英文:
AZ CLI Issue - Github Actions Self hosted runner
问题
I get the error shown in screenshot below while trying to fetch Azure key vault secrets using Azure CLI from github actions. The error says Please run 'az login' to setup account.
As one can see, the AZ login was successful in the previous step. Based on the suggestion here, I have installed Azure CLI - eventhough the output says Azure CLI is already up to date in the self hosted runner.
What can be done to overcome this issue?
yml snippet
-
name: Install Azure CLI
run: |
sudo apt-get install ca-certificates curl apt-transport-https lsb-release gnupg
curl -sL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor |
sudo tee /etc/apt/trusted.gpg.d/microsoft.gpg > /dev/null
AZ_REPO=$(lsb_release -cs)
echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO
main" | sudo tee /etc/apt/sources.list.d/azure-cli.list
sudo apt-get update
sudo apt-get install azure-cli- name: Login to Azure
uses: azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - uses: azure/CLI@v1
with:
inlineScript: |
value1=$(az keyvault secret show --name $AZURE_SECRET_NAME --vault-name $AZURE_KEYVAULT_NAME --query value -o tsv)
echo $value1
value2=$(az keyvault secret show --name $AZURE_SECRET_NAME --vault-name $AZURE_KEYVAULT_NAME --query value)
echo $value2
#echo "::add-mask::$value"
#printf "%s\n" $value >> GITHUB_OUTPUT
echo "${value2//"}" >> GITHUB_OUTPUT
- name: Login to Azure
英文:
I get the error shown in screenshot below while trying to fetch Azure key vault secrets using Azure CLI from github actions. The error says Please run 'az login' to setup account.
As one can see, the AZ login was successful in the previous step. Based on the suggestion here, I have installed Azure CLI - eventhough the output says Azure CLI is already up to date in the self hosted runner.
What can be done to overcome this issue?
yml snippet
- name: Install Azure CLI
run: |
sudo apt-get install ca-certificates curl apt-transport-https lsb-release gnupg
curl -sL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor |
sudo tee /etc/apt/trusted.gpg.d/microsoft.gpg > /dev/null
AZ_REPO=$(lsb_release -cs)
echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO
main" | sudo tee /etc/apt/sources.list.d/azure-cli.list
sudo apt-get update
sudo apt-get install azure-cli
- name: Login to Azure
uses: azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- uses: azure/CLI@v1
with:
inlineScript: |
value1=$(az keyvault secret show --name $AZURE_SECRET_NAME --vault-name $AZURE_KEYVAULT_NAME --query value -o tsv)
echo $value1
value2=$(az keyvault secret show --name $AZURE_SECRET_NAME --vault-name $AZURE_KEYVAULT_NAME --query value)
echo $value2
#echo "::add-mask::$value"
#printf "%s\n" $value >> GITHUB_OUTPUT
echo "${value2//\"}" >> GITHUB_OUTPUT
答案1
得分: 1
我运行了以下的Github工作流程,并在成功安装Azure CLI后成功获取了Key Vault的密钥。具体步骤如下:
我的Github工作流程:
我的完整Github工作流程 链接
从这个MS文档中查看安装Azure CLI的命令,以及从这里查看az key vault secret show命令。
name: Azure Key Vault Secrets
on:
push:
branches:
- main
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Install Azure CLI
run: |
sudo apt-get update
sudo apt-get install ca-certificates curl apt-transport-https lsb-release gnupg
sudo mkdir -p /etc/apt/keyrings
curl -sLS https://packages.microsoft.com/keys/microsoft.asc |
gpg --dearmor |
sudo tee /etc/apt/keyrings/microsoft.gpg > /dev/null
sudo chmod go+r /etc/apt/keyrings/microsoft.gpg
AZ_REPO=$(lsb_release -cs)
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/microsoft.gpg] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main" |
sudo tee /etc/apt/sources.list.d/azure-cli.list
sudo apt-get update
sudo apt-get install azure-cli
- name: Login to Azure
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Authenticate Azure CLI
run: az login
- uses: azure/CLI@v1
with:
inlineScript: |
value1=$(az keyvault secret show --name keyvaultsecret --vault-name siliconkeyvault12 --query value -o tsv)
echo $value1
value2=$(az keyvault secret show --name keyvaultsecret --vault-name siliconkeyvault12 --query value)
echo $value2
#echo "::add-mask::$value"
#printf "%s\n" $value >> GITHUB_OUTPUT
echo "${value2//\"}" >> GITHUB_OUTPUT
输出:
在"Authenticate Azure CLI"步骤中,它要求我使用URL进行身份验证,我使用了我的Azure帐户进行了身份验证,该帐户具有访问密钥保管库的适当角色,详情请参考下图:
成功打印了密钥保管库的密钥值,如下所示:
门户:
我的用户帐户的Key Vault IAM:
Key Vault密钥:
我的密钥保管库访问策略设置为IAM。
英文:
I ran the below Github workflow and got the Key vault secrets successfully after successful login by installing Azure CLI, Refer below:-
My github workflow:-
My complete github workflow Link
Referred Install Azure CLI commands from this MS Document
and az key vault secret show command from here
name: Azure Key Vault Secrets
on:
push:
branches:
- main
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Install Azure CLI
run: |
sudo apt-get update
sudo apt-get install ca-certificates curl apt-transport-https lsb-release gnupg
sudo mkdir -p /etc/apt/keyrings
curl -sLS https://packages.microsoft.com/keys/microsoft.asc |
gpg --dearmor |
sudo tee /etc/apt/keyrings/microsoft.gpg > /dev/null
sudo chmod go+r /etc/apt/keyrings/microsoft.gpg
AZ_REPO=$(lsb_release -cs)
echo "deb [arch=`dpkg --print-architecture` signed-by=/etc/apt/keyrings/microsoft.gpg] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main" |
sudo tee /etc/apt/sources.list.d/azure-cli.list
sudo apt-get update
sudo apt-get install azure-cli
- name: Login to Azure
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Authenticate Azure CLI
run: az login
- uses: azure/CLI@v1
with:
inlineScript: |
value1=$(az keyvault secret show --name keyvaultsecret --vault-name siliconkeyvault12 --query value -o tsv)
echo $value1
value2=$(az keyvault secret show --name keyvaultsecret --vault-name siliconkeyvault12 --query value)
echo $value2
#echo "::add-mask::$value"
#printf "%s\n" $value >> GITHUB_OUTPUT
echo "${value2//\"}" >> GITHUB_OUTPUT
Output:-
In Authenticate Azure CLI step it asked me to authenticate with the URL which I authenticated with my Azure account having proper role assigned on Key vault to access secret refer below:-
Key vault secret value got printed successfully like below:-
Portal:-
Key vault IAM to my user account:-
Key vault Secret:-
My Access policy is set to IAM in my Key vault.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论