Skip to content

Comments

ci: Migrated GitHub Actions authentication from client secrets to OIDC#730

Open
Vamshi-Microsoft wants to merge 4 commits intomainfrom
psl-oidc
Open

ci: Migrated GitHub Actions authentication from client secrets to OIDC#730
Vamshi-Microsoft wants to merge 4 commits intomainfrom
psl-oidc

Conversation

@Vamshi-Microsoft
Copy link
Contributor

@Vamshi-Microsoft Vamshi-Microsoft commented Feb 20, 2026

Purpose

This pull request makes significant updates to the GitHub Actions workflows, focusing on improving security by adopting OIDC-based Azure authentication, simplifying workflow options, and cleaning up unused files and permissions. The changes streamline deployment processes, remove deprecated options, and enhance consistency across workflows.

Authentication and Security Improvements:

  • Migrated all Azure authentication in workflows from service principal secrets to OIDC-based authentication using the azure/login@v2 action, and updated permissions to include id-token: write where required. [1] [2] [3] [4] [5]
  • Added the environment: production key to relevant jobs for improved environment management and security context. [1] [2] [3] [4]

Workflow and Option Simplification:

  • Removed the "Devcontainer" option from deployment workflows and input validation, both in the workflow YAML and in the validation scripts, to reduce complexity and avoid unsupported configurations. [1] [2] [3] [4]
  • Updated comments and documentation strings to reflect the removal of the "Devcontainer" option. [1] [2]

Permissions and Cleanup:

  • Removed unnecessary permissions blocks from several workflow files, relying on job-level permissions and OIDC authentication instead. [1] [2] [3] [4]

Workflow File Maintenance:

  • Deleted the .github/workflows/deploy-windows.yml workflow, consolidating deployment logic and reducing redundancy.

Other Notable Updates:

  • Fixed ACR name extraction logic in Linux deployment to correctly parse the login server value.

These changes collectively improve the security, maintainability, and clarity of the CI/CD workflows.

Does this introduce a breaking change?

  • Yes
  • No

Golden Path Validation

  • I have tested the primary workflows (the "golden path") to ensure they function correctly without errors.

Deployment Validation

  • I have validated the deployment process successfully and all services are running as expected with this change.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Vamshi-Microsoft