github 操作 azure/login@v1 无法在自托管 git runner 上工作？

Question

有人熟悉这个问题吗？https://github.com/Azure/cli中的示例不适用于自托管 github 运行器，看起来是这样az is missing

gitaction.yml

name: auzure-deployment

on:
  push:
    branches: [ main ]

jobs:
  myjob:
    runs-on: [self-hosted, linux]
    steps:
    - uses: azure/login@v1
      with:
        creds: ${{ secrets.AZURE_CREDENTIALS }}
    - uses: azure/CLI@v1
      with:
        azcliversion: 2.0.72
        inlineScript: |
          az account list

错误

Runner group name: 'Default'
Machine name: '98de1add3979'
GITHUB_TOKEN Permissions
Prepare workflow directory
Prepare all required actions
Getting action download info
Download action repository 'azure/login@v1'
Download action repository 'azure/CLI@v1'
0s
Run azure/login@v1
Error: Az CLI Login failed. Please check the credentials. For more information refer https://aka.ms/create-secrets-for-GitHub-workflows
Error: Error: Unable to locate executable file: az. Please verify either the file path exists or the file can be found within a directory specified by the PATH environment variable. Also check the file mode to verify the file is executable.

我破解了一个解决方法，不必使用logging@v1，但它并不优雅，因为它们的秘密被打印到 git log 提示符中：

name: auzure-deployment
on:
  push:
    branches: [ main ]

jobs:
  buildandpush:
    runs-on: [self-hosted, linux]
    env: 
      credentials: ${{ secrets.AZURE_CREDENTIALS }}
      AZURE_CLIENT_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS)['clientId'] }}
      AZURE_CLIENT_SECRET: ${{ fromJSON(secrets.AZURE_CREDENTIALS)['clientSecret'] }}
      AZURE_TENANT_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS)['tenantId'] }}
    - uses: azure/CLI@v1
      with:
        azcliversion: 2.0.72
        inlineScript: |
          az login --service-principal -u $AZURE_CLIENT_ID -p $AZURE_CLIENT_SECRET --tenant $AZURE_TENANT_ID
          az account list

Answer 1

现在有一个未解决的问题，如果 cli 不存在，则需要在登录操作中安装 cli： https: //github.com/Azure/login/issues/154

自托管运行器的解决方法是在登录操作之前使用另一个操作安装 cli，如下所示https://github.com/elstudio/action-install-azure-cli

或者为了不依赖于其他人的操作，请直接从上述存储库中的脚本运行命令。

      - name: Install Azure cli
        run: |
          sudo apt-get install ca-certificates curl apt-transport-https lsb-release gnupg
          curl -sL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/microsoft.gpg > /dev/null
          AZ_REPO=$(lsb_release -cs)
          echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main" | sudo tee /etc/apt/sources.list.d/azure-cli.list
          sudo apt-get update
          sudo apt-get install azure-cli
      - uses: azure/login@v1
        with:
          creds: ${{ secrets.AZURE_CREDENTIALS }}
      - uses: azure/CLI@v1
        with:
          azcliversion: 2.0.72
          inlineScript: |
            az account list