Use federated authentication with GitHub Actions and Azure Entra ID for the Azure login commands during build-git-installers.yml builds.
This will allow us to drop the use of a client secret to authenticate as the signing identity for Trusted Code Signing.
The AZURE_CLIENT_ID, AZURE_TENANT_ID, and AZURE_SUBSCRIPTION_ID secrets have already been added to the release environment, and a test of the azure/login step using this mechanism and a subsequent az command has been successfully demonstrated here: https://github.com/microsoft/git/actions/runs/9652892561/job/26624014573
Use federated authentication with GitHub Actions and Azure Entra ID for the Azure login commands during
build-git-installers.yml
builds.This will allow us to drop the use of a client secret to authenticate as the signing identity for Trusted Code Signing.
The
AZURE_CLIENT_ID
,AZURE_TENANT_ID
, andAZURE_SUBSCRIPTION_ID
secrets have already been added to therelease
environment, and a test of theazure/login
step using this mechanism and a subsequentaz
command has been successfully demonstrated here: https://github.com/microsoft/git/actions/runs/9652892561/job/26624014573