ci: Use OIDC to log into Azure

This completely eliminates the Azure secret from the repo, following the below guidance: https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-azure The federated identity is scoped to the `ci` environment, meaning: * I had to specify this environment in some YAMLs. I don't believe there's any downside to this. * As previously, the CI works seamlessly both from PRs and in the manual workflow. I also deleted the tools/packaging/kata-deploy/action folder as it doesn't seem to be used anymore, and it contains a reference to the secret. Signed-off-by: Aurélien Bombo <abombo@microsoft.com>
2025-09-18 07:18:27 +00:00 · 2025-06-05 19:43:56 -05:00
parent 31a8944da1
commit 9dd3807467
21 changed files with 37 additions and 392 deletions
--- a/tests/integration/kubernetes/gha-run.sh
+++ b/tests/integration/kubernetes/gha-run.sh
@@ -567,7 +567,6 @@ function main() {

 	case "${action}" in
 		install-azure-cli) install_azure_cli ;;
-		login-azure) login_azure ;;
 		create-cluster) create_cluster "" ;;
 		create-cluster-kcli) create_cluster_kcli ;;
 		configure-snapshotter) configure_snapshotter ;;