From 19d77c4f9b2f107a92b7c101f7360a739acf96bc Mon Sep 17 00:00:00 2001 From: Shiying Chen Date: Wed, 17 Apr 2024 09:55:46 +0800 Subject: [PATCH 1/8] Change the trigger for pr check workflow (#435) * change trigger * remove env --- .github/workflows/azure-login-pr-check.yml | 46 ++-------------------- 1 file changed, 3 insertions(+), 43 deletions(-) diff --git a/.github/workflows/azure-login-pr-check.yml b/.github/workflows/azure-login-pr-check.yml index ba8e198c1..279cf3cd7 100644 --- a/.github/workflows/azure-login-pr-check.yml +++ b/.github/workflows/azure-login-pr-check.yml @@ -1,13 +1,12 @@ name: pr-check on: - pull_request_target: + pull_request: branches: - master - 'releases/*' jobs: az-login-test: - environment: Automation test runs-on: windows-latest steps: - name: Checkout from PR branch @@ -28,44 +27,5 @@ jobs: - name: Build GitHub Action run: npm run build - - name: 'Az CLI login with subscription' - uses: ./ - with: - creds: ${{ secrets.AZURE_CREDENTIALS }} - - - run: | - az account show --output none - az vm list --output none - - - name: 'Az CLI login without subscription' - uses: ./ - with: - creds: ${{ secrets.AZURE_CREDENTIALS_NO_SUB }} - allow-no-subscriptions: true - - - run: | - az account show --output none - # az vm list --output none - - - name: 'Azure PowerShell login with subscription' - uses: ./ - with: - creds: ${{ secrets.AZURE_CREDENTIALS }} - enable-AzPSSession: true - - - uses: azure/powershell@v1 - with: - inlineScript: "(Get-AzContext).Environment.Name" - azPSVersion: "latest" - - # - name: 'Azure PowerShell login without subscription' - # uses: ./ - # with: - # creds: ${{secrets.AZURE_CREDENTIALS_NO_SUB}} - # enable-AzPSSession: true - # allow-no-subscriptions: true - - # - uses: azure/powershell@v1 - # with: - # inlineScript: "Get-AzContext" - # azPSVersion: "latest" + - name: Run mock test + run: npm run test From cf8f85dbab45fdf28cd42f09314024a1be1d58f1 Mon Sep 17 00:00:00 2001 From: Jiashuo Li <4003950+jiasli@users.noreply.github.com> Date: Fri, 26 Apr 2024 08:58:16 +0800 Subject: [PATCH 2/8] Update `azure/CLI@v1` to `azure/cli@v2` and `azure/powershell@v1` to `azure/powershell@v2` (#438) * patch * fix indentation --- README.md | 71 ++++++++++++++++++++++++++----------------------------- 1 file changed, 34 insertions(+), 37 deletions(-) diff --git a/README.md b/README.md index 6575ca858..beed96b72 100644 --- a/README.md +++ b/README.md @@ -183,9 +183,9 @@ name: Run Azure Login with OIDC on: [push] permissions: - id-token: write - contents: read -jobs: + id-token: write + contents: read +jobs: build-and-deploy: runs-on: ubuntu-latest steps: @@ -195,9 +195,9 @@ jobs: client-id: ${{ secrets.AZURE_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - + - name: Azure CLI script - uses: azure/CLI@v1 + uses: azure/cli@v2 with: azcliversion: latest inlineScript: | @@ -213,9 +213,9 @@ name: Run Azure Login with OIDC on: [push] permissions: - id-token: write - contents: read -jobs: + id-token: write + contents: read +jobs: build-and-deploy: runs-on: ubuntu-latest steps: @@ -226,16 +226,16 @@ jobs: tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} enable-AzPSSession: true - + - name: Azure CLI script - uses: azure/CLI@v1 + uses: azure/cli@v2 with: azcliversion: latest inlineScript: | az account show - name: Azure PowerShell script - uses: azure/powershell@v1 + uses: azure/powershell@v2 with: azPSVersion: "latest" inlineScript: | @@ -281,18 +281,17 @@ jobs: build-and-deploy: runs-on: ubuntu-latest steps: - + - uses: azure/login@v2 with: creds: ${{ secrets.AZURE_CREDENTIALS }} - + - name: Azure CLI script - uses: azure/CLI@v1 + uses: azure/cli@v2 with: azcliversion: latest inlineScript: | az account show - ``` - **The workflow sample to run both Azure CLI and Azure PowerShell** @@ -309,21 +308,21 @@ jobs: build-and-deploy: runs-on: ubuntu-latest steps: - + - uses: azure/login@v2 with: creds: ${{ secrets.AZURE_CREDENTIALS }} enable-AzPSSession: true - + - name: Azure CLI script - uses: azure/CLI@v1 + uses: azure/cli@v2 with: azcliversion: latest inlineScript: | az account show - name: Azure PowerShell script - uses: azure/powershell@v1 + uses: azure/powershell@v2 with: azPSVersion: "latest" inlineScript: | @@ -372,29 +371,29 @@ Now you can try the workflow to login with system-assigned managed identity. name: Run Azure Login with System-assigned Managed Identity on: [push] -jobs: +jobs: build-and-deploy: runs-on: self-hosted steps: - name: Azure login uses: azure/login@v2 with: - auth-type: IDENTITY + auth-type: IDENTITY tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} enable-AzPSSession: true - # Azure CLI Action only supports linux self-hosted runners for now. - # If you want to execute the Azure CLI script on a windows self-hosted runner, you can execute it directly in `run`. + # Azure CLI Action only supports linux self-hosted runners for now. + # If you want to execute the Azure CLI script on a windows self-hosted runner, you can execute it directly in `run`. - name: Azure CLI script - uses: azure/CLI@v1 + uses: azure/cli@v2 with: azcliversion: latest inlineScript: | az account show - name: Azure PowerShell script - uses: azure/powershell@v1 + uses: azure/powershell@v2 with: azPSVersion: "latest" inlineScript: | @@ -438,7 +437,7 @@ Now you can try the workflow to login with user-assigned managed identity. name: Run Azure Login with User-assigned Managed Identity on: [push] -jobs: +jobs: build-and-deploy: runs-on: self-hosted steps: @@ -446,22 +445,22 @@ jobs: uses: azure/login@v2 with: auth-type: IDENTITY - client-id: ${{ secrets.AZURE_CLIENT_ID }} + client-id: ${{ secrets.AZURE_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} enable-AzPSSession: true - # Azure CLI Action only supports linux self-hosted runners for now. - # If you want to execute the Azure CLI script on a windows self-hosted runner, you can execute it directly in `run`. + # Azure CLI Action only supports linux self-hosted runners for now. + # If you want to execute the Azure CLI script on a windows self-hosted runner, you can execute it directly in `run`. - name: Azure CLI script - uses: azure/CLI@v1 + uses: azure/cli@v2 with: azcliversion: latest inlineScript: | az account show - name: Azure PowerShell script - uses: azure/powershell@v1 + uses: azure/powershell@v2 with: azPSVersion: "latest" inlineScript: | @@ -482,13 +481,12 @@ jobs: build-and-deploy: runs-on: ubuntu-latest steps: - + - uses: azure/login@v2 with: creds: ${{ secrets.AZURE_CREDENTIALS }} environment: 'AzureUSGovernment' enable-AzPSSession: true - ``` ### Login to Azure Stack Hub @@ -505,13 +503,12 @@ jobs: build-and-deploy: runs-on: ubuntu-latest steps: - + - uses: azure/login@v2 with: creds: ${{ secrets.AZURE_CREDENTIALS }} environment: 'AzureStack' enable-AzPSSession: true - ``` Refer to the [Azure Stack Hub Login Action Tutorial](https://learn.microsoft.com/azure-stack/user/ci-cd-github-action-login-cli) for more detailed instructions. @@ -542,14 +539,14 @@ jobs: enable-AzPSSession: true - name: Azure CLI script - uses: azure/CLI@v1 + uses: azure/cli@v2 with: azcliversion: latest inlineScript: | az account show - name: Run Azure PowerShell - uses: azure/powershell@v1 + uses: azure/powershell@v2 with: azPSVersion: "latest" inlineScript: | From 59ce201ac2c230df1336b836f1b457eef9506988 Mon Sep 17 00:00:00 2001 From: Yeming Liu <11371776+isra-fel@users.noreply.github.com> Date: Tue, 21 May 2024 11:03:42 +0800 Subject: [PATCH 3/8] Update CODE_OF_CONDUCT.md (#446) --- CODE_OF_CONDUCT.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index c72a5749c..8312fc696 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -7,3 +7,4 @@ Resources: - [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/) - [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) - Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns +- Employees can reach out at [aka.ms/opensource/moderation-support](https://aka.ms/opensource/moderation-support) From cb503d892a973aa71c86a14bacffc3a8982d6ee7 Mon Sep 17 00:00:00 2001 From: Yan Xu Date: Fri, 24 May 2024 11:08:40 +0800 Subject: [PATCH 4/8] Disable information output in Connect-AzAccount (#448) * disable information output in Connect-AzAccount * fix test --- __tests__/PowerShell/AzPSScriptBuilder.test.ts | 14 +++++++------- src/PowerShell/AzPSScriptBuilder.ts | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/__tests__/PowerShell/AzPSScriptBuilder.test.ts b/__tests__/PowerShell/AzPSScriptBuilder.test.ts index f835dd89c..862d7a0f5 100644 --- a/__tests__/PowerShell/AzPSScriptBuilder.test.ts +++ b/__tests__/PowerShell/AzPSScriptBuilder.test.ts @@ -40,7 +40,7 @@ describe("Getting AzLogin PS script", () => { let loginConfig = new LoginConfig(); loginConfig.initialize(); return AzPSSCriptBuilder.getAzPSLoginScript(loginConfig).then(([loginMethod, loginScript]) => { - expect(loginScript.includes("$psLoginSecrets = ConvertTo-SecureString 'client-secret' -AsPlainText -Force; $psLoginCredential = New-Object System.Management.Automation.PSCredential('client-id', $psLoginSecrets); Connect-AzAccount -ServicePrincipal -Environment 'azurecloud' -Tenant 'tenant-id' -Subscription 'subscription-id' -Credential $psLoginCredential | out-null;")).toBeTruthy(); + expect(loginScript.includes("$psLoginSecrets = ConvertTo-SecureString 'client-secret' -AsPlainText -Force; $psLoginCredential = New-Object System.Management.Automation.PSCredential('client-id', $psLoginSecrets); Connect-AzAccount -ServicePrincipal -Environment 'azurecloud' -Tenant 'tenant-id' -Subscription 'subscription-id' -Credential $psLoginCredential -InformationAction Ignore | out-null;")).toBeTruthy(); expect(loginMethod).toBe('service principal with secret'); }); }); @@ -61,7 +61,7 @@ describe("Getting AzLogin PS script", () => { let loginConfig = new LoginConfig(); loginConfig.initialize(); return AzPSSCriptBuilder.getAzPSLoginScript(loginConfig).then(([loginMethod, loginScript]) => { - expect(loginScript.includes("$psLoginSecrets = ConvertTo-SecureString 'client-se''cret' -AsPlainText -Force; $psLoginCredential = New-Object System.Management.Automation.PSCredential('client-id', $psLoginSecrets); Connect-AzAccount -ServicePrincipal -Environment 'azurecloud' -Tenant 'tenant-id' -Subscription 'subscription-id' -Credential $psLoginCredential | out-null;")).toBeTruthy(); + expect(loginScript.includes("$psLoginSecrets = ConvertTo-SecureString 'client-se''cret' -AsPlainText -Force; $psLoginCredential = New-Object System.Management.Automation.PSCredential('client-id', $psLoginSecrets); Connect-AzAccount -ServicePrincipal -Environment 'azurecloud' -Tenant 'tenant-id' -Subscription 'subscription-id' -Credential $psLoginCredential -InformationAction Ignore | out-null;")).toBeTruthy(); expect(loginMethod).toBe('service principal with secret'); }); }); @@ -82,7 +82,7 @@ describe("Getting AzLogin PS script", () => { let loginConfig = new LoginConfig(); loginConfig.initialize(); return AzPSSCriptBuilder.getAzPSLoginScript(loginConfig).then(([loginMethod, loginScript]) => { - expect(loginScript.includes("$psLoginSecrets = ConvertTo-SecureString 'client-secret' -AsPlainText -Force; $psLoginCredential = New-Object System.Management.Automation.PSCredential('client-id', $psLoginSecrets); Connect-AzAccount -ServicePrincipal -Environment 'azurecloud' -Tenant 'tenant-id' -Subscription 'subscription-id' -Credential $psLoginCredential | out-null;")).toBeTruthy(); + expect(loginScript.includes("$psLoginSecrets = ConvertTo-SecureString 'client-secret' -AsPlainText -Force; $psLoginCredential = New-Object System.Management.Automation.PSCredential('client-id', $psLoginSecrets); Connect-AzAccount -ServicePrincipal -Environment 'azurecloud' -Tenant 'tenant-id' -Subscription 'subscription-id' -Credential $psLoginCredential -InformationAction Ignore | out-null;")).toBeTruthy(); expect(loginMethod).toBe('service principal with secret'); }); }); @@ -100,7 +100,7 @@ describe("Getting AzLogin PS script", () => { loginConfig.initialize(); jest.spyOn(loginConfig, 'getFederatedToken').mockImplementation(async () => {loginConfig.federatedToken = "fake-token";}); return AzPSSCriptBuilder.getAzPSLoginScript(loginConfig).then(([loginMethod, loginScript]) => { - expect(loginScript.includes("Connect-AzAccount -ServicePrincipal -Environment 'azurecloud' -Tenant 'tenant-id' -Subscription 'subscription-id' -ApplicationId 'client-id' -FederatedToken 'fake-token' | out-null;")).toBeTruthy(); + expect(loginScript.includes("Connect-AzAccount -ServicePrincipal -Environment 'azurecloud' -Tenant 'tenant-id' -Subscription 'subscription-id' -ApplicationId 'client-id' -FederatedToken 'fake-token' -InformationAction Ignore | out-null;")).toBeTruthy(); expect(loginMethod).toBe('OIDC'); }); }); @@ -115,7 +115,7 @@ describe("Getting AzLogin PS script", () => { let loginConfig = new LoginConfig(); loginConfig.initialize(); return AzPSSCriptBuilder.getAzPSLoginScript(loginConfig).then(([loginMethod, loginScript]) => { - expect(loginScript.includes("Connect-AzAccount -Identity -Environment 'azurecloud' -Subscription 'subscription-id' | out-null;")).toBeTruthy(); + expect(loginScript.includes("Connect-AzAccount -Identity -Environment 'azurecloud' -Subscription 'subscription-id' -InformationAction Ignore | out-null;")).toBeTruthy(); expect(loginMethod).toBe('system-assigned managed identity'); }); }); @@ -130,7 +130,7 @@ describe("Getting AzLogin PS script", () => { let loginConfig = new LoginConfig(); loginConfig.initialize(); return AzPSSCriptBuilder.getAzPSLoginScript(loginConfig).then(([loginMethod, loginScript]) => { - expect(loginScript.includes("Connect-AzAccount -Identity -Environment 'azurecloud' | out-null;")).toBeTruthy(); + expect(loginScript.includes("Connect-AzAccount -Identity -Environment 'azurecloud' -InformationAction Ignore | out-null;")).toBeTruthy(); expect(loginMethod).toBe('system-assigned managed identity'); }); }); @@ -145,7 +145,7 @@ describe("Getting AzLogin PS script", () => { let loginConfig = new LoginConfig(); loginConfig.initialize(); return AzPSSCriptBuilder.getAzPSLoginScript(loginConfig).then(([loginMethod, loginScript]) => { - expect(loginScript.includes("Connect-AzAccount -Identity -Environment 'azurecloud' -AccountId 'client-id' | out-null;")).toBeTruthy(); + expect(loginScript.includes("Connect-AzAccount -Identity -Environment 'azurecloud' -AccountId 'client-id' -InformationAction Ignore | out-null;")).toBeTruthy(); expect(loginMethod).toBe('user-assigned managed identity'); }); }); diff --git a/src/PowerShell/AzPSScriptBuilder.ts b/src/PowerShell/AzPSScriptBuilder.ts index 28e8a95fd..5cd34580f 100644 --- a/src/PowerShell/AzPSScriptBuilder.ts +++ b/src/PowerShell/AzPSScriptBuilder.ts @@ -104,7 +104,7 @@ export default class AzPSScriptBuilder { if(subscriptionId){ loginCmdlet += `-Subscription '${subscriptionId}' `; } - loginCmdlet += `${cmdletSuffix} | out-null;`; + loginCmdlet += `${cmdletSuffix} -InformationAction Ignore | out-null;`; return loginCmdlet; } } From 5b1f5e2d920c4cd7716175c1c028bb0c3df9cfaf Mon Sep 17 00:00:00 2001 From: Shiying Chen Date: Mon, 27 May 2024 14:55:09 +0800 Subject: [PATCH 5/8] Replace `az --version` with `az version` (#450) --- src/Cli/AzureCliLogin.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Cli/AzureCliLogin.ts b/src/Cli/AzureCliLogin.ts index ec557fe62..5db52b7c1 100644 --- a/src/Cli/AzureCliLogin.ts +++ b/src/Cli/AzureCliLogin.ts @@ -28,7 +28,7 @@ export class AzureCliLogin { } }; - await this.executeAzCliCommand(["--version"], true, execOptions); + await this.executeAzCliCommand(["version"], true, execOptions); core.debug(`Azure CLI version used:\n${output}`); this.setAzurestackEnvIfNecessary(); From 151fd0098c71af3d948d2ec8126743aa98926f5a Mon Sep 17 00:00:00 2001 From: Jesse Antoszyk <22500761+jcantosz@users.noreply.github.com> Date: Mon, 3 Jun 2024 22:47:24 -0400 Subject: [PATCH 6/8] Update documentation for setting audience when environment is set (#455) * Add details about setting "audience" parameter when "environment" is not public cloud * Remove extra added space --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index beed96b72..003a69d2a 100644 --- a/README.md +++ b/README.md @@ -56,7 +56,7 @@ Azure Login Action supports different ways of authentication with Azure. |tenant-id|false|UUID||the login tenant id| |creds|false|string||a json string for login with an Azure service principal| |enable-AzPSSession|false|boolean|false|if Azure PowerShell login is enabled| -|environment|false|string|azurecloud|the Azure Cloud environment| +|environment|false|string|azurecloud|the Azure Cloud environment. For cloud environments other than the public cloud, the `audience` will also need to be updated.| |allow-no-subscriptions|false|boolean|false|if login without subscription is allowed| |audience|false|string|api://AzureADTokenExchange|the audience to get the JWT ID token from GitHub OIDC provider| |auth-type|false|string|SERVICE_PRINCIPAL|the auth type| @@ -126,6 +126,8 @@ By default, Azure Login Action connects to the Azure Public Cloud (`AzureCloud`) To login to one of the Azure Government clouds or Azure Stack, set `environment` to one of the supported values `AzureUSGovernment` or `AzureChinaCloud` or `AzureGermanCloud` or `AzureStack`. +The default [`audience`](#audience) for each of these clouds is different and will also need to be set if using anything other than the public environment. + Refer to [Login to Azure US Government cloud](#login-to-azure-us-government-cloud) for its usage. ### `allow-no-subscriptions` From 8fb68f4adefff5c860da167ab7f3f993bf7fd047 Mon Sep 17 00:00:00 2001 From: Shiying Chen Date: Thu, 20 Jun 2024 13:42:11 +0800 Subject: [PATCH 7/8] Remove tests for self-hosted runner (#465) * disable vm * update * update --- .github/workflows/azure-login-negative.yml | 33 ----- .github/workflows/azure-login-positive.yml | 139 ++------------------- 2 files changed, 9 insertions(+), 163 deletions(-) diff --git a/.github/workflows/azure-login-negative.yml b/.github/workflows/azure-login-negative.yml index b54aaa1a0..91dda5801 100644 --- a/.github/workflows/azure-login-negative.yml +++ b/.github/workflows/azure-login-negative.yml @@ -333,36 +333,3 @@ jobs: with: script: | core.setFailed('Last action should fail but not. Please check it.') - - VMTest: - strategy: - matrix: - os: [self_linux, self_windows] - runs-on: ${{ matrix.os }} - environment: Automation test - - steps: - - name: 'Checking out repo code' - uses: actions/checkout@v4 - - - name: Set Node.js 20.x for GitHub Action - uses: actions/setup-node@v4 - with: - node-version: 20.x - - - name: 'Validate build' - run: | - npm install - npm run build - - - name: Login with system-assigned managed identity without auth-type - id: login_14 - continue-on-error: true - uses: ./ - - - name: Check Last step failed - if: steps.login_14.outcome == 'success' - uses: actions/github-script@v7 - with: - script: | - core.setFailed('Last action should fail but not. Please check it.') diff --git a/.github/workflows/azure-login-positive.yml b/.github/workflows/azure-login-positive.yml index a92875102..0d43c54d1 100644 --- a/.github/workflows/azure-login-positive.yml +++ b/.github/workflows/azure-login-positive.yml @@ -12,7 +12,7 @@ jobs: BasicTest: strategy: matrix: - os: [ubuntu-latest, windows-latest, macos-latest, self_linux, self_windows] + os: [ubuntu-latest, windows-latest, macos-latest] runs-on: ${{ matrix.os }} environment: Automation test @@ -47,13 +47,11 @@ jobs: az vm list --output none - name: Run Azure PowerShell - uses: azure/powershell@v1 + uses: azure/powershell@v2 with: azPSVersion: "latest" inlineScript: | $checkResult = (Get-AzContext).Environment.Name -eq 'AzureCloud' - $checkResult = $checkResult -and ((Get-AzResourceGroup -Name GitHubAction_CI_RG).ResourceGroupName -eq 'GitHubAction_CI_RG') - $checkResult = $checkResult -and ((Get-AzVM).Count -gt 0) if(-not $checkResult){ throw "Not all checks passed!" } @@ -71,7 +69,7 @@ jobs: az account show --output none - name: Run Azure PowerShell again - uses: azure/powershell@v1 + uses: azure/powershell@v2 with: azPSVersion: "latest" inlineScript: | @@ -94,13 +92,11 @@ jobs: az vm list --output none - name: Run Azure PowerShell - uses: azure/powershell@v1 + uses: azure/powershell@v2 with: azPSVersion: "latest" inlineScript: | $checkResult = (Get-AzContext).Environment.Name -eq 'AzureCloud' - $checkResult = $checkResult -and ((Get-AzResourceGroup -Name GitHubAction_CI_RG).ResourceGroupName -eq 'GitHubAction_CI_RG') - $checkResult = $checkResult -and ((Get-AzVM).Count -gt 0) if(-not $checkResult){ throw "Not all checks passed!" } @@ -164,13 +160,11 @@ jobs: az vm list --output none - name: Run Azure PowerShell - uses: azure/powershell@v1 + uses: azure/powershell@v2 with: azPSVersion: "latest" inlineScript: | $checkResult = (Get-AzContext).Environment.Name -eq 'AzureCloud' - $checkResult = $checkResult -and ((Get-AzResourceGroup -Name GitHubAction_CI_RG).ResourceGroupName -eq 'GitHubAction_CI_RG') - $checkResult = $checkResult -and ((Get-AzVM).Count -gt 0) if(-not $checkResult){ throw "Not all checks passed!" } @@ -189,7 +183,7 @@ jobs: az account show --output none - name: Run Azure PowerShell again - uses: azure/powershell@v1 + uses: azure/powershell@v2 with: azPSVersion: "latest" inlineScript: | @@ -209,13 +203,13 @@ jobs: - name: Run Azure Cli shell: pwsh run: | - $checkResult = (az account list --output json | ConvertFrom-Json).Count -eq 2 + $checkResult = (az account list --output json | ConvertFrom-Json).Count -eq 3 if(-not $checkResult){ throw "Not all checks passed!" } - name: Run Azure PowerShell - uses: azure/powershell@v1 + uses: azure/powershell@v2 with: azPSVersion: "latest" inlineScript: | @@ -236,126 +230,11 @@ jobs: az account show --output none - name: Run Azure PowerShell - uses: azure/powershell@v1 - with: - azPSVersion: "latest" - inlineScript: | - $checkResult = (Get-AzContext).Environment.Name -eq 'AzureCloud' - if(-not $checkResult){ - throw "Not all checks passed!" - } - - VMTest: - strategy: - matrix: - os: [self_linux, self_windows] - runs-on: ${{ matrix.os }} - environment: Automation test - - steps: - - name: 'Checking out repo code' - uses: actions/checkout@v4 - - - name: Set Node.js 20.x for GitHub Action - uses: actions/setup-node@v4 - with: - node-version: 20.x - - - name: 'Validate build' - run: | - npm install - npm run build - - - name: Login with system-assigned managed identity, no subscription-id - uses: ./ - with: - auth-type: IDENTITY - allow-no-subscriptions: true - enable-AzPSSession: true - - - name: Run Azure Cli - run: | - az account show --output none - - - name: Run Azure PowerShell - uses: azure/powershell@v1 - with: - azPSVersion: "latest" - inlineScript: | - $checkResult = (Get-AzContext).Environment.Name -eq 'AzureCloud' - if(-not $checkResult){ - throw "Not all checks passed!" - } - - - name: Login with system-assigned managed identity, with subscription id - uses: ./ - with: - auth-type: IDENTITY - subscription-id: ${{ secrets.AZURE_SUBSCRIPTIONID }} - enable-AzPSSession: true - - - name: Run Azure Cli - run: | - az account show --output none - az group show --name GitHubAction_CI_RG --output none - az vm list --output none - - - name: Run Azure PowerShell - uses: azure/powershell@v1 - with: - azPSVersion: "latest" - inlineScript: | - $checkResult = (Get-AzContext).Environment.Name -eq 'AzureCloud' - $checkResult = $checkResult -and ((Get-AzResourceGroup -Name GitHubAction_CI_RG).ResourceGroupName -eq 'GitHubAction_CI_RG') - $checkResult = $checkResult -and ((Get-AzVM).Count -gt 0) - if(-not $checkResult){ - throw "Not all checks passed!" - } - - - name: Login with tenant-level user-assigned managed identity with allow-no-subscriptions - uses: ./ - with: - client-id: ${{ secrets.UMI2_CLIENT_ID }} - allow-no-subscriptions: true - auth-type: IDENTITY - enable-AzPSSession: true - - - name: Run Azure Cli - run: | - az account show --output none - - - name: Run Azure PowerShell - uses: azure/powershell@v1 - with: - azPSVersion: "latest" - inlineScript: | - $checkResult = (Get-AzContext).Environment.Name -eq 'AzureCloud' - if(-not $checkResult){ - throw "Not all checks passed!" - } - - - name: Login with user-assigned managed identity, subscription-id - uses: ./ - with: - client-id: ${{ secrets.UMI1_CLIENT_ID }} - subscription-id: ${{ secrets.UMI1_SUBSCRIPTION_ID }} - auth-type: IDENTITY - enable-AzPSSession: true - - - name: Run Azure Cli - run: | - az account show --output none - az group show --name GitHubAction_CI_RG --output none - az vm list --output none - - - name: Run Azure PowerShell - uses: azure/powershell@v1 + uses: azure/powershell@v2 with: azPSVersion: "latest" inlineScript: | $checkResult = (Get-AzContext).Environment.Name -eq 'AzureCloud' - $checkResult = $checkResult -and ((Get-AzResourceGroup -Name GitHubAction_CI_RG).ResourceGroupName -eq 'GitHubAction_CI_RG') - $checkResult = $checkResult -and ((Get-AzVM).Count -gt 0) if(-not $checkResult){ throw "Not all checks passed!" } From e1a0ade0c10e6fce656e01e74e6ca3c5054a0907 Mon Sep 17 00:00:00 2001 From: Shiying Chen Date: Thu, 20 Jun 2024 14:41:16 +0800 Subject: [PATCH 8/8] Fix #459: Errors when registering cloud profile for AzureStack (#466) --- src/Cli/AzureCliLogin.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Cli/AzureCliLogin.ts b/src/Cli/AzureCliLogin.ts index 5db52b7c1..2c4c5f8f0 100644 --- a/src/Cli/AzureCliLogin.ts +++ b/src/Cli/AzureCliLogin.ts @@ -31,7 +31,7 @@ export class AzureCliLogin { await this.executeAzCliCommand(["version"], true, execOptions); core.debug(`Azure CLI version used:\n${output}`); - this.setAzurestackEnvIfNecessary(); + await this.registerAzurestackEnvIfNecessary(); await this.executeAzCliCommand(["cloud", "set", "-n", this.loginConfig.environment], false); core.info(`Done setting cloud: "${this.loginConfig.environment}"`); @@ -59,7 +59,7 @@ export class AzureCliLogin { } } - async setAzurestackEnvIfNecessary() { + async registerAzurestackEnvIfNecessary() { if (this.loginConfig.environment != "azurestack") { return; } @@ -85,7 +85,7 @@ export class AzureCliLogin { let suffixKeyvault = ".vault" + baseUri.substring(baseUri.indexOf('.')); // keyvault suffix starts with . let suffixStorage = baseUri.substring(baseUri.indexOf('.') + 1); // storage suffix starts without . let profileVersion = "2019-03-01-hybrid"; - await this.executeAzCliCommand(["cloud", "register", "-n", this.loginConfig.environment, "--endpoint-resource-manager", `"${this.loginConfig.resourceManagerEndpointUrl}"`, "--suffix-keyvault-dns", `"${suffixKeyvault}"`, "--suffix-storage-endpoint", `"${suffixStorage}"`, "--profile", `"${profileVersion}"`], false); + await this.executeAzCliCommand(["cloud", "register", "-n", this.loginConfig.environment, "--endpoint-resource-manager", this.loginConfig.resourceManagerEndpointUrl, "--suffix-keyvault-dns", suffixKeyvault, "--suffix-storage-endpoint", suffixStorage, "--profile", profileVersion], false); } catch (error) { core.error(`Error while trying to register cloud "${this.loginConfig.environment}"`);