Federated id does not work for marketplace yet

devcontainers · Mar 5, 2024 · 6575819 · 6575819
1 parent 2071233
commit 6575819
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 30 deletions.
diff --git a/.github/workflows/ci_branch.yml b/.github/workflows/ci_branch.yml
@@ -33,3 +33,4 @@ jobs:
     secrets:
       AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
       AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZDO_TOKEN: ${{ secrets.AZDO_TOKEN }}
diff --git a/.github/workflows/ci_common.yml b/.github/workflows/ci_common.yml
@@ -52,6 +52,9 @@ on:
       AZURE_TENANT_ID:
         description: "Azure Tenant ID"
         required: true
+      AZDO_TOKEN:
+        description: "AZDO Token"
+        required: true
 
 permissions:
   id-token: write
@@ -287,19 +290,19 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Azure Login
-        uses: azure/login@v2
-        with:
-          client-id: ${{ secrets.AZURE_CLIENT_ID }}
-          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
-          allow-no-subscriptions: true
-      - name: Get Token
-        id: get_token
-        run: |
-          echo "azdo_token=$(az account get-access-token --resource=https://monacotools.visualstudio.com --query accessToken -o tsv)" >> $GITHUB_OUTPUT
-      - name: Check Token
-        run: |
-          echo "Token length: $(echo "${{ steps.get_token.outputs.azdo_token }}" | wc -c)"
+      # - name: Azure Login
+      #   uses: azure/login@v2
+      #   with:
+      #     client-id: ${{ secrets.AZURE_CLIENT_ID }}
+      #     tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+      #     allow-no-subscriptions: true
+      # - name: Get Token
+      #   id: get_token
+      #   run: |
+      #     echo "azdo_token=$(az account get-access-token --resource=https://monacotools.visualstudio.com --query accessToken -o tsv)" >> $GITHUB_OUTPUT
+      # - name: Check Token
+      #   run: |
+      #     echo "Token length: $(echo "${{ steps.get_token.outputs.azdo_token }}" | wc -c)"
 
       # Published action contains compiled JS, but we need to compile it here
       - uses: actions/setup-node@v3
@@ -317,8 +320,8 @@ jobs:
           AZDO_PROJECT: ${{ inputs.AZDO_PROJECT }}
           AZDO_BUILD: ${{ inputs.AZDO_BUILD }}
           AZDO_ORG: ${{ inputs.AZDO_ORG }}
-          AZDO_TOKEN: ${{ steps.get_token.outputs.azdo_token }}
-          AZURE_DEVOPS_EXT_PAT: ${{ steps.get_token.outputs.azdo_token }}
+          AZDO_TOKEN: ${{ secrets.AZDO_TOKEN }}
+          AZURE_DEVOPS_EXT_PAT: ${{ secrets.AZDO_TOKEN }}
           BUILD_NUMBER: ${{ github.run_id }}
           IS_PR: ${{ github.head_ref }}
           BRANCH: ${{ github.ref }}
@@ -400,19 +403,19 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Azure Login
-        uses: azure/login@v2
-        with:
-          client-id: ${{ secrets.AZURE_CLIENT_ID }}
-          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
-          allow-no-subscriptions: true
-      - name: Get Token
-        id: get_token
-        run: |
-          echo "azdo_token=$(az account get-access-token --resource=https://monacotools.visualstudio.com --query accessToken -o tsv)" >> $GITHUB_OUTPUT
-      - name: Check Token
-        run: |
-          echo "Token length: $(echo "${{ steps.get_token.outputs.azdo_token }}" | wc -c)"
+      # - name: Azure Login
+      #   uses: azure/login@v2
+      #   with:
+      #     client-id: ${{ secrets.AZURE_CLIENT_ID }}
+      #     tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+      #     allow-no-subscriptions: true
+      # - name: Get Token
+      #   id: get_token
+      #   run: |
+      #     echo "azdo_token=$(az account get-access-token --resource=https://monacotools.visualstudio.com --query accessToken -o tsv)" >> $GITHUB_OUTPUT
+      # - name: Check Token
+      #   run: |
+      #     echo "Token length: $(echo "${{ steps.get_token.outputs.azdo_token }}" | wc -c)"
 
       # Published action contains compiled JS, but we need to compile it here
       - uses: actions/setup-node@v3
@@ -430,8 +433,8 @@ jobs:
           AZDO_PROJECT: ${{ inputs.AZDO_PROJECT }}
           AZDO_BUILD: ${{ inputs.AZDO_BUILD }}
           AZDO_ORG: ${{ inputs.AZDO_ORG }}
-          AZDO_TOKEN: ${{ steps.get_token.outputs.azdo_token }}
-          AZURE_DEVOPS_EXT_PAT: ${{ steps.get_token.outputs.azdo_token }}
+          AZDO_TOKEN: ${{ secrets.AZDO_TOKEN }}
+          AZURE_DEVOPS_EXT_PAT: ${{ secrets.AZDO_TOKEN }}
           BUILD_NUMBER: ${{ github.run_id }}
           IS_PR: ${{ github.head_ref }}
           BRANCH: ${{ github.ref }}

diff --git a/.github/workflows/ci_main.yml b/.github/workflows/ci_main.yml
@@ -22,3 +22,4 @@ jobs:
     secrets:
       AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
       AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZDO_TOKEN: ${{ secrets.AZDO_TOKEN }}
diff --git a/.github/workflows/pr-bot.yml b/.github/workflows/pr-bot.yml
@@ -81,3 +81,4 @@ jobs:
     secrets:
       AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
       AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZDO_TOKEN: ${{ secrets.AZDO_TOKEN }}
diff --git a/.github/workflows/pr_auto.yml b/.github/workflows/pr_auto.yml
@@ -26,3 +26,4 @@ jobs:
     secrets:
       AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
       AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZDO_TOKEN: ${{ secrets.AZDO_TOKEN }}