microsoft / git

A fork of Git containing Microsoft-specific patches.
http://git-scm.com/
Other
782 stars 92 forks source link

Use Azure Federated login mechanism rather than secrets #662

Closed mjcheetham closed 4 months ago

mjcheetham commented 4 months ago

Use federated authentication with GitHub Actions and Azure Entra ID for the Azure login commands during build-git-installers.yml builds.

This will allow us to drop the use of a client secret to authenticate as the signing identity for Trusted Code Signing.

The AZURE_CLIENT_ID, AZURE_TENANT_ID, and AZURE_SUBSCRIPTION_ID secrets have already been added to the release environment, and a test of the azure/login step using this mechanism and a subsequent az command has been successfully demonstrated here: https://github.com/microsoft/git/actions/runs/9652892561/job/26624014573