diff --git a/.github/workflows/automated-cleanup-resources.yml b/.github/workflows/automated-cleanup-resources.yml index 76cbd9a5cb..0b16036ec9 100644 --- a/.github/workflows/automated-cleanup-resources.yml +++ b/.github/workflows/automated-cleanup-resources.yml @@ -10,6 +10,8 @@ on: - .github/workflows/automated-cleanup-resources.yml - infra/bootstrapping/** - infra/scripts/** +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -26,7 +28,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} enable-AzPSSession: true continue-on-error: true - name: "Install Az Modules" diff --git a/.github/workflows/bootstrapping-infra.yml b/.github/workflows/bootstrapping-infra.yml index 300858233a..0fa746a8b0 100644 --- a/.github/workflows/bootstrapping-infra.yml +++ b/.github/workflows/bootstrapping-infra.yml @@ -24,6 +24,8 @@ on: - cli/** - infra/bootstrapping/** +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -46,7 +48,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap infra resources run: | [[ -z "${RUN_BOOTSTRAP:-}" ]] && RUN_BOOTSTRAP='true' diff --git a/.github/workflows/bootstrapping-resources.yml b/.github/workflows/bootstrapping-resources.yml index aff1527894..7a21e94d78 100644 --- a/.github/workflows/bootstrapping-resources.yml +++ b/.github/workflows/bootstrapping-resources.yml @@ -11,6 +11,8 @@ on: - .github/workflows/bootstrapping-resources.yml - cli/** - infra/bootstrapping/** +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-assets-component-pipeline.yml b/.github/workflows/cli-assets-component-pipeline.yml index 054ccf1772..dbe49b1bf7 100644 --- a/.github/workflows/cli-assets-component-pipeline.yml +++ b/.github/workflows/cli-assets-component-pipeline.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-component-pipeline.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-assets-component-train.yml b/.github/workflows/cli-assets-component-train.yml index 1ae8c68a70..77ddd2180b 100644 --- a/.github/workflows/cli-assets-component-train.yml +++ b/.github/workflows/cli-assets-component-train.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-component-train.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-assets-data-cloud-file-https.yml b/.github/workflows/cli-assets-data-cloud-file-https.yml index 87ca542428..17a9888133 100644 --- a/.github/workflows/cli-assets-data-cloud-file-https.yml +++ b/.github/workflows/cli-assets-data-cloud-file-https.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-data-cloud-file-https.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-assets-data-cloud-file-wasbs.yml b/.github/workflows/cli-assets-data-cloud-file-wasbs.yml index 734c78ac7f..4daeb280c5 100644 --- a/.github/workflows/cli-assets-data-cloud-file-wasbs.yml +++ b/.github/workflows/cli-assets-data-cloud-file-wasbs.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-data-cloud-file-wasbs.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-assets-data-cloud-file.yml b/.github/workflows/cli-assets-data-cloud-file.yml index 4c0f261eed..8c5de2172e 100644 --- a/.github/workflows/cli-assets-data-cloud-file.yml +++ b/.github/workflows/cli-assets-data-cloud-file.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-data-cloud-file.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-assets-data-cloud-folder-https.yml b/.github/workflows/cli-assets-data-cloud-folder-https.yml index 15f5d96fd3..03347c7e75 100644 --- a/.github/workflows/cli-assets-data-cloud-folder-https.yml +++ b/.github/workflows/cli-assets-data-cloud-folder-https.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-data-cloud-folder-https.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-assets-data-cloud-folder.yml b/.github/workflows/cli-assets-data-cloud-folder.yml index dcb7be5747..fdff7fbe34 100644 --- a/.github/workflows/cli-assets-data-cloud-folder.yml +++ b/.github/workflows/cli-assets-data-cloud-folder.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-data-cloud-folder.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-assets-data-cloud-mltable.yml b/.github/workflows/cli-assets-data-cloud-mltable.yml index cc7b77a65b..89f1c0c65a 100644 --- a/.github/workflows/cli-assets-data-cloud-mltable.yml +++ b/.github/workflows/cli-assets-data-cloud-mltable.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-data-cloud-mltable.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-assets-data-iris-csv-example.yml b/.github/workflows/cli-assets-data-iris-csv-example.yml index 3d4d8ce644..aa392155ca 100644 --- a/.github/workflows/cli-assets-data-iris-csv-example.yml +++ b/.github/workflows/cli-assets-data-iris-csv-example.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-data-iris-csv-example.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-assets-data-local-file.yml b/.github/workflows/cli-assets-data-local-file.yml index 81d715e464..82602df487 100644 --- a/.github/workflows/cli-assets-data-local-file.yml +++ b/.github/workflows/cli-assets-data-local-file.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-data-local-file.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-assets-data-local-folder-sampledata.yml b/.github/workflows/cli-assets-data-local-folder-sampledata.yml index 7be667f671..88bfc9005c 100644 --- a/.github/workflows/cli-assets-data-local-folder-sampledata.yml +++ b/.github/workflows/cli-assets-data-local-folder-sampledata.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-data-local-folder-sampledata.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-assets-data-local-folder.yml b/.github/workflows/cli-assets-data-local-folder.yml index c901f92856..61e3174d59 100644 --- a/.github/workflows/cli-assets-data-local-folder.yml +++ b/.github/workflows/cli-assets-data-local-folder.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-data-local-folder.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-assets-data-local-mltable.yml b/.github/workflows/cli-assets-data-local-mltable.yml index 6ae6ab4859..c464153bb6 100644 --- a/.github/workflows/cli-assets-data-local-mltable.yml +++ b/.github/workflows/cli-assets-data-local-mltable.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-data-local-mltable.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-assets-data-public-file-https.yml b/.github/workflows/cli-assets-data-public-file-https.yml index 934d107a38..2847800a5e 100644 --- a/.github/workflows/cli-assets-data-public-file-https.yml +++ b/.github/workflows/cli-assets-data-public-file-https.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-data-public-file-https.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-assets-environment-docker-context.yml b/.github/workflows/cli-assets-environment-docker-context.yml index e54b7febab..100c228b53 100644 --- a/.github/workflows/cli-assets-environment-docker-context.yml +++ b/.github/workflows/cli-assets-environment-docker-context.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-environment-docker-context.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-assets-environment-docker-image-plus-conda.yaml b/.github/workflows/cli-assets-environment-docker-image-plus-conda.yaml index e8d250c5ae..cda6ca158a 100644 --- a/.github/workflows/cli-assets-environment-docker-image-plus-conda.yaml +++ b/.github/workflows/cli-assets-environment-docker-image-plus-conda.yaml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-environment-docker-image-plus-conda.yaml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-assets-environment-docker-image.yml b/.github/workflows/cli-assets-environment-docker-image.yml index f5dfa78dd4..3fe52eb06a 100644 --- a/.github/workflows/cli-assets-environment-docker-image.yml +++ b/.github/workflows/cli-assets-environment-docker-image.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-environment-docker-image.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-assets-model-local-file.yml b/.github/workflows/cli-assets-model-local-file.yml index 40032e0bc2..add8f28343 100644 --- a/.github/workflows/cli-assets-model-local-file.yml +++ b/.github/workflows/cli-assets-model-local-file.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-model-local-file.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-assets-model-local-mlflow.yml b/.github/workflows/cli-assets-model-local-mlflow.yml index 92f989e87c..1507aa3fe6 100644 --- a/.github/workflows/cli-assets-model-local-mlflow.yml +++ b/.github/workflows/cli-assets-model-local-mlflow.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-model-local-mlflow.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-batch-deploy-models-custom-outputs-parquet-endpoint.yml b/.github/workflows/cli-endpoints-batch-deploy-models-custom-outputs-parquet-endpoint.yml index c4c1628b27..98050aa648 100644 --- a/.github/workflows/cli-endpoints-batch-deploy-models-custom-outputs-parquet-endpoint.yml +++ b/.github/workflows/cli-endpoints-batch-deploy-models-custom-outputs-parquet-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-batch-deploy-models-custom-outputs-parquet-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-batch-deploy-models-heart-classifier-mlflow-endpoint.yml b/.github/workflows/cli-endpoints-batch-deploy-models-heart-classifier-mlflow-endpoint.yml index 193820f478..74151696c5 100644 --- a/.github/workflows/cli-endpoints-batch-deploy-models-heart-classifier-mlflow-endpoint.yml +++ b/.github/workflows/cli-endpoints-batch-deploy-models-heart-classifier-mlflow-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-batch-deploy-models-heart-classifier-mlflow-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-batch-deploy-models-huggingface-text-summarization-endpoint.yml b/.github/workflows/cli-endpoints-batch-deploy-models-huggingface-text-summarization-endpoint.yml index 63cd697cc4..e79e500966 100644 --- a/.github/workflows/cli-endpoints-batch-deploy-models-huggingface-text-summarization-endpoint.yml +++ b/.github/workflows/cli-endpoints-batch-deploy-models-huggingface-text-summarization-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-batch-deploy-models-huggingface-text-summarization-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-batch-deploy-models-imagenet-classifier-endpoint.yml b/.github/workflows/cli-endpoints-batch-deploy-models-imagenet-classifier-endpoint.yml index d94ad84417..f880964cd1 100644 --- a/.github/workflows/cli-endpoints-batch-deploy-models-imagenet-classifier-endpoint.yml +++ b/.github/workflows/cli-endpoints-batch-deploy-models-imagenet-classifier-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-batch-deploy-models-imagenet-classifier-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-batch-deploy-models-mnist-classifier-endpoint.yml b/.github/workflows/cli-endpoints-batch-deploy-models-mnist-classifier-endpoint.yml index b5da448bd6..b24d177ca7 100644 --- a/.github/workflows/cli-endpoints-batch-deploy-models-mnist-classifier-endpoint.yml +++ b/.github/workflows/cli-endpoints-batch-deploy-models-mnist-classifier-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-batch-deploy-models-mnist-classifier-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-batch-deploy-pipelines-batch-scoring-with-preprocessing-endpoint.yml b/.github/workflows/cli-endpoints-batch-deploy-pipelines-batch-scoring-with-preprocessing-endpoint.yml index a21bc3b85d..35cab32677 100644 --- a/.github/workflows/cli-endpoints-batch-deploy-pipelines-batch-scoring-with-preprocessing-endpoint.yml +++ b/.github/workflows/cli-endpoints-batch-deploy-pipelines-batch-scoring-with-preprocessing-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-batch-deploy-pipelines-batch-scoring-with-preprocessing-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-batch-deploy-pipelines-hello-batch-endpoint.yml b/.github/workflows/cli-endpoints-batch-deploy-pipelines-hello-batch-endpoint.yml index 79eb4b5c35..a34fc6626e 100644 --- a/.github/workflows/cli-endpoints-batch-deploy-pipelines-hello-batch-endpoint.yml +++ b/.github/workflows/cli-endpoints-batch-deploy-pipelines-hello-batch-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-batch-deploy-pipelines-hello-batch-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-batch-deploy-pipelines-training-with-components-endpoint.yml b/.github/workflows/cli-endpoints-batch-deploy-pipelines-training-with-components-endpoint.yml index cb726ef692..6f643664e7 100644 --- a/.github/workflows/cli-endpoints-batch-deploy-pipelines-training-with-components-endpoint.yml +++ b/.github/workflows/cli-endpoints-batch-deploy-pipelines-training-with-components-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-batch-deploy-pipelines-training-with-components-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-online-custom-container-minimal-multimodel-minimal-multimodel-endpoint.yml b/.github/workflows/cli-endpoints-online-custom-container-minimal-multimodel-minimal-multimodel-endpoint.yml index 23173468a0..9c4258c77a 100644 --- a/.github/workflows/cli-endpoints-online-custom-container-minimal-multimodel-minimal-multimodel-endpoint.yml +++ b/.github/workflows/cli-endpoints-online-custom-container-minimal-multimodel-minimal-multimodel-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-online-custom-container-minimal-multimodel-minimal-multimodel-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-online-custom-container-minimal-single-model-conda-in-dockerfile-minimal-single-model-conda-in-dockerfile-endpoint.yml b/.github/workflows/cli-endpoints-online-custom-container-minimal-single-model-conda-in-dockerfile-minimal-single-model-conda-in-dockerfile-endpoint.yml index ff2fd2bf00..81724abedd 100644 --- a/.github/workflows/cli-endpoints-online-custom-container-minimal-single-model-conda-in-dockerfile-minimal-single-model-conda-in-dockerfile-endpoint.yml +++ b/.github/workflows/cli-endpoints-online-custom-container-minimal-single-model-conda-in-dockerfile-minimal-single-model-conda-in-dockerfile-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-online-custom-container-minimal-single-model-conda-in-dockerfile-minimal-single-model-conda-in-dockerfile-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-online-custom-container-minimal-single-model-minimal-single-model-endpoint.yml b/.github/workflows/cli-endpoints-online-custom-container-minimal-single-model-minimal-single-model-endpoint.yml index 449558fc9a..86bb11df31 100644 --- a/.github/workflows/cli-endpoints-online-custom-container-minimal-single-model-minimal-single-model-endpoint.yml +++ b/.github/workflows/cli-endpoints-online-custom-container-minimal-single-model-minimal-single-model-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-online-custom-container-minimal-single-model-minimal-single-model-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-online-custom-container-mlflow-multideployment-scikit-mlflow-endpoint.yml b/.github/workflows/cli-endpoints-online-custom-container-mlflow-multideployment-scikit-mlflow-endpoint.yml index 82385c6cc7..a0dd75eca5 100644 --- a/.github/workflows/cli-endpoints-online-custom-container-mlflow-multideployment-scikit-mlflow-endpoint.yml +++ b/.github/workflows/cli-endpoints-online-custom-container-mlflow-multideployment-scikit-mlflow-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-online-custom-container-mlflow-multideployment-scikit-mlflow-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-online-custom-container-r-multimodel-plumber-r-endpoint.yml b/.github/workflows/cli-endpoints-online-custom-container-r-multimodel-plumber-r-endpoint.yml index a3491985eb..50299d8cdc 100644 --- a/.github/workflows/cli-endpoints-online-custom-container-r-multimodel-plumber-r-endpoint.yml +++ b/.github/workflows/cli-endpoints-online-custom-container-r-multimodel-plumber-r-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-online-custom-container-r-multimodel-plumber-r-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-online-custom-container-torchserve-densenet-torchserve-endpoint.yml b/.github/workflows/cli-endpoints-online-custom-container-torchserve-densenet-torchserve-endpoint.yml index 5a1246e0ff..d92911d362 100644 --- a/.github/workflows/cli-endpoints-online-custom-container-torchserve-densenet-torchserve-endpoint.yml +++ b/.github/workflows/cli-endpoints-online-custom-container-torchserve-densenet-torchserve-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-online-custom-container-torchserve-densenet-torchserve-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-online-custom-container-triton-single-model-triton-cc-endpoint.yml b/.github/workflows/cli-endpoints-online-custom-container-triton-single-model-triton-cc-endpoint.yml index 4d7775a28b..9fbd2e9dd4 100644 --- a/.github/workflows/cli-endpoints-online-custom-container-triton-single-model-triton-cc-endpoint.yml +++ b/.github/workflows/cli-endpoints-online-custom-container-triton-single-model-triton-cc-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-online-custom-container-triton-single-model-triton-cc-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-online-kubernetes-kubernetes-endpoint.yml b/.github/workflows/cli-endpoints-online-kubernetes-kubernetes-endpoint.yml index 80ff4bea79..a642c38a36 100644 --- a/.github/workflows/cli-endpoints-online-kubernetes-kubernetes-endpoint.yml +++ b/.github/workflows/cli-endpoints-online-kubernetes-kubernetes-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-online-kubernetes-kubernetes-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-online-managed-sample-endpoint.yml b/.github/workflows/cli-endpoints-online-managed-sample-endpoint.yml index 2588715a6d..a632bbcea5 100644 --- a/.github/workflows/cli-endpoints-online-managed-sample-endpoint.yml +++ b/.github/workflows/cli-endpoints-online-managed-sample-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-online-managed-sample-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-online-managed-vnet-mlflow-endpoint.yml b/.github/workflows/cli-endpoints-online-managed-vnet-mlflow-endpoint.yml index 9aff2fe723..03471f54a0 100644 --- a/.github/workflows/cli-endpoints-online-managed-vnet-mlflow-endpoint.yml +++ b/.github/workflows/cli-endpoints-online-managed-vnet-mlflow-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-online-managed-vnet-mlflow-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-online-managed-vnet-sample-endpoint.yml b/.github/workflows/cli-endpoints-online-managed-vnet-sample-endpoint.yml index 35236e5486..c8d77c4cc0 100644 --- a/.github/workflows/cli-endpoints-online-managed-vnet-sample-endpoint.yml +++ b/.github/workflows/cli-endpoints-online-managed-vnet-sample-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-online-managed-vnet-sample-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-foundation-models-azure_openai-oai-v1-openai_completions_finetune.yml b/.github/workflows/cli-foundation-models-azure_openai-oai-v1-openai_completions_finetune.yml index 561be5646f..9ac0f2c4f3 100644 --- a/.github/workflows/cli-foundation-models-azure_openai-oai-v1-openai_completions_finetune.yml +++ b/.github/workflows/cli-foundation-models-azure_openai-oai-v1-openai_completions_finetune.yml @@ -19,6 +19,8 @@ on: - infra/bootstrapping/** - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -31,7 +33,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-classification-task-bankmarketing-cli-automl-classification-task-bankmarketing.yml b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-classification-task-bankmarketing-cli-automl-classification-task-bankmarketing.yml index 0db30b3c72..4bde11328c 100644 --- a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-classification-task-bankmarketing-cli-automl-classification-task-bankmarketing.yml +++ b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-classification-task-bankmarketing-cli-automl-classification-task-bankmarketing.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-classification-task-bankmarketing-cli-automl-classification-task-bankmarketing.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-bike-share-cli-automl-forecasting-task-bike-share.yml b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-bike-share-cli-automl-forecasting-task-bike-share.yml index 87168e9286..f4eee935c6 100644 --- a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-bike-share-cli-automl-forecasting-task-bike-share.yml +++ b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-bike-share-cli-automl-forecasting-task-bike-share.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-bike-share-cli-automl-forecasting-task-bike-share.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-orange-juice-sales-cli-automl-forecasting-orange-juice-sales.yml b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-orange-juice-sales-cli-automl-forecasting-orange-juice-sales.yml index e5a4227db0..c0f2ea9d4e 100644 --- a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-orange-juice-sales-cli-automl-forecasting-orange-juice-sales.yml +++ b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-orange-juice-sales-cli-automl-forecasting-orange-juice-sales.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-orange-juice-sales-cli-automl-forecasting-orange-juice-sales.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-task-energy-demand-cli-automl-forecasting-task-energy-demand.yml b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-task-energy-demand-cli-automl-forecasting-task-energy-demand.yml index 2bae68b2ae..582901de71 100644 --- a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-task-energy-demand-cli-automl-forecasting-task-energy-demand.yml +++ b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-task-energy-demand-cli-automl-forecasting-task-energy-demand.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-task-energy-demand-cli-automl-forecasting-task-energy-demand.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-task-github-dau-cli-automl-forecasting-task-github-dau.yml b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-task-github-dau-cli-automl-forecasting-task-github-dau.yml index 67030a6389..88bcdcc2e5 100644 --- a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-task-github-dau-cli-automl-forecasting-task-github-dau.yml +++ b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-task-github-dau-cli-automl-forecasting-task-github-dau.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-task-github-dau-cli-automl-forecasting-task-github-dau.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multiclass-task-fridge-items-cli-automl-img-cls-mc-task-fridge-items-automode.yml b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multiclass-task-fridge-items-cli-automl-img-cls-mc-task-fridge-items-automode.yml index 37859f47f0..109278ed5f 100644 --- a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multiclass-task-fridge-items-cli-automl-img-cls-mc-task-fridge-items-automode.yml +++ b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multiclass-task-fridge-items-cli-automl-img-cls-mc-task-fridge-items-automode.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multiclass-task-fridge-items-cli-automl-img-cls-mc-task-fridge-items-automode.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multiclass-task-fridge-items-cli-automl-img-cls-mc-task-fridge-items.yml b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multiclass-task-fridge-items-cli-automl-img-cls-mc-task-fridge-items.yml index 46a04cb7d8..6aa0c1e19e 100644 --- a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multiclass-task-fridge-items-cli-automl-img-cls-mc-task-fridge-items.yml +++ b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multiclass-task-fridge-items-cli-automl-img-cls-mc-task-fridge-items.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multiclass-task-fridge-items-cli-automl-img-cls-mc-task-fridge-items.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multilabel-task-fridge-items-cli-automl-img-cls-ml-task-fridge-items-automode.yml b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multilabel-task-fridge-items-cli-automl-img-cls-ml-task-fridge-items-automode.yml index 2e256770d5..790056c140 100644 --- a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multilabel-task-fridge-items-cli-automl-img-cls-ml-task-fridge-items-automode.yml +++ b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multilabel-task-fridge-items-cli-automl-img-cls-ml-task-fridge-items-automode.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multilabel-task-fridge-items-cli-automl-img-cls-ml-task-fridge-items-automode.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multilabel-task-fridge-items-cli-automl-img-cls-ml-task-fridge-items.yml b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multilabel-task-fridge-items-cli-automl-img-cls-ml-task-fridge-items.yml index cc4353e5b8..80ff44efa6 100644 --- a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multilabel-task-fridge-items-cli-automl-img-cls-ml-task-fridge-items.yml +++ b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multilabel-task-fridge-items-cli-automl-img-cls-ml-task-fridge-items.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multilabel-task-fridge-items-cli-automl-img-cls-ml-task-fridge-items.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-instance-segmentation-task-fridge-items-cli-automl-img-ins-seg-task-fridge-items-automode.yml b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-instance-segmentation-task-fridge-items-cli-automl-img-ins-seg-task-fridge-items-automode.yml index bb41668d1e..c6118139a2 100644 --- a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-instance-segmentation-task-fridge-items-cli-automl-img-ins-seg-task-fridge-items-automode.yml +++ b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-instance-segmentation-task-fridge-items-cli-automl-img-ins-seg-task-fridge-items-automode.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-instance-segmentation-task-fridge-items-cli-automl-img-ins-seg-task-fridge-items-automode.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-instance-segmentation-task-fridge-items-cli-automl-img-ins-seg-task-fridge-items.yml b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-instance-segmentation-task-fridge-items-cli-automl-img-ins-seg-task-fridge-items.yml index 333677cb10..214bdc4eab 100644 --- a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-instance-segmentation-task-fridge-items-cli-automl-img-ins-seg-task-fridge-items.yml +++ b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-instance-segmentation-task-fridge-items-cli-automl-img-ins-seg-task-fridge-items.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-instance-segmentation-task-fridge-items-cli-automl-img-ins-seg-task-fridge-items.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-object-detection-task-fridge-items-cli-automl-img-od-task-fridge-items-automode.yml b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-object-detection-task-fridge-items-cli-automl-img-od-task-fridge-items-automode.yml index 0b611be7b8..2a20878adc 100644 --- a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-object-detection-task-fridge-items-cli-automl-img-od-task-fridge-items-automode.yml +++ b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-object-detection-task-fridge-items-cli-automl-img-od-task-fridge-items-automode.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-object-detection-task-fridge-items-cli-automl-img-od-task-fridge-items-automode.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-object-detection-task-fridge-items-cli-automl-img-od-task-fridge-items.yml b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-object-detection-task-fridge-items-cli-automl-img-od-task-fridge-items.yml index 878fb0863d..a15777ae47 100644 --- a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-object-detection-task-fridge-items-cli-automl-img-od-task-fridge-items.yml +++ b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-object-detection-task-fridge-items-cli-automl-img-od-task-fridge-items.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-object-detection-task-fridge-items-cli-automl-img-od-task-fridge-items.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-regression-task-hardware-perf-cli-automl-regression-task-hardware-perf.yml b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-regression-task-hardware-perf-cli-automl-regression-task-hardware-perf.yml index af4c401b66..a22aebc105 100644 --- a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-regression-task-hardware-perf-cli-automl-regression-task-hardware-perf.yml +++ b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-regression-task-hardware-perf-cli-automl-regression-task-hardware-perf.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-regression-task-hardware-perf-cli-automl-regression-task-hardware-perf.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-classification-multilabel-paper-cat-cli-automl-text-classification-multilabel-paper-cat.yml b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-classification-multilabel-paper-cat-cli-automl-text-classification-multilabel-paper-cat.yml index d337dc1c9f..955034df04 100644 --- a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-classification-multilabel-paper-cat-cli-automl-text-classification-multilabel-paper-cat.yml +++ b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-classification-multilabel-paper-cat-cli-automl-text-classification-multilabel-paper-cat.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-classification-multilabel-paper-cat-cli-automl-text-classification-multilabel-paper-cat.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-classification-newsgroup-cli-automl-text-classification-newsgroup.yml b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-classification-newsgroup-cli-automl-text-classification-newsgroup.yml index c04639319b..8d625b6183 100644 --- a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-classification-newsgroup-cli-automl-text-classification-newsgroup.yml +++ b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-classification-newsgroup-cli-automl-text-classification-newsgroup.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-classification-newsgroup-cli-automl-text-classification-newsgroup.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-ner-conll-cli-automl-text-ner-conll2003.yml b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-ner-conll-cli-automl-text-ner-conll2003.yml index e357cd22d0..59ea1c2965 100644 --- a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-ner-conll-cli-automl-text-ner-conll2003.yml +++ b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-ner-conll-cli-automl-text-ner-conll2003.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-ner-conll-cli-automl-text-ner-conll2003.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-ner-conll-distributed-sweeping-cli-automl-text-ner-conll2003-distributed-sweeping.yml b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-ner-conll-distributed-sweeping-cli-automl-text-ner-conll2003-distributed-sweeping.yml index aba782d88a..e86342f520 100644 --- a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-ner-conll-distributed-sweeping-cli-automl-text-ner-conll2003-distributed-sweeping.yml +++ b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-ner-conll-distributed-sweeping-cli-automl-text-ner-conll2003-distributed-sweeping.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-ner-conll-distributed-sweeping-cli-automl-text-ner-conll2003-distributed-sweeping.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-automl-hello-automl-job-basic.yml b/.github/workflows/cli-jobs-basics-hello-automl-hello-automl-job-basic.yml index 67ca9af5d9..31145d4522 100644 --- a/.github/workflows/cli-jobs-basics-hello-automl-hello-automl-job-basic.yml +++ b/.github/workflows/cli-jobs-basics-hello-automl-hello-automl-job-basic.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-automl-hello-automl-job-basic.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-code.yml b/.github/workflows/cli-jobs-basics-hello-code.yml index cc055da278..02cbce208e 100644 --- a/.github/workflows/cli-jobs-basics-hello-code.yml +++ b/.github/workflows/cli-jobs-basics-hello-code.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-code.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-data-uri-folder.yml b/.github/workflows/cli-jobs-basics-hello-data-uri-folder.yml index 5cd2564f4e..b412efcf62 100644 --- a/.github/workflows/cli-jobs-basics-hello-data-uri-folder.yml +++ b/.github/workflows/cli-jobs-basics-hello-data-uri-folder.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-data-uri-folder.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-dataset.yml b/.github/workflows/cli-jobs-basics-hello-dataset.yml index d7d3678aa1..0ded3d9692 100644 --- a/.github/workflows/cli-jobs-basics-hello-dataset.yml +++ b/.github/workflows/cli-jobs-basics-hello-dataset.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-dataset.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-git.yml b/.github/workflows/cli-jobs-basics-hello-git.yml index ddefb0edfe..02d0c580d3 100644 --- a/.github/workflows/cli-jobs-basics-hello-git.yml +++ b/.github/workflows/cli-jobs-basics-hello-git.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-git.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-interactive.yml b/.github/workflows/cli-jobs-basics-hello-interactive.yml index b8d4d0170f..2897c58027 100644 --- a/.github/workflows/cli-jobs-basics-hello-interactive.yml +++ b/.github/workflows/cli-jobs-basics-hello-interactive.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-interactive.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-iris-datastore-file.yml b/.github/workflows/cli-jobs-basics-hello-iris-datastore-file.yml index e6f0b82b17..a9ae08a32e 100644 --- a/.github/workflows/cli-jobs-basics-hello-iris-datastore-file.yml +++ b/.github/workflows/cli-jobs-basics-hello-iris-datastore-file.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-iris-datastore-file.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-iris-datastore-folder.yml b/.github/workflows/cli-jobs-basics-hello-iris-datastore-folder.yml index 26f03f2005..cf4c6c6afc 100644 --- a/.github/workflows/cli-jobs-basics-hello-iris-datastore-folder.yml +++ b/.github/workflows/cli-jobs-basics-hello-iris-datastore-folder.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-iris-datastore-folder.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-iris-file.yml b/.github/workflows/cli-jobs-basics-hello-iris-file.yml index 8b6735493c..c1b0ac575e 100644 --- a/.github/workflows/cli-jobs-basics-hello-iris-file.yml +++ b/.github/workflows/cli-jobs-basics-hello-iris-file.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-iris-file.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-iris-folder.yml b/.github/workflows/cli-jobs-basics-hello-iris-folder.yml index 1145f17315..a2c008babc 100644 --- a/.github/workflows/cli-jobs-basics-hello-iris-folder.yml +++ b/.github/workflows/cli-jobs-basics-hello-iris-folder.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-iris-folder.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-iris-literal.yml b/.github/workflows/cli-jobs-basics-hello-iris-literal.yml index 663bc6f095..9cd064da14 100644 --- a/.github/workflows/cli-jobs-basics-hello-iris-literal.yml +++ b/.github/workflows/cli-jobs-basics-hello-iris-literal.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-iris-literal.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-mlflow.yml b/.github/workflows/cli-jobs-basics-hello-mlflow.yml index 35cb2111bf..ffe583225d 100644 --- a/.github/workflows/cli-jobs-basics-hello-mlflow.yml +++ b/.github/workflows/cli-jobs-basics-hello-mlflow.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-mlflow.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-model-as-input.yml b/.github/workflows/cli-jobs-basics-hello-model-as-input.yml index f5b3b30976..0be64123ea 100644 --- a/.github/workflows/cli-jobs-basics-hello-model-as-input.yml +++ b/.github/workflows/cli-jobs-basics-hello-model-as-input.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-model-as-input.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-model-as-output.yml b/.github/workflows/cli-jobs-basics-hello-model-as-output.yml index c0dfe9aeb8..2c8ec31210 100644 --- a/.github/workflows/cli-jobs-basics-hello-model-as-output.yml +++ b/.github/workflows/cli-jobs-basics-hello-model-as-output.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-model-as-output.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-notebook.yml b/.github/workflows/cli-jobs-basics-hello-notebook.yml index 75060a7df2..c5fcb7f365 100644 --- a/.github/workflows/cli-jobs-basics-hello-notebook.yml +++ b/.github/workflows/cli-jobs-basics-hello-notebook.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-notebook.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-pipeline-abc.yml b/.github/workflows/cli-jobs-basics-hello-pipeline-abc.yml index 595eb047c7..434a2a9b57 100644 --- a/.github/workflows/cli-jobs-basics-hello-pipeline-abc.yml +++ b/.github/workflows/cli-jobs-basics-hello-pipeline-abc.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-pipeline-abc.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-pipeline-customize-output-file.yml b/.github/workflows/cli-jobs-basics-hello-pipeline-customize-output-file.yml index 979e878ccd..d6ac0e8d65 100644 --- a/.github/workflows/cli-jobs-basics-hello-pipeline-customize-output-file.yml +++ b/.github/workflows/cli-jobs-basics-hello-pipeline-customize-output-file.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-pipeline-customize-output-file.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-pipeline-customize-output-folder.yml b/.github/workflows/cli-jobs-basics-hello-pipeline-customize-output-folder.yml index 72c482f178..83410164a9 100644 --- a/.github/workflows/cli-jobs-basics-hello-pipeline-customize-output-folder.yml +++ b/.github/workflows/cli-jobs-basics-hello-pipeline-customize-output-folder.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-pipeline-customize-output-folder.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-pipeline-default-artifacts.yml b/.github/workflows/cli-jobs-basics-hello-pipeline-default-artifacts.yml index ae593f8e6f..fcf7a1437b 100644 --- a/.github/workflows/cli-jobs-basics-hello-pipeline-default-artifacts.yml +++ b/.github/workflows/cli-jobs-basics-hello-pipeline-default-artifacts.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-pipeline-default-artifacts.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-pipeline-io.yml b/.github/workflows/cli-jobs-basics-hello-pipeline-io.yml index 8e8bcd592e..06738ceadc 100644 --- a/.github/workflows/cli-jobs-basics-hello-pipeline-io.yml +++ b/.github/workflows/cli-jobs-basics-hello-pipeline-io.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-pipeline-io.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-pipeline-settings.yml b/.github/workflows/cli-jobs-basics-hello-pipeline-settings.yml index 01afc8beff..ec15b129d5 100644 --- a/.github/workflows/cli-jobs-basics-hello-pipeline-settings.yml +++ b/.github/workflows/cli-jobs-basics-hello-pipeline-settings.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-pipeline-settings.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-pipeline.yml b/.github/workflows/cli-jobs-basics-hello-pipeline.yml index 525f4ced95..3c63e8fd9a 100644 --- a/.github/workflows/cli-jobs-basics-hello-pipeline.yml +++ b/.github/workflows/cli-jobs-basics-hello-pipeline.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-pipeline.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-sweep.yml b/.github/workflows/cli-jobs-basics-hello-sweep.yml index e656aab2f8..c19e9abdad 100644 --- a/.github/workflows/cli-jobs-basics-hello-sweep.yml +++ b/.github/workflows/cli-jobs-basics-hello-sweep.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-sweep.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-world-env-var.yml b/.github/workflows/cli-jobs-basics-hello-world-env-var.yml index 156acc171d..aa0000b050 100644 --- a/.github/workflows/cli-jobs-basics-hello-world-env-var.yml +++ b/.github/workflows/cli-jobs-basics-hello-world-env-var.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-world-env-var.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-world-input.yml b/.github/workflows/cli-jobs-basics-hello-world-input.yml index 72fdbcb314..e298c9e600 100644 --- a/.github/workflows/cli-jobs-basics-hello-world-input.yml +++ b/.github/workflows/cli-jobs-basics-hello-world-input.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-world-input.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-world-org.yml b/.github/workflows/cli-jobs-basics-hello-world-org.yml index 2afc246cbe..c8a38974c0 100644 --- a/.github/workflows/cli-jobs-basics-hello-world-org.yml +++ b/.github/workflows/cli-jobs-basics-hello-world-org.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-world-org.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-world-output-data.yml b/.github/workflows/cli-jobs-basics-hello-world-output-data.yml index 6c55a73ead..25f47ae275 100644 --- a/.github/workflows/cli-jobs-basics-hello-world-output-data.yml +++ b/.github/workflows/cli-jobs-basics-hello-world-output-data.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-world-output-data.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-world-output.yml b/.github/workflows/cli-jobs-basics-hello-world-output.yml index 11a93b354b..12e49fa864 100644 --- a/.github/workflows/cli-jobs-basics-hello-world-output.yml +++ b/.github/workflows/cli-jobs-basics-hello-world-output.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-world-output.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-world.yml b/.github/workflows/cli-jobs-basics-hello-world.yml index d33ce3c603..79d86c6580 100644 --- a/.github/workflows/cli-jobs-basics-hello-world.yml +++ b/.github/workflows/cli-jobs-basics-hello-world.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-world.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-deepspeed-deepspeed-autotuning-job.yml b/.github/workflows/cli-jobs-deepspeed-deepspeed-autotuning-job.yml index af0c92fc96..f5f9306d43 100644 --- a/.github/workflows/cli-jobs-deepspeed-deepspeed-autotuning-job.yml +++ b/.github/workflows/cli-jobs-deepspeed-deepspeed-autotuning-job.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-deepspeed-deepspeed-autotuning-job.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-deepspeed-deepspeed-training-job.yml b/.github/workflows/cli-jobs-deepspeed-deepspeed-training-job.yml index ed5d41fb19..0b913c5919 100644 --- a/.github/workflows/cli-jobs-deepspeed-deepspeed-training-job.yml +++ b/.github/workflows/cli-jobs-deepspeed-deepspeed-training-job.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-deepspeed-deepspeed-training-job.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-nebulaml-PyTorch_CNN_MNIST-job.yml b/.github/workflows/cli-jobs-nebulaml-PyTorch_CNN_MNIST-job.yml index b788d7eeae..c12c8d29ac 100644 --- a/.github/workflows/cli-jobs-nebulaml-PyTorch_CNN_MNIST-job.yml +++ b/.github/workflows/cli-jobs-nebulaml-PyTorch_CNN_MNIST-job.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-nebulaml-PyTorch_CNN_MNIST-job.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-parallel-1a_oj_sales_prediction-pipeline.yml b/.github/workflows/cli-jobs-parallel-1a_oj_sales_prediction-pipeline.yml index 4b65be880c..140381d9d2 100644 --- a/.github/workflows/cli-jobs-parallel-1a_oj_sales_prediction-pipeline.yml +++ b/.github/workflows/cli-jobs-parallel-1a_oj_sales_prediction-pipeline.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-parallel-1a_oj_sales_prediction-pipeline.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-parallel-2a_iris_batch_prediction-pipeline.yml b/.github/workflows/cli-jobs-parallel-2a_iris_batch_prediction-pipeline.yml index 29484a0c92..07f00abc12 100644 --- a/.github/workflows/cli-jobs-parallel-2a_iris_batch_prediction-pipeline.yml +++ b/.github/workflows/cli-jobs-parallel-2a_iris_batch_prediction-pipeline.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-parallel-2a_iris_batch_prediction-pipeline.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-parallel-3a_mnist_batch_identification-pipeline.yml b/.github/workflows/cli-jobs-parallel-3a_mnist_batch_identification-pipeline.yml index 1ad648b464..a9cc8863c9 100644 --- a/.github/workflows/cli-jobs-parallel-3a_mnist_batch_identification-pipeline.yml +++ b/.github/workflows/cli-jobs-parallel-3a_mnist_batch_identification-pipeline.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-parallel-3a_mnist_batch_identification-pipeline.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-automl-cli-automl-classification-task-bankmarketing-pipeline-pipeline.yml b/.github/workflows/cli-jobs-pipelines-automl-cli-automl-classification-task-bankmarketing-pipeline-pipeline.yml index 01f3a6a7c1..329e099188 100644 --- a/.github/workflows/cli-jobs-pipelines-automl-cli-automl-classification-task-bankmarketing-pipeline-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-automl-cli-automl-classification-task-bankmarketing-pipeline-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-automl-cli-automl-classification-task-bankmarketing-pipeline-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-automl-cli-automl-forecasting-demand-with-pipeline-components-cli-automl-forecasting-demand-hierarchical-timeseries-hts_evaluation_pipeline.yml b/.github/workflows/cli-jobs-pipelines-automl-cli-automl-forecasting-demand-with-pipeline-components-cli-automl-forecasting-demand-hierarchical-timeseries-hts_evaluation_pipeline.yml index dc2d9ded9f..60ca14a5fe 100644 --- a/.github/workflows/cli-jobs-pipelines-automl-cli-automl-forecasting-demand-with-pipeline-components-cli-automl-forecasting-demand-hierarchical-timeseries-hts_evaluation_pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-automl-cli-automl-forecasting-demand-with-pipeline-components-cli-automl-forecasting-demand-hierarchical-timeseries-hts_evaluation_pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-automl-cli-automl-forecasting-demand-with-pipeline-components-cli-automl-forecasting-demand-hierarchical-timeseries-hts_evaluation_pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-automl-cli-automl-forecasting-demand-with-pipeline-components-cli-automl-forecasting-demand-many-models-many_models_evaluation_pipeline.yml b/.github/workflows/cli-jobs-pipelines-automl-cli-automl-forecasting-demand-with-pipeline-components-cli-automl-forecasting-demand-many-models-many_models_evaluation_pipeline.yml index 9bd297f6d3..640f76b38f 100644 --- a/.github/workflows/cli-jobs-pipelines-automl-cli-automl-forecasting-demand-with-pipeline-components-cli-automl-forecasting-demand-many-models-many_models_evaluation_pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-automl-cli-automl-forecasting-demand-with-pipeline-components-cli-automl-forecasting-demand-many-models-many_models_evaluation_pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-automl-cli-automl-forecasting-demand-with-pipeline-components-cli-automl-forecasting-demand-many-models-many_models_evaluation_pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-automl-cli-automl-regression-housepricing-pipeline-pipeline.yml b/.github/workflows/cli-jobs-pipelines-automl-cli-automl-regression-housepricing-pipeline-pipeline.yml index 417fefdc55..594af22b2d 100644 --- a/.github/workflows/cli-jobs-pipelines-automl-cli-automl-regression-housepricing-pipeline-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-automl-cli-automl-regression-housepricing-pipeline-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-automl-cli-automl-regression-housepricing-pipeline-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-automl-cli-automl-text-classification-multilabel-paper-categorization-pipeline-pipeline.yml b/.github/workflows/cli-jobs-pipelines-automl-cli-automl-text-classification-multilabel-paper-categorization-pipeline-pipeline.yml index aa606e2e81..9a479b7157 100644 --- a/.github/workflows/cli-jobs-pipelines-automl-cli-automl-text-classification-multilabel-paper-categorization-pipeline-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-automl-cli-automl-text-classification-multilabel-paper-categorization-pipeline-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-automl-cli-automl-text-classification-multilabel-paper-categorization-pipeline-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-automl-cli-automl-text-classification-newsgroup-pipeline-pipeline.yml b/.github/workflows/cli-jobs-pipelines-automl-cli-automl-text-classification-newsgroup-pipeline-pipeline.yml index e591ceffba..7ebac98664 100644 --- a/.github/workflows/cli-jobs-pipelines-automl-cli-automl-text-classification-newsgroup-pipeline-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-automl-cli-automl-text-classification-newsgroup-pipeline-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-automl-cli-automl-text-classification-newsgroup-pipeline-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-automl-cli-automl-text-ner-conll-pipeline-pipeline.yml b/.github/workflows/cli-jobs-pipelines-automl-cli-automl-text-ner-conll-pipeline-pipeline.yml index 27f94951fe..533d77fc6f 100644 --- a/.github/workflows/cli-jobs-pipelines-automl-cli-automl-text-ner-conll-pipeline-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-automl-cli-automl-text-ner-conll-pipeline-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-automl-cli-automl-text-ner-conll-pipeline-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-automl-forecasting-energy-demand-pipeline-pipeline.yml b/.github/workflows/cli-jobs-pipelines-automl-forecasting-energy-demand-pipeline-pipeline.yml index 1dc3821cf3..4aca130e17 100644 --- a/.github/workflows/cli-jobs-pipelines-automl-forecasting-energy-demand-pipeline-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-automl-forecasting-energy-demand-pipeline-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-automl-forecasting-energy-demand-pipeline-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-automl-image-instance-segmentation-task-fridge-items-pipeline-pipeline.yml b/.github/workflows/cli-jobs-pipelines-automl-image-instance-segmentation-task-fridge-items-pipeline-pipeline.yml index ff159cca3d..66730488e6 100644 --- a/.github/workflows/cli-jobs-pipelines-automl-image-instance-segmentation-task-fridge-items-pipeline-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-automl-image-instance-segmentation-task-fridge-items-pipeline-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-automl-image-instance-segmentation-task-fridge-items-pipeline-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-automl-image-multiclass-classification-fridge-items-pipeline-pipeline.yml b/.github/workflows/cli-jobs-pipelines-automl-image-multiclass-classification-fridge-items-pipeline-pipeline.yml index d443274d3f..6727082dd2 100644 --- a/.github/workflows/cli-jobs-pipelines-automl-image-multiclass-classification-fridge-items-pipeline-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-automl-image-multiclass-classification-fridge-items-pipeline-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-automl-image-multiclass-classification-fridge-items-pipeline-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-automl-image-multilabel-classification-fridge-items-pipeline-pipeline.yml b/.github/workflows/cli-jobs-pipelines-automl-image-multilabel-classification-fridge-items-pipeline-pipeline.yml index 4f95e959c9..4d4438a6b3 100644 --- a/.github/workflows/cli-jobs-pipelines-automl-image-multilabel-classification-fridge-items-pipeline-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-automl-image-multilabel-classification-fridge-items-pipeline-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-automl-image-multilabel-classification-fridge-items-pipeline-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-automl-image-object-detection-task-fridge-items-pipeline-pipeline.yml b/.github/workflows/cli-jobs-pipelines-automl-image-object-detection-task-fridge-items-pipeline-pipeline.yml index ff620c354f..6b9fabf394 100644 --- a/.github/workflows/cli-jobs-pipelines-automl-image-object-detection-task-fridge-items-pipeline-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-automl-image-object-detection-task-fridge-items-pipeline-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-automl-image-object-detection-task-fridge-items-pipeline-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-cifar-10-pipeline.yml b/.github/workflows/cli-jobs-pipelines-cifar-10-pipeline.yml index 8a60b0d571..ff7484f376 100644 --- a/.github/workflows/cli-jobs-pipelines-cifar-10-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-cifar-10-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-cifar-10-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-iris-batch-prediction-using-parallel-pipeline.yml b/.github/workflows/cli-jobs-pipelines-iris-batch-prediction-using-parallel-pipeline.yml index 57cc5d2287..2ad8f2e4ae 100644 --- a/.github/workflows/cli-jobs-pipelines-iris-batch-prediction-using-parallel-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-iris-batch-prediction-using-parallel-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-iris-batch-prediction-using-parallel-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-mnist-batch-identification-using-parallel-pipeline.yml b/.github/workflows/cli-jobs-pipelines-mnist-batch-identification-using-parallel-pipeline.yml index d70f4ae4c5..025b54fc57 100644 --- a/.github/workflows/cli-jobs-pipelines-mnist-batch-identification-using-parallel-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-mnist-batch-identification-using-parallel-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-mnist-batch-identification-using-parallel-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-nyc-taxi-pipeline.yml b/.github/workflows/cli-jobs-pipelines-nyc-taxi-pipeline.yml index 53b086f9d1..4b65252d2a 100644 --- a/.github/workflows/cli-jobs-pipelines-nyc-taxi-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-nyc-taxi-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-nyc-taxi-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-tensorflow-image-segmentation-pipeline.yml b/.github/workflows/cli-jobs-pipelines-tensorflow-image-segmentation-pipeline.yml index 3993eebc29..6df4502abc 100644 --- a/.github/workflows/cli-jobs-pipelines-tensorflow-image-segmentation-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-tensorflow-image-segmentation-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-tensorflow-image-segmentation-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-1a_e2e_local_components-pipeline-registry.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-1a_e2e_local_components-pipeline-registry.yml index 318b14b952..f613d9f858 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-1a_e2e_local_components-pipeline-registry.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-1a_e2e_local_components-pipeline-registry.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-1a_e2e_local_components-pipeline-registry.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-1a_e2e_local_components-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-1a_e2e_local_components-pipeline.yml index ffcaec7695..36ea8dde6d 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-1a_e2e_local_components-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-1a_e2e_local_components-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-1a_e2e_local_components-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-1b_e2e_registered_components-pipeline-registry.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-1b_e2e_registered_components-pipeline-registry.yml index 18ed513e0f..d8b04553d8 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-1b_e2e_registered_components-pipeline-registry.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-1b_e2e_registered_components-pipeline-registry.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-1b_e2e_registered_components-pipeline-registry.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-1b_e2e_registered_components-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-1b_e2e_registered_components-pipeline.yml index 8797c35b74..e89fdf8db0 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-1b_e2e_registered_components-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-1b_e2e_registered_components-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-1b_e2e_registered_components-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-2a_basic_component-pipeline-registry.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-2a_basic_component-pipeline-registry.yml index ce9c33c4d0..3fad454dc5 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-2a_basic_component-pipeline-registry.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-2a_basic_component-pipeline-registry.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-2a_basic_component-pipeline-registry.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-2a_basic_component-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-2a_basic_component-pipeline.yml index 34256fc6b3..be2255bd25 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-2a_basic_component-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-2a_basic_component-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-2a_basic_component-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-2b_component_with_input_output-pipeline-registry.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-2b_component_with_input_output-pipeline-registry.yml index 37a7af58c5..1e4694b78d 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-2b_component_with_input_output-pipeline-registry.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-2b_component_with_input_output-pipeline-registry.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-2b_component_with_input_output-pipeline-registry.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-2b_component_with_input_output-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-2b_component_with_input_output-pipeline.yml index 6a990564be..de5630794b 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-2b_component_with_input_output-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-2b_component_with_input_output-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-2b_component_with_input_output-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-3a_basic_pipeline-pipeline-registry.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-3a_basic_pipeline-pipeline-registry.yml index c08ca13b83..8be6dbac52 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-3a_basic_pipeline-pipeline-registry.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-3a_basic_pipeline-pipeline-registry.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-3a_basic_pipeline-pipeline-registry.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-3a_basic_pipeline-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-3a_basic_pipeline-pipeline.yml index 064bc8522b..230005286e 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-3a_basic_pipeline-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-3a_basic_pipeline-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-3a_basic_pipeline-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-3b_pipeline_with_data-pipeline-registry.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-3b_pipeline_with_data-pipeline-registry.yml index a9f5093d96..87cccccb5b 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-3b_pipeline_with_data-pipeline-registry.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-3b_pipeline_with_data-pipeline-registry.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-3b_pipeline_with_data-pipeline-registry.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-3b_pipeline_with_data-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-3b_pipeline_with_data-pipeline.yml index eeb2e17c81..f5724a85f8 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-3b_pipeline_with_data-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-3b_pipeline_with_data-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-3b_pipeline_with_data-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-4a_local_data_input-pipeline-registry.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-4a_local_data_input-pipeline-registry.yml index 85235dbfa3..7446005c18 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-4a_local_data_input-pipeline-registry.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-4a_local_data_input-pipeline-registry.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-4a_local_data_input-pipeline-registry.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-4a_local_data_input-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-4a_local_data_input-pipeline.yml index 73f8fae9c0..f04cc6e6ec 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-4a_local_data_input-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-4a_local_data_input-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-4a_local_data_input-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-4b_datastore_datapath_uri-pipeline-registry.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-4b_datastore_datapath_uri-pipeline-registry.yml index 5467076359..da75c42753 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-4b_datastore_datapath_uri-pipeline-registry.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-4b_datastore_datapath_uri-pipeline-registry.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-4b_datastore_datapath_uri-pipeline-registry.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-4b_datastore_datapath_uri-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-4b_datastore_datapath_uri-pipeline.yml index 023a297777..ec6dbb81c0 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-4b_datastore_datapath_uri-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-4b_datastore_datapath_uri-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-4b_datastore_datapath_uri-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-4c_web_url_input-pipeline-registry.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-4c_web_url_input-pipeline-registry.yml index 7b60f9b328..383879b032 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-4c_web_url_input-pipeline-registry.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-4c_web_url_input-pipeline-registry.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-4c_web_url_input-pipeline-registry.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-4c_web_url_input-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-4c_web_url_input-pipeline.yml index c387e8aeaf..dae7dd14a6 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-4c_web_url_input-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-4c_web_url_input-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-4c_web_url_input-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-4d_data_input-pipeline-registry.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-4d_data_input-pipeline-registry.yml index 6b5a47e0d2..6f4526a55e 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-4d_data_input-pipeline-registry.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-4d_data_input-pipeline-registry.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-4d_data_input-pipeline-registry.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-4d_data_input-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-4d_data_input-pipeline.yml index 7eaa99cf81..15d342eb64 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-4d_data_input-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-4d_data_input-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-4d_data_input-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-5a_env_public_docker_image-pipeline-registry.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-5a_env_public_docker_image-pipeline-registry.yml index 9ecd7862e2..f5a641933d 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-5a_env_public_docker_image-pipeline-registry.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-5a_env_public_docker_image-pipeline-registry.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-5a_env_public_docker_image-pipeline-registry.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-5a_env_public_docker_image-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-5a_env_public_docker_image-pipeline.yml index 49a9ceb0bf..e045a158a0 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-5a_env_public_docker_image-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-5a_env_public_docker_image-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-5a_env_public_docker_image-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-5b_env_registered-pipeline-registry.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-5b_env_registered-pipeline-registry.yml index da294a6ca7..28470da7c6 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-5b_env_registered-pipeline-registry.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-5b_env_registered-pipeline-registry.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-5b_env_registered-pipeline-registry.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-5b_env_registered-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-5b_env_registered-pipeline.yml index 8691df2902..355bd7d230 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-5b_env_registered-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-5b_env_registered-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-5b_env_registered-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-5c_env_conda_file-pipeline-registry.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-5c_env_conda_file-pipeline-registry.yml index d52346f81d..ccc3900c7d 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-5c_env_conda_file-pipeline-registry.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-5c_env_conda_file-pipeline-registry.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-5c_env_conda_file-pipeline-registry.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-5c_env_conda_file-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-5c_env_conda_file-pipeline.yml index d5fab2fdff..b0eb254028 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-5c_env_conda_file-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-5c_env_conda_file-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-5c_env_conda_file-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-6a_tf_hello_world-pipeline-registry.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-6a_tf_hello_world-pipeline-registry.yml index 4263e0d98f..f2f5842ccb 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-6a_tf_hello_world-pipeline-registry.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-6a_tf_hello_world-pipeline-registry.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-6a_tf_hello_world-pipeline-registry.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-6a_tf_hello_world-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-6a_tf_hello_world-pipeline.yml index 073151c002..c892179fdd 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-6a_tf_hello_world-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-6a_tf_hello_world-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-6a_tf_hello_world-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-6b_pytorch_hello_world-pipeline-registry.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-6b_pytorch_hello_world-pipeline-registry.yml index 1fc23a383a..add0e0d5ba 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-6b_pytorch_hello_world-pipeline-registry.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-6b_pytorch_hello_world-pipeline-registry.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-6b_pytorch_hello_world-pipeline-registry.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-6b_pytorch_hello_world-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-6b_pytorch_hello_world-pipeline.yml index a5e19d4d26..401f98e22c 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-6b_pytorch_hello_world-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-6b_pytorch_hello_world-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-6b_pytorch_hello_world-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-6c_r_iris-pipeline-registry.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-6c_r_iris-pipeline-registry.yml index 6ba015d075..886602b298 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-6c_r_iris-pipeline-registry.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-6c_r_iris-pipeline-registry.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-6c_r_iris-pipeline-registry.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-6c_r_iris-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-6c_r_iris-pipeline.yml index c952c35c2a..37eeec3f2b 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-6c_r_iris-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-6c_r_iris-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-6c_r_iris-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-image_classification_with_densenet-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-image_classification_with_densenet-pipeline.yml index 1a51c7ac73..7c81e09c29 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-image_classification_with_densenet-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-image_classification_with_densenet-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-image_classification_with_densenet-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-nyc_taxi_data_regression-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-nyc_taxi_data_regression-pipeline.yml index 0e849e83b1..de9d62578b 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-nyc_taxi_data_regression-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-nyc_taxi_data_regression-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-nyc_taxi_data_regression-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-nyc_taxi_data_regression-single-job-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-nyc_taxi_data_regression-single-job-pipeline.yml index dc4c242387..5642900c0e 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-nyc_taxi_data_regression-single-job-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-nyc_taxi_data_regression-single-job-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-nyc_taxi_data_regression-single-job-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-pipeline_job_with_flow_as_component-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-pipeline_job_with_flow_as_component-pipeline.yml index 68b9f9ba4c..d014f255e3 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-pipeline_job_with_flow_as_component-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-pipeline_job_with_flow_as_component-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-pipeline_job_with_flow_as_component-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-pipeline_with_hyperparameter_sweep-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-pipeline_with_hyperparameter_sweep-pipeline.yml index 88523c5e7e..3d753f1e57 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-pipeline_with_hyperparameter_sweep-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-pipeline_with_hyperparameter_sweep-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-pipeline_with_hyperparameter_sweep-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-pipeline_with_pipeline_component-nyc_taxi_data_regression_with_pipeline_component-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-pipeline_with_pipeline_component-nyc_taxi_data_regression_with_pipeline_component-pipeline.yml index a41ed46c7b..01136b6e0b 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-pipeline_with_pipeline_component-nyc_taxi_data_regression_with_pipeline_component-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-pipeline_with_pipeline_component-nyc_taxi_data_regression_with_pipeline_component-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-pipeline_with_pipeline_component-nyc_taxi_data_regression_with_pipeline_component-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-pipeline_with_pipeline_component-pipeline_with_train_eval_pipeline_component-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-pipeline_with_pipeline_component-pipeline_with_train_eval_pipeline_component-pipeline.yml index 1c4fb95c03..9e352e6784 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-pipeline_with_pipeline_component-pipeline_with_train_eval_pipeline_component-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-pipeline_with_pipeline_component-pipeline_with_train_eval_pipeline_component-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-pipeline_with_pipeline_component-pipeline_with_train_eval_pipeline_component-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-single-step-dask-nyctaxi-job.yml b/.github/workflows/cli-jobs-single-step-dask-nyctaxi-job.yml index 7865007dff..efbb381e20 100644 --- a/.github/workflows/cli-jobs-single-step-dask-nyctaxi-job.yml +++ b/.github/workflows/cli-jobs-single-step-dask-nyctaxi-job.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-single-step-dask-nyctaxi-job.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-single-step-gpu_perf-gpu_perf_job.yml b/.github/workflows/cli-jobs-single-step-gpu_perf-gpu_perf_job.yml index 3c9a1d9e4a..40a0098f53 100644 --- a/.github/workflows/cli-jobs-single-step-gpu_perf-gpu_perf_job.yml +++ b/.github/workflows/cli-jobs-single-step-gpu_perf-gpu_perf_job.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-single-step-gpu_perf-gpu_perf_job.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-single-step-julia-iris-job.yml b/.github/workflows/cli-jobs-single-step-julia-iris-job.yml index 9fabf47136..64f42c15d3 100644 --- a/.github/workflows/cli-jobs-single-step-julia-iris-job.yml +++ b/.github/workflows/cli-jobs-single-step-julia-iris-job.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-single-step-julia-iris-job.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-single-step-lightgbm-iris-job-sweep.yml b/.github/workflows/cli-jobs-single-step-lightgbm-iris-job-sweep.yml index 433680d285..cbc6eb1ea1 100644 --- a/.github/workflows/cli-jobs-single-step-lightgbm-iris-job-sweep.yml +++ b/.github/workflows/cli-jobs-single-step-lightgbm-iris-job-sweep.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-single-step-lightgbm-iris-job-sweep.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-single-step-lightgbm-iris-job.yml b/.github/workflows/cli-jobs-single-step-lightgbm-iris-job.yml index 9990233549..a170af398f 100644 --- a/.github/workflows/cli-jobs-single-step-lightgbm-iris-job.yml +++ b/.github/workflows/cli-jobs-single-step-lightgbm-iris-job.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-single-step-lightgbm-iris-job.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-single-step-pytorch-cifar-distributed-job.yml b/.github/workflows/cli-jobs-single-step-pytorch-cifar-distributed-job.yml index 1137f1ce5b..636a109ac0 100644 --- a/.github/workflows/cli-jobs-single-step-pytorch-cifar-distributed-job.yml +++ b/.github/workflows/cli-jobs-single-step-pytorch-cifar-distributed-job.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-single-step-pytorch-cifar-distributed-job.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-single-step-pytorch-iris-job.yml b/.github/workflows/cli-jobs-single-step-pytorch-iris-job.yml index 43c2cfaa6d..4d75bd7830 100644 --- a/.github/workflows/cli-jobs-single-step-pytorch-iris-job.yml +++ b/.github/workflows/cli-jobs-single-step-pytorch-iris-job.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-single-step-pytorch-iris-job.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-single-step-pytorch-word-language-model-job.yml b/.github/workflows/cli-jobs-single-step-pytorch-word-language-model-job.yml index 75f802bc7b..c2aedf74fc 100644 --- a/.github/workflows/cli-jobs-single-step-pytorch-word-language-model-job.yml +++ b/.github/workflows/cli-jobs-single-step-pytorch-word-language-model-job.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-single-step-pytorch-word-language-model-job.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-single-step-r-accidents-job.yml b/.github/workflows/cli-jobs-single-step-r-accidents-job.yml index a7caed55bf..0bfcbc144f 100644 --- a/.github/workflows/cli-jobs-single-step-r-accidents-job.yml +++ b/.github/workflows/cli-jobs-single-step-r-accidents-job.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-single-step-r-accidents-job.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-single-step-r-iris-job.yml b/.github/workflows/cli-jobs-single-step-r-iris-job.yml index ca0aca0eb9..0af7d40d9c 100644 --- a/.github/workflows/cli-jobs-single-step-r-iris-job.yml +++ b/.github/workflows/cli-jobs-single-step-r-iris-job.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-single-step-r-iris-job.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-single-step-scikit-learn-diabetes-job.yml b/.github/workflows/cli-jobs-single-step-scikit-learn-diabetes-job.yml index d525a88046..d27fd6c5fa 100644 --- a/.github/workflows/cli-jobs-single-step-scikit-learn-diabetes-job.yml +++ b/.github/workflows/cli-jobs-single-step-scikit-learn-diabetes-job.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-single-step-scikit-learn-diabetes-job.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-single-step-scikit-learn-iris-job-docker-context.yml b/.github/workflows/cli-jobs-single-step-scikit-learn-iris-job-docker-context.yml index b39657fe5c..1622ca2fda 100644 --- a/.github/workflows/cli-jobs-single-step-scikit-learn-iris-job-docker-context.yml +++ b/.github/workflows/cli-jobs-single-step-scikit-learn-iris-job-docker-context.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-single-step-scikit-learn-iris-job-docker-context.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-single-step-scikit-learn-iris-job-sweep.yml b/.github/workflows/cli-jobs-single-step-scikit-learn-iris-job-sweep.yml index ff2804f3ce..48c3d81247 100644 --- a/.github/workflows/cli-jobs-single-step-scikit-learn-iris-job-sweep.yml +++ b/.github/workflows/cli-jobs-single-step-scikit-learn-iris-job-sweep.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-single-step-scikit-learn-iris-job-sweep.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-single-step-scikit-learn-iris-job.yml b/.github/workflows/cli-jobs-single-step-scikit-learn-iris-job.yml index de60e8c66b..feafb4a126 100644 --- a/.github/workflows/cli-jobs-single-step-scikit-learn-iris-job.yml +++ b/.github/workflows/cli-jobs-single-step-scikit-learn-iris-job.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-single-step-scikit-learn-iris-job.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-single-step-scikit-learn-iris-notebook-job.yml b/.github/workflows/cli-jobs-single-step-scikit-learn-iris-notebook-job.yml index 7e9d0502f8..6af524eb50 100644 --- a/.github/workflows/cli-jobs-single-step-scikit-learn-iris-notebook-job.yml +++ b/.github/workflows/cli-jobs-single-step-scikit-learn-iris-notebook-job.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-single-step-scikit-learn-iris-notebook-job.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-single-step-tensorflow-mnist-distributed-horovod-job.yml b/.github/workflows/cli-jobs-single-step-tensorflow-mnist-distributed-horovod-job.yml index a8790f3c7c..77655facc6 100644 --- a/.github/workflows/cli-jobs-single-step-tensorflow-mnist-distributed-horovod-job.yml +++ b/.github/workflows/cli-jobs-single-step-tensorflow-mnist-distributed-horovod-job.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-single-step-tensorflow-mnist-distributed-horovod-job.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-single-step-tensorflow-mnist-distributed-job.yml b/.github/workflows/cli-jobs-single-step-tensorflow-mnist-distributed-job.yml index fa499826ff..89ba5c9451 100644 --- a/.github/workflows/cli-jobs-single-step-tensorflow-mnist-distributed-job.yml +++ b/.github/workflows/cli-jobs-single-step-tensorflow-mnist-distributed-job.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-single-step-tensorflow-mnist-distributed-job.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-single-step-tensorflow-mnist-job.yml b/.github/workflows/cli-jobs-single-step-tensorflow-mnist-job.yml index 4fc687a97f..be5b049252 100644 --- a/.github/workflows/cli-jobs-single-step-tensorflow-mnist-job.yml +++ b/.github/workflows/cli-jobs-single-step-tensorflow-mnist-job.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-single-step-tensorflow-mnist-job.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-spark-attached-spark-pipeline-default-identity.yml b/.github/workflows/cli-jobs-spark-attached-spark-pipeline-default-identity.yml index e3e87f383d..d1bfc3cca9 100644 --- a/.github/workflows/cli-jobs-spark-attached-spark-pipeline-default-identity.yml +++ b/.github/workflows/cli-jobs-spark-attached-spark-pipeline-default-identity.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-spark-attached-spark-pipeline-default-identity.yml - cli/jobs/spark/data/titanic.csv - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-spark-attached-spark-pipeline-managed-identity.yml b/.github/workflows/cli-jobs-spark-attached-spark-pipeline-managed-identity.yml index 9acc36c8f4..842b9bb200 100644 --- a/.github/workflows/cli-jobs-spark-attached-spark-pipeline-managed-identity.yml +++ b/.github/workflows/cli-jobs-spark-attached-spark-pipeline-managed-identity.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-spark-attached-spark-pipeline-managed-identity.yml - cli/jobs/spark/data/titanic.csv - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-spark-attached-spark-pipeline-user-identity.yml b/.github/workflows/cli-jobs-spark-attached-spark-pipeline-user-identity.yml index 20ec8b611c..44f5a2e20f 100644 --- a/.github/workflows/cli-jobs-spark-attached-spark-pipeline-user-identity.yml +++ b/.github/workflows/cli-jobs-spark-attached-spark-pipeline-user-identity.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-spark-attached-spark-pipeline-user-identity.yml - cli/jobs/spark/data/titanic.csv - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-spark-attached-spark-standalone-default-identity.yml b/.github/workflows/cli-jobs-spark-attached-spark-standalone-default-identity.yml index 8d0ef42b7a..375c69b793 100644 --- a/.github/workflows/cli-jobs-spark-attached-spark-standalone-default-identity.yml +++ b/.github/workflows/cli-jobs-spark-attached-spark-standalone-default-identity.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-spark-attached-spark-standalone-default-identity.yml - cli/jobs/spark/data/titanic.csv - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-spark-attached-spark-standalone-managed-identity.yml b/.github/workflows/cli-jobs-spark-attached-spark-standalone-managed-identity.yml index c2ccc731e6..abc6bdd0bb 100644 --- a/.github/workflows/cli-jobs-spark-attached-spark-standalone-managed-identity.yml +++ b/.github/workflows/cli-jobs-spark-attached-spark-standalone-managed-identity.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-spark-attached-spark-standalone-managed-identity.yml - cli/jobs/spark/data/titanic.csv - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-spark-attached-spark-standalone-user-identity.yml b/.github/workflows/cli-jobs-spark-attached-spark-standalone-user-identity.yml index 0db5cac89f..2093de1f50 100644 --- a/.github/workflows/cli-jobs-spark-attached-spark-standalone-user-identity.yml +++ b/.github/workflows/cli-jobs-spark-attached-spark-standalone-user-identity.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-spark-attached-spark-standalone-user-identity.yml - cli/jobs/spark/data/titanic.csv - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-spark-serverless-spark-pipeline-default-identity.yml b/.github/workflows/cli-jobs-spark-serverless-spark-pipeline-default-identity.yml index 39e8d4383d..67429d3bb3 100644 --- a/.github/workflows/cli-jobs-spark-serverless-spark-pipeline-default-identity.yml +++ b/.github/workflows/cli-jobs-spark-serverless-spark-pipeline-default-identity.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-spark-serverless-spark-pipeline-default-identity.yml - cli/jobs/spark/data/titanic.csv - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-spark-serverless-spark-pipeline-managed-identity.yml b/.github/workflows/cli-jobs-spark-serverless-spark-pipeline-managed-identity.yml index 9d7374d667..1bd6ca58ba 100644 --- a/.github/workflows/cli-jobs-spark-serverless-spark-pipeline-managed-identity.yml +++ b/.github/workflows/cli-jobs-spark-serverless-spark-pipeline-managed-identity.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-spark-serverless-spark-pipeline-managed-identity.yml - cli/jobs/spark/data/titanic.csv - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-spark-serverless-spark-pipeline-user-identity.yml b/.github/workflows/cli-jobs-spark-serverless-spark-pipeline-user-identity.yml index 3e5ea3bd26..627a2a1fd9 100644 --- a/.github/workflows/cli-jobs-spark-serverless-spark-pipeline-user-identity.yml +++ b/.github/workflows/cli-jobs-spark-serverless-spark-pipeline-user-identity.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-spark-serverless-spark-pipeline-user-identity.yml - cli/jobs/spark/data/titanic.csv - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-spark-serverless-spark-standalone-default-identity.yml b/.github/workflows/cli-jobs-spark-serverless-spark-standalone-default-identity.yml index 0d20822b90..0c9f6014d6 100644 --- a/.github/workflows/cli-jobs-spark-serverless-spark-standalone-default-identity.yml +++ b/.github/workflows/cli-jobs-spark-serverless-spark-standalone-default-identity.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-spark-serverless-spark-standalone-default-identity.yml - cli/jobs/spark/data/titanic.csv - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-spark-serverless-spark-standalone-managed-identity.yml b/.github/workflows/cli-jobs-spark-serverless-spark-standalone-managed-identity.yml index 9a607113aa..cea5fead6e 100644 --- a/.github/workflows/cli-jobs-spark-serverless-spark-standalone-managed-identity.yml +++ b/.github/workflows/cli-jobs-spark-serverless-spark-standalone-managed-identity.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-spark-serverless-spark-standalone-managed-identity.yml - cli/jobs/spark/data/titanic.csv - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-spark-serverless-spark-standalone-user-identity.yml b/.github/workflows/cli-jobs-spark-serverless-spark-standalone-user-identity.yml index ed8622abe1..e3b5dcdac1 100644 --- a/.github/workflows/cli-jobs-spark-serverless-spark-standalone-user-identity.yml +++ b/.github/workflows/cli-jobs-spark-serverless-spark-standalone-user-identity.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-spark-serverless-spark-standalone-user-identity.yml - cli/jobs/spark/data/titanic.csv - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-resources-compute-cluster-basic.yml b/.github/workflows/cli-resources-compute-cluster-basic.yml index 651fd92afd..be7fcbd796 100644 --- a/.github/workflows/cli-resources-compute-cluster-basic.yml +++ b/.github/workflows/cli-resources-compute-cluster-basic.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-resources-compute-cluster-basic.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-resources-compute-cluster-location.yml b/.github/workflows/cli-resources-compute-cluster-location.yml index 23e8d00758..c250048979 100644 --- a/.github/workflows/cli-resources-compute-cluster-location.yml +++ b/.github/workflows/cli-resources-compute-cluster-location.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-resources-compute-cluster-location.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-resources-compute-cluster-low-priority.yml b/.github/workflows/cli-resources-compute-cluster-low-priority.yml index f74641c974..9a461d5f68 100644 --- a/.github/workflows/cli-resources-compute-cluster-low-priority.yml +++ b/.github/workflows/cli-resources-compute-cluster-low-priority.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-resources-compute-cluster-low-priority.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-resources-compute-cluster-minimal.yml b/.github/workflows/cli-resources-compute-cluster-minimal.yml index 0dae8f1470..db53634140 100644 --- a/.github/workflows/cli-resources-compute-cluster-minimal.yml +++ b/.github/workflows/cli-resources-compute-cluster-minimal.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-resources-compute-cluster-minimal.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-resources-compute-cluster-ssh-password.yml b/.github/workflows/cli-resources-compute-cluster-ssh-password.yml index 4a582756f4..171818f282 100644 --- a/.github/workflows/cli-resources-compute-cluster-ssh-password.yml +++ b/.github/workflows/cli-resources-compute-cluster-ssh-password.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-resources-compute-cluster-ssh-password.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-resources-compute-cluster-system-identity.yml b/.github/workflows/cli-resources-compute-cluster-system-identity.yml index 7349eb1509..05c991c471 100644 --- a/.github/workflows/cli-resources-compute-cluster-system-identity.yml +++ b/.github/workflows/cli-resources-compute-cluster-system-identity.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-resources-compute-cluster-system-identity.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-responsible-ai-cli-responsibleaidashboard-housing-classification-cli-responsibleaidashboard-housing-classification.yml b/.github/workflows/cli-responsible-ai-cli-responsibleaidashboard-housing-classification-cli-responsibleaidashboard-housing-classification.yml index 1b0162d312..37da0ff6ee 100644 --- a/.github/workflows/cli-responsible-ai-cli-responsibleaidashboard-housing-classification-cli-responsibleaidashboard-housing-classification.yml +++ b/.github/workflows/cli-responsible-ai-cli-responsibleaidashboard-housing-classification-cli-responsibleaidashboard-housing-classification.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-responsible-ai-cli-responsibleaidashboard-housing-classification-cli-responsibleaidashboard-housing-classification.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-responsible-ai-cli-responsibleaidashboard-programmer-regression-cli-responsibleaidashboard-programmer-regression.yml b/.github/workflows/cli-responsible-ai-cli-responsibleaidashboard-programmer-regression-cli-responsibleaidashboard-programmer-regression.yml index 237838ddfa..01578c166c 100644 --- a/.github/workflows/cli-responsible-ai-cli-responsibleaidashboard-programmer-regression-cli-responsibleaidashboard-programmer-regression.yml +++ b/.github/workflows/cli-responsible-ai-cli-responsibleaidashboard-programmer-regression-cli-responsibleaidashboard-programmer-regression.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-responsible-ai-cli-responsibleaidashboard-programmer-regression-cli-responsibleaidashboard-programmer-regression.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-schedules-schedules-cron-job-schedule.yml b/.github/workflows/cli-schedules-schedules-cron-job-schedule.yml index 5ecd9ed2cd..70b585603e 100644 --- a/.github/workflows/cli-schedules-schedules-cron-job-schedule.yml +++ b/.github/workflows/cli-schedules-schedules-cron-job-schedule.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-schedules-schedules-cron-job-schedule.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-schedules-schedules-cron-with-settings-job-schedule.yml b/.github/workflows/cli-schedules-schedules-cron-with-settings-job-schedule.yml index 266ae7da62..eb989a256e 100644 --- a/.github/workflows/cli-schedules-schedules-cron-with-settings-job-schedule.yml +++ b/.github/workflows/cli-schedules-schedules-cron-with-settings-job-schedule.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-schedules-schedules-cron-with-settings-job-schedule.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-schedules-schedules-recurrence-job-schedule.yml b/.github/workflows/cli-schedules-schedules-recurrence-job-schedule.yml index 350b6739bd..a89ede9857 100644 --- a/.github/workflows/cli-schedules-schedules-recurrence-job-schedule.yml +++ b/.github/workflows/cli-schedules-schedules-recurrence-job-schedule.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-schedules-schedules-recurrence-job-schedule.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-batch-score-rest.yml b/.github/workflows/cli-scripts-batch-score-rest.yml index a29366de0c..17ba73ca69 100644 --- a/.github/workflows/cli-scripts-batch-score-rest.yml +++ b/.github/workflows/cli-scripts-batch-score-rest.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-batch-score-rest.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-batch-score.yml b/.github/workflows/cli-scripts-batch-score.yml index 02ad643e03..3822f1f964 100644 --- a/.github/workflows/cli-scripts-batch-score.yml +++ b/.github/workflows/cli-scripts-batch-score.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-batch-score.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-custom-container-minimal-multimodel.yml b/.github/workflows/cli-scripts-deploy-custom-container-minimal-multimodel.yml index a14bdbc3cc..5b6b9d8a2f 100644 --- a/.github/workflows/cli-scripts-deploy-custom-container-minimal-multimodel.yml +++ b/.github/workflows/cli-scripts-deploy-custom-container-minimal-multimodel.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-custom-container-minimal-multimodel.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-custom-container-minimal-single-model.yml b/.github/workflows/cli-scripts-deploy-custom-container-minimal-single-model.yml index 7ee7acd818..38283060fd 100644 --- a/.github/workflows/cli-scripts-deploy-custom-container-minimal-single-model.yml +++ b/.github/workflows/cli-scripts-deploy-custom-container-minimal-single-model.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-custom-container-minimal-single-model.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-custom-container-mlflow-multideployment-scikit.yml b/.github/workflows/cli-scripts-deploy-custom-container-mlflow-multideployment-scikit.yml index 24169c7961..4bc2889ddd 100644 --- a/.github/workflows/cli-scripts-deploy-custom-container-mlflow-multideployment-scikit.yml +++ b/.github/workflows/cli-scripts-deploy-custom-container-mlflow-multideployment-scikit.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-custom-container-mlflow-multideployment-scikit.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-custom-container-r-multimodel-plumber.yml b/.github/workflows/cli-scripts-deploy-custom-container-r-multimodel-plumber.yml index c3e83b280a..778f28e55e 100644 --- a/.github/workflows/cli-scripts-deploy-custom-container-r-multimodel-plumber.yml +++ b/.github/workflows/cli-scripts-deploy-custom-container-r-multimodel-plumber.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-custom-container-r-multimodel-plumber.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-custom-container-tfserving-half-plus-two-integrated.yml b/.github/workflows/cli-scripts-deploy-custom-container-tfserving-half-plus-two-integrated.yml index 0c97c67eb5..e830681592 100644 --- a/.github/workflows/cli-scripts-deploy-custom-container-tfserving-half-plus-two-integrated.yml +++ b/.github/workflows/cli-scripts-deploy-custom-container-tfserving-half-plus-two-integrated.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-custom-container-tfserving-half-plus-two-integrated.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-custom-container-tfserving-half-plus-two.yml b/.github/workflows/cli-scripts-deploy-custom-container-tfserving-half-plus-two.yml index d673764097..25faf116cf 100644 --- a/.github/workflows/cli-scripts-deploy-custom-container-tfserving-half-plus-two.yml +++ b/.github/workflows/cli-scripts-deploy-custom-container-tfserving-half-plus-two.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-custom-container-tfserving-half-plus-two.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-custom-container-torchserve-densenet.yml b/.github/workflows/cli-scripts-deploy-custom-container-torchserve-densenet.yml index 9be2f19071..27000bce47 100644 --- a/.github/workflows/cli-scripts-deploy-custom-container-torchserve-densenet.yml +++ b/.github/workflows/cli-scripts-deploy-custom-container-torchserve-densenet.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-custom-container-torchserve-densenet.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-custom-container-torchserve-huggingface-textgen.yml b/.github/workflows/cli-scripts-deploy-custom-container-torchserve-huggingface-textgen.yml index a5e12c3250..0253e6d579 100644 --- a/.github/workflows/cli-scripts-deploy-custom-container-torchserve-huggingface-textgen.yml +++ b/.github/workflows/cli-scripts-deploy-custom-container-torchserve-huggingface-textgen.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-custom-container-torchserve-huggingface-textgen.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-custom-container-triton-single-model.yml b/.github/workflows/cli-scripts-deploy-custom-container-triton-single-model.yml index 65b06f9d54..20ac678528 100644 --- a/.github/workflows/cli-scripts-deploy-custom-container-triton-single-model.yml +++ b/.github/workflows/cli-scripts-deploy-custom-container-triton-single-model.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-custom-container-triton-single-model.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-local-endpoint.yml b/.github/workflows/cli-scripts-deploy-local-endpoint.yml index ec5d487ffc..4a2473028e 100644 --- a/.github/workflows/cli-scripts-deploy-local-endpoint.yml +++ b/.github/workflows/cli-scripts-deploy-local-endpoint.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-local-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-managed-online-endpoint-access-resource-sai.yml b/.github/workflows/cli-scripts-deploy-managed-online-endpoint-access-resource-sai.yml index 362af12cca..40cac03f2e 100644 --- a/.github/workflows/cli-scripts-deploy-managed-online-endpoint-access-resource-sai.yml +++ b/.github/workflows/cli-scripts-deploy-managed-online-endpoint-access-resource-sai.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-managed-online-endpoint-access-resource-sai.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-managed-online-endpoint-access-resource-uai.yml b/.github/workflows/cli-scripts-deploy-managed-online-endpoint-access-resource-uai.yml index fe02639885..ff6112d519 100644 --- a/.github/workflows/cli-scripts-deploy-managed-online-endpoint-access-resource-uai.yml +++ b/.github/workflows/cli-scripts-deploy-managed-online-endpoint-access-resource-uai.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-managed-online-endpoint-access-resource-uai.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-managed-online-endpoint-ncd.yml b/.github/workflows/cli-scripts-deploy-managed-online-endpoint-ncd.yml index e15e34a9bd..ad61a4b66a 100644 --- a/.github/workflows/cli-scripts-deploy-managed-online-endpoint-ncd.yml +++ b/.github/workflows/cli-scripts-deploy-managed-online-endpoint-ncd.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-managed-online-endpoint-ncd.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-managed-online-endpoint.yml b/.github/workflows/cli-scripts-deploy-managed-online-endpoint.yml index 7a5dff362a..f066846159 100644 --- a/.github/workflows/cli-scripts-deploy-managed-online-endpoint.yml +++ b/.github/workflows/cli-scripts-deploy-managed-online-endpoint.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-managed-online-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-mlcompute-create_with-system-identity.yml b/.github/workflows/cli-scripts-deploy-mlcompute-create_with-system-identity.yml index 16df4dbb88..da5d652e79 100644 --- a/.github/workflows/cli-scripts-deploy-mlcompute-create_with-system-identity.yml +++ b/.github/workflows/cli-scripts-deploy-mlcompute-create_with-system-identity.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-mlcompute-create_with-system-identity.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-mlcompute-update-to-system-identity.yml b/.github/workflows/cli-scripts-deploy-mlcompute-update-to-system-identity.yml index 1528c7cc5e..cab8930dd7 100644 --- a/.github/workflows/cli-scripts-deploy-mlcompute-update-to-system-identity.yml +++ b/.github/workflows/cli-scripts-deploy-mlcompute-update-to-system-identity.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-mlcompute-update-to-system-identity.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-mlcompute-update-to-user-identity.yml b/.github/workflows/cli-scripts-deploy-mlcompute-update-to-user-identity.yml index 3bcab97e9e..38ad0ea5e7 100644 --- a/.github/workflows/cli-scripts-deploy-mlcompute-update-to-user-identity.yml +++ b/.github/workflows/cli-scripts-deploy-mlcompute-update-to-user-identity.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-mlcompute-update-to-user-identity.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-moe-autoscale.yml b/.github/workflows/cli-scripts-deploy-moe-autoscale.yml index e89bfc0118..6a10813cfd 100644 --- a/.github/workflows/cli-scripts-deploy-moe-autoscale.yml +++ b/.github/workflows/cli-scripts-deploy-moe-autoscale.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-moe-autoscale.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-moe-binary-payloads.yml b/.github/workflows/cli-scripts-deploy-moe-binary-payloads.yml index 181be83a40..5616b310f7 100644 --- a/.github/workflows/cli-scripts-deploy-moe-binary-payloads.yml +++ b/.github/workflows/cli-scripts-deploy-moe-binary-payloads.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-moe-binary-payloads.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-moe-inference-schema.yml b/.github/workflows/cli-scripts-deploy-moe-inference-schema.yml index 3a787f99e3..9843ab4929 100644 --- a/.github/workflows/cli-scripts-deploy-moe-inference-schema.yml +++ b/.github/workflows/cli-scripts-deploy-moe-inference-schema.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-moe-inference-schema.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-moe-keyvault.yml b/.github/workflows/cli-scripts-deploy-moe-keyvault.yml index 0e766c1264..6dee139480 100644 --- a/.github/workflows/cli-scripts-deploy-moe-keyvault.yml +++ b/.github/workflows/cli-scripts-deploy-moe-keyvault.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-moe-keyvault.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-moe-minimal-single-model-registered.yml b/.github/workflows/cli-scripts-deploy-moe-minimal-single-model-registered.yml index 31648ed7c1..25de8f893b 100644 --- a/.github/workflows/cli-scripts-deploy-moe-minimal-single-model-registered.yml +++ b/.github/workflows/cli-scripts-deploy-moe-minimal-single-model-registered.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-moe-minimal-single-model-registered.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-moe-openapi.yml b/.github/workflows/cli-scripts-deploy-moe-openapi.yml index 1b618e685a..3c9b74fc3c 100644 --- a/.github/workflows/cli-scripts-deploy-moe-openapi.yml +++ b/.github/workflows/cli-scripts-deploy-moe-openapi.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-moe-openapi.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-moe-vnet-mlflow.yml b/.github/workflows/cli-scripts-deploy-moe-vnet-mlflow.yml index 0d56eb6fa8..2e1e1fd930 100644 --- a/.github/workflows/cli-scripts-deploy-moe-vnet-mlflow.yml +++ b/.github/workflows/cli-scripts-deploy-moe-vnet-mlflow.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-moe-vnet-mlflow.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-moe-vnet.yml b/.github/workflows/cli-scripts-deploy-moe-vnet.yml index b02367a91f..870c13aff4 100644 --- a/.github/workflows/cli-scripts-deploy-moe-vnet.yml +++ b/.github/workflows/cli-scripts-deploy-moe-vnet.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-moe-vnet.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-rest.yml b/.github/workflows/cli-scripts-deploy-rest.yml index ffabc1ad04..ade7de9fa9 100644 --- a/.github/workflows/cli-scripts-deploy-rest.yml +++ b/.github/workflows/cli-scripts-deploy-rest.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-rest.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-safe-rollout-kubernetes-online-endpoints.yml b/.github/workflows/cli-scripts-deploy-safe-rollout-kubernetes-online-endpoints.yml index 2aeb9f3295..c3c9a604fd 100644 --- a/.github/workflows/cli-scripts-deploy-safe-rollout-kubernetes-online-endpoints.yml +++ b/.github/workflows/cli-scripts-deploy-safe-rollout-kubernetes-online-endpoints.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-safe-rollout-kubernetes-online-endpoints.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-safe-rollout-online-endpoints.yml b/.github/workflows/cli-scripts-deploy-safe-rollout-online-endpoints.yml index 927a11b9e4..82a0da68ae 100644 --- a/.github/workflows/cli-scripts-deploy-safe-rollout-online-endpoints.yml +++ b/.github/workflows/cli-scripts-deploy-safe-rollout-online-endpoints.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-safe-rollout-online-endpoints.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-triton-managed-online-endpoint.yml b/.github/workflows/cli-scripts-deploy-triton-managed-online-endpoint.yml index 2fca4e9f90..97799e28a8 100644 --- a/.github/workflows/cli-scripts-deploy-triton-managed-online-endpoint.yml +++ b/.github/workflows/cli-scripts-deploy-triton-managed-online-endpoint.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-triton-managed-online-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-misc.yml b/.github/workflows/cli-scripts-misc.yml index b91b794e9a..44e17e2d93 100644 --- a/.github/workflows/cli-scripts-misc.yml +++ b/.github/workflows/cli-scripts-misc.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-misc.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-mlflow-uri.yml b/.github/workflows/cli-scripts-mlflow-uri.yml index e13ebe910f..50e92fb772 100644 --- a/.github/workflows/cli-scripts-mlflow-uri.yml +++ b/.github/workflows/cli-scripts-mlflow-uri.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-mlflow-uri.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-train-rest.yml b/.github/workflows/cli-scripts-train-rest.yml index 26d144c5ab..da5663b81a 100644 --- a/.github/workflows/cli-scripts-train-rest.yml +++ b/.github/workflows/cli-scripts-train-rest.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-train-rest.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-train.yml b/.github/workflows/cli-scripts-train.yml index 9859a8b5d4..f74f070228 100644 --- a/.github/workflows/cli-scripts-train.yml +++ b/.github/workflows/cli-scripts-train.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-train.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/nyc_taxi_data_regression-env_train.yml b/.github/workflows/nyc_taxi_data_regression-env_train.yml index 04643ab58b..20fd7eac0f 100644 --- a/.github/workflows/nyc_taxi_data_regression-env_train.yml +++ b/.github/workflows/nyc_taxi_data_regression-env_train.yml @@ -12,6 +12,8 @@ on: - infra/bootstrapping/** - .github/workflows/nyc_taxi_data_regression-env_train.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -24,7 +26,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/sdk-assets-assets-in-registry-share-data-using-registry.yml b/.github/workflows/sdk-assets-assets-in-registry-share-data-using-registry.yml index 29f634eed8..124530b58c 100644 --- a/.github/workflows/sdk-assets-assets-in-registry-share-data-using-registry.yml +++ b/.github/workflows/sdk-assets-assets-in-registry-share-data-using-registry.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-assets-assets-in-registry-share-models-components-environments.yml b/.github/workflows/sdk-assets-assets-in-registry-share-models-components-environments.yml index 55cffbc99c..bf8ee786db 100644 --- a/.github/workflows/sdk-assets-assets-in-registry-share-models-components-environments.yml +++ b/.github/workflows/sdk-assets-assets-in-registry-share-models-components-environments.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-assets-component-component.yml b/.github/workflows/sdk-assets-component-component.yml index 932ab23f50..6cf1e508a5 100644 --- a/.github/workflows/sdk-assets-component-component.yml +++ b/.github/workflows/sdk-assets-component-component.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-assets-data-data.yml b/.github/workflows/sdk-assets-data-data.yml index 80e238d775..2f78d0c167 100644 --- a/.github/workflows/sdk-assets-data-data.yml +++ b/.github/workflows/sdk-assets-data-data.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-assets-data-working_with_mltable.yml b/.github/workflows/sdk-assets-data-working_with_mltable.yml index 4e845df023..99d21a68a2 100644 --- a/.github/workflows/sdk-assets-data-working_with_mltable.yml +++ b/.github/workflows/sdk-assets-data-working_with_mltable.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-assets-environment-environment.yml b/.github/workflows/sdk-assets-environment-environment.yml index e4e2b13796..23ce5006b5 100644 --- a/.github/workflows/sdk-assets-environment-environment.yml +++ b/.github/workflows/sdk-assets-environment-environment.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-assets-model-model.yml b/.github/workflows/sdk-assets-model-model.yml index afb45bc227..f6a3739b8d 100644 --- a/.github/workflows/sdk-assets-model-model.yml +++ b/.github/workflows/sdk-assets-model-model.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-batch-deploy-models-custom-outputs-parquet-custom-output-batch.yml b/.github/workflows/sdk-endpoints-batch-deploy-models-custom-outputs-parquet-custom-output-batch.yml index 7993aaac04..b1ddc62d5b 100644 --- a/.github/workflows/sdk-endpoints-batch-deploy-models-custom-outputs-parquet-custom-output-batch.yml +++ b/.github/workflows/sdk-endpoints-batch-deploy-models-custom-outputs-parquet-custom-output-batch.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-batch-deploy-models-heart-classifier-mlflow-mlflow-for-batch-tabular.yml b/.github/workflows/sdk-endpoints-batch-deploy-models-heart-classifier-mlflow-mlflow-for-batch-tabular.yml index d658c27fc3..ff0b2f6022 100644 --- a/.github/workflows/sdk-endpoints-batch-deploy-models-heart-classifier-mlflow-mlflow-for-batch-tabular.yml +++ b/.github/workflows/sdk-endpoints-batch-deploy-models-heart-classifier-mlflow-mlflow-for-batch-tabular.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-batch-deploy-models-huggingface-text-summarization-text-summarization-batch.yml b/.github/workflows/sdk-endpoints-batch-deploy-models-huggingface-text-summarization-text-summarization-batch.yml index f5cc3b7559..fb63ac7721 100644 --- a/.github/workflows/sdk-endpoints-batch-deploy-models-huggingface-text-summarization-text-summarization-batch.yml +++ b/.github/workflows/sdk-endpoints-batch-deploy-models-huggingface-text-summarization-text-summarization-batch.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-batch-deploy-models-imagenet-classifier-imagenet-classifier-batch.yml b/.github/workflows/sdk-endpoints-batch-deploy-models-imagenet-classifier-imagenet-classifier-batch.yml index 607d3e08f8..12eb8c7a05 100644 --- a/.github/workflows/sdk-endpoints-batch-deploy-models-imagenet-classifier-imagenet-classifier-batch.yml +++ b/.github/workflows/sdk-endpoints-batch-deploy-models-imagenet-classifier-imagenet-classifier-batch.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-batch-deploy-models-imagenet-classifier-imagenet-classifier-mlflow.yml b/.github/workflows/sdk-endpoints-batch-deploy-models-imagenet-classifier-imagenet-classifier-mlflow.yml index 96701dfc9d..0f5155354e 100644 --- a/.github/workflows/sdk-endpoints-batch-deploy-models-imagenet-classifier-imagenet-classifier-mlflow.yml +++ b/.github/workflows/sdk-endpoints-batch-deploy-models-imagenet-classifier-imagenet-classifier-mlflow.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-batch-deploy-models-mnist-classifier-mnist-batch.yml b/.github/workflows/sdk-endpoints-batch-deploy-models-mnist-classifier-mnist-batch.yml index e32f3a8c18..730e7297d8 100644 --- a/.github/workflows/sdk-endpoints-batch-deploy-models-mnist-classifier-mnist-batch.yml +++ b/.github/workflows/sdk-endpoints-batch-deploy-models-mnist-classifier-mnist-batch.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-batch-deploy-pipelines-batch-scoring-with-preprocessing-sdk-deploy-and-test.yml b/.github/workflows/sdk-endpoints-batch-deploy-pipelines-batch-scoring-with-preprocessing-sdk-deploy-and-test.yml index 98870aa204..10a2e3cdd1 100644 --- a/.github/workflows/sdk-endpoints-batch-deploy-pipelines-batch-scoring-with-preprocessing-sdk-deploy-and-test.yml +++ b/.github/workflows/sdk-endpoints-batch-deploy-pipelines-batch-scoring-with-preprocessing-sdk-deploy-and-test.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-batch-deploy-pipelines-hello-batch-sdk-deploy-and-test.yml b/.github/workflows/sdk-endpoints-batch-deploy-pipelines-hello-batch-sdk-deploy-and-test.yml index 15b860cd75..d5b55f3542 100644 --- a/.github/workflows/sdk-endpoints-batch-deploy-pipelines-hello-batch-sdk-deploy-and-test.yml +++ b/.github/workflows/sdk-endpoints-batch-deploy-pipelines-hello-batch-sdk-deploy-and-test.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-batch-deploy-pipelines-training-with-components-sdk-deploy-and-test.yml b/.github/workflows/sdk-endpoints-batch-deploy-pipelines-training-with-components-sdk-deploy-and-test.yml index 12046d4ef5..f7d91a75eb 100644 --- a/.github/workflows/sdk-endpoints-batch-deploy-pipelines-training-with-components-sdk-deploy-and-test.yml +++ b/.github/workflows/sdk-endpoints-batch-deploy-pipelines-training-with-components-sdk-deploy-and-test.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-custom-container-online-endpoints-custom-container-multimodel.yml b/.github/workflows/sdk-endpoints-online-custom-container-online-endpoints-custom-container-multimodel.yml index 34e76ee42f..c3256b31ae 100644 --- a/.github/workflows/sdk-endpoints-online-custom-container-online-endpoints-custom-container-multimodel.yml +++ b/.github/workflows/sdk-endpoints-online-custom-container-online-endpoints-custom-container-multimodel.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-custom-container-online-endpoints-custom-container.yml b/.github/workflows/sdk-endpoints-online-custom-container-online-endpoints-custom-container.yml index 4edbb96c57..ab56570533 100644 --- a/.github/workflows/sdk-endpoints-online-custom-container-online-endpoints-custom-container.yml +++ b/.github/workflows/sdk-endpoints-online-custom-container-online-endpoints-custom-container.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-custom-container-triton-online-endpoints-triton-cc.yml b/.github/workflows/sdk-endpoints-online-custom-container-triton-online-endpoints-triton-cc.yml index 1bfd57e787..53a5d8c57e 100644 --- a/.github/workflows/sdk-endpoints-online-custom-container-triton-online-endpoints-triton-cc.yml +++ b/.github/workflows/sdk-endpoints-online-custom-container-triton-online-endpoints-triton-cc.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-kubernetes-kubernetes-online-endpoints-safe-rollout.yml b/.github/workflows/sdk-endpoints-online-kubernetes-kubernetes-online-endpoints-safe-rollout.yml index 09d4bfd4c9..7a71a15494 100644 --- a/.github/workflows/sdk-endpoints-online-kubernetes-kubernetes-online-endpoints-safe-rollout.yml +++ b/.github/workflows/sdk-endpoints-online-kubernetes-kubernetes-online-endpoints-safe-rollout.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-kubernetes-kubernetes-online-endpoints-simple-deployment.yml b/.github/workflows/sdk-endpoints-online-kubernetes-kubernetes-online-endpoints-simple-deployment.yml index 858a43045d..0a06ca2327 100644 --- a/.github/workflows/sdk-endpoints-online-kubernetes-kubernetes-online-endpoints-simple-deployment.yml +++ b/.github/workflows/sdk-endpoints-online-kubernetes-kubernetes-online-endpoints-simple-deployment.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-llm-langchain-1_langchain_basic_deploy.yml b/.github/workflows/sdk-endpoints-online-llm-langchain-1_langchain_basic_deploy.yml index 85c256cf82..d6f67aeb83 100644 --- a/.github/workflows/sdk-endpoints-online-llm-langchain-1_langchain_basic_deploy.yml +++ b/.github/workflows/sdk-endpoints-online-llm-langchain-1_langchain_basic_deploy.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-llm-semantic-kernel-1_semantic_http_server.yml b/.github/workflows/sdk-endpoints-online-llm-semantic-kernel-1_semantic_http_server.yml index 68a8e8c9bc..46f4ff4de0 100644 --- a/.github/workflows/sdk-endpoints-online-llm-semantic-kernel-1_semantic_http_server.yml +++ b/.github/workflows/sdk-endpoints-online-llm-semantic-kernel-1_semantic_http_server.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-managed-managed-identities-online-endpoints-managed-identity-sai.yml b/.github/workflows/sdk-endpoints-online-managed-managed-identities-online-endpoints-managed-identity-sai.yml index fa789fa504..b13f7f483f 100644 --- a/.github/workflows/sdk-endpoints-online-managed-managed-identities-online-endpoints-managed-identity-sai.yml +++ b/.github/workflows/sdk-endpoints-online-managed-managed-identities-online-endpoints-managed-identity-sai.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-managed-managed-identities-online-endpoints-managed-identity-uai.yml b/.github/workflows/sdk-endpoints-online-managed-managed-identities-online-endpoints-managed-identity-uai.yml index 41941ce7c8..a219bb43d8 100644 --- a/.github/workflows/sdk-endpoints-online-managed-managed-identities-online-endpoints-managed-identity-uai.yml +++ b/.github/workflows/sdk-endpoints-online-managed-managed-identities-online-endpoints-managed-identity-uai.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-managed-online-endpoints-binary-payloads.yml b/.github/workflows/sdk-endpoints-online-managed-online-endpoints-binary-payloads.yml index 684b22b727..b5f45403e7 100644 --- a/.github/workflows/sdk-endpoints-online-managed-online-endpoints-binary-payloads.yml +++ b/.github/workflows/sdk-endpoints-online-managed-online-endpoints-binary-payloads.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-managed-online-endpoints-inference-schema.yml b/.github/workflows/sdk-endpoints-online-managed-online-endpoints-inference-schema.yml index e8a7d81cb3..29d15edb5c 100644 --- a/.github/workflows/sdk-endpoints-online-managed-online-endpoints-inference-schema.yml +++ b/.github/workflows/sdk-endpoints-online-managed-online-endpoints-inference-schema.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-managed-online-endpoints-keyvault.yml b/.github/workflows/sdk-endpoints-online-managed-online-endpoints-keyvault.yml index c061acc3d4..c2d28df086 100644 --- a/.github/workflows/sdk-endpoints-online-managed-online-endpoints-keyvault.yml +++ b/.github/workflows/sdk-endpoints-online-managed-online-endpoints-keyvault.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-managed-online-endpoints-multimodel.yml b/.github/workflows/sdk-endpoints-online-managed-online-endpoints-multimodel.yml index 78eedab945..cb09962f5e 100644 --- a/.github/workflows/sdk-endpoints-online-managed-online-endpoints-multimodel.yml +++ b/.github/workflows/sdk-endpoints-online-managed-online-endpoints-multimodel.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-managed-online-endpoints-openapi.yml b/.github/workflows/sdk-endpoints-online-managed-online-endpoints-openapi.yml index 969b979fa9..6245cd7452 100644 --- a/.github/workflows/sdk-endpoints-online-managed-online-endpoints-openapi.yml +++ b/.github/workflows/sdk-endpoints-online-managed-online-endpoints-openapi.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-managed-online-endpoints-safe-rollout.yml b/.github/workflows/sdk-endpoints-online-managed-online-endpoints-safe-rollout.yml index 065782c5c2..d204773b56 100644 --- a/.github/workflows/sdk-endpoints-online-managed-online-endpoints-safe-rollout.yml +++ b/.github/workflows/sdk-endpoints-online-managed-online-endpoints-safe-rollout.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-managed-online-endpoints-simple-deployment.yml b/.github/workflows/sdk-endpoints-online-managed-online-endpoints-simple-deployment.yml index 1d1e7570ac..b6bf3e68aa 100644 --- a/.github/workflows/sdk-endpoints-online-managed-online-endpoints-simple-deployment.yml +++ b/.github/workflows/sdk-endpoints-online-managed-online-endpoints-simple-deployment.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-mlflow-online-endpoints-deploy-mlflow-model-with-script.yml b/.github/workflows/sdk-endpoints-online-mlflow-online-endpoints-deploy-mlflow-model-with-script.yml index afcdd13dfb..7c8f712cc3 100644 --- a/.github/workflows/sdk-endpoints-online-mlflow-online-endpoints-deploy-mlflow-model-with-script.yml +++ b/.github/workflows/sdk-endpoints-online-mlflow-online-endpoints-deploy-mlflow-model-with-script.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-mlflow-online-endpoints-deploy-mlflow-model.yml b/.github/workflows/sdk-endpoints-online-mlflow-online-endpoints-deploy-mlflow-model.yml index 010c301493..3e3c22e212 100644 --- a/.github/workflows/sdk-endpoints-online-mlflow-online-endpoints-deploy-mlflow-model.yml +++ b/.github/workflows/sdk-endpoints-online-mlflow-online-endpoints-deploy-mlflow-model.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-triton-single-model-online-endpoints-triton.yml b/.github/workflows/sdk-endpoints-online-triton-single-model-online-endpoints-triton.yml index 6776e31edc..da71665e5d 100644 --- a/.github/workflows/sdk-endpoints-online-triton-single-model-online-endpoints-triton.yml +++ b/.github/workflows/sdk-endpoints-online-triton-single-model-online-endpoints-triton.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-featurestore_sample-automation-test-test_featurestore_cli_samples.yml b/.github/workflows/sdk-featurestore_sample-automation-test-test_featurestore_cli_samples.yml index 282ed8a7dc..82b97da710 100644 --- a/.github/workflows/sdk-featurestore_sample-automation-test-test_featurestore_cli_samples.yml +++ b/.github/workflows/sdk-featurestore_sample-automation-test-test_featurestore_cli_samples.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh - sdk/python/featurestore_sample/** +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-featurestore_sample-automation-test-test_featurestore_sdk_samples.yml b/.github/workflows/sdk-featurestore_sample-automation-test-test_featurestore_sdk_samples.yml index 44d952db6b..221981fc21 100644 --- a/.github/workflows/sdk-featurestore_sample-automation-test-test_featurestore_sdk_samples.yml +++ b/.github/workflows/sdk-featurestore_sample-automation-test-test_featurestore_sdk_samples.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh - sdk/python/featurestore_sample/** +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-featurestore_sample-automation-test-test_featurestore_vnet_samples.yml b/.github/workflows/sdk-featurestore_sample-automation-test-test_featurestore_vnet_samples.yml index 45b1ea3dab..c44ee8685d 100644 --- a/.github/workflows/sdk-featurestore_sample-automation-test-test_featurestore_vnet_samples.yml +++ b/.github/workflows/sdk-featurestore_sample-automation-test-test_featurestore_vnet_samples.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh - sdk/python/featurestore_sample/** +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-foundation-models-azure_openai-oai-v1-openai_completions_finetune.yml b/.github/workflows/sdk-foundation-models-azure_openai-oai-v1-openai_completions_finetune.yml index 60e4da9348..01a3dd3e73 100644 --- a/.github/workflows/sdk-foundation-models-azure_openai-oai-v1-openai_completions_finetune.yml +++ b/.github/workflows/sdk-foundation-models-azure_openai-oai-v1-openai_completions_finetune.yml @@ -1,81 +1,85 @@ -# This code is autogenerated. -# Code is generated by running custom script: python3 readme.py -# Any manual changes to this file may cause incorrect behavior. -# Any manual changes will be overwritten if the code is regenerated. - -name: sdk-foundation-models-azure_openai-oai-v1-openai_completions_finetune -# This file is created by sdk/python/readme.py. -# Please do not edit directly. -on: - workflow_dispatch: - schedule: - - cron: "23 2/12 * * *" - pull_request: - branches: - - main - paths: - - sdk/python/foundation-models/azure_openai/oai-v1/** - - .github/workflows/sdk-foundation-models-azure_openai-oai-v1-openai_completions_finetune.yml - - sdk/python/dev-requirements.txt - - infra/bootstrapping/** - - sdk/python/setup.sh - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true -jobs: - build: - runs-on: ubuntu-latest - steps: - - name: check out repo - uses: actions/checkout@v2 - - name: setup python - uses: actions/setup-python@v2 - with: - python-version: "3.10" - - name: pip install notebook reqs - run: pip install -r sdk/python/dev-requirements.txt - - name: azure login - uses: azure/login@v1 - with: - creds: ${{secrets.AZUREML_CREDENTIALS}} - - name: bootstrap resources - run: | - echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; - bash bootstrap.sh - working-directory: infra/bootstrapping - continue-on-error: false - - name: setup SDK - run: | - source "${{ github.workspace }}/infra/bootstrapping/sdk_helpers.sh"; - source "${{ github.workspace }}/infra/bootstrapping/init_environment.sh"; - bash setup.sh - working-directory: sdk/python - continue-on-error: true - - name: validate readme - run: | - python check-readme.py "${{ github.workspace }}/sdk/python/foundation-models/azure_openai/oai-v1" - working-directory: infra/bootstrapping - continue-on-error: false - - name: setup-cli - run: | - source "${{ github.workspace }}/infra/bootstrapping/sdk_helpers.sh"; - source "${{ github.workspace }}/infra/bootstrapping/init_environment.sh"; - bash setup.sh - working-directory: cli - continue-on-error: true - - name: run foundation-models/azure_openai/oai-v1/openai_completions_finetune.ipynb - run: | - source "${{ github.workspace }}/infra/bootstrapping/sdk_helpers.sh"; - source "${{ github.workspace }}/infra/bootstrapping/init_environment.sh"; - bash "${{ github.workspace }}/infra/bootstrapping/sdk_helpers.sh" generate_workspace_config "../../.azureml/config.json"; - bash "${{ github.workspace }}/infra/bootstrapping/sdk_helpers.sh" replace_template_values "openai_completions_finetune.ipynb"; - [ -f "../../.azureml/config" ] && cat "../../.azureml/config"; - papermill -k python openai_completions_finetune.ipynb openai_completions_finetune.output.ipynb - working-directory: sdk/python/foundation-models/azure_openai/oai-v1 - - name: upload notebook's working folder as an artifact - if: ${{ always() }} - uses: actions/upload-artifact@v2 - with: - name: openai_completions_finetune - path: sdk/python/foundation-models/azure_openai/oai-v1 +# This code is autogenerated. +# Code is generated by running custom script: python3 readme.py +# Any manual changes to this file may cause incorrect behavior. +# Any manual changes will be overwritten if the code is regenerated. + +name: sdk-foundation-models-azure_openai-oai-v1-openai_completions_finetune +# This file is created by sdk/python/readme.py. +# Please do not edit directly. +on: + workflow_dispatch: + schedule: + - cron: "23 2/12 * * *" + pull_request: + branches: + - main + paths: + - sdk/python/foundation-models/azure_openai/oai-v1/** + - .github/workflows/sdk-foundation-models-azure_openai-oai-v1-openai_completions_finetune.yml + - sdk/python/dev-requirements.txt + - infra/bootstrapping/** + - sdk/python/setup.sh + +permissions: + id-token: write +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: check out repo + uses: actions/checkout@v2 + - name: setup python + uses: actions/setup-python@v2 + with: + python-version: "3.10" + - name: pip install notebook reqs + run: pip install -r sdk/python/dev-requirements.txt + - name: azure login + uses: azure/login@v1 + with: + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} + - name: bootstrap resources + run: | + echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; + bash bootstrap.sh + working-directory: infra/bootstrapping + continue-on-error: false + - name: setup SDK + run: | + source "${{ github.workspace }}/infra/bootstrapping/sdk_helpers.sh"; + source "${{ github.workspace }}/infra/bootstrapping/init_environment.sh"; + bash setup.sh + working-directory: sdk/python + continue-on-error: true + - name: validate readme + run: | + python check-readme.py "${{ github.workspace }}/sdk/python/foundation-models/azure_openai/oai-v1" + working-directory: infra/bootstrapping + continue-on-error: false + - name: setup-cli + run: | + source "${{ github.workspace }}/infra/bootstrapping/sdk_helpers.sh"; + source "${{ github.workspace }}/infra/bootstrapping/init_environment.sh"; + bash setup.sh + working-directory: cli + continue-on-error: true + - name: run foundation-models/azure_openai/oai-v1/openai_completions_finetune.ipynb + run: | + source "${{ github.workspace }}/infra/bootstrapping/sdk_helpers.sh"; + source "${{ github.workspace }}/infra/bootstrapping/init_environment.sh"; + bash "${{ github.workspace }}/infra/bootstrapping/sdk_helpers.sh" generate_workspace_config "../../.azureml/config.json"; + bash "${{ github.workspace }}/infra/bootstrapping/sdk_helpers.sh" replace_template_values "openai_completions_finetune.ipynb"; + [ -f "../../.azureml/config" ] && cat "../../.azureml/config"; + papermill -k python openai_completions_finetune.ipynb openai_completions_finetune.output.ipynb + working-directory: sdk/python/foundation-models/azure_openai/oai-v1 + - name: upload notebook's working folder as an artifact + if: ${{ always() }} + uses: actions/upload-artifact@v2 + with: + name: openai_completions_finetune + path: sdk/python/foundation-models/azure_openai/oai-v1 diff --git a/.github/workflows/sdk-foundation-models-huggingface-inference-question-answering-question-answering-online-endpoint.yml b/.github/workflows/sdk-foundation-models-huggingface-inference-question-answering-question-answering-online-endpoint.yml index 8608732add..dd655a4013 100644 --- a/.github/workflows/sdk-foundation-models-huggingface-inference-question-answering-question-answering-online-endpoint.yml +++ b/.github/workflows/sdk-foundation-models-huggingface-inference-question-answering-question-answering-online-endpoint.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-foundation-models-huggingface-inference-token-classification-token-classification-online-endpoint.yml b/.github/workflows/sdk-foundation-models-huggingface-inference-token-classification-token-classification-online-endpoint.yml index 52b700a9cc..d0748187ee 100644 --- a/.github/workflows/sdk-foundation-models-huggingface-inference-token-classification-token-classification-online-endpoint.yml +++ b/.github/workflows/sdk-foundation-models-huggingface-inference-token-classification-token-classification-online-endpoint.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-foundation-models-huggingface-inference-translation-translation-online-endpoint.yml b/.github/workflows/sdk-foundation-models-huggingface-inference-translation-translation-online-endpoint.yml index 062d163548..71139ace4a 100644 --- a/.github/workflows/sdk-foundation-models-huggingface-inference-translation-translation-online-endpoint.yml +++ b/.github/workflows/sdk-foundation-models-huggingface-inference-translation-translation-online-endpoint.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-foundation-models-huggingface-inference-zero-shot-classification-zero-shot-classification-online-endpoint.yml b/.github/workflows/sdk-foundation-models-huggingface-inference-zero-shot-classification-zero-shot-classification-online-endpoint.yml index b3355ea4ae..d09d2aa7bb 100644 --- a/.github/workflows/sdk-foundation-models-huggingface-inference-zero-shot-classification-zero-shot-classification-online-endpoint.yml +++ b/.github/workflows/sdk-foundation-models-huggingface-inference-zero-shot-classification-zero-shot-classification-online-endpoint.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-foundation-models-system-import-import_model_into_registry.yml b/.github/workflows/sdk-foundation-models-system-import-import_model_into_registry.yml index 529c5962be..8f252be20e 100644 --- a/.github/workflows/sdk-foundation-models-system-import-import_model_into_registry.yml +++ b/.github/workflows/sdk-foundation-models-system-import-import_model_into_registry.yml @@ -22,6 +22,8 @@ on: env: MMDETECTION_MODEL_ID: None MMDETECTION_TASK_NAME: image-object-detection +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-foundation-models-system-import-import_model_into_registry_new_model.yml b/.github/workflows/sdk-foundation-models-system-import-import_model_into_registry_new_model.yml index 5549122363..889c0496a2 100644 --- a/.github/workflows/sdk-foundation-models-system-import-import_model_into_registry_new_model.yml +++ b/.github/workflows/sdk-foundation-models-system-import-import_model_into_registry_new_model.yml @@ -19,6 +19,8 @@ env: TASK_NAME: fill-mask MMDETECTION_MODEL_ID: None MMDETECTION_TASK_NAME: image-object-detection +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -37,7 +39,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-foundation-models-system-import-import_model_into_registry_new_model_image_tasks.yml b/.github/workflows/sdk-foundation-models-system-import-import_model_into_registry_new_model_image_tasks.yml index 56ed98d402..34a7bd0775 100644 --- a/.github/workflows/sdk-foundation-models-system-import-import_model_into_registry_new_model_image_tasks.yml +++ b/.github/workflows/sdk-foundation-models-system-import-import_model_into_registry_new_model_image_tasks.yml @@ -19,6 +19,8 @@ env: TASK_NAME: image-classification MMDETECTION_MODEL_ID: faster-rcnn_r50_fpn_1x_coco MMDETECTION_TASK_NAME: image-object-detection +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -37,7 +39,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-classification-task-bankmarketing-automl-classification-task-bankmarketing.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-classification-task-bankmarketing-automl-classification-task-bankmarketing.yml index 8aa802df94..b375ad55a3 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-classification-task-bankmarketing-automl-classification-task-bankmarketing.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-classification-task-bankmarketing-automl-classification-task-bankmarketing.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-distributed-tcn-automl-forecasting-distributed-tcn.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-distributed-tcn-automl-forecasting-distributed-tcn.yml index 9377b5366a..d730213c62 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-distributed-tcn-automl-forecasting-distributed-tcn.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-distributed-tcn-automl-forecasting-distributed-tcn.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-github-dau-auto-ml-forecasting-github-dau.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-github-dau-auto-ml-forecasting-github-dau.yml index e255e0480f..53218a2d12 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-github-dau-auto-ml-forecasting-github-dau.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-github-dau-auto-ml-forecasting-github-dau.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -42,7 +44,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-orange-juice-sales-automl-forecasting-orange-juice-sales-mlflow.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-orange-juice-sales-automl-forecasting-orange-juice-sales-mlflow.yml index 4fdc85fa13..0ceb7abba6 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-orange-juice-sales-automl-forecasting-orange-juice-sales-mlflow.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-orange-juice-sales-automl-forecasting-orange-juice-sales-mlflow.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -42,7 +44,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-recipes-univariate-automl-forecasting-recipe-univariate-experiment-settings.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-recipes-univariate-automl-forecasting-recipe-univariate-experiment-settings.yml index 0c545f9b6b..c6557a9f49 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-recipes-univariate-automl-forecasting-recipe-univariate-experiment-settings.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-recipes-univariate-automl-forecasting-recipe-univariate-experiment-settings.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-recipes-univariate-automl-forecasting-recipe-univariate-run.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-recipes-univariate-automl-forecasting-recipe-univariate-run.yml index 81a2fb914f..3c30da273b 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-recipes-univariate-automl-forecasting-recipe-univariate-run.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-recipes-univariate-automl-forecasting-recipe-univariate-run.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -42,7 +44,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-task-bike-share-auto-ml-forecasting-bike-share.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-task-bike-share-auto-ml-forecasting-bike-share.yml index 18df38dcf4..ff9d4f6126 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-task-bike-share-auto-ml-forecasting-bike-share.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-task-bike-share-auto-ml-forecasting-bike-share.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -42,7 +44,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-task-energy-demand-automl-forecasting-task-energy-demand-advanced-mlflow.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-task-energy-demand-automl-forecasting-task-energy-demand-advanced-mlflow.yml index dbb589d19e..519338f0b3 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-task-energy-demand-automl-forecasting-task-energy-demand-advanced-mlflow.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-task-energy-demand-automl-forecasting-task-energy-demand-advanced-mlflow.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -42,7 +44,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-task-energy-demand-automl-forecasting-task-energy-demand-advanced.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-task-energy-demand-automl-forecasting-task-energy-demand-advanced.yml index 6d5229e87e..9600db284d 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-task-energy-demand-automl-forecasting-task-energy-demand-advanced.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-task-energy-demand-automl-forecasting-task-energy-demand-advanced.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-classification-multiclass-task-fridge-items-automl-image-classification-multiclass-task-fridge-items.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-classification-multiclass-task-fridge-items-automl-image-classification-multiclass-task-fridge-items.yml index d6efd0446d..5efd856263 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-classification-multiclass-task-fridge-items-automl-image-classification-multiclass-task-fridge-items.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-classification-multiclass-task-fridge-items-automl-image-classification-multiclass-task-fridge-items.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-classification-multilabel-task-fridge-items-automl-image-classification-multilabel-task-fridge-items.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-classification-multilabel-task-fridge-items-automl-image-classification-multilabel-task-fridge-items.yml index ca45e17b8f..34e2e711fd 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-classification-multilabel-task-fridge-items-automl-image-classification-multilabel-task-fridge-items.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-classification-multilabel-task-fridge-items-automl-image-classification-multilabel-task-fridge-items.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-instance-segmentation-task-fridge-items-automl-image-instance-segmentation-task-fridge-items.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-instance-segmentation-task-fridge-items-automl-image-instance-segmentation-task-fridge-items.yml index dfcfea0b0f..04b8dd9d82 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-instance-segmentation-task-fridge-items-automl-image-instance-segmentation-task-fridge-items.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-instance-segmentation-task-fridge-items-automl-image-instance-segmentation-task-fridge-items.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-object-detection-task-fridge-items-automl-image-object-detection-task-fridge-items.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-object-detection-task-fridge-items-automl-image-object-detection-task-fridge-items.yml index 3e1418aa76..1bbee42cfd 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-object-detection-task-fridge-items-automl-image-object-detection-task-fridge-items.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-object-detection-task-fridge-items-automl-image-object-detection-task-fridge-items.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-object-detection-task-fridge-items-batch-scoring-image-object-detection-batch-scoring-non-mlflow-model.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-object-detection-task-fridge-items-batch-scoring-image-object-detection-batch-scoring-non-mlflow-model.yml index 628f6fec30..36aa3eb583 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-object-detection-task-fridge-items-batch-scoring-image-object-detection-batch-scoring-non-mlflow-model.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-object-detection-task-fridge-items-batch-scoring-image-object-detection-batch-scoring-non-mlflow-model.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-classification-multiclass-task-sentiment-analysis-automl-nlp-multiclass-sentiment-mlflow.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-classification-multiclass-task-sentiment-analysis-automl-nlp-multiclass-sentiment-mlflow.yml index 387a457dff..f182196bb0 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-classification-multiclass-task-sentiment-analysis-automl-nlp-multiclass-sentiment-mlflow.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-classification-multiclass-task-sentiment-analysis-automl-nlp-multiclass-sentiment-mlflow.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-classification-multiclass-task-sentiment-analysis-automl-nlp-multiclass-sentiment.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-classification-multiclass-task-sentiment-analysis-automl-nlp-multiclass-sentiment.yml index 20a8dfcdb1..f383339bf6 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-classification-multiclass-task-sentiment-analysis-automl-nlp-multiclass-sentiment.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-classification-multiclass-task-sentiment-analysis-automl-nlp-multiclass-sentiment.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-classification-multilabel-task-paper-categorization-automl-nlp-multilabel-paper-cat.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-classification-multilabel-task-paper-categorization-automl-nlp-multilabel-paper-cat.yml index af14f8f24a..bbc8af96dd 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-classification-multilabel-task-paper-categorization-automl-nlp-multilabel-paper-cat.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-classification-multilabel-task-paper-categorization-automl-nlp-multilabel-paper-cat.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-named-entity-recognition-task-automl-nlp-text-ner-task.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-named-entity-recognition-task-automl-nlp-text-ner-task.yml index 038ed5dc2f..43ff702d96 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-named-entity-recognition-task-automl-nlp-text-ner-task.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-named-entity-recognition-task-automl-nlp-text-ner-task.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-named-entity-recognition-task-distributed-sweeping-automl-nlp-text-ner-task-distributed-with-sweeping.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-named-entity-recognition-task-distributed-sweeping-automl-nlp-text-ner-task-distributed-with-sweeping.yml index 8e27ee19f0..dbc233196a 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-named-entity-recognition-task-distributed-sweeping-automl-nlp-text-ner-task-distributed-with-sweeping.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-named-entity-recognition-task-distributed-sweeping-automl-nlp-text-ner-task-distributed-with-sweeping.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-regression-task-hardware-performance-automl-regression-task-hardware-performance.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-regression-task-hardware-performance-automl-regression-task-hardware-performance.yml index 230a20b9d7..753488836c 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-regression-task-hardware-performance-automl-regression-task-hardware-performance.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-regression-task-hardware-performance-automl-regression-task-hardware-performance.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-configuration.yml b/.github/workflows/sdk-jobs-configuration.yml index 51fd9e9277..59b0cce749 100644 --- a/.github/workflows/sdk-jobs-configuration.yml +++ b/.github/workflows/sdk-jobs-configuration.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-parallel-1a_oj_sales_prediction-oj_sales_prediction.yml b/.github/workflows/sdk-jobs-parallel-1a_oj_sales_prediction-oj_sales_prediction.yml index 7f924686cd..69a0c4bbc5 100644 --- a/.github/workflows/sdk-jobs-parallel-1a_oj_sales_prediction-oj_sales_prediction.yml +++ b/.github/workflows/sdk-jobs-parallel-1a_oj_sales_prediction-oj_sales_prediction.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-parallel-2a_iris_batch_prediction-iris_batch_prediction.yml b/.github/workflows/sdk-jobs-parallel-2a_iris_batch_prediction-iris_batch_prediction.yml index 7a2bf45d01..f4dd96b080 100644 --- a/.github/workflows/sdk-jobs-parallel-2a_iris_batch_prediction-iris_batch_prediction.yml +++ b/.github/workflows/sdk-jobs-parallel-2a_iris_batch_prediction-iris_batch_prediction.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-parallel-3a_mnist_batch_identification-mnist_batch_prediction.yml b/.github/workflows/sdk-jobs-parallel-3a_mnist_batch_identification-mnist_batch_prediction.yml index f185918a82..e12ea597da 100644 --- a/.github/workflows/sdk-jobs-parallel-3a_mnist_batch_identification-mnist_batch_prediction.yml +++ b/.github/workflows/sdk-jobs-parallel-3a_mnist_batch_identification-mnist_batch_prediction.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1a_pipeline_with_components_from_yaml-pipeline_with_components_from_yaml.yml b/.github/workflows/sdk-jobs-pipelines-1a_pipeline_with_components_from_yaml-pipeline_with_components_from_yaml.yml index 242cdb608a..8d775a73e0 100644 --- a/.github/workflows/sdk-jobs-pipelines-1a_pipeline_with_components_from_yaml-pipeline_with_components_from_yaml.yml +++ b/.github/workflows/sdk-jobs-pipelines-1a_pipeline_with_components_from_yaml-pipeline_with_components_from_yaml.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1b_pipeline_with_python_function_components-pipeline_with_python_function_components.yml b/.github/workflows/sdk-jobs-pipelines-1b_pipeline_with_python_function_components-pipeline_with_python_function_components.yml index cafb955d2e..3f7a15d6e8 100644 --- a/.github/workflows/sdk-jobs-pipelines-1b_pipeline_with_python_function_components-pipeline_with_python_function_components.yml +++ b/.github/workflows/sdk-jobs-pipelines-1b_pipeline_with_python_function_components-pipeline_with_python_function_components.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1c_pipeline_with_hyperparameter_sweep-pipeline_with_hyperparameter_sweep.yml b/.github/workflows/sdk-jobs-pipelines-1c_pipeline_with_hyperparameter_sweep-pipeline_with_hyperparameter_sweep.yml index 29df8585cd..364ce3f829 100644 --- a/.github/workflows/sdk-jobs-pipelines-1c_pipeline_with_hyperparameter_sweep-pipeline_with_hyperparameter_sweep.yml +++ b/.github/workflows/sdk-jobs-pipelines-1c_pipeline_with_hyperparameter_sweep-pipeline_with_hyperparameter_sweep.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1d_pipeline_with_non_python_components-pipeline_with_non_python_components.yml b/.github/workflows/sdk-jobs-pipelines-1d_pipeline_with_non_python_components-pipeline_with_non_python_components.yml index d2440ffb96..17ca99201c 100644 --- a/.github/workflows/sdk-jobs-pipelines-1d_pipeline_with_non_python_components-pipeline_with_non_python_components.yml +++ b/.github/workflows/sdk-jobs-pipelines-1d_pipeline_with_non_python_components-pipeline_with_non_python_components.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1e_pipeline_with_registered_components-pipeline_with_registered_components.yml b/.github/workflows/sdk-jobs-pipelines-1e_pipeline_with_registered_components-pipeline_with_registered_components.yml index 3c565dab45..376692be41 100644 --- a/.github/workflows/sdk-jobs-pipelines-1e_pipeline_with_registered_components-pipeline_with_registered_components.yml +++ b/.github/workflows/sdk-jobs-pipelines-1e_pipeline_with_registered_components-pipeline_with_registered_components.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1g_pipeline_with_parallel_nodes-pipeline_with_parallel_nodes.yml b/.github/workflows/sdk-jobs-pipelines-1g_pipeline_with_parallel_nodes-pipeline_with_parallel_nodes.yml index 7a59fab5cd..c51e7ba8e8 100644 --- a/.github/workflows/sdk-jobs-pipelines-1g_pipeline_with_parallel_nodes-pipeline_with_parallel_nodes.yml +++ b/.github/workflows/sdk-jobs-pipelines-1g_pipeline_with_parallel_nodes-pipeline_with_parallel_nodes.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-classification-bankmarketing-in-pipeline-automl-classification-bankmarketing-in-pipeline.yml b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-classification-bankmarketing-in-pipeline-automl-classification-bankmarketing-in-pipeline.yml index 8665b08b1d..695e424d6a 100644 --- a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-classification-bankmarketing-in-pipeline-automl-classification-bankmarketing-in-pipeline.yml +++ b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-classification-bankmarketing-in-pipeline-automl-classification-bankmarketing-in-pipeline.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-forecasting-in-pipeline-automl-forecasting-in-pipeline.yml b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-forecasting-in-pipeline-automl-forecasting-in-pipeline.yml index 40b7d0d4b4..7fc33d35e7 100644 --- a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-forecasting-in-pipeline-automl-forecasting-in-pipeline.yml +++ b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-forecasting-in-pipeline-automl-forecasting-in-pipeline.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-image-classification-multiclass-in-pipeline-automl-image-classification-multiclass-in-pipeline.yml b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-image-classification-multiclass-in-pipeline-automl-image-classification-multiclass-in-pipeline.yml index 2aaf9aaa3b..6141be3c53 100644 --- a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-image-classification-multiclass-in-pipeline-automl-image-classification-multiclass-in-pipeline.yml +++ b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-image-classification-multiclass-in-pipeline-automl-image-classification-multiclass-in-pipeline.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-image-classification-multilabel-in-pipeline-automl-image-classification-multilabel-in-pipeline.yml b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-image-classification-multilabel-in-pipeline-automl-image-classification-multilabel-in-pipeline.yml index 815e75fa76..ec1b779365 100644 --- a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-image-classification-multilabel-in-pipeline-automl-image-classification-multilabel-in-pipeline.yml +++ b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-image-classification-multilabel-in-pipeline-automl-image-classification-multilabel-in-pipeline.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-image-instance-segmentation-in-pipeline-automl-image-instance-segmentation-in-pipeline.yml b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-image-instance-segmentation-in-pipeline-automl-image-instance-segmentation-in-pipeline.yml index 6aa5dc5a6e..94c4e52996 100644 --- a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-image-instance-segmentation-in-pipeline-automl-image-instance-segmentation-in-pipeline.yml +++ b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-image-instance-segmentation-in-pipeline-automl-image-instance-segmentation-in-pipeline.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-image-object-detection-in-pipeline-automl-image-object-detection-in-pipeline.yml b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-image-object-detection-in-pipeline-automl-image-object-detection-in-pipeline.yml index e7d6711a98..ecbcfc67c0 100644 --- a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-image-object-detection-in-pipeline-automl-image-object-detection-in-pipeline.yml +++ b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-image-object-detection-in-pipeline-automl-image-object-detection-in-pipeline.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-regression-house-pricing-in-pipeline-automl-regression-house-pricing-in-pipeline.yml b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-regression-house-pricing-in-pipeline-automl-regression-house-pricing-in-pipeline.yml index 0e5cebd908..194f29b6ef 100644 --- a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-regression-house-pricing-in-pipeline-automl-regression-house-pricing-in-pipeline.yml +++ b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-regression-house-pricing-in-pipeline-automl-regression-house-pricing-in-pipeline.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-text-classification-in-pipeline-automl-text-classification-in-pipeline.yml b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-text-classification-in-pipeline-automl-text-classification-in-pipeline.yml index 0e8835af75..baacea8faa 100644 --- a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-text-classification-in-pipeline-automl-text-classification-in-pipeline.yml +++ b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-text-classification-in-pipeline-automl-text-classification-in-pipeline.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-text-classification-multilabel-in-pipeline-automl-text-classification-multilabel-in-pipeline.yml b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-text-classification-multilabel-in-pipeline-automl-text-classification-multilabel-in-pipeline.yml index ad9a417c85..315fe29e34 100644 --- a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-text-classification-multilabel-in-pipeline-automl-text-classification-multilabel-in-pipeline.yml +++ b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-text-classification-multilabel-in-pipeline-automl-text-classification-multilabel-in-pipeline.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-text-ner-named-entity-recognition-in-pipeline-automl-text-ner-named-entity-recognition-in-pipeline.yml b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-text-ner-named-entity-recognition-in-pipeline-automl-text-ner-named-entity-recognition-in-pipeline.yml index ac5a6357ec..0b36e88359 100644 --- a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-text-ner-named-entity-recognition-in-pipeline-automl-text-ner-named-entity-recognition-in-pipeline.yml +++ b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-text-ner-named-entity-recognition-in-pipeline-automl-text-ner-named-entity-recognition-in-pipeline.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1i_pipeline_with_spark_nodes-pipeline_with_spark_nodes.yml b/.github/workflows/sdk-jobs-pipelines-1i_pipeline_with_spark_nodes-pipeline_with_spark_nodes.yml index 5d08f0562a..78df61a195 100644 --- a/.github/workflows/sdk-jobs-pipelines-1i_pipeline_with_spark_nodes-pipeline_with_spark_nodes.yml +++ b/.github/workflows/sdk-jobs-pipelines-1i_pipeline_with_spark_nodes-pipeline_with_spark_nodes.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1j_pipeline_with_pipeline_component-nyc_taxi_data_regression_with_pipeline_component-nyc_taxi_data_regression_with_pipeline_component.yml b/.github/workflows/sdk-jobs-pipelines-1j_pipeline_with_pipeline_component-nyc_taxi_data_regression_with_pipeline_component-nyc_taxi_data_regression_with_pipeline_component.yml index 4b9e2052fe..7e37ad008a 100644 --- a/.github/workflows/sdk-jobs-pipelines-1j_pipeline_with_pipeline_component-nyc_taxi_data_regression_with_pipeline_component-nyc_taxi_data_regression_with_pipeline_component.yml +++ b/.github/workflows/sdk-jobs-pipelines-1j_pipeline_with_pipeline_component-nyc_taxi_data_regression_with_pipeline_component-nyc_taxi_data_regression_with_pipeline_component.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1j_pipeline_with_pipeline_component-pipeline_with_train_eval_pipeline_component-pipeline_with_train_eval_pipeline_component.yml b/.github/workflows/sdk-jobs-pipelines-1j_pipeline_with_pipeline_component-pipeline_with_train_eval_pipeline_component-pipeline_with_train_eval_pipeline_component.yml index bdbb420640..bc10f2a3ab 100644 --- a/.github/workflows/sdk-jobs-pipelines-1j_pipeline_with_pipeline_component-pipeline_with_train_eval_pipeline_component-pipeline_with_train_eval_pipeline_component.yml +++ b/.github/workflows/sdk-jobs-pipelines-1j_pipeline_with_pipeline_component-pipeline_with_train_eval_pipeline_component-pipeline_with_train_eval_pipeline_component.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1k_demand_forecasting_with_pipeline_components-automl-forecasting-demand-hierarchical-timesers-in-pipeline-automl-forecasting-demand-hts.yml b/.github/workflows/sdk-jobs-pipelines-1k_demand_forecasting_with_pipeline_components-automl-forecasting-demand-hierarchical-timesers-in-pipeline-automl-forecasting-demand-hts.yml index 52e7083ee8..3e041c6d20 100644 --- a/.github/workflows/sdk-jobs-pipelines-1k_demand_forecasting_with_pipeline_components-automl-forecasting-demand-hierarchical-timesers-in-pipeline-automl-forecasting-demand-hts.yml +++ b/.github/workflows/sdk-jobs-pipelines-1k_demand_forecasting_with_pipeline_components-automl-forecasting-demand-hierarchical-timesers-in-pipeline-automl-forecasting-demand-hts.yml @@ -19,6 +19,8 @@ on: - sdk/python/dev-requirements.txt - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -37,7 +39,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1k_demand_forecasting_with_pipeline_components-automl-forecasting-demand-many-models-in-pipeline-automl-forecasting-demand-many-models-in-pipeline.yml b/.github/workflows/sdk-jobs-pipelines-1k_demand_forecasting_with_pipeline_components-automl-forecasting-demand-many-models-in-pipeline-automl-forecasting-demand-many-models-in-pipeline.yml index 82cf4eb9ee..7cf86de7b7 100644 --- a/.github/workflows/sdk-jobs-pipelines-1k_demand_forecasting_with_pipeline_components-automl-forecasting-demand-many-models-in-pipeline-automl-forecasting-demand-many-models-in-pipeline.yml +++ b/.github/workflows/sdk-jobs-pipelines-1k_demand_forecasting_with_pipeline_components-automl-forecasting-demand-many-models-in-pipeline-automl-forecasting-demand-many-models-in-pipeline.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1l_flow_in_pipeline-flow_in_pipeline.yml b/.github/workflows/sdk-jobs-pipelines-1l_flow_in_pipeline-flow_in_pipeline.yml index 0e4ca14034..785611f7cc 100644 --- a/.github/workflows/sdk-jobs-pipelines-1l_flow_in_pipeline-flow_in_pipeline.yml +++ b/.github/workflows/sdk-jobs-pipelines-1l_flow_in_pipeline-flow_in_pipeline.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-2a_train_mnist_with_tensorflow-train_mnist_with_tensorflow.yml b/.github/workflows/sdk-jobs-pipelines-2a_train_mnist_with_tensorflow-train_mnist_with_tensorflow.yml index e0564926da..a3e1da3e81 100644 --- a/.github/workflows/sdk-jobs-pipelines-2a_train_mnist_with_tensorflow-train_mnist_with_tensorflow.yml +++ b/.github/workflows/sdk-jobs-pipelines-2a_train_mnist_with_tensorflow-train_mnist_with_tensorflow.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-2b_train_cifar_10_with_pytorch-train_cifar_10_with_pytorch.yml b/.github/workflows/sdk-jobs-pipelines-2b_train_cifar_10_with_pytorch-train_cifar_10_with_pytorch.yml index 2f626065cb..bac29401f7 100644 --- a/.github/workflows/sdk-jobs-pipelines-2b_train_cifar_10_with_pytorch-train_cifar_10_with_pytorch.yml +++ b/.github/workflows/sdk-jobs-pipelines-2b_train_cifar_10_with_pytorch-train_cifar_10_with_pytorch.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-2c_nyc_taxi_data_regression-nyc_taxi_data_regression.yml b/.github/workflows/sdk-jobs-pipelines-2c_nyc_taxi_data_regression-nyc_taxi_data_regression.yml index 2abfcfe3a5..b1a1b2aca3 100644 --- a/.github/workflows/sdk-jobs-pipelines-2c_nyc_taxi_data_regression-nyc_taxi_data_regression.yml +++ b/.github/workflows/sdk-jobs-pipelines-2c_nyc_taxi_data_regression-nyc_taxi_data_regression.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-2d_image_classification_with_densenet-image_classification_with_densenet.yml b/.github/workflows/sdk-jobs-pipelines-2d_image_classification_with_densenet-image_classification_with_densenet.yml index cc6e575e78..0ba6eeae5d 100644 --- a/.github/workflows/sdk-jobs-pipelines-2d_image_classification_with_densenet-image_classification_with_densenet.yml +++ b/.github/workflows/sdk-jobs-pipelines-2d_image_classification_with_densenet-image_classification_with_densenet.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-2e_image_classification_keras_minist_convnet-image_classification_keras_minist_convnet.yml b/.github/workflows/sdk-jobs-pipelines-2e_image_classification_keras_minist_convnet-image_classification_keras_minist_convnet.yml index 87226af6dd..0d330c4a38 100644 --- a/.github/workflows/sdk-jobs-pipelines-2e_image_classification_keras_minist_convnet-image_classification_keras_minist_convnet.yml +++ b/.github/workflows/sdk-jobs-pipelines-2e_image_classification_keras_minist_convnet-image_classification_keras_minist_convnet.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-single-step-debug-and-monitor-debug-and-monitor.yml b/.github/workflows/sdk-jobs-single-step-debug-and-monitor-debug-and-monitor.yml index dced9df140..c73672875b 100644 --- a/.github/workflows/sdk-jobs-single-step-debug-and-monitor-debug-and-monitor.yml +++ b/.github/workflows/sdk-jobs-single-step-debug-and-monitor-debug-and-monitor.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-single-step-lightgbm-iris-lightgbm-iris-sweep.yml b/.github/workflows/sdk-jobs-single-step-lightgbm-iris-lightgbm-iris-sweep.yml index 79c8131ec2..08dceb59be 100644 --- a/.github/workflows/sdk-jobs-single-step-lightgbm-iris-lightgbm-iris-sweep.yml +++ b/.github/workflows/sdk-jobs-single-step-lightgbm-iris-lightgbm-iris-sweep.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-single-step-pytorch-distributed-training-distributed-cifar10.yml b/.github/workflows/sdk-jobs-single-step-pytorch-distributed-training-distributed-cifar10.yml index c374acea09..1a225bced2 100644 --- a/.github/workflows/sdk-jobs-single-step-pytorch-distributed-training-distributed-cifar10.yml +++ b/.github/workflows/sdk-jobs-single-step-pytorch-distributed-training-distributed-cifar10.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-single-step-pytorch-distributed-training-yolov5-objectdetectionAzureML.yml b/.github/workflows/sdk-jobs-single-step-pytorch-distributed-training-yolov5-objectdetectionAzureML.yml index eee059c348..275d9566a4 100644 --- a/.github/workflows/sdk-jobs-single-step-pytorch-distributed-training-yolov5-objectdetectionAzureML.yml +++ b/.github/workflows/sdk-jobs-single-step-pytorch-distributed-training-yolov5-objectdetectionAzureML.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-single-step-pytorch-iris-pytorch-iris.yml b/.github/workflows/sdk-jobs-single-step-pytorch-iris-pytorch-iris.yml index c3c0771a0a..6773001971 100644 --- a/.github/workflows/sdk-jobs-single-step-pytorch-iris-pytorch-iris.yml +++ b/.github/workflows/sdk-jobs-single-step-pytorch-iris-pytorch-iris.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-single-step-pytorch-train-hyperparameter-tune-deploy-with-pytorch-train-hyperparameter-tune-deploy-with-pytorch.yml b/.github/workflows/sdk-jobs-single-step-pytorch-train-hyperparameter-tune-deploy-with-pytorch-train-hyperparameter-tune-deploy-with-pytorch.yml index ccad0103e9..a1782d96fb 100644 --- a/.github/workflows/sdk-jobs-single-step-pytorch-train-hyperparameter-tune-deploy-with-pytorch-train-hyperparameter-tune-deploy-with-pytorch.yml +++ b/.github/workflows/sdk-jobs-single-step-pytorch-train-hyperparameter-tune-deploy-with-pytorch-train-hyperparameter-tune-deploy-with-pytorch.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-single-step-r-accidents-accident-prediction.yml b/.github/workflows/sdk-jobs-single-step-r-accidents-accident-prediction.yml index 95ff65a150..84dfc0f17e 100644 --- a/.github/workflows/sdk-jobs-single-step-r-accidents-accident-prediction.yml +++ b/.github/workflows/sdk-jobs-single-step-r-accidents-accident-prediction.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-single-step-scikit-learn-diabetes-sklearn-diabetes.yml b/.github/workflows/sdk-jobs-single-step-scikit-learn-diabetes-sklearn-diabetes.yml index 3d8237c5a3..aad6bdf6da 100644 --- a/.github/workflows/sdk-jobs-single-step-scikit-learn-diabetes-sklearn-diabetes.yml +++ b/.github/workflows/sdk-jobs-single-step-scikit-learn-diabetes-sklearn-diabetes.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-single-step-scikit-learn-iris-iris-scikit-learn.yml b/.github/workflows/sdk-jobs-single-step-scikit-learn-iris-iris-scikit-learn.yml index 24bfedc108..54e63e3904 100644 --- a/.github/workflows/sdk-jobs-single-step-scikit-learn-iris-iris-scikit-learn.yml +++ b/.github/workflows/sdk-jobs-single-step-scikit-learn-iris-iris-scikit-learn.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-single-step-scikit-learn-mnist-sklearn-mnist.yml b/.github/workflows/sdk-jobs-single-step-scikit-learn-mnist-sklearn-mnist.yml index 6a376f4593..6a414550da 100644 --- a/.github/workflows/sdk-jobs-single-step-scikit-learn-mnist-sklearn-mnist.yml +++ b/.github/workflows/sdk-jobs-single-step-scikit-learn-mnist-sklearn-mnist.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-single-step-tensorflow-mnist-distributed-horovod-tensorflow-mnist-distributed-horovod.yml b/.github/workflows/sdk-jobs-single-step-tensorflow-mnist-distributed-horovod-tensorflow-mnist-distributed-horovod.yml index 46c5b28825..7773ec9d1e 100644 --- a/.github/workflows/sdk-jobs-single-step-tensorflow-mnist-distributed-horovod-tensorflow-mnist-distributed-horovod.yml +++ b/.github/workflows/sdk-jobs-single-step-tensorflow-mnist-distributed-horovod-tensorflow-mnist-distributed-horovod.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-single-step-tensorflow-mnist-distributed-tensorflow-mnist-distributed.yml b/.github/workflows/sdk-jobs-single-step-tensorflow-mnist-distributed-tensorflow-mnist-distributed.yml index aff322667e..648cb7461c 100644 --- a/.github/workflows/sdk-jobs-single-step-tensorflow-mnist-distributed-tensorflow-mnist-distributed.yml +++ b/.github/workflows/sdk-jobs-single-step-tensorflow-mnist-distributed-tensorflow-mnist-distributed.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-single-step-tensorflow-mnist-tensorflow-mnist.yml b/.github/workflows/sdk-jobs-single-step-tensorflow-mnist-tensorflow-mnist.yml index 7fbae73269..33b284cd13 100644 --- a/.github/workflows/sdk-jobs-single-step-tensorflow-mnist-tensorflow-mnist.yml +++ b/.github/workflows/sdk-jobs-single-step-tensorflow-mnist-tensorflow-mnist.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-spark-automation-run_interactive_session_notebook.yml b/.github/workflows/sdk-jobs-spark-automation-run_interactive_session_notebook.yml index 1c30bb836f..1ca88709e7 100644 --- a/.github/workflows/sdk-jobs-spark-automation-run_interactive_session_notebook.yml +++ b/.github/workflows/sdk-jobs-spark-automation-run_interactive_session_notebook.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-spark-submit_spark_pipeline_jobs.yml b/.github/workflows/sdk-jobs-spark-submit_spark_pipeline_jobs.yml index 7822b89a3e..3cb69be214 100644 --- a/.github/workflows/sdk-jobs-spark-submit_spark_pipeline_jobs.yml +++ b/.github/workflows/sdk-jobs-spark-submit_spark_pipeline_jobs.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-spark-submit_spark_standalone_jobs.yml b/.github/workflows/sdk-jobs-spark-submit_spark_standalone_jobs.yml index b59cc42286..e17ae3b372 100644 --- a/.github/workflows/sdk-jobs-spark-submit_spark_standalone_jobs.yml +++ b/.github/workflows/sdk-jobs-spark-submit_spark_standalone_jobs.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-spark-submit_spark_standalone_jobs_managed_vnet.yml b/.github/workflows/sdk-jobs-spark-submit_spark_standalone_jobs_managed_vnet.yml index 827b71c2ae..51b0f44be6 100644 --- a/.github/workflows/sdk-jobs-spark-submit_spark_standalone_jobs_managed_vnet.yml +++ b/.github/workflows/sdk-jobs-spark-submit_spark_standalone_jobs_managed_vnet.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-resources-compute-attach_manage_spark_pools.yml b/.github/workflows/sdk-resources-compute-attach_manage_spark_pools.yml index 847c15808c..6c7a1b214e 100644 --- a/.github/workflows/sdk-resources-compute-attach_manage_spark_pools.yml +++ b/.github/workflows/sdk-resources-compute-attach_manage_spark_pools.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-resources-compute-compute.yml b/.github/workflows/sdk-resources-compute-compute.yml index 432951bdf8..7d21f9e319 100644 --- a/.github/workflows/sdk-resources-compute-compute.yml +++ b/.github/workflows/sdk-resources-compute-compute.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-resources-connections-connections.yml b/.github/workflows/sdk-resources-connections-connections.yml index ed77871305..171b9a75a1 100644 --- a/.github/workflows/sdk-resources-connections-connections.yml +++ b/.github/workflows/sdk-resources-connections-connections.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-resources-registry-registry-create.yml b/.github/workflows/sdk-resources-registry-registry-create.yml index e2671c2bc0..6cff911162 100644 --- a/.github/workflows/sdk-resources-registry-registry-create.yml +++ b/.github/workflows/sdk-resources-registry-registry-create.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-resources-workspace-workspace.yml b/.github/workflows/sdk-resources-workspace-workspace.yml index 5ae2c0eb6c..68ad1f4eb8 100644 --- a/.github/workflows/sdk-resources-workspace-workspace.yml +++ b/.github/workflows/sdk-resources-workspace-workspace.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-mlflow-deployment-with-explanations-mlflow-deployment-with-explanations.yml b/.github/workflows/sdk-responsible-ai-mlflow-deployment-with-explanations-mlflow-deployment-with-explanations.yml index b43f17bf9d..86d9777acc 100644 --- a/.github/workflows/sdk-responsible-ai-mlflow-deployment-with-explanations-mlflow-deployment-with-explanations.yml +++ b/.github/workflows/sdk-responsible-ai-mlflow-deployment-with-explanations-mlflow-deployment-with-explanations.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-diabetes-decision-making-responsibleaidashboard-diabetes-decision-making.yml b/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-diabetes-decision-making-responsibleaidashboard-diabetes-decision-making.yml index 9b3c5e6339..f60786ba36 100644 --- a/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-diabetes-decision-making-responsibleaidashboard-diabetes-decision-making.yml +++ b/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-diabetes-decision-making-responsibleaidashboard-diabetes-decision-making.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-diabetes-regression-model-debugging-responsibleaidashboard-diabetes-regression-model-debugging.yml b/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-diabetes-regression-model-debugging-responsibleaidashboard-diabetes-regression-model-debugging.yml index 3a2137cf59..938212484a 100644 --- a/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-diabetes-regression-model-debugging-responsibleaidashboard-diabetes-regression-model-debugging.yml +++ b/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-diabetes-regression-model-debugging-responsibleaidashboard-diabetes-regression-model-debugging.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-education-student-attrition-classificaton-responsibleaidashboard-education-student-attrition-classificaton.yml b/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-education-student-attrition-classificaton-responsibleaidashboard-education-student-attrition-classificaton.yml index e046b707a7..126eae1876 100644 --- a/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-education-student-attrition-classificaton-responsibleaidashboard-education-student-attrition-classificaton.yml +++ b/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-education-student-attrition-classificaton-responsibleaidashboard-education-student-attrition-classificaton.yml @@ -19,6 +19,8 @@ on: - sdk/python/dev-requirements.txt - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -39,7 +41,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-finance-loan-classification-responsibleaidashboard-finance-loan-classification.yml b/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-finance-loan-classification-responsibleaidashboard-finance-loan-classification.yml index 213bbdc283..479e8fc5bc 100644 --- a/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-finance-loan-classification-responsibleaidashboard-finance-loan-classification.yml +++ b/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-finance-loan-classification-responsibleaidashboard-finance-loan-classification.yml @@ -19,6 +19,8 @@ on: - sdk/python/dev-requirements.txt - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -39,7 +41,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-healthcare-covid-classification-responsibleaidashboard-healthcare-covid-classification.yml b/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-healthcare-covid-classification-responsibleaidashboard-healthcare-covid-classification.yml index f0ddfec3ef..8960079639 100644 --- a/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-healthcare-covid-classification-responsibleaidashboard-healthcare-covid-classification.yml +++ b/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-healthcare-covid-classification-responsibleaidashboard-healthcare-covid-classification.yml @@ -19,6 +19,8 @@ on: - sdk/python/dev-requirements.txt - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -39,7 +41,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-housing-classification-model-debugging-responsibleaidashboard-housing-classification-model-debugging.yml b/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-housing-classification-model-debugging-responsibleaidashboard-housing-classification-model-debugging.yml index 663fac9bb6..3e136045b0 100644 --- a/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-housing-classification-model-debugging-responsibleaidashboard-housing-classification-model-debugging.yml +++ b/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-housing-classification-model-debugging-responsibleaidashboard-housing-classification-model-debugging.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-housing-decision-making-responsibleaidashboard-housing-decision-making.yml b/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-housing-decision-making-responsibleaidashboard-housing-decision-making.yml index 74e7c41f22..b04ef10ee9 100644 --- a/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-housing-decision-making-responsibleaidashboard-housing-decision-making.yml +++ b/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-housing-decision-making-responsibleaidashboard-housing-decision-making.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-programmer-regression-model-debugging-responsibleaidashboard-programmer-regression-model-debugging.yml b/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-programmer-regression-model-debugging-responsibleaidashboard-programmer-regression-model-debugging.yml index a34350f675..a1e62a4725 100644 --- a/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-programmer-regression-model-debugging-responsibleaidashboard-programmer-regression-model-debugging.yml +++ b/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-programmer-regression-model-debugging-responsibleaidashboard-programmer-regression-model-debugging.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-multilabel-text-classification-covid-events.yml b/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-multilabel-text-classification-covid-events.yml index bf7150c272..05d0885ad7 100644 --- a/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-multilabel-text-classification-covid-events.yml +++ b/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-multilabel-text-classification-covid-events.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-text-classification-DBPedia.yml b/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-text-classification-DBPedia.yml index 0d717b8ef8..4f1e30f399 100644 --- a/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-text-classification-DBPedia.yml +++ b/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-text-classification-DBPedia.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-text-classification-blbooksgenre.yml b/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-text-classification-blbooksgenre.yml index 1dfe6a658a..9f473f8e44 100644 --- a/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-text-classification-blbooksgenre.yml +++ b/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-text-classification-blbooksgenre.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-text-classification-financial-news-responsibleaidashboard-text-classification-financial-news.yml b/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-text-classification-financial-news-responsibleaidashboard-text-classification-financial-news.yml index 2f4f694041..adbcf712e2 100644 --- a/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-text-classification-financial-news-responsibleaidashboard-text-classification-financial-news.yml +++ b/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-text-classification-financial-news-responsibleaidashboard-text-classification-financial-news.yml @@ -19,6 +19,8 @@ on: - sdk/python/dev-requirements.txt - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -39,7 +41,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-text-question-answering-squad.yml b/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-text-question-answering-squad.yml index 03aa63af75..7b7fcb5cc7 100644 --- a/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-text-question-answering-squad.yml +++ b/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-text-question-answering-squad.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-automl-image-classification-fridge.yml b/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-automl-image-classification-fridge.yml index 37b6b004d7..245701ab0b 100644 --- a/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-automl-image-classification-fridge.yml +++ b/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-automl-image-classification-fridge.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-automl-object-detection-fridge-private-data.yml b/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-automl-object-detection-fridge-private-data.yml index bd06163e85..dd255c6d89 100644 --- a/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-automl-object-detection-fridge-private-data.yml +++ b/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-automl-object-detection-fridge-private-data.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-image-classification-fridge.yml b/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-image-classification-fridge.yml index 60f8838e1b..b13eba362d 100644 --- a/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-image-classification-fridge.yml +++ b/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-image-classification-fridge.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-image-flower-classification.yml b/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-image-flower-classification.yml index ce180664ae..ab2fc1ca59 100644 --- a/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-image-flower-classification.yml +++ b/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-image-flower-classification.yml @@ -19,6 +19,8 @@ on: - sdk/python/dev-requirements.txt - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -39,7 +41,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-image-multilabel-classification-fridge.yml b/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-image-multilabel-classification-fridge.yml index c1dc302dd3..83717a1152 100644 --- a/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-image-multilabel-classification-fridge.yml +++ b/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-image-multilabel-classification-fridge.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-object-detection-MSCOCO.yml b/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-object-detection-MSCOCO.yml index 9b20a64287..49f7a1a281 100644 --- a/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-object-detection-MSCOCO.yml +++ b/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-object-detection-MSCOCO.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-schedules-job-schedule.yml b/.github/workflows/sdk-schedules-job-schedule.yml index 611e6f7956..e1b4ab44dc 100644 --- a/.github/workflows/sdk-schedules-job-schedule.yml +++ b/.github/workflows/sdk-schedules-job-schedule.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-using-mltable-delimited-files-example-delimited-files-example.yml b/.github/workflows/sdk-using-mltable-delimited-files-example-delimited-files-example.yml index 87eaf1e7cc..32cff5ecb2 100644 --- a/.github/workflows/sdk-using-mltable-delimited-files-example-delimited-files-example.yml +++ b/.github/workflows/sdk-using-mltable-delimited-files-example-delimited-files-example.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-using-mltable-delta-lake-example-delta-lake-example.yml b/.github/workflows/sdk-using-mltable-delta-lake-example-delta-lake-example.yml index 42bad2f5be..54dc7164de 100644 --- a/.github/workflows/sdk-using-mltable-delta-lake-example-delta-lake-example.yml +++ b/.github/workflows/sdk-using-mltable-delta-lake-example-delta-lake-example.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-using-mltable-from-paths-example-from-paths-example.yml b/.github/workflows/sdk-using-mltable-from-paths-example-from-paths-example.yml index c37eb2deed..39f8f71962 100644 --- a/.github/workflows/sdk-using-mltable-from-paths-example-from-paths-example.yml +++ b/.github/workflows/sdk-using-mltable-from-paths-example-from-paths-example.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-using-mltable-local-to-cloud-mltable-local-to-cloud.yml b/.github/workflows/sdk-using-mltable-local-to-cloud-mltable-local-to-cloud.yml index 0c430ace50..9001210000 100644 --- a/.github/workflows/sdk-using-mltable-local-to-cloud-mltable-local-to-cloud.yml +++ b/.github/workflows/sdk-using-mltable-local-to-cloud-mltable-local-to-cloud.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-using-mltable-quickstart-mltable-quickstart.yml b/.github/workflows/sdk-using-mltable-quickstart-mltable-quickstart.yml index 95b98e0d47..0d9029cf04 100644 --- a/.github/workflows/sdk-using-mltable-quickstart-mltable-quickstart.yml +++ b/.github/workflows/sdk-using-mltable-quickstart-mltable-quickstart.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/tutorials-azureml-getting-started-azureml-getting-started-studio.yml b/.github/workflows/tutorials-azureml-getting-started-azureml-getting-started-studio.yml index 054d1ebe51..c4233c793a 100644 --- a/.github/workflows/tutorials-azureml-getting-started-azureml-getting-started-studio.yml +++ b/.github/workflows/tutorials-azureml-getting-started-azureml-getting-started-studio.yml @@ -19,6 +19,8 @@ on: - sdk/python/dev-requirements.txt - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -39,7 +41,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/tutorials-azureml-in-a-day-azureml-in-a-day.yml b/.github/workflows/tutorials-azureml-in-a-day-azureml-in-a-day.yml index c8388781cd..36bc2bd793 100644 --- a/.github/workflows/tutorials-azureml-in-a-day-azureml-in-a-day.yml +++ b/.github/workflows/tutorials-azureml-in-a-day-azureml-in-a-day.yml @@ -19,6 +19,8 @@ on: - sdk/python/dev-requirements.txt - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -39,7 +41,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/tutorials-e2e-distributed-pytorch-image-e2e-object-classification-distributed-pytorch.yml b/.github/workflows/tutorials-e2e-distributed-pytorch-image-e2e-object-classification-distributed-pytorch.yml index 84b4b575ca..fc67ac7eaf 100644 --- a/.github/workflows/tutorials-e2e-distributed-pytorch-image-e2e-object-classification-distributed-pytorch.yml +++ b/.github/workflows/tutorials-e2e-distributed-pytorch-image-e2e-object-classification-distributed-pytorch.yml @@ -19,6 +19,8 @@ on: - sdk/python/dev-requirements.txt - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -39,7 +41,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/tutorials-e2e-ds-experience-e2e-ml-workflow.yml b/.github/workflows/tutorials-e2e-ds-experience-e2e-ml-workflow.yml index 570719987d..7acb7d5812 100644 --- a/.github/workflows/tutorials-e2e-ds-experience-e2e-ml-workflow.yml +++ b/.github/workflows/tutorials-e2e-ds-experience-e2e-ml-workflow.yml @@ -19,6 +19,8 @@ on: - sdk/python/dev-requirements.txt - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -39,7 +41,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/tutorials-get-started-notebooks-cloud-workstation.yml b/.github/workflows/tutorials-get-started-notebooks-cloud-workstation.yml index e41550b021..6363b8ce5b 100644 --- a/.github/workflows/tutorials-get-started-notebooks-cloud-workstation.yml +++ b/.github/workflows/tutorials-get-started-notebooks-cloud-workstation.yml @@ -19,6 +19,8 @@ on: - sdk/python/dev-requirements.txt - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -39,7 +41,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/tutorials-get-started-notebooks-deploy-model.yml b/.github/workflows/tutorials-get-started-notebooks-deploy-model.yml index 3804c68e00..d005a47fa3 100644 --- a/.github/workflows/tutorials-get-started-notebooks-deploy-model.yml +++ b/.github/workflows/tutorials-get-started-notebooks-deploy-model.yml @@ -19,6 +19,8 @@ on: - sdk/python/dev-requirements.txt - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -37,7 +39,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/tutorials-get-started-notebooks-explore-data.yml b/.github/workflows/tutorials-get-started-notebooks-explore-data.yml index 3a34e918ef..e9e781e15d 100644 --- a/.github/workflows/tutorials-get-started-notebooks-explore-data.yml +++ b/.github/workflows/tutorials-get-started-notebooks-explore-data.yml @@ -19,6 +19,8 @@ on: - sdk/python/dev-requirements.txt - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -37,7 +39,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/tutorials-get-started-notebooks-pipeline.yml b/.github/workflows/tutorials-get-started-notebooks-pipeline.yml index bd2d5ed7e7..9286c67d59 100644 --- a/.github/workflows/tutorials-get-started-notebooks-pipeline.yml +++ b/.github/workflows/tutorials-get-started-notebooks-pipeline.yml @@ -19,6 +19,8 @@ on: - sdk/python/dev-requirements.txt - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -39,7 +41,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/tutorials-get-started-notebooks-quickstart.yml b/.github/workflows/tutorials-get-started-notebooks-quickstart.yml index 0bbdce1271..9a76f1c6c8 100644 --- a/.github/workflows/tutorials-get-started-notebooks-quickstart.yml +++ b/.github/workflows/tutorials-get-started-notebooks-quickstart.yml @@ -19,6 +19,8 @@ on: - sdk/python/dev-requirements.txt - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -39,7 +41,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/tutorials-get-started-notebooks-train-model.yml b/.github/workflows/tutorials-get-started-notebooks-train-model.yml index e7f11246fd..7000b2becf 100644 --- a/.github/workflows/tutorials-get-started-notebooks-train-model.yml +++ b/.github/workflows/tutorials-get-started-notebooks-train-model.yml @@ -19,6 +19,8 @@ on: - sdk/python/dev-requirements.txt - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -39,7 +41,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/cli/readme.py b/cli/readme.py index dbda70f002..f536e8f891 100644 --- a/cli/readme.py +++ b/cli/readme.py @@ -52,7 +52,6 @@ \n# Code is generated by running custom script: python3 readme.py\ \n# Any manual changes to this file may cause incorrect behavior.\ \n# Any manual changes will be overwritten if the code is regenerated.\n" -CREDENTIALS = "${{secrets.AZUREML_CREDENTIALS}}" BRANCH = "main" # default - do not change # Duplicate name in working directory during checkout # https://github.com/actions/checkout/issues/739 @@ -422,7 +421,6 @@ def write_job_workflow(job): posix_project_dir = project_dir.replace(os.sep, "/") is_pipeline_sample = "jobs/pipelines" in job is_spark_sample = "jobs/spark" in job - creds = CREDENTIALS schedule_hour, schedule_minute = get_schedule_time(filename) # Duplicate name in working directory during checkout # https://github.com/actions/checkout/issues/739 @@ -444,6 +442,8 @@ def write_job_workflow(job): if is_spark_sample: workflow_yaml += " - cli/jobs/spark/data/titanic.csv\n" "" workflow_yaml += f""" - cli/setup.sh +permissions: + id-token: write concurrency: group: {GITHUB_CONCURRENCY_GROUP} cancel-in-progress: true @@ -456,7 +456,9 @@ def write_job_workflow(job): - name: azure login uses: azure/login@v1 with: - creds: {creds} + client-id: ${{{{ secrets.OIDC_AZURE_CLIENT_ID }}}} + tenant-id: ${{{{ secrets.OIDC_AZURE_TENANT_ID }}}} + subscription-id: ${{{{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }}}} - name: bootstrap resources run: | echo '{GITHUB_CONCURRENCY_GROUP}'; @@ -505,7 +507,6 @@ def write_job_using_registry_components_workflow(job): posix_project_dir = project_dir.replace(os.sep, "/") folder_name = project_dir.split(os.sep)[-1] is_pipeline_sample = "jobs/pipelines" in job - creds = CREDENTIALS schedule_hour, schedule_minute = get_schedule_time(filename) # Duplicate name in working directory during checkout # https://github.com/actions/checkout/issues/739 @@ -525,6 +526,8 @@ def write_job_using_registry_components_workflow(job): if is_pipeline_sample: workflow_yaml += " - cli/run-pipeline-jobs.sh\n" "" workflow_yaml += f""" - cli/setup.sh +permissions: + id-token: write concurrency: group: {GITHUB_CONCURRENCY_GROUP} cancel-in-progress: true @@ -537,7 +540,9 @@ def write_job_using_registry_components_workflow(job): - name: azure login uses: azure/login@v1 with: - creds: {creds} + client-id: ${{{{ secrets.OIDC_AZURE_CLIENT_ID }}}} + tenant-id: ${{{{ secrets.OIDC_AZURE_TENANT_ID }}}} + subscription-id: ${{{{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }}}} - name: bootstrap resources run: | echo '{GITHUB_CONCURRENCY_GROUP}'; @@ -588,7 +593,6 @@ def write_endpoint_workflow(endpoint): for deployment in deployments if not any(excluded in deployment for excluded in EXCLUDED_DEPLOYMENTS) ] - creds = CREDENTIALS schedule_hour, schedule_minute = get_schedule_time(filename) endpoint_type = ( "online" @@ -616,6 +620,8 @@ def write_endpoint_workflow(endpoint): - infra/bootstrapping/** - .github/workflows/cli-{hyphenated}.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: {GITHUB_CONCURRENCY_GROUP} cancel-in-progress: true @@ -628,7 +634,9 @@ def write_endpoint_workflow(endpoint): - name: azure login uses: azure/login@v1 with: - creds: {creds} + client-id: ${{{{ secrets.OIDC_AZURE_CLIENT_ID }}}} + tenant-id: ${{{{ secrets.OIDC_AZURE_TENANT_ID }}}} + subscription-id: ${{{{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }}}} - name: bootstrap resources run: | bash bootstrap.sh @@ -694,7 +702,6 @@ def write_asset_workflow(asset): filename, project_dir, hyphenated = parse_path(asset) project_dir = project_dir.replace(os.sep, "/") posix_asset = asset.replace(os.sep, "/") - creds = CREDENTIALS schedule_hour, schedule_minute = get_schedule_time(filename) workflow_yaml = f"""{READONLY_HEADER} name: cli-{hyphenated} @@ -710,6 +717,8 @@ def write_asset_workflow(asset): - infra/bootstrapping/** - .github/workflows/cli-{hyphenated}.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: {GITHUB_CONCURRENCY_GROUP} cancel-in-progress: true @@ -722,7 +731,9 @@ def write_asset_workflow(asset): - name: azure login uses: azure/login@v1 with: - creds: {creds} + client-id: ${{{{ secrets.OIDC_AZURE_CLIENT_ID }}}} + tenant-id: ${{{{ secrets.OIDC_AZURE_TENANT_ID }}}} + subscription-id: ${{{{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }}}} - name: bootstrap resources run: | bash bootstrapping/bootstrap.sh @@ -757,7 +768,6 @@ def write_asset_workflow(asset): def write_script_workflow(script): filename, project_dir, hyphenated = parse_path(script) project_dir = project_dir.replace(os.sep, "/") - creds = CREDENTIALS schedule_hour, schedule_minute = get_schedule_time(filename) workflow_yaml = f"""{READONLY_HEADER} name: cli-scripts-{hyphenated} @@ -773,6 +783,8 @@ def write_script_workflow(script): - infra/bootstrapping/** - .github/workflows/cli-scripts-{hyphenated}.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: {GITHUB_CONCURRENCY_GROUP} cancel-in-progress: true @@ -785,7 +797,9 @@ def write_script_workflow(script): - name: azure login uses: azure/login@v1 with: - creds: {creds} + client-id: ${{{{ secrets.OIDC_AZURE_CLIENT_ID }}}} + tenant-id: ${{{{ secrets.OIDC_AZURE_TENANT_ID }}}} + subscription-id: ${{{{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }}}} - name: bootstrap resources run: | bash bootstrap.sh @@ -819,7 +833,6 @@ def write_schedule_workflow(schedule): filename, project_dir, hyphenated = parse_path(schedule) project_dir = project_dir.replace(os.sep, "/") posix_schedule = schedule.replace(os.sep, "/") - creds = CREDENTIALS schedule_hour, schedule_minute = get_schedule_time(filename) workflow_yaml = f"""{READONLY_HEADER} name: cli-schedules-{hyphenated} @@ -835,6 +848,8 @@ def write_schedule_workflow(schedule): - infra/bootstrapping/** - .github/workflows/cli-schedules-{hyphenated}.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: {GITHUB_CONCURRENCY_GROUP} cancel-in-progress: true @@ -847,7 +862,9 @@ def write_schedule_workflow(schedule): - name: azure login uses: azure/login@v1 with: - creds: {creds} + client-id: ${{{{ secrets.OIDC_AZURE_CLIENT_ID }}}} + tenant-id: ${{{{ secrets.OIDC_AZURE_TENANT_ID }}}} + subscription-id: ${{{{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }}}} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/sdk/python/readme.py b/sdk/python/readme.py index a6f6c43dbe..b69b6316f9 100644 --- a/sdk/python/readme.py +++ b/sdk/python/readme.py @@ -199,7 +199,6 @@ def write_notebook_workflow( ) is_spark_notebook_sample = ("jobs-spark" in classification) or ("_spark_" in name) is_featurestore_sample = "featurestore_sample" in classification - creds = "${{secrets.AZUREML_CREDENTIALS}}" # Duplicate name in working directory during checkout # https://github.com/actions/checkout/issues/739 github_workspace = "${{ github.workspace }}" @@ -242,6 +241,8 @@ def write_notebook_workflow( if is_featurestore_sample: workflow_yaml += f""" - sdk/python/featurestore_sample/**""" workflow_yaml += f""" +permissions: + id-token: write concurrency: group: {GITHUB_CONCURRENCY_GROUP} cancel-in-progress: true @@ -260,7 +261,9 @@ def write_notebook_workflow( - name: azure login uses: azure/login@v1 with: - creds: {creds} + client-id: ${{{{ secrets.OIDC_AZURE_CLIENT_ID }}}} + tenant-id: ${{{{ secrets.OIDC_AZURE_TENANT_ID }}}} + subscription-id: ${{{{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }}}} - name: bootstrap resources run: | echo '{GITHUB_CONCURRENCY_GROUP}'; diff --git a/tutorials/readme.py b/tutorials/readme.py index 9ddddad240..3ff06978b1 100644 --- a/tutorials/readme.py +++ b/tutorials/readme.py @@ -111,7 +111,6 @@ def write_notebook_workflow( is_pipeline_notebook = ("jobs-pipelines" in classification) or ( "assets-component" in classification ) - creds = "${{secrets.AZUREML_CREDENTIALS}}" # Duplicate name in working directory during checkout # https://github.com/actions/checkout/issues/739 github_workspace = "${{ github.workspace }}" @@ -149,6 +148,8 @@ def write_notebook_workflow( - sdk/python/dev-requirements.txt - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: {GITHUB_CONCURRENCY_GROUP} cancel-in-progress: true @@ -167,7 +168,9 @@ def write_notebook_workflow( - name: azure login uses: azure/login@v1 with: - creds: {creds} + client-id: ${{{{ secrets.OIDC_AZURE_CLIENT_ID }}}} + tenant-id: ${{{{ secrets.OIDC_AZURE_TENANT_ID }}}} + subscription-id: ${{{{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }}}} - name: bootstrap resources run: | echo '{GITHUB_CONCURRENCY_GROUP}';