self-hosted-runner: switch back to using Azure/login

dscho · dscho · commit 7a87c8fe0311 · 2025-01-17T19:04:01.000+01:00
We do not need the custom Action: `Azure/login` logs in using the Azure
CLI, and subsequent `az` calls work just fine.

So let's drop the complexity of the custom Action and go back to using
`Azure/login` instead.

The only downside is that we now need to specify the subscription ID
even though `az login` would work without it. But that's a small price
to pay, as the `delete-self-hosted-runner` workflow _still_ uses the
`Azure/login` Action and has to have that information as a repository
secret anyway.

Signed-off-by: Johannes Schindelin &lt;johannes.schindelin@gmx.de&gt;
diff --git a/.github/workflows/azure-login/action.yml b/.github/workflows/azure-login/action.yml
diff --git a/.github/workflows/cleanup-self-hosted-runners.yml b/.github/workflows/cleanup-self-hosted-runners.yml
@@ -29,6 +29,9 @@ permissions:
 #     --role 'Contributor'
 # AZURE_TENANT_ID - The Tenant ID of the Azure Managed Identity (i.e. the Azure Active Directory in which
 #                   the Identity lives)
+# AZURE_SUBSCRIPTION_ID - The Subscription ID with which the Azure Managed Identity is associated
+#                         (technically, this is not necessary for `az login --service-principal` with a
+#                         managed identity, but `Azure/login` requires it anyway)
 # AZURE_RESOURCE_GROUP - Resource group to find the runner(s) in. It's recommended to set up a resource
 #                        group specifically for self-hosted Actions Runners.
 jobs:
@@ -38,10 +41,11 @@ jobs:
     steps:
     - uses: actions/checkout@v4
     - name: Azure Login
-      uses: ./.github/workflows/azure-login
+      uses: azure/login@v2
       with:
         client-id: ${{ secrets.AZURE_CLIENT_ID }}
         tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
     - name: Discover VMs to delete
       env:
         GH_APP_ID: ${{ secrets.GH_APP_ID }}
diff --git a/.github/workflows/create-azure-self-hosted-runners.yml b/.github/workflows/create-azure-self-hosted-runners.yml
@@ -76,6 +76,9 @@ permissions:
 #     --role 'Contributor'
 # AZURE_TENANT_ID - The Tenant ID of the Azure Managed Identity (i.e. the Azure Active Directory in which
 #                   the Identity lives)
+# AZURE_SUBSCRIPTION_ID - The Subscription ID with which the Azure Managed Identity is associated
+#                         (technically, this is not necessary for `az login --service-principal` with a
+#                         managed identity, but `Azure/login` requires it anyway)
 # AZURE_RESOURCE_GROUP - Resource group to create the runner(s) in
 # AZURE_VM_USERNAME - Username of the VM so you can RDP into it
 # AZURE_VM_PASSWORD - Password of the VM so you can RDP into it
@@ -178,10 +181,11 @@ jobs:
         echo "AZURE_ARM_PARAMETERS=$AZURE_ARM_PARAMETERS" >> $GITHUB_ENV
 
     - name: Azure Login
-      uses: ./.github/workflows/azure-login
+      uses: azure/login@v2
       with:
         client-id: ${{ secrets.AZURE_CLIENT_ID }}
         tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
 
     - uses: azure/arm-deploy@v2
       id: deploy-arm-template
