Azure / powershell

GH Action to run Az PowerShell scripts for developers and administrators to develop, deploy, and manage Microsoft Azure applications.
MIT License
64 stars 41 forks source link

Action Fails after Login via Az module #73

Open ptsouk opened 1 year ago

ptsouk commented 1 year ago

I am using azure/login@v1 with enable-AzPSSession: true to login to azure but the next step azure/powershell@v1 fails with error:

     | Your Azure credentials have not been set up or have expired, please run
     | Connect-AzAccount to set up your Azure credentials. No certificate
     | thumbprint or secret provided for the given service principal
     | '***'.

My yml is: here

name: AzurePowerShellLoginSample
on:
  workflow_dispatch:

jobs:

  build:
    runs-on: ubuntu-latest
    steps:

    - name: Login via Az module
      uses: azure/login@v1
      with:
        creds: ${{secrets.POLICY_COMPLIANCE_SCAN}}
        allow-no-subscriptions: true
        enable-AzPSSession: true

    - name: Az PowerShell
      uses: azure/powershell@v1
      with:
        azPSVersion: "latest"
        inlineScript: |
          Get-AzContext
          if(-not (Get-Module Az.ResourceGraph -ListAvailable))
          {
            Install-Module Az.ResourceGraph -Scope CurrentUser -Force
          }
          $query = "resourcecontainers | where type == 'microsoft.resources/subscriptions' | project name, id | sort by name asc"
          $subscriptions = Search-AzGraph -Query $query -UseTenantScope
          $subscriptions

I found a workaround - add a ps cmdlet at the start of the inline script.

So, the following fails:

    - name: Az PowerShell
      uses: azure/powershell@v1
      with:
        azPSVersion: "latest"
        inlineScript: |
          if(-not (Get-Module Az.ResourceGraph -ListAvailable))
          {
            Install-Module Az.ResourceGraph -Scope CurrentUser -Force
          }
          $query = "resourcecontainers | where type == 'microsoft.resources/subscriptions' | project name, id | sort by name asc"
          $subscriptions = Search-AzGraph -Query $query -UseTenantScope
          $subscriptions

but his one succeeds:

    - name: Az PowerShell
      uses: azure/powershell@v1
      with:
        azPSVersion: "latest"
        inlineScript: |
          Get-AzContext
          if(-not (Get-Module Az.ResourceGraph -ListAvailable))
          {
            Install-Module Az.ResourceGraph -Scope CurrentUser -Force
          }
          $query = "resourcecontainers | where type == 'microsoft.resources/subscriptions' | project name, id | sort by name asc"
          $subscriptions = Search-AzGraph -Query $query -UseTenantScope
          $subscriptions

I'm looking forward for your help. Thanks!

BALAGA-GAYATRI commented 1 year ago

Can you confirm if you are still facing the issue? Just want to check if it is an intermittent issue. Thanks!

ptsouk commented 1 year ago

As far as I can tell, the issue persists. Are you able to replicate? Thanks!

github-actions[bot] commented 1 year ago

This issue is idle because it has been open for 14 days with no activity.

vandanakr7 commented 1 year ago

@BALAGA-GAYATRI: Am also facing the same issue. In my workflow, I have azure/login@v1 followed by azure/powershell@v1 calling a powershell script that stops all triggers in ADF in Azure. @ptsouk : Was it resolved for you. If yes, what was the fix applied.

ptsouk commented 1 year ago

@vandanakr7: The issue persists. I've created a repo demonstrating the issue and my workaround. Can anyone check?

github-actions[bot] commented 1 year ago

This issue is idle because it has been open for 14 days with no activity.

Nikhil13x commented 1 year ago

I am also facing the same issue. Anyone able to resolve?

vandanakr7 commented 1 year ago

I have got the issue resolved when I changed the PSversion of az powershell task to the latest version (>9). The v7.3.0 was set previously as azPSVersion which was causing the issue in my workflow.

Nikhil13x commented 1 year ago

@vandanakr7 I tried with 9.3.0 version.. still same issue. in the inlineScript section are you directly keeping the PS commands?

In my case, I am invoking another ps1 file by passing some arguments. This was working fine couple of months back.

vandanakr7 commented 1 year ago

@vandanakr7 I tried with 9.3.0 version.. still same issue. in the inlineScript section are you directly keeping the PS commands?

In my case, I am invoking another ps1 file by passing some arguments. This was working fine couple of months back.

I am calling a ps script in azure/powershell action after azure/login@v1 action and using azPSVersion: latest I also had added Get-AzContext just before calling the script as suggested by @ptsouk .

- name: Login via Az module
  uses: azure/login@v1
  with:
     creds: ${{secrets.AZURE_CREDENTIALS}}
     enable-AzPSSession: true

- name: Az PowerShell
  uses: azure/powershell@v1
  with:
     inlineScript: |
        Get-AzContext
        ./script.ps1 <args>
Nikhil13x commented 1 year ago

@vandanakr7 It was still failing for me. Finally figured out I had below line in the beginning of my ps1 script file.

Disable-AzContextAutosave

After moving that to end of the script file, its working fine.

Thank you for the help.

YanaXu commented 1 year ago

Hi @ptsouk , I've created a new issue Search-AzGraph "Your Azure credentials have not been set up or have expired" in GitHub Actions in Azure/azure-powershell. Let's track it there.

github-actions[bot] commented 1 year ago

This issue is idle because it has been open for 14 days with no activity.

YanaXu commented 1 year ago

The root cause of this issue is https://github.com/PowerShell/PowerShellGetv2/issues/704. When "Install-Module Az.ResourceGraph -Scope CurrentUser -Force" is run, an old version of Az.Accounts is installed, which is not expected. The workaround is to run "Import-Module Az.Accounts" before "Install-Module Az.ResourceGraph -Scope CurrentUser -Force".

    - name: Test ResourceGraph
      uses: azure/powershell@v1
      continue-on-error: true
      with:
        azPSVersion: "latest"
        inlineScript: |
          Import-Module Az.Accounts
          if(-not (Get-Module Az.ResourceGraph -ListAvailable))
          {
            Install-Module Az.ResourceGraph -Scope CurrentUser -Force
          }
          $query = "resourcecontainers | where type == 'microsoft.resources/subscriptions' | project name, id | sort by name asc"
          $subscriptions = Search-AzGraph -Query $query -UseTenantScope
          $subscriptions
github-actions[bot] commented 1 year ago

This issue is idle because it has been open for 14 days with no activity.

o-l-a-v commented 3 months ago

A better workaround IMO, it to use PSResourceGet to install Az.ResourceGraph, but skip installing dependencies with -SkipDependencyCheck.

Microsoft.PowerShell.PSResourceGet\Install-PSResource -Repository 'PSGallery' -TrustRepository `
    -Scope 'CurrentUser' -Name 'Az.ResourceGraph' -Reinstall -SkipDependencyCheck

This issue can be closed, has nothing to do with this action.