([loginMethod, loginScript]) => {
-            expect(loginScript.includes("$psLoginSecrets = ConvertTo-SecureString 'client-secret' -AsPlainText -Force; $psLoginCredential = New-Object System.Management.Automation.PSCredential('client-id', $psLoginSecrets); Connect-AzAccount -ServicePrincipal -Environment 'azurecloud' -Tenant 'tenant-id' -Subscription 'subscription-id' -Credential $psLoginCredential | out-null;")).toBeTruthy();
+            expect(loginScript.includes("$psLoginSecrets = ConvertTo-SecureString 'client-secret' -AsPlainText -Force; $psLoginCredential = New-Object System.Management.Automation.PSCredential('client-id', $psLoginSecrets); Connect-AzAccount -ServicePrincipal -Environment 'azurecloud' -Tenant 'tenant-id' -Subscription 'subscription-id' -Credential $psLoginCredential -InformationAction Ignore | out-null;")).toBeTruthy();
             expect(loginMethod).toBe('service principal with secret');
         });
     });
@@ -61,7 +61,7 @@ describe("Getting AzLogin PS script", () => {
         let loginConfig = new LoginConfig();
         loginConfig.initialize();
         return AzPSSCriptBuilder.getAzPSLoginScript(loginConfig).then(([loginMethod, loginScript]) => {
-            expect(loginScript.includes("$psLoginSecrets = ConvertTo-SecureString 'client-se''cret' -AsPlainText -Force; $psLoginCredential = New-Object System.Management.Automation.PSCredential('client-id', $psLoginSecrets); Connect-AzAccount -ServicePrincipal -Environment 'azurecloud' -Tenant 'tenant-id' -Subscription 'subscription-id' -Credential $psLoginCredential | out-null;")).toBeTruthy();
+            expect(loginScript.includes("$psLoginSecrets = ConvertTo-SecureString 'client-se''cret' -AsPlainText -Force; $psLoginCredential = New-Object System.Management.Automation.PSCredential('client-id', $psLoginSecrets); Connect-AzAccount -ServicePrincipal -Environment 'azurecloud' -Tenant 'tenant-id' -Subscription 'subscription-id' -Credential $psLoginCredential -InformationAction Ignore | out-null;")).toBeTruthy();
             expect(loginMethod).toBe('service principal with secret');
         });
     });
@@ -82,7 +82,7 @@ describe("Getting AzLogin PS script", () => {
         let loginConfig = new LoginConfig();
         loginConfig.initialize();
         return AzPSSCriptBuilder.getAzPSLoginScript(loginConfig).then(([loginMethod, loginScript]) => {
-            expect(loginScript.includes("$psLoginSecrets = ConvertTo-SecureString 'client-secret' -AsPlainText -Force; $psLoginCredential = New-Object System.Management.Automation.PSCredential('client-id', $psLoginSecrets); Connect-AzAccount -ServicePrincipal -Environment 'azurecloud' -Tenant 'tenant-id' -Subscription 'subscription-id' -Credential $psLoginCredential | out-null;")).toBeTruthy();
+            expect(loginScript.includes("$psLoginSecrets = ConvertTo-SecureString 'client-secret' -AsPlainText -Force; $psLoginCredential = New-Object System.Management.Automation.PSCredential('client-id', $psLoginSecrets); Connect-AzAccount -ServicePrincipal -Environment 'azurecloud' -Tenant 'tenant-id' -Subscription 'subscription-id' -Credential $psLoginCredential -InformationAction Ignore | out-null;")).toBeTruthy();
             expect(loginMethod).toBe('service principal with secret');
         });
     });
@@ -100,7 +100,7 @@ describe("Getting AzLogin PS script", () => {
         loginConfig.initialize();
         jest.spyOn(loginConfig, 'getFederatedToken').mockImplementation(async () => {loginConfig.federatedToken = "fake-token";});
         return AzPSSCriptBuilder.getAzPSLoginScript(loginConfig).then(([loginMethod, loginScript]) => {
-            expect(loginScript.includes("Connect-AzAccount -ServicePrincipal -Environment 'azurecloud' -Tenant 'tenant-id' -Subscription 'subscription-id' -ApplicationId 'client-id' -FederatedToken 'fake-token' | out-null;")).toBeTruthy();
+            expect(loginScript.includes("Connect-AzAccount -ServicePrincipal -Environment 'azurecloud' -Tenant 'tenant-id' -Subscription 'subscription-id' -ApplicationId 'client-id' -FederatedToken 'fake-token' -InformationAction Ignore | out-null;")).toBeTruthy();
             expect(loginMethod).toBe('OIDC');
         });
     });
@@ -115,7 +115,7 @@ describe("Getting AzLogin PS script", () => {
         let loginConfig = new LoginConfig();
         loginConfig.initialize();
         return AzPSSCriptBuilder.getAzPSLoginScript(loginConfig).then(([loginMethod, loginScript]) => {
-            expect(loginScript.includes("Connect-AzAccount -Identity -Environment 'azurecloud' -Subscription 'subscription-id'  | out-null;")).toBeTruthy();
+            expect(loginScript.includes("Connect-AzAccount -Identity -Environment 'azurecloud' -Subscription 'subscription-id'  -InformationAction Ignore | out-null;")).toBeTruthy();
             expect(loginMethod).toBe('system-assigned managed identity');
         });
     });
@@ -130,7 +130,7 @@ describe("Getting AzLogin PS script", () => {
         let loginConfig = new LoginConfig();
         loginConfig.initialize();
         return AzPSSCriptBuilder.getAzPSLoginScript(loginConfig).then(([loginMethod, loginScript]) => {
-            expect(loginScript.includes("Connect-AzAccount -Identity -Environment 'azurecloud'  | out-null;")).toBeTruthy();
+            expect(loginScript.includes("Connect-AzAccount -Identity -Environment 'azurecloud'  -InformationAction Ignore | out-null;")).toBeTruthy();
             expect(loginMethod).toBe('system-assigned managed identity');
         });
     });
@@ -145,7 +145,7 @@ describe("Getting AzLogin PS script", () => {
         let loginConfig = new LoginConfig();
         loginConfig.initialize();
         return AzPSSCriptBuilder.getAzPSLoginScript(loginConfig).then(([loginMethod, loginScript]) => {
-            expect(loginScript.includes("Connect-AzAccount -Identity -Environment 'azurecloud' -AccountId 'client-id' | out-null;")).toBeTruthy();
+            expect(loginScript.includes("Connect-AzAccount -Identity -Environment 'azurecloud' -AccountId 'client-id' -InformationAction Ignore | out-null;")).toBeTruthy();
             expect(loginMethod).toBe('user-assigned managed identity');
         });
     });

action.yml

@@ -1,7 +1,7 @@
 # Login to Azure subscription
 name: 'Azure Login'
 description: 'Authenticate to Azure and run your Azure CLI or Azure PowerShell based actions or scripts.'
-inputs: 
+inputs:
   creds:
     description: 'Paste output of `az ad sp create-for-rbac` as value of secret variable: AZURE_CREDENTIALS'
     required: false
@@ -14,7 +14,7 @@ inputs:
   subscription-id:
     description: 'Azure subscriptionId'
     required: false
-  enable-AzPSSession: 
+  enable-AzPSSession:
     description: 'Set this value to true to enable Azure PowerShell Login in addition to Azure CLI login'
     required: false
     default: false
@@ -27,18 +27,18 @@ inputs:
     required: false
     default: false
   audience:
-    description: 'Provide audience field for access-token. Default value is api://AzureADTokenExchange' 
+    description: 'Provide audience field for access-token. Default value is api://AzureADTokenExchange'
     required: false
     default: 'api://AzureADTokenExchange'
   auth-type:
-    description: 'The type of authentication. Supported values are SERVICE_PRINCIPAL, IDENTITY. Default value is SERVICE_PRINCIPAL' 
+    description: 'The type of authentication. Supported values are SERVICE_PRINCIPAL, IDENTITY. Default value is SERVICE_PRINCIPAL'
     required: false
     default: 'SERVICE_PRINCIPAL'
 branding:
   icon: 'login.svg'
   color: 'blue'
 runs:
-  using: 'node16'
-  pre: 'lib/cleanup.js'
-  main: 'lib/main.js'
-  post: 'lib/cleanup.js'
+  using: 'node20'
+  pre: 'lib/cleanup/index.js'
+  main: 'lib/main/index.js'
+  post: 'lib/cleanup/index.js'

package.json

@@ -1,17 +1,20 @@
 {
   "name": "login",
-  "version": "1.0.0",
+  "version": "2.0.0",
   "description": "Login Azure wraps the az login, allowing for Azure actions to log into Azure",
-  "main": "lib/main.js",
+  "main": "lib/main/index.js",
   "scripts": {
-    "build": "tsc",
+    "build:main": "ncc build src/main.ts -o lib/main",
+    "build:cleanup": "ncc build src/cleanup.ts -o lib/cleanup",
+    "build": "npm run build:main && npm run build:cleanup",
     "test": "jest"
   },
-  "author": "Sumiran Aggarwal",
+  "author": "Microsoft",
   "license": "MIT",
   "devDependencies": {
     "@types/jest": "^29.2.4",
-    "@types/node": "^12.7.11",
+    "@types/node": "^20.11.1",
+    "@vercel/ncc": "^0.38.1",
     "jest": "^29.3.1",
     "jest-circus": "^29.3.1",
     "ts-jest": "^29.0.3",
@@ -21,7 +24,6 @@
     "@actions/core": "1.9.1",
     "@actions/exec": "^1.0.1",
     "@actions/io": "^1.0.1",
-    "actions-secret-parser": "^1.0.4",
     "package-lock": "^1.0.3"
   }
-}
+}

src/Cli/AzureCliLogin.ts

@@ -28,10 +28,10 @@ export class AzureCliLogin {
             }
         };
 
-        await this.executeAzCliCommand(["--version"], true, execOptions);
+        await this.executeAzCliCommand(["version"], true, execOptions);
         core.debug(`Azure CLI version used:\n${output}`);
 
-        this.setAzurestackEnvIfNecessary();
+        await this.registerAzurestackEnvIfNecessary();
 
         await this.executeAzCliCommand(["cloud", "set", "-n", this.loginConfig.environment], false);
         core.info(`Done setting cloud: "${this.loginConfig.environment}"`);
@@ -59,7 +59,7 @@ export class AzureCliLogin {
         }
     }
 
-    async setAzurestackEnvIfNecessary() {
+    async registerAzurestackEnvIfNecessary() {
         if (this.loginConfig.environment != "azurestack") {
             return;
         }
@@ -85,7 +85,7 @@ export class AzureCliLogin {
             let suffixKeyvault = ".vault" + baseUri.substring(baseUri.indexOf('.')); // keyvault suffix starts with .
             let suffixStorage = baseUri.substring(baseUri.indexOf('.') + 1); // storage suffix starts without .
             let profileVersion = "2019-03-01-hybrid";
-            await this.executeAzCliCommand(["cloud", "register", "-n", this.loginConfig.environment, "--endpoint-resource-manager", `"${this.loginConfig.resourceManagerEndpointUrl}"`, "--suffix-keyvault-dns", `"${suffixKeyvault}"`, "--suffix-storage-endpoint", `"${suffixStorage}"`, "--profile", `"${profileVersion}"`], false);
+            await this.executeAzCliCommand(["cloud", "register", "-n", this.loginConfig.environment, "--endpoint-resource-manager", this.loginConfig.resourceManagerEndpointUrl, "--suffix-keyvault-dns", suffixKeyvault, "--suffix-storage-endpoint", suffixStorage, "--profile", profileVersion], false);
         }
         catch (error) {
             core.error(`Error while trying to register cloud "${this.loginConfig.environment}"`);

src/PowerShell/AzPSScriptBuilder.ts

@@ -104,7 +104,7 @@ export default class AzPSScriptBuilder {
         if(subscriptionId){
             loginCmdlet += `-Subscription '${subscriptionId}' `;
         }
-        loginCmdlet += `${cmdletSuffix} | out-null;`;
+        loginCmdlet += `${cmdletSuffix} -InformationAction Ignore | out-null;`;
         return loginCmdlet;
     }
 }

src/cleanup.ts

@@ -10,7 +10,7 @@ async function cleanup() {
         }
     }
     catch (error) {
-        core.setFailed(`Login cleanup failed with ${error}. Make sure 'az' is installed on the runner. If 'enable-AzPSSession' is true, make sure 'pwsh' is installed on the runner together with Azure PowerShell module.`);
+        core.warning(`Login cleanup failed with ${error}. Cleanup will be skipped.`);
         core.debug(error.stack);
     }
 }

src/common/LoginConfig.ts

@@ -1,5 +1,4 @@
 import * as core from '@actions/core';
-import { FormatType, SecretParser } from 'actions-secret-parser';
 
 export class LoginConfig {
     static readonly AUTH_TYPE_SERVICE_PRINCIPAL = "SERVICE_PRINCIPAL";
@@ -49,10 +48,10 @@ export class LoginConfig {
 
     private readParametersFromCreds() {
         let creds = core.getInput('creds', { required: false });
-        let secrets = creds ? new SecretParser(creds, FormatType.JSON) : null;
-        if (!secrets) {
+        if (!creds) {
             return;
         }
+        let secrets = JSON.parse(creds);
 
         if(this.authType != LoginConfig.AUTH_TYPE_SERVICE_PRINCIPAL){
             return;
@@ -64,11 +63,11 @@ export class LoginConfig {
         }
 
         core.debug('Reading creds in JSON...');
-        this.servicePrincipalId = this.servicePrincipalId ? this.servicePrincipalId : secrets.getSecret("$.clientId", false);
-        this.servicePrincipalSecret = secrets.getSecret("$.clientSecret", false);
-        this.tenantId = this.tenantId ? this.tenantId : secrets.getSecret("$.tenantId", false);
-        this.subscriptionId = this.subscriptionId ? this.subscriptionId : secrets.getSecret("$.subscriptionId", false);
-        this.resourceManagerEndpointUrl = secrets.getSecret("$.resourceManagerEndpointUrl", false);
+        this.servicePrincipalId = this.servicePrincipalId ? this.servicePrincipalId : secrets.clientId;
+        this.servicePrincipalSecret = secrets.clientSecret;
+        this.tenantId = this.tenantId ? this.tenantId : secrets.tenantId; 
+        this.subscriptionId = this.subscriptionId ? this.subscriptionId : secrets.subscriptionId;
+        this.resourceManagerEndpointUrl = secrets.resourceManagerEndpointUrl;
         if (!this.servicePrincipalId || !this.servicePrincipalSecret || !this.tenantId) {
             throw new Error("Not all parameters are provided in 'creds'. Double-check if all keys are defined in 'creds': 'clientId', 'clientSecret', 'tenantId'.");
         }
@@ -117,4 +116,3 @@ async function jwtParser(federatedToken: string) {
     let decodedPayload = JSON.parse(bufferObj.toString("utf8"));
     return [decodedPayload['iss'], decodedPayload['sub']];
 }
-

src/common/Utils.ts

@@ -13,9 +13,6 @@ export function setUserAgent(): void {
 
 export async function cleanupAzCLIAccounts(): Promise<void> {
     let azPath = await io.which("az", true);
-    if (!azPath) {
-        throw new Error("Azure CLI is not found in the runner.");
-    }
     core.debug(`Azure CLI path: ${azPath}`);
     core.info("Clearing azure cli accounts from the local cache.");
     await exec.exec(`"${azPath}"`, ["account", "clear"]);  
@@ -23,9 +20,6 @@ export async function cleanupAzCLIAccounts(): Promise<void> {
 
 export async function cleanupAzPSAccounts(): Promise<void> {
     let psPath: string = await io.which(AzPSConstants.PowerShell_CmdName, true);
-    if (!psPath) {
-        throw new Error("PowerShell is not found in the runner.");
-    }
     core.debug(`PowerShell path: ${psPath}`);
     core.debug("Importing Azure PowerShell module.");
     AzPSUtils.setPSModulePathForGitHubRunner();