From 9be775a2f57cdcfaea1269dd7c5b6952af52ec39 Mon Sep 17 00:00:00 2001 From: kdestin <101366538+kdestin@users.noreply.github.com> Date: Wed, 19 Jun 2024 16:55:28 -0400 Subject: [PATCH] chore: Use OIDC to authenticate to Azure in Github Actions (#3253) * chore: Use federated credential in readme.py * chore: Update cli workflows to use federated credentials * chore: Update tutorial workflows to use federated credentials * chore: Update sdk workflows to use federated credentials * chore: Normalize line-ending for sdk-foundation-models-azure_openai-oai-v1-openai_completions_finetune.yml * chore: Use federated credentials in sdk-foundation-models-azure_openai-oai-v1-openai_completions_finetune.yml * chore: Update remaining workflows to use federated credentials --- .../workflows/automated-cleanup-resources.yml | 6 +- .github/workflows/bootstrapping-infra.yml | 6 +- .github/workflows/bootstrapping-resources.yml | 6 +- .../cli-assets-component-pipeline.yml | 6 +- .../workflows/cli-assets-component-train.yml | 6 +- .../cli-assets-data-cloud-file-https.yml | 6 +- .../cli-assets-data-cloud-file-wasbs.yml | 6 +- .../workflows/cli-assets-data-cloud-file.yml | 6 +- .../cli-assets-data-cloud-folder-https.yml | 6 +- .../cli-assets-data-cloud-folder.yml | 6 +- .../cli-assets-data-cloud-mltable.yml | 6 +- .../cli-assets-data-iris-csv-example.yml | 6 +- .../workflows/cli-assets-data-local-file.yml | 6 +- ...li-assets-data-local-folder-sampledata.yml | 6 +- .../cli-assets-data-local-folder.yml | 6 +- .../cli-assets-data-local-mltable.yml | 6 +- .../cli-assets-data-public-file-https.yml | 6 +- .../cli-assets-environment-docker-context.yml | 6 +- ...s-environment-docker-image-plus-conda.yaml | 6 +- .../cli-assets-environment-docker-image.yml | 6 +- .../workflows/cli-assets-model-local-file.yml | 6 +- .../cli-assets-model-local-mlflow.yml | 6 +- ...models-custom-outputs-parquet-endpoint.yml | 6 +- ...odels-heart-classifier-mlflow-endpoint.yml | 6 +- ...uggingface-text-summarization-endpoint.yml | 6 +- ...oy-models-imagenet-classifier-endpoint.yml | 6 +- ...eploy-models-mnist-classifier-endpoint.yml | 6 +- ...ch-scoring-with-preprocessing-endpoint.yml | 6 +- ...-deploy-pipelines-hello-batch-endpoint.yml | 6 +- ...ines-training-with-components-endpoint.yml | 6 +- ...multimodel-minimal-multimodel-endpoint.yml | 6 +- ...gle-model-conda-in-dockerfile-endpoint.yml | 6 +- ...le-model-minimal-single-model-endpoint.yml | 6 +- ...multideployment-scikit-mlflow-endpoint.yml | 6 +- ...tainer-r-multimodel-plumber-r-endpoint.yml | 6 +- ...orchserve-densenet-torchserve-endpoint.yml | 6 +- ...triton-single-model-triton-cc-endpoint.yml | 6 +- ...-online-kubernetes-kubernetes-endpoint.yml | 6 +- ...dpoints-online-managed-sample-endpoint.yml | 6 +- ...ts-online-managed-vnet-mlflow-endpoint.yml | 6 +- ...ts-online-managed-vnet-sample-endpoint.yml | 6 +- ...nai-oai-v1-openai_completions_finetune.yml | 6 +- ...toml-classification-task-bankmarketing.yml | 6 +- ...cli-automl-forecasting-task-bike-share.yml | 6 +- ...-automl-forecasting-orange-juice-sales.yml | 6 +- ...-automl-forecasting-task-energy-demand.yml | 6 +- ...cli-automl-forecasting-task-github-dau.yml | 6 +- ...-img-cls-mc-task-fridge-items-automode.yml | 6 +- ...li-automl-img-cls-mc-task-fridge-items.yml | 6 +- ...-img-cls-ml-task-fridge-items-automode.yml | 6 +- ...li-automl-img-cls-ml-task-fridge-items.yml | 6 +- ...img-ins-seg-task-fridge-items-automode.yml | 6 +- ...i-automl-img-ins-seg-task-fridge-items.yml | 6 +- ...toml-img-od-task-fridge-items-automode.yml | 6 +- ...ms-cli-automl-img-od-task-fridge-items.yml | 6 +- ...i-automl-regression-task-hardware-perf.yml | 6 +- ...xt-classification-multilabel-paper-cat.yml | 6 +- ...i-automl-text-classification-newsgroup.yml | 6 +- ...er-conll-cli-automl-text-ner-conll2003.yml | 6 +- ...ext-ner-conll2003-distributed-sweeping.yml | 6 +- ...cs-hello-automl-hello-automl-job-basic.yml | 6 +- .../workflows/cli-jobs-basics-hello-code.yml | 6 +- .../cli-jobs-basics-hello-data-uri-folder.yml | 6 +- .../cli-jobs-basics-hello-dataset.yml | 6 +- .../workflows/cli-jobs-basics-hello-git.yml | 6 +- .../cli-jobs-basics-hello-interactive.yml | 6 +- ...-jobs-basics-hello-iris-datastore-file.yml | 6 +- ...obs-basics-hello-iris-datastore-folder.yml | 6 +- .../cli-jobs-basics-hello-iris-file.yml | 6 +- .../cli-jobs-basics-hello-iris-folder.yml | 6 +- .../cli-jobs-basics-hello-iris-literal.yml | 6 +- .../cli-jobs-basics-hello-mlflow.yml | 6 +- .../cli-jobs-basics-hello-model-as-input.yml | 6 +- .../cli-jobs-basics-hello-model-as-output.yml | 6 +- .../cli-jobs-basics-hello-notebook.yml | 6 +- .../cli-jobs-basics-hello-pipeline-abc.yml | 6 +- ...s-hello-pipeline-customize-output-file.yml | 6 +- ...hello-pipeline-customize-output-folder.yml | 6 +- ...asics-hello-pipeline-default-artifacts.yml | 6 +- .../cli-jobs-basics-hello-pipeline-io.yml | 6 +- ...li-jobs-basics-hello-pipeline-settings.yml | 6 +- .../cli-jobs-basics-hello-pipeline.yml | 6 +- .../workflows/cli-jobs-basics-hello-sweep.yml | 6 +- .../cli-jobs-basics-hello-world-env-var.yml | 6 +- .../cli-jobs-basics-hello-world-input.yml | 6 +- .../cli-jobs-basics-hello-world-org.yml | 6 +- ...li-jobs-basics-hello-world-output-data.yml | 6 +- .../cli-jobs-basics-hello-world-output.yml | 6 +- .../workflows/cli-jobs-basics-hello-world.yml | 6 +- ...obs-deepspeed-deepspeed-autotuning-job.yml | 6 +- ...-jobs-deepspeed-deepspeed-training-job.yml | 6 +- ...li-jobs-nebulaml-PyTorch_CNN_MNIST-job.yml | 6 +- ...rallel-1a_oj_sales_prediction-pipeline.yml | 6 +- ...llel-2a_iris_batch_prediction-pipeline.yml | 6 +- ...3a_mnist_batch_identification-pipeline.yml | 6 +- ...n-task-bankmarketing-pipeline-pipeline.yml | 6 +- ...cal-timeseries-hts_evaluation_pipeline.yml | 6 +- ...models-many_models_evaluation_pipeline.yml | 6 +- ...ression-housepricing-pipeline-pipeline.yml | 6 +- ...paper-categorization-pipeline-pipeline.yml | 6 +- ...sification-newsgroup-pipeline-pipeline.yml | 6 +- ...utoml-text-ner-conll-pipeline-pipeline.yml | 6 +- ...asting-energy-demand-pipeline-pipeline.yml | 6 +- ...on-task-fridge-items-pipeline-pipeline.yml | 6 +- ...ication-fridge-items-pipeline-pipeline.yml | 6 +- ...ication-fridge-items-pipeline-pipeline.yml | 6 +- ...on-task-fridge-items-pipeline-pipeline.yml | 6 +- .../cli-jobs-pipelines-cifar-10-pipeline.yml | 6 +- ...tch-prediction-using-parallel-pipeline.yml | 6 +- ...identification-using-parallel-pipeline.yml | 6 +- .../cli-jobs-pipelines-nyc-taxi-pipeline.yml | 6 +- ...tensorflow-image-segmentation-pipeline.yml | 6 +- ...e2e_local_components-pipeline-registry.yml | 6 +- ...asics-1a_e2e_local_components-pipeline.yml | 6 +- ...egistered_components-pipeline-registry.yml | 6 +- ...-1b_e2e_registered_components-pipeline.yml | 6 +- ...s-2a_basic_component-pipeline-registry.yml | 6 +- ...nts-basics-2a_basic_component-pipeline.yml | 6 +- ...nt_with_input_output-pipeline-registry.yml | 6 +- ...b_component_with_input_output-pipeline.yml | 6 +- ...cs-3a_basic_pipeline-pipeline-registry.yml | 6 +- ...ents-basics-3a_basic_pipeline-pipeline.yml | 6 +- ...b_pipeline_with_data-pipeline-registry.yml | 6 +- ...-basics-3b_pipeline_with_data-pipeline.yml | 6 +- ...-4a_local_data_input-pipeline-registry.yml | 6 +- ...ts-basics-4a_local_data_input-pipeline.yml | 6 +- ...tastore_datapath_uri-pipeline-registry.yml | 6 +- ...ics-4b_datastore_datapath_uri-pipeline.yml | 6 +- ...ics-4c_web_url_input-pipeline-registry.yml | 6 +- ...nents-basics-4c_web_url_input-pipeline.yml | 6 +- ...basics-4d_data_input-pipeline-registry.yml | 6 +- ...mponents-basics-4d_data_input-pipeline.yml | 6 +- ..._public_docker_image-pipeline-registry.yml | 6 +- ...cs-5a_env_public_docker_image-pipeline.yml | 6 +- ...cs-5b_env_registered-pipeline-registry.yml | 6 +- ...ents-basics-5b_env_registered-pipeline.yml | 6 +- ...cs-5c_env_conda_file-pipeline-registry.yml | 6 +- ...ents-basics-5c_env_conda_file-pipeline.yml | 6 +- ...cs-6a_tf_hello_world-pipeline-registry.yml | 6 +- ...ents-basics-6a_tf_hello_world-pipeline.yml | 6 +- ..._pytorch_hello_world-pipeline-registry.yml | 6 +- ...basics-6b_pytorch_hello_world-pipeline.yml | 6 +- ...nts-basics-6c_r_iris-pipeline-registry.yml | 6 +- ...h-components-basics-6c_r_iris-pipeline.yml | 6 +- ..._classification_with_densenet-pipeline.yml | 6 +- ...ents-nyc_taxi_data_regression-pipeline.yml | 6 +- ...xi_data_regression-single-job-pipeline.yml | 6 +- ...ne_job_with_flow_as_component-pipeline.yml | 6 +- ...ine_with_hyperparameter_sweep-pipeline.yml | 6 +- ...ssion_with_pipeline_component-pipeline.yml | 6 +- ...train_eval_pipeline_component-pipeline.yml | 6 +- .../cli-jobs-single-step-dask-nyctaxi-job.yml | 6 +- ...jobs-single-step-gpu_perf-gpu_perf_job.yml | 6 +- .../cli-jobs-single-step-julia-iris-job.yml | 6 +- ...bs-single-step-lightgbm-iris-job-sweep.yml | 6 +- ...cli-jobs-single-step-lightgbm-iris-job.yml | 6 +- ...gle-step-pytorch-cifar-distributed-job.yml | 6 +- .../cli-jobs-single-step-pytorch-iris-job.yml | 6 +- ...e-step-pytorch-word-language-model-job.yml | 6 +- .../cli-jobs-single-step-r-accidents-job.yml | 6 +- .../cli-jobs-single-step-r-iris-job.yml | 6 +- ...-single-step-scikit-learn-diabetes-job.yml | 6 +- ...p-scikit-learn-iris-job-docker-context.yml | 6 +- ...ingle-step-scikit-learn-iris-job-sweep.yml | 6 +- ...jobs-single-step-scikit-learn-iris-job.yml | 6 +- ...le-step-scikit-learn-iris-notebook-job.yml | 6 +- ...nsorflow-mnist-distributed-horovod-job.yml | 6 +- ...-step-tensorflow-mnist-distributed-job.yml | 6 +- ...-jobs-single-step-tensorflow-mnist-job.yml | 6 +- ...tached-spark-pipeline-default-identity.yml | 6 +- ...tached-spark-pipeline-managed-identity.yml | 6 +- ...-attached-spark-pipeline-user-identity.yml | 6 +- ...ched-spark-standalone-default-identity.yml | 6 +- ...ched-spark-standalone-managed-identity.yml | 6 +- ...ttached-spark-standalone-user-identity.yml | 6 +- ...erless-spark-pipeline-default-identity.yml | 6 +- ...erless-spark-pipeline-managed-identity.yml | 6 +- ...erverless-spark-pipeline-user-identity.yml | 6 +- ...less-spark-standalone-default-identity.yml | 6 +- ...less-spark-standalone-managed-identity.yml | 6 +- ...verless-spark-standalone-user-identity.yml | 6 +- .../cli-resources-compute-cluster-basic.yml | 6 +- ...cli-resources-compute-cluster-location.yml | 6 +- ...resources-compute-cluster-low-priority.yml | 6 +- .../cli-resources-compute-cluster-minimal.yml | 6 +- ...resources-compute-cluster-ssh-password.yml | 6 +- ...ources-compute-cluster-system-identity.yml | 6 +- ...ibleaidashboard-housing-classification.yml | 6 +- ...sibleaidashboard-programmer-regression.yml | 6 +- ...-schedules-schedules-cron-job-schedule.yml | 6 +- ...edules-cron-with-settings-job-schedule.yml | 6 +- ...ules-schedules-recurrence-job-schedule.yml | 6 +- .../cli-scripts-batch-score-rest.yml | 6 +- .github/workflows/cli-scripts-batch-score.yml | 6 +- ...oy-custom-container-minimal-multimodel.yml | 6 +- ...-custom-container-minimal-single-model.yml | 6 +- ...ontainer-mlflow-multideployment-scikit.yml | 6 +- ...-custom-container-r-multimodel-plumber.yml | 6 +- ...ner-tfserving-half-plus-two-integrated.yml | 6 +- ...stom-container-tfserving-half-plus-two.yml | 6 +- ...y-custom-container-torchserve-densenet.yml | 6 +- ...ntainer-torchserve-huggingface-textgen.yml | 6 +- ...y-custom-container-triton-single-model.yml | 6 +- .../cli-scripts-deploy-local-endpoint.yml | 6 +- ...ed-online-endpoint-access-resource-sai.yml | 6 +- ...ed-online-endpoint-access-resource-uai.yml | 6 +- ...pts-deploy-managed-online-endpoint-ncd.yml | 6 +- ...scripts-deploy-managed-online-endpoint.yml | 6 +- ...-mlcompute-create_with-system-identity.yml | 6 +- ...oy-mlcompute-update-to-system-identity.yml | 6 +- ...ploy-mlcompute-update-to-user-identity.yml | 6 +- .../cli-scripts-deploy-moe-autoscale.yml | 6 +- ...cli-scripts-deploy-moe-binary-payloads.yml | 6 +- ...li-scripts-deploy-moe-inference-schema.yml | 6 +- .../cli-scripts-deploy-moe-keyvault.yml | 6 +- ...oy-moe-minimal-single-model-registered.yml | 6 +- .../cli-scripts-deploy-moe-openapi.yml | 6 +- .../cli-scripts-deploy-moe-vnet-mlflow.yml | 6 +- .../workflows/cli-scripts-deploy-moe-vnet.yml | 6 +- .github/workflows/cli-scripts-deploy-rest.yml | 6 +- ...fe-rollout-kubernetes-online-endpoints.yml | 6 +- ...s-deploy-safe-rollout-online-endpoints.yml | 6 +- ...-deploy-triton-managed-online-endpoint.yml | 6 +- .github/workflows/cli-scripts-misc.yml | 6 +- .github/workflows/cli-scripts-mlflow-uri.yml | 6 +- .github/workflows/cli-scripts-train-rest.yml | 6 +- .github/workflows/cli-scripts-train.yml | 6 +- .../nyc_taxi_data_regression-env_train.yml | 6 +- ...-in-registry-share-data-using-registry.yml | 6 +- ...y-share-models-components-environments.yml | 6 +- .../sdk-assets-component-component.yml | 6 +- .github/workflows/sdk-assets-data-data.yml | 6 +- .../sdk-assets-data-working_with_mltable.yml | 6 +- .../sdk-assets-environment-environment.yml | 6 +- .github/workflows/sdk-assets-model-model.yml | 6 +- ...om-outputs-parquet-custom-output-batch.yml | 6 +- ...sifier-mlflow-mlflow-for-batch-tabular.yml | 6 +- ...summarization-text-summarization-batch.yml | 6 +- ...t-classifier-imagenet-classifier-batch.yml | 6 +- ...-classifier-imagenet-classifier-mlflow.yml | 6 +- ...oy-models-mnist-classifier-mnist-batch.yml | 6 +- ...with-preprocessing-sdk-deploy-and-test.yml | 6 +- ...elines-hello-batch-sdk-deploy-and-test.yml | 6 +- ...ng-with-components-sdk-deploy-and-test.yml | 6 +- ...-endpoints-custom-container-multimodel.yml | 6 +- ...iner-online-endpoints-custom-container.yml | 6 +- ...iner-triton-online-endpoints-triton-cc.yml | 6 +- ...bernetes-online-endpoints-safe-rollout.yml | 6 +- ...tes-online-endpoints-simple-deployment.yml | 6 +- ...llm-langchain-1_langchain_basic_deploy.yml | 6 +- ...semantic-kernel-1_semantic_http_server.yml | 6 +- ...-online-endpoints-managed-identity-sai.yml | 6 +- ...-online-endpoints-managed-identity-uai.yml | 6 +- ...naged-online-endpoints-binary-payloads.yml | 6 +- ...aged-online-endpoints-inference-schema.yml | 6 +- ...line-managed-online-endpoints-keyvault.yml | 6 +- ...ne-managed-online-endpoints-multimodel.yml | 6 +- ...nline-managed-online-endpoints-openapi.yml | 6 +- ...-managed-online-endpoints-safe-rollout.yml | 6 +- ...ged-online-endpoints-simple-deployment.yml | 6 +- ...points-deploy-mlflow-model-with-script.yml | 6 +- ...w-online-endpoints-deploy-mlflow-model.yml | 6 +- ...n-single-model-online-endpoints-triton.yml | 6 +- ...ion-test-test_featurestore_cli_samples.yml | 6 +- ...ion-test-test_featurestore_sdk_samples.yml | 6 +- ...on-test-test_featurestore_vnet_samples.yml | 6 +- ...nai-oai-v1-openai_completions_finetune.yml | 166 +++++++++--------- ...ing-question-answering-online-endpoint.yml | 6 +- ...n-token-classification-online-endpoint.yml | 6 +- ...ranslation-translation-online-endpoint.yml | 6 +- ...ro-shot-classification-online-endpoint.yml | 6 +- ...stem-import-import_model_into_registry.yml | 6 +- ...t-import_model_into_registry_new_model.yml | 6 +- ...el_into_registry_new_model_image_tasks.yml | 6 +- ...toml-classification-task-bankmarketing.yml | 6 +- ...tcn-automl-forecasting-distributed-tcn.yml | 6 +- ...hub-dau-auto-ml-forecasting-github-dau.yml | 6 +- ...-forecasting-orange-juice-sales-mlflow.yml | 6 +- ...-recipe-univariate-experiment-settings.yml | 6 +- ...toml-forecasting-recipe-univariate-run.yml | 6 +- ...e-share-auto-ml-forecasting-bike-share.yml | 6 +- ...ing-task-energy-demand-advanced-mlflow.yml | 6 +- ...orecasting-task-energy-demand-advanced.yml | 6 +- ...ification-multiclass-task-fridge-items.yml | 6 +- ...ification-multilabel-task-fridge-items.yml | 6 +- ...nstance-segmentation-task-fridge-items.yml | 6 +- ...age-object-detection-task-fridge-items.yml | 6 +- ...tection-batch-scoring-non-mlflow-model.yml | 6 +- ...automl-nlp-multiclass-sentiment-mlflow.yml | 6 +- ...alysis-automl-nlp-multiclass-sentiment.yml | 6 +- ...zation-automl-nlp-multilabel-paper-cat.yml | 6 +- ...ognition-task-automl-nlp-text-ner-task.yml | 6 +- ...ext-ner-task-distributed-with-sweeping.yml | 6 +- ...l-regression-task-hardware-performance.yml | 6 +- .github/workflows/sdk-jobs-configuration.yml | 6 +- ...j_sales_prediction-oj_sales_prediction.yml | 6 +- ...batch_prediction-iris_batch_prediction.yml | 6 +- ..._identification-mnist_batch_prediction.yml | 6 +- ...aml-pipeline_with_components_from_yaml.yml | 6 +- ...peline_with_python_function_components.yml | 6 +- ...eep-pipeline_with_hyperparameter_sweep.yml | 6 +- ...ts-pipeline_with_non_python_components.yml | 6 +- ...ts-pipeline_with_registered_components.yml | 6 +- ...lel_nodes-pipeline_with_parallel_nodes.yml | 6 +- ...assification-bankmarketing-in-pipeline.yml | 6 +- ...ipeline-automl-forecasting-in-pipeline.yml | 6 +- ...-classification-multiclass-in-pipeline.yml | 6 +- ...-classification-multilabel-in-pipeline.yml | 6 +- ...mage-instance-segmentation-in-pipeline.yml | 6 +- ...oml-image-object-detection-in-pipeline.yml | 6 +- ...l-regression-house-pricing-in-pipeline.yml | 6 +- ...automl-text-classification-in-pipeline.yml | 6 +- ...-classification-multilabel-in-pipeline.yml | 6 +- ...r-named-entity-recognition-in-pipeline.yml | 6 +- ..._spark_nodes-pipeline_with_spark_nodes.yml | 6 +- ...ata_regression_with_pipeline_component.yml | 6 +- ...ine_with_train_eval_pipeline_component.yml | 6 +- ...pipeline-automl-forecasting-demand-hts.yml | 6 +- ...casting-demand-many-models-in-pipeline.yml | 6 +- ...s-1l_flow_in_pipeline-flow_in_pipeline.yml | 6 +- ...tensorflow-train_mnist_with_tensorflow.yml | 6 +- ...th_pytorch-train_cifar_10_with_pytorch.yml | 6 +- ...ta_regression-nyc_taxi_data_regression.yml | 6 +- ...net-image_classification_with_densenet.yml | 6 +- ...ge_classification_keras_minist_convnet.yml | 6 +- ...ep-debug-and-monitor-debug-and-monitor.yml | 6 +- ...step-lightgbm-iris-lightgbm-iris-sweep.yml | 6 +- ...stributed-training-distributed-cifar10.yml | 6 +- ...training-yolov5-objectdetectionAzureML.yml | 6 +- ...-single-step-pytorch-iris-pytorch-iris.yml | 6 +- ...yperparameter-tune-deploy-with-pytorch.yml | 6 +- ...e-step-r-accidents-accident-prediction.yml | 6 +- ...scikit-learn-diabetes-sklearn-diabetes.yml | 6 +- ...ep-scikit-learn-iris-iris-scikit-learn.yml | 6 +- ...-step-scikit-learn-mnist-sklearn-mnist.yml | 6 +- ...d-tensorflow-mnist-distributed-horovod.yml | 6 +- ...stributed-tensorflow-mnist-distributed.yml | 6 +- ...step-tensorflow-mnist-tensorflow-mnist.yml | 6 +- ...ation-run_interactive_session_notebook.yml | 6 +- ...-jobs-spark-submit_spark_pipeline_jobs.yml | 6 +- ...obs-spark-submit_spark_standalone_jobs.yml | 6 +- ...mit_spark_standalone_jobs_managed_vnet.yml | 6 +- ...rces-compute-attach_manage_spark_pools.yml | 6 +- .../sdk-resources-compute-compute.yml | 6 +- .../sdk-resources-connections-connections.yml | 6 +- ...sdk-resources-registry-registry-create.yml | 6 +- .../sdk-resources-workspace-workspace.yml | 6 +- ...ns-mlflow-deployment-with-explanations.yml | 6 +- ...leaidashboard-diabetes-decision-making.yml | 6 +- ...rd-diabetes-regression-model-debugging.yml | 6 +- ...cation-student-attrition-classificaton.yml | 6 +- ...idashboard-finance-loan-classification.yml | 6 +- ...hboard-healthcare-covid-classification.yml | 6 +- ...housing-classification-model-debugging.yml | 6 +- ...bleaidashboard-housing-decision-making.yml | 6 +- ...-programmer-regression-model-debugging.yml | 6 +- ...label-text-classification-covid-events.yml | 6 +- ...idashboard-text-classification-DBPedia.yml | 6 +- ...board-text-classification-blbooksgenre.yml | 6 +- ...ard-text-classification-financial-news.yml | 6 +- ...ashboard-text-question-answering-squad.yml | 6 +- ...ard-automl-image-classification-fridge.yml | 6 +- ...l-object-detection-fridge-private-data.yml | 6 +- ...idashboard-image-classification-fridge.yml | 6 +- ...idashboard-image-flower-classification.yml | 6 +- ...image-multilabel-classification-fridge.yml | 6 +- ...bleaidashboard-object-detection-MSCOCO.yml | 6 +- .../workflows/sdk-schedules-job-schedule.yml | 6 +- ...-files-example-delimited-files-example.yml | 6 +- ...-delta-lake-example-delta-lake-example.yml | 6 +- ...-from-paths-example-from-paths-example.yml | 6 +- ...-local-to-cloud-mltable-local-to-cloud.yml | 6 +- ...-mltable-quickstart-mltable-quickstart.yml | 6 +- ...started-azureml-getting-started-studio.yml | 6 +- ...ials-azureml-in-a-day-azureml-in-a-day.yml | 6 +- ...ect-classification-distributed-pytorch.yml | 6 +- ...ials-e2e-ds-experience-e2e-ml-workflow.yml | 6 +- ...et-started-notebooks-cloud-workstation.yml | 6 +- ...als-get-started-notebooks-deploy-model.yml | 6 +- ...als-get-started-notebooks-explore-data.yml | 6 +- ...torials-get-started-notebooks-pipeline.yml | 6 +- ...rials-get-started-notebooks-quickstart.yml | 6 +- ...ials-get-started-notebooks-train-model.yml | 6 +- cli/readme.py | 43 +++-- sdk/python/readme.py | 7 +- tutorials/readme.py | 7 +- 386 files changed, 2035 insertions(+), 480 deletions(-) diff --git a/.github/workflows/automated-cleanup-resources.yml b/.github/workflows/automated-cleanup-resources.yml index 76cbd9a5cb1..0b16036ec91 100644 --- a/.github/workflows/automated-cleanup-resources.yml +++ b/.github/workflows/automated-cleanup-resources.yml @@ -10,6 +10,8 @@ on: - .github/workflows/automated-cleanup-resources.yml - infra/bootstrapping/** - infra/scripts/** +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -26,7 +28,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} enable-AzPSSession: true continue-on-error: true - name: "Install Az Modules" diff --git a/.github/workflows/bootstrapping-infra.yml b/.github/workflows/bootstrapping-infra.yml index 300858233aa..0fa746a8b00 100644 --- a/.github/workflows/bootstrapping-infra.yml +++ b/.github/workflows/bootstrapping-infra.yml @@ -24,6 +24,8 @@ on: - cli/** - infra/bootstrapping/** +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -46,7 +48,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap infra resources run: | [[ -z "${RUN_BOOTSTRAP:-}" ]] && RUN_BOOTSTRAP='true' diff --git a/.github/workflows/bootstrapping-resources.yml b/.github/workflows/bootstrapping-resources.yml index aff1527894f..7a21e94d78a 100644 --- a/.github/workflows/bootstrapping-resources.yml +++ b/.github/workflows/bootstrapping-resources.yml @@ -11,6 +11,8 @@ on: - .github/workflows/bootstrapping-resources.yml - cli/** - infra/bootstrapping/** +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-assets-component-pipeline.yml b/.github/workflows/cli-assets-component-pipeline.yml index 054ccf17725..dbe49b1bf71 100644 --- a/.github/workflows/cli-assets-component-pipeline.yml +++ b/.github/workflows/cli-assets-component-pipeline.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-component-pipeline.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-assets-component-train.yml b/.github/workflows/cli-assets-component-train.yml index 1ae8c68a703..77ddd2180be 100644 --- a/.github/workflows/cli-assets-component-train.yml +++ b/.github/workflows/cli-assets-component-train.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-component-train.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-assets-data-cloud-file-https.yml b/.github/workflows/cli-assets-data-cloud-file-https.yml index 87ca5424289..17a98881335 100644 --- a/.github/workflows/cli-assets-data-cloud-file-https.yml +++ b/.github/workflows/cli-assets-data-cloud-file-https.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-data-cloud-file-https.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-assets-data-cloud-file-wasbs.yml b/.github/workflows/cli-assets-data-cloud-file-wasbs.yml index 734c78ac7fc..4daeb280c5b 100644 --- a/.github/workflows/cli-assets-data-cloud-file-wasbs.yml +++ b/.github/workflows/cli-assets-data-cloud-file-wasbs.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-data-cloud-file-wasbs.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-assets-data-cloud-file.yml b/.github/workflows/cli-assets-data-cloud-file.yml index 4c0f261eedf..8c5de2172eb 100644 --- a/.github/workflows/cli-assets-data-cloud-file.yml +++ b/.github/workflows/cli-assets-data-cloud-file.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-data-cloud-file.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-assets-data-cloud-folder-https.yml b/.github/workflows/cli-assets-data-cloud-folder-https.yml index 15f5d96fd34..03347c7e750 100644 --- a/.github/workflows/cli-assets-data-cloud-folder-https.yml +++ b/.github/workflows/cli-assets-data-cloud-folder-https.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-data-cloud-folder-https.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-assets-data-cloud-folder.yml b/.github/workflows/cli-assets-data-cloud-folder.yml index dcb7be5747f..fdff7fbe343 100644 --- a/.github/workflows/cli-assets-data-cloud-folder.yml +++ b/.github/workflows/cli-assets-data-cloud-folder.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-data-cloud-folder.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-assets-data-cloud-mltable.yml b/.github/workflows/cli-assets-data-cloud-mltable.yml index cc7b77a65bd..89f1c0c65a1 100644 --- a/.github/workflows/cli-assets-data-cloud-mltable.yml +++ b/.github/workflows/cli-assets-data-cloud-mltable.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-data-cloud-mltable.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-assets-data-iris-csv-example.yml b/.github/workflows/cli-assets-data-iris-csv-example.yml index 3d4d8ce644a..aa392155ca7 100644 --- a/.github/workflows/cli-assets-data-iris-csv-example.yml +++ b/.github/workflows/cli-assets-data-iris-csv-example.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-data-iris-csv-example.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-assets-data-local-file.yml b/.github/workflows/cli-assets-data-local-file.yml index 81d715e464f..82602df4879 100644 --- a/.github/workflows/cli-assets-data-local-file.yml +++ b/.github/workflows/cli-assets-data-local-file.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-data-local-file.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-assets-data-local-folder-sampledata.yml b/.github/workflows/cli-assets-data-local-folder-sampledata.yml index 7be667f6715..88bfc9005c7 100644 --- a/.github/workflows/cli-assets-data-local-folder-sampledata.yml +++ b/.github/workflows/cli-assets-data-local-folder-sampledata.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-data-local-folder-sampledata.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-assets-data-local-folder.yml b/.github/workflows/cli-assets-data-local-folder.yml index c901f928562..61e3174d595 100644 --- a/.github/workflows/cli-assets-data-local-folder.yml +++ b/.github/workflows/cli-assets-data-local-folder.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-data-local-folder.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-assets-data-local-mltable.yml b/.github/workflows/cli-assets-data-local-mltable.yml index 6ae6ab4859a..c464153bb66 100644 --- a/.github/workflows/cli-assets-data-local-mltable.yml +++ b/.github/workflows/cli-assets-data-local-mltable.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-data-local-mltable.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-assets-data-public-file-https.yml b/.github/workflows/cli-assets-data-public-file-https.yml index 934d107a382..2847800a5e4 100644 --- a/.github/workflows/cli-assets-data-public-file-https.yml +++ b/.github/workflows/cli-assets-data-public-file-https.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-data-public-file-https.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-assets-environment-docker-context.yml b/.github/workflows/cli-assets-environment-docker-context.yml index e54b7febab0..100c228b536 100644 --- a/.github/workflows/cli-assets-environment-docker-context.yml +++ b/.github/workflows/cli-assets-environment-docker-context.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-environment-docker-context.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-assets-environment-docker-image-plus-conda.yaml b/.github/workflows/cli-assets-environment-docker-image-plus-conda.yaml index e8d250c5aeb..cda6ca158a5 100644 --- a/.github/workflows/cli-assets-environment-docker-image-plus-conda.yaml +++ b/.github/workflows/cli-assets-environment-docker-image-plus-conda.yaml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-environment-docker-image-plus-conda.yaml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-assets-environment-docker-image.yml b/.github/workflows/cli-assets-environment-docker-image.yml index f5dfa78dd42..3fe52eb06a1 100644 --- a/.github/workflows/cli-assets-environment-docker-image.yml +++ b/.github/workflows/cli-assets-environment-docker-image.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-environment-docker-image.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-assets-model-local-file.yml b/.github/workflows/cli-assets-model-local-file.yml index 40032e0bc2e..add8f283436 100644 --- a/.github/workflows/cli-assets-model-local-file.yml +++ b/.github/workflows/cli-assets-model-local-file.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-model-local-file.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-assets-model-local-mlflow.yml b/.github/workflows/cli-assets-model-local-mlflow.yml index 92f989e87c7..1507aa3fe6d 100644 --- a/.github/workflows/cli-assets-model-local-mlflow.yml +++ b/.github/workflows/cli-assets-model-local-mlflow.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-assets-model-local-mlflow.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-batch-deploy-models-custom-outputs-parquet-endpoint.yml b/.github/workflows/cli-endpoints-batch-deploy-models-custom-outputs-parquet-endpoint.yml index c4c1628b270..98050aa648e 100644 --- a/.github/workflows/cli-endpoints-batch-deploy-models-custom-outputs-parquet-endpoint.yml +++ b/.github/workflows/cli-endpoints-batch-deploy-models-custom-outputs-parquet-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-batch-deploy-models-custom-outputs-parquet-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-batch-deploy-models-heart-classifier-mlflow-endpoint.yml b/.github/workflows/cli-endpoints-batch-deploy-models-heart-classifier-mlflow-endpoint.yml index 193820f4781..74151696c57 100644 --- a/.github/workflows/cli-endpoints-batch-deploy-models-heart-classifier-mlflow-endpoint.yml +++ b/.github/workflows/cli-endpoints-batch-deploy-models-heart-classifier-mlflow-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-batch-deploy-models-heart-classifier-mlflow-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-batch-deploy-models-huggingface-text-summarization-endpoint.yml b/.github/workflows/cli-endpoints-batch-deploy-models-huggingface-text-summarization-endpoint.yml index 63cd697cc41..e79e500966d 100644 --- a/.github/workflows/cli-endpoints-batch-deploy-models-huggingface-text-summarization-endpoint.yml +++ b/.github/workflows/cli-endpoints-batch-deploy-models-huggingface-text-summarization-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-batch-deploy-models-huggingface-text-summarization-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-batch-deploy-models-imagenet-classifier-endpoint.yml b/.github/workflows/cli-endpoints-batch-deploy-models-imagenet-classifier-endpoint.yml index d94ad84417f..f880964cd13 100644 --- a/.github/workflows/cli-endpoints-batch-deploy-models-imagenet-classifier-endpoint.yml +++ b/.github/workflows/cli-endpoints-batch-deploy-models-imagenet-classifier-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-batch-deploy-models-imagenet-classifier-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-batch-deploy-models-mnist-classifier-endpoint.yml b/.github/workflows/cli-endpoints-batch-deploy-models-mnist-classifier-endpoint.yml index b5da448bd62..b24d177ca77 100644 --- a/.github/workflows/cli-endpoints-batch-deploy-models-mnist-classifier-endpoint.yml +++ b/.github/workflows/cli-endpoints-batch-deploy-models-mnist-classifier-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-batch-deploy-models-mnist-classifier-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-batch-deploy-pipelines-batch-scoring-with-preprocessing-endpoint.yml b/.github/workflows/cli-endpoints-batch-deploy-pipelines-batch-scoring-with-preprocessing-endpoint.yml index a21bc3b85dd..35cab32677c 100644 --- a/.github/workflows/cli-endpoints-batch-deploy-pipelines-batch-scoring-with-preprocessing-endpoint.yml +++ b/.github/workflows/cli-endpoints-batch-deploy-pipelines-batch-scoring-with-preprocessing-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-batch-deploy-pipelines-batch-scoring-with-preprocessing-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-batch-deploy-pipelines-hello-batch-endpoint.yml b/.github/workflows/cli-endpoints-batch-deploy-pipelines-hello-batch-endpoint.yml index 79eb4b5c35c..a34fc6626e9 100644 --- a/.github/workflows/cli-endpoints-batch-deploy-pipelines-hello-batch-endpoint.yml +++ b/.github/workflows/cli-endpoints-batch-deploy-pipelines-hello-batch-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-batch-deploy-pipelines-hello-batch-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-batch-deploy-pipelines-training-with-components-endpoint.yml b/.github/workflows/cli-endpoints-batch-deploy-pipelines-training-with-components-endpoint.yml index cb726ef692f..6f643664e7d 100644 --- a/.github/workflows/cli-endpoints-batch-deploy-pipelines-training-with-components-endpoint.yml +++ b/.github/workflows/cli-endpoints-batch-deploy-pipelines-training-with-components-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-batch-deploy-pipelines-training-with-components-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-online-custom-container-minimal-multimodel-minimal-multimodel-endpoint.yml b/.github/workflows/cli-endpoints-online-custom-container-minimal-multimodel-minimal-multimodel-endpoint.yml index 23173468a02..9c4258c77a7 100644 --- a/.github/workflows/cli-endpoints-online-custom-container-minimal-multimodel-minimal-multimodel-endpoint.yml +++ b/.github/workflows/cli-endpoints-online-custom-container-minimal-multimodel-minimal-multimodel-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-online-custom-container-minimal-multimodel-minimal-multimodel-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-online-custom-container-minimal-single-model-conda-in-dockerfile-minimal-single-model-conda-in-dockerfile-endpoint.yml b/.github/workflows/cli-endpoints-online-custom-container-minimal-single-model-conda-in-dockerfile-minimal-single-model-conda-in-dockerfile-endpoint.yml index ff2fd2bf00a..81724abedd0 100644 --- a/.github/workflows/cli-endpoints-online-custom-container-minimal-single-model-conda-in-dockerfile-minimal-single-model-conda-in-dockerfile-endpoint.yml +++ b/.github/workflows/cli-endpoints-online-custom-container-minimal-single-model-conda-in-dockerfile-minimal-single-model-conda-in-dockerfile-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-online-custom-container-minimal-single-model-conda-in-dockerfile-minimal-single-model-conda-in-dockerfile-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-online-custom-container-minimal-single-model-minimal-single-model-endpoint.yml b/.github/workflows/cli-endpoints-online-custom-container-minimal-single-model-minimal-single-model-endpoint.yml index 449558fc9ae..86bb11df315 100644 --- a/.github/workflows/cli-endpoints-online-custom-container-minimal-single-model-minimal-single-model-endpoint.yml +++ b/.github/workflows/cli-endpoints-online-custom-container-minimal-single-model-minimal-single-model-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-online-custom-container-minimal-single-model-minimal-single-model-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-online-custom-container-mlflow-multideployment-scikit-mlflow-endpoint.yml b/.github/workflows/cli-endpoints-online-custom-container-mlflow-multideployment-scikit-mlflow-endpoint.yml index 82385c6cc7a..a0dd75eca5f 100644 --- a/.github/workflows/cli-endpoints-online-custom-container-mlflow-multideployment-scikit-mlflow-endpoint.yml +++ b/.github/workflows/cli-endpoints-online-custom-container-mlflow-multideployment-scikit-mlflow-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-online-custom-container-mlflow-multideployment-scikit-mlflow-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-online-custom-container-r-multimodel-plumber-r-endpoint.yml b/.github/workflows/cli-endpoints-online-custom-container-r-multimodel-plumber-r-endpoint.yml index a3491985eb9..50299d8cdcd 100644 --- a/.github/workflows/cli-endpoints-online-custom-container-r-multimodel-plumber-r-endpoint.yml +++ b/.github/workflows/cli-endpoints-online-custom-container-r-multimodel-plumber-r-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-online-custom-container-r-multimodel-plumber-r-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-online-custom-container-torchserve-densenet-torchserve-endpoint.yml b/.github/workflows/cli-endpoints-online-custom-container-torchserve-densenet-torchserve-endpoint.yml index 5a1246e0ffd..d92911d3627 100644 --- a/.github/workflows/cli-endpoints-online-custom-container-torchserve-densenet-torchserve-endpoint.yml +++ b/.github/workflows/cli-endpoints-online-custom-container-torchserve-densenet-torchserve-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-online-custom-container-torchserve-densenet-torchserve-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-online-custom-container-triton-single-model-triton-cc-endpoint.yml b/.github/workflows/cli-endpoints-online-custom-container-triton-single-model-triton-cc-endpoint.yml index 4d7775a28bd..9fbd2e9dd44 100644 --- a/.github/workflows/cli-endpoints-online-custom-container-triton-single-model-triton-cc-endpoint.yml +++ b/.github/workflows/cli-endpoints-online-custom-container-triton-single-model-triton-cc-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-online-custom-container-triton-single-model-triton-cc-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-online-kubernetes-kubernetes-endpoint.yml b/.github/workflows/cli-endpoints-online-kubernetes-kubernetes-endpoint.yml index 80ff4bea79f..a642c38a363 100644 --- a/.github/workflows/cli-endpoints-online-kubernetes-kubernetes-endpoint.yml +++ b/.github/workflows/cli-endpoints-online-kubernetes-kubernetes-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-online-kubernetes-kubernetes-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-online-managed-sample-endpoint.yml b/.github/workflows/cli-endpoints-online-managed-sample-endpoint.yml index 2588715a6d4..a632bbcea5a 100644 --- a/.github/workflows/cli-endpoints-online-managed-sample-endpoint.yml +++ b/.github/workflows/cli-endpoints-online-managed-sample-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-online-managed-sample-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-online-managed-vnet-mlflow-endpoint.yml b/.github/workflows/cli-endpoints-online-managed-vnet-mlflow-endpoint.yml index 9aff2fe723e..03471f54a0b 100644 --- a/.github/workflows/cli-endpoints-online-managed-vnet-mlflow-endpoint.yml +++ b/.github/workflows/cli-endpoints-online-managed-vnet-mlflow-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-online-managed-vnet-mlflow-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-endpoints-online-managed-vnet-sample-endpoint.yml b/.github/workflows/cli-endpoints-online-managed-vnet-sample-endpoint.yml index 35236e5486a..c8d77c4cc0b 100644 --- a/.github/workflows/cli-endpoints-online-managed-vnet-sample-endpoint.yml +++ b/.github/workflows/cli-endpoints-online-managed-vnet-sample-endpoint.yml @@ -17,6 +17,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-endpoints-online-managed-vnet-sample-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-foundation-models-azure_openai-oai-v1-openai_completions_finetune.yml b/.github/workflows/cli-foundation-models-azure_openai-oai-v1-openai_completions_finetune.yml index 561be5646f5..9ac0f2c4f39 100644 --- a/.github/workflows/cli-foundation-models-azure_openai-oai-v1-openai_completions_finetune.yml +++ b/.github/workflows/cli-foundation-models-azure_openai-oai-v1-openai_completions_finetune.yml @@ -19,6 +19,8 @@ on: - infra/bootstrapping/** - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -31,7 +33,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-classification-task-bankmarketing-cli-automl-classification-task-bankmarketing.yml b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-classification-task-bankmarketing-cli-automl-classification-task-bankmarketing.yml index 0db30b3c729..4bde11328ce 100644 --- a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-classification-task-bankmarketing-cli-automl-classification-task-bankmarketing.yml +++ b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-classification-task-bankmarketing-cli-automl-classification-task-bankmarketing.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-classification-task-bankmarketing-cli-automl-classification-task-bankmarketing.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-bike-share-cli-automl-forecasting-task-bike-share.yml b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-bike-share-cli-automl-forecasting-task-bike-share.yml index 87168e9286e..f4eee935c66 100644 --- a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-bike-share-cli-automl-forecasting-task-bike-share.yml +++ b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-bike-share-cli-automl-forecasting-task-bike-share.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-bike-share-cli-automl-forecasting-task-bike-share.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-orange-juice-sales-cli-automl-forecasting-orange-juice-sales.yml b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-orange-juice-sales-cli-automl-forecasting-orange-juice-sales.yml index e5a4227db09..c0f2ea9d4e9 100644 --- a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-orange-juice-sales-cli-automl-forecasting-orange-juice-sales.yml +++ b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-orange-juice-sales-cli-automl-forecasting-orange-juice-sales.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-orange-juice-sales-cli-automl-forecasting-orange-juice-sales.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-task-energy-demand-cli-automl-forecasting-task-energy-demand.yml b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-task-energy-demand-cli-automl-forecasting-task-energy-demand.yml index 2bae68b2ae1..582901de712 100644 --- a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-task-energy-demand-cli-automl-forecasting-task-energy-demand.yml +++ b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-task-energy-demand-cli-automl-forecasting-task-energy-demand.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-task-energy-demand-cli-automl-forecasting-task-energy-demand.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-task-github-dau-cli-automl-forecasting-task-github-dau.yml b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-task-github-dau-cli-automl-forecasting-task-github-dau.yml index 67030a6389f..88bcdcc2e5b 100644 --- a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-task-github-dau-cli-automl-forecasting-task-github-dau.yml +++ b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-task-github-dau-cli-automl-forecasting-task-github-dau.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-forecasting-task-github-dau-cli-automl-forecasting-task-github-dau.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multiclass-task-fridge-items-cli-automl-img-cls-mc-task-fridge-items-automode.yml b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multiclass-task-fridge-items-cli-automl-img-cls-mc-task-fridge-items-automode.yml index 37859f47f01..109278ed5fa 100644 --- a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multiclass-task-fridge-items-cli-automl-img-cls-mc-task-fridge-items-automode.yml +++ b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multiclass-task-fridge-items-cli-automl-img-cls-mc-task-fridge-items-automode.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multiclass-task-fridge-items-cli-automl-img-cls-mc-task-fridge-items-automode.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multiclass-task-fridge-items-cli-automl-img-cls-mc-task-fridge-items.yml b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multiclass-task-fridge-items-cli-automl-img-cls-mc-task-fridge-items.yml index 46a04cb7d8e..6aa0c1e19e7 100644 --- a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multiclass-task-fridge-items-cli-automl-img-cls-mc-task-fridge-items.yml +++ b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multiclass-task-fridge-items-cli-automl-img-cls-mc-task-fridge-items.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multiclass-task-fridge-items-cli-automl-img-cls-mc-task-fridge-items.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multilabel-task-fridge-items-cli-automl-img-cls-ml-task-fridge-items-automode.yml b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multilabel-task-fridge-items-cli-automl-img-cls-ml-task-fridge-items-automode.yml index 2e256770d58..790056c1400 100644 --- a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multilabel-task-fridge-items-cli-automl-img-cls-ml-task-fridge-items-automode.yml +++ b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multilabel-task-fridge-items-cli-automl-img-cls-ml-task-fridge-items-automode.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multilabel-task-fridge-items-cli-automl-img-cls-ml-task-fridge-items-automode.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multilabel-task-fridge-items-cli-automl-img-cls-ml-task-fridge-items.yml b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multilabel-task-fridge-items-cli-automl-img-cls-ml-task-fridge-items.yml index cc4353e5b80..80ff44efa6f 100644 --- a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multilabel-task-fridge-items-cli-automl-img-cls-ml-task-fridge-items.yml +++ b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multilabel-task-fridge-items-cli-automl-img-cls-ml-task-fridge-items.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-classification-multilabel-task-fridge-items-cli-automl-img-cls-ml-task-fridge-items.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-instance-segmentation-task-fridge-items-cli-automl-img-ins-seg-task-fridge-items-automode.yml b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-instance-segmentation-task-fridge-items-cli-automl-img-ins-seg-task-fridge-items-automode.yml index bb41668d1e8..c6118139a2f 100644 --- a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-instance-segmentation-task-fridge-items-cli-automl-img-ins-seg-task-fridge-items-automode.yml +++ b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-instance-segmentation-task-fridge-items-cli-automl-img-ins-seg-task-fridge-items-automode.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-instance-segmentation-task-fridge-items-cli-automl-img-ins-seg-task-fridge-items-automode.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-instance-segmentation-task-fridge-items-cli-automl-img-ins-seg-task-fridge-items.yml b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-instance-segmentation-task-fridge-items-cli-automl-img-ins-seg-task-fridge-items.yml index 333677cb105..214bdc4eab1 100644 --- a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-instance-segmentation-task-fridge-items-cli-automl-img-ins-seg-task-fridge-items.yml +++ b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-instance-segmentation-task-fridge-items-cli-automl-img-ins-seg-task-fridge-items.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-instance-segmentation-task-fridge-items-cli-automl-img-ins-seg-task-fridge-items.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-object-detection-task-fridge-items-cli-automl-img-od-task-fridge-items-automode.yml b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-object-detection-task-fridge-items-cli-automl-img-od-task-fridge-items-automode.yml index 0b611be7b8f..2a20878adc0 100644 --- a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-object-detection-task-fridge-items-cli-automl-img-od-task-fridge-items-automode.yml +++ b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-object-detection-task-fridge-items-cli-automl-img-od-task-fridge-items-automode.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-object-detection-task-fridge-items-cli-automl-img-od-task-fridge-items-automode.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-object-detection-task-fridge-items-cli-automl-img-od-task-fridge-items.yml b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-object-detection-task-fridge-items-cli-automl-img-od-task-fridge-items.yml index 878fb0863d0..a15777ae477 100644 --- a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-object-detection-task-fridge-items-cli-automl-img-od-task-fridge-items.yml +++ b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-object-detection-task-fridge-items-cli-automl-img-od-task-fridge-items.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-image-object-detection-task-fridge-items-cli-automl-img-od-task-fridge-items.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-regression-task-hardware-perf-cli-automl-regression-task-hardware-perf.yml b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-regression-task-hardware-perf-cli-automl-regression-task-hardware-perf.yml index af4c401b66c..a22aebc1058 100644 --- a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-regression-task-hardware-perf-cli-automl-regression-task-hardware-perf.yml +++ b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-regression-task-hardware-perf-cli-automl-regression-task-hardware-perf.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-regression-task-hardware-perf-cli-automl-regression-task-hardware-perf.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-classification-multilabel-paper-cat-cli-automl-text-classification-multilabel-paper-cat.yml b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-classification-multilabel-paper-cat-cli-automl-text-classification-multilabel-paper-cat.yml index d337dc1c9f8..955034df049 100644 --- a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-classification-multilabel-paper-cat-cli-automl-text-classification-multilabel-paper-cat.yml +++ b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-classification-multilabel-paper-cat-cli-automl-text-classification-multilabel-paper-cat.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-classification-multilabel-paper-cat-cli-automl-text-classification-multilabel-paper-cat.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-classification-newsgroup-cli-automl-text-classification-newsgroup.yml b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-classification-newsgroup-cli-automl-text-classification-newsgroup.yml index c04639319b3..8d625b61833 100644 --- a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-classification-newsgroup-cli-automl-text-classification-newsgroup.yml +++ b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-classification-newsgroup-cli-automl-text-classification-newsgroup.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-classification-newsgroup-cli-automl-text-classification-newsgroup.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-ner-conll-cli-automl-text-ner-conll2003.yml b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-ner-conll-cli-automl-text-ner-conll2003.yml index e357cd22d05..59ea1c29652 100644 --- a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-ner-conll-cli-automl-text-ner-conll2003.yml +++ b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-ner-conll-cli-automl-text-ner-conll2003.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-ner-conll-cli-automl-text-ner-conll2003.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-ner-conll-distributed-sweeping-cli-automl-text-ner-conll2003-distributed-sweeping.yml b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-ner-conll-distributed-sweeping-cli-automl-text-ner-conll2003-distributed-sweeping.yml index aba782d88a3..e86342f5205 100644 --- a/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-ner-conll-distributed-sweeping-cli-automl-text-ner-conll2003-distributed-sweeping.yml +++ b/.github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-ner-conll-distributed-sweeping-cli-automl-text-ner-conll2003-distributed-sweeping.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-automl-standalone-jobs-cli-automl-text-ner-conll-distributed-sweeping-cli-automl-text-ner-conll2003-distributed-sweeping.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-automl-hello-automl-job-basic.yml b/.github/workflows/cli-jobs-basics-hello-automl-hello-automl-job-basic.yml index 67ca9af5d96..31145d45222 100644 --- a/.github/workflows/cli-jobs-basics-hello-automl-hello-automl-job-basic.yml +++ b/.github/workflows/cli-jobs-basics-hello-automl-hello-automl-job-basic.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-automl-hello-automl-job-basic.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-code.yml b/.github/workflows/cli-jobs-basics-hello-code.yml index cc055da278f..02cbce208eb 100644 --- a/.github/workflows/cli-jobs-basics-hello-code.yml +++ b/.github/workflows/cli-jobs-basics-hello-code.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-code.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-data-uri-folder.yml b/.github/workflows/cli-jobs-basics-hello-data-uri-folder.yml index 5cd2564f4ea..b412efcf629 100644 --- a/.github/workflows/cli-jobs-basics-hello-data-uri-folder.yml +++ b/.github/workflows/cli-jobs-basics-hello-data-uri-folder.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-data-uri-folder.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-dataset.yml b/.github/workflows/cli-jobs-basics-hello-dataset.yml index d7d3678aa13..0ded3d96923 100644 --- a/.github/workflows/cli-jobs-basics-hello-dataset.yml +++ b/.github/workflows/cli-jobs-basics-hello-dataset.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-dataset.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-git.yml b/.github/workflows/cli-jobs-basics-hello-git.yml index ddefb0edfe2..02d0c580d34 100644 --- a/.github/workflows/cli-jobs-basics-hello-git.yml +++ b/.github/workflows/cli-jobs-basics-hello-git.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-git.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-interactive.yml b/.github/workflows/cli-jobs-basics-hello-interactive.yml index b8d4d0170f7..2897c580274 100644 --- a/.github/workflows/cli-jobs-basics-hello-interactive.yml +++ b/.github/workflows/cli-jobs-basics-hello-interactive.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-interactive.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-iris-datastore-file.yml b/.github/workflows/cli-jobs-basics-hello-iris-datastore-file.yml index e6f0b82b171..a9ae08a32e2 100644 --- a/.github/workflows/cli-jobs-basics-hello-iris-datastore-file.yml +++ b/.github/workflows/cli-jobs-basics-hello-iris-datastore-file.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-iris-datastore-file.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-iris-datastore-folder.yml b/.github/workflows/cli-jobs-basics-hello-iris-datastore-folder.yml index 26f03f20051..cf4c6c6afcd 100644 --- a/.github/workflows/cli-jobs-basics-hello-iris-datastore-folder.yml +++ b/.github/workflows/cli-jobs-basics-hello-iris-datastore-folder.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-iris-datastore-folder.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-iris-file.yml b/.github/workflows/cli-jobs-basics-hello-iris-file.yml index 8b6735493ce..c1b0ac575eb 100644 --- a/.github/workflows/cli-jobs-basics-hello-iris-file.yml +++ b/.github/workflows/cli-jobs-basics-hello-iris-file.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-iris-file.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-iris-folder.yml b/.github/workflows/cli-jobs-basics-hello-iris-folder.yml index 1145f17315b..a2c008babc6 100644 --- a/.github/workflows/cli-jobs-basics-hello-iris-folder.yml +++ b/.github/workflows/cli-jobs-basics-hello-iris-folder.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-iris-folder.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-iris-literal.yml b/.github/workflows/cli-jobs-basics-hello-iris-literal.yml index 663bc6f095b..9cd064da14f 100644 --- a/.github/workflows/cli-jobs-basics-hello-iris-literal.yml +++ b/.github/workflows/cli-jobs-basics-hello-iris-literal.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-iris-literal.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-mlflow.yml b/.github/workflows/cli-jobs-basics-hello-mlflow.yml index 35cb2111bf4..ffe583225de 100644 --- a/.github/workflows/cli-jobs-basics-hello-mlflow.yml +++ b/.github/workflows/cli-jobs-basics-hello-mlflow.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-mlflow.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-model-as-input.yml b/.github/workflows/cli-jobs-basics-hello-model-as-input.yml index f5b3b30976e..0be64123eac 100644 --- a/.github/workflows/cli-jobs-basics-hello-model-as-input.yml +++ b/.github/workflows/cli-jobs-basics-hello-model-as-input.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-model-as-input.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-model-as-output.yml b/.github/workflows/cli-jobs-basics-hello-model-as-output.yml index c0dfe9aeb86..2c8ec31210b 100644 --- a/.github/workflows/cli-jobs-basics-hello-model-as-output.yml +++ b/.github/workflows/cli-jobs-basics-hello-model-as-output.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-model-as-output.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-notebook.yml b/.github/workflows/cli-jobs-basics-hello-notebook.yml index 75060a7df22..c5fcb7f3659 100644 --- a/.github/workflows/cli-jobs-basics-hello-notebook.yml +++ b/.github/workflows/cli-jobs-basics-hello-notebook.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-notebook.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-pipeline-abc.yml b/.github/workflows/cli-jobs-basics-hello-pipeline-abc.yml index 595eb047c7b..434a2a9b575 100644 --- a/.github/workflows/cli-jobs-basics-hello-pipeline-abc.yml +++ b/.github/workflows/cli-jobs-basics-hello-pipeline-abc.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-pipeline-abc.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-pipeline-customize-output-file.yml b/.github/workflows/cli-jobs-basics-hello-pipeline-customize-output-file.yml index 979e878ccd8..d6ac0e8d65a 100644 --- a/.github/workflows/cli-jobs-basics-hello-pipeline-customize-output-file.yml +++ b/.github/workflows/cli-jobs-basics-hello-pipeline-customize-output-file.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-pipeline-customize-output-file.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-pipeline-customize-output-folder.yml b/.github/workflows/cli-jobs-basics-hello-pipeline-customize-output-folder.yml index 72c482f178a..83410164a9a 100644 --- a/.github/workflows/cli-jobs-basics-hello-pipeline-customize-output-folder.yml +++ b/.github/workflows/cli-jobs-basics-hello-pipeline-customize-output-folder.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-pipeline-customize-output-folder.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-pipeline-default-artifacts.yml b/.github/workflows/cli-jobs-basics-hello-pipeline-default-artifacts.yml index ae593f8e6f5..fcf7a1437b4 100644 --- a/.github/workflows/cli-jobs-basics-hello-pipeline-default-artifacts.yml +++ b/.github/workflows/cli-jobs-basics-hello-pipeline-default-artifacts.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-pipeline-default-artifacts.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-pipeline-io.yml b/.github/workflows/cli-jobs-basics-hello-pipeline-io.yml index 8e8bcd592e2..06738ceadc0 100644 --- a/.github/workflows/cli-jobs-basics-hello-pipeline-io.yml +++ b/.github/workflows/cli-jobs-basics-hello-pipeline-io.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-pipeline-io.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-pipeline-settings.yml b/.github/workflows/cli-jobs-basics-hello-pipeline-settings.yml index 01afc8beffb..ec15b129d58 100644 --- a/.github/workflows/cli-jobs-basics-hello-pipeline-settings.yml +++ b/.github/workflows/cli-jobs-basics-hello-pipeline-settings.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-pipeline-settings.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-pipeline.yml b/.github/workflows/cli-jobs-basics-hello-pipeline.yml index 525f4ced95f..3c63e8fd9a6 100644 --- a/.github/workflows/cli-jobs-basics-hello-pipeline.yml +++ b/.github/workflows/cli-jobs-basics-hello-pipeline.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-pipeline.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-sweep.yml b/.github/workflows/cli-jobs-basics-hello-sweep.yml index e656aab2f84..c19e9abdadc 100644 --- a/.github/workflows/cli-jobs-basics-hello-sweep.yml +++ b/.github/workflows/cli-jobs-basics-hello-sweep.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-sweep.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-world-env-var.yml b/.github/workflows/cli-jobs-basics-hello-world-env-var.yml index 156acc171d4..aa0000b0504 100644 --- a/.github/workflows/cli-jobs-basics-hello-world-env-var.yml +++ b/.github/workflows/cli-jobs-basics-hello-world-env-var.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-world-env-var.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-world-input.yml b/.github/workflows/cli-jobs-basics-hello-world-input.yml index 72fdbcb3144..e298c9e6008 100644 --- a/.github/workflows/cli-jobs-basics-hello-world-input.yml +++ b/.github/workflows/cli-jobs-basics-hello-world-input.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-world-input.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-world-org.yml b/.github/workflows/cli-jobs-basics-hello-world-org.yml index 2afc246cbe1..c8a38974c09 100644 --- a/.github/workflows/cli-jobs-basics-hello-world-org.yml +++ b/.github/workflows/cli-jobs-basics-hello-world-org.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-world-org.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-world-output-data.yml b/.github/workflows/cli-jobs-basics-hello-world-output-data.yml index 6c55a73ead6..25f47ae2754 100644 --- a/.github/workflows/cli-jobs-basics-hello-world-output-data.yml +++ b/.github/workflows/cli-jobs-basics-hello-world-output-data.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-world-output-data.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-world-output.yml b/.github/workflows/cli-jobs-basics-hello-world-output.yml index 11a93b354bc..12e49fa864d 100644 --- a/.github/workflows/cli-jobs-basics-hello-world-output.yml +++ b/.github/workflows/cli-jobs-basics-hello-world-output.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-world-output.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-basics-hello-world.yml b/.github/workflows/cli-jobs-basics-hello-world.yml index d33ce3c603a..79d86c65808 100644 --- a/.github/workflows/cli-jobs-basics-hello-world.yml +++ b/.github/workflows/cli-jobs-basics-hello-world.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-basics-hello-world.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-deepspeed-deepspeed-autotuning-job.yml b/.github/workflows/cli-jobs-deepspeed-deepspeed-autotuning-job.yml index af0c92fc964..f5f9306d43c 100644 --- a/.github/workflows/cli-jobs-deepspeed-deepspeed-autotuning-job.yml +++ b/.github/workflows/cli-jobs-deepspeed-deepspeed-autotuning-job.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-deepspeed-deepspeed-autotuning-job.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-deepspeed-deepspeed-training-job.yml b/.github/workflows/cli-jobs-deepspeed-deepspeed-training-job.yml index ed5d41fb19d..0b913c5919e 100644 --- a/.github/workflows/cli-jobs-deepspeed-deepspeed-training-job.yml +++ b/.github/workflows/cli-jobs-deepspeed-deepspeed-training-job.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-deepspeed-deepspeed-training-job.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-nebulaml-PyTorch_CNN_MNIST-job.yml b/.github/workflows/cli-jobs-nebulaml-PyTorch_CNN_MNIST-job.yml index b788d7eeaef..c12c8d29ac7 100644 --- a/.github/workflows/cli-jobs-nebulaml-PyTorch_CNN_MNIST-job.yml +++ b/.github/workflows/cli-jobs-nebulaml-PyTorch_CNN_MNIST-job.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-nebulaml-PyTorch_CNN_MNIST-job.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-parallel-1a_oj_sales_prediction-pipeline.yml b/.github/workflows/cli-jobs-parallel-1a_oj_sales_prediction-pipeline.yml index 4b65be880cf..140381d9d2c 100644 --- a/.github/workflows/cli-jobs-parallel-1a_oj_sales_prediction-pipeline.yml +++ b/.github/workflows/cli-jobs-parallel-1a_oj_sales_prediction-pipeline.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-parallel-1a_oj_sales_prediction-pipeline.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-parallel-2a_iris_batch_prediction-pipeline.yml b/.github/workflows/cli-jobs-parallel-2a_iris_batch_prediction-pipeline.yml index 29484a0c92f..07f00abc126 100644 --- a/.github/workflows/cli-jobs-parallel-2a_iris_batch_prediction-pipeline.yml +++ b/.github/workflows/cli-jobs-parallel-2a_iris_batch_prediction-pipeline.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-parallel-2a_iris_batch_prediction-pipeline.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-parallel-3a_mnist_batch_identification-pipeline.yml b/.github/workflows/cli-jobs-parallel-3a_mnist_batch_identification-pipeline.yml index 1ad648b464a..a9cc8863c94 100644 --- a/.github/workflows/cli-jobs-parallel-3a_mnist_batch_identification-pipeline.yml +++ b/.github/workflows/cli-jobs-parallel-3a_mnist_batch_identification-pipeline.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-parallel-3a_mnist_batch_identification-pipeline.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-automl-cli-automl-classification-task-bankmarketing-pipeline-pipeline.yml b/.github/workflows/cli-jobs-pipelines-automl-cli-automl-classification-task-bankmarketing-pipeline-pipeline.yml index 01f3a6a7c14..329e0991886 100644 --- a/.github/workflows/cli-jobs-pipelines-automl-cli-automl-classification-task-bankmarketing-pipeline-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-automl-cli-automl-classification-task-bankmarketing-pipeline-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-automl-cli-automl-classification-task-bankmarketing-pipeline-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-automl-cli-automl-forecasting-demand-with-pipeline-components-cli-automl-forecasting-demand-hierarchical-timeseries-hts_evaluation_pipeline.yml b/.github/workflows/cli-jobs-pipelines-automl-cli-automl-forecasting-demand-with-pipeline-components-cli-automl-forecasting-demand-hierarchical-timeseries-hts_evaluation_pipeline.yml index dc2d9ded9f0..60ca14a5fe9 100644 --- a/.github/workflows/cli-jobs-pipelines-automl-cli-automl-forecasting-demand-with-pipeline-components-cli-automl-forecasting-demand-hierarchical-timeseries-hts_evaluation_pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-automl-cli-automl-forecasting-demand-with-pipeline-components-cli-automl-forecasting-demand-hierarchical-timeseries-hts_evaluation_pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-automl-cli-automl-forecasting-demand-with-pipeline-components-cli-automl-forecasting-demand-hierarchical-timeseries-hts_evaluation_pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-automl-cli-automl-forecasting-demand-with-pipeline-components-cli-automl-forecasting-demand-many-models-many_models_evaluation_pipeline.yml b/.github/workflows/cli-jobs-pipelines-automl-cli-automl-forecasting-demand-with-pipeline-components-cli-automl-forecasting-demand-many-models-many_models_evaluation_pipeline.yml index 9bd297f6d3b..640f76b38fc 100644 --- a/.github/workflows/cli-jobs-pipelines-automl-cli-automl-forecasting-demand-with-pipeline-components-cli-automl-forecasting-demand-many-models-many_models_evaluation_pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-automl-cli-automl-forecasting-demand-with-pipeline-components-cli-automl-forecasting-demand-many-models-many_models_evaluation_pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-automl-cli-automl-forecasting-demand-with-pipeline-components-cli-automl-forecasting-demand-many-models-many_models_evaluation_pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-automl-cli-automl-regression-housepricing-pipeline-pipeline.yml b/.github/workflows/cli-jobs-pipelines-automl-cli-automl-regression-housepricing-pipeline-pipeline.yml index 417fefdc552..594af22b2d5 100644 --- a/.github/workflows/cli-jobs-pipelines-automl-cli-automl-regression-housepricing-pipeline-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-automl-cli-automl-regression-housepricing-pipeline-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-automl-cli-automl-regression-housepricing-pipeline-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-automl-cli-automl-text-classification-multilabel-paper-categorization-pipeline-pipeline.yml b/.github/workflows/cli-jobs-pipelines-automl-cli-automl-text-classification-multilabel-paper-categorization-pipeline-pipeline.yml index aa606e2e812..9a479b71579 100644 --- a/.github/workflows/cli-jobs-pipelines-automl-cli-automl-text-classification-multilabel-paper-categorization-pipeline-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-automl-cli-automl-text-classification-multilabel-paper-categorization-pipeline-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-automl-cli-automl-text-classification-multilabel-paper-categorization-pipeline-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-automl-cli-automl-text-classification-newsgroup-pipeline-pipeline.yml b/.github/workflows/cli-jobs-pipelines-automl-cli-automl-text-classification-newsgroup-pipeline-pipeline.yml index e591ceffba2..7ebac986649 100644 --- a/.github/workflows/cli-jobs-pipelines-automl-cli-automl-text-classification-newsgroup-pipeline-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-automl-cli-automl-text-classification-newsgroup-pipeline-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-automl-cli-automl-text-classification-newsgroup-pipeline-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-automl-cli-automl-text-ner-conll-pipeline-pipeline.yml b/.github/workflows/cli-jobs-pipelines-automl-cli-automl-text-ner-conll-pipeline-pipeline.yml index 27f94951fe2..533d77fc6f7 100644 --- a/.github/workflows/cli-jobs-pipelines-automl-cli-automl-text-ner-conll-pipeline-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-automl-cli-automl-text-ner-conll-pipeline-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-automl-cli-automl-text-ner-conll-pipeline-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-automl-forecasting-energy-demand-pipeline-pipeline.yml b/.github/workflows/cli-jobs-pipelines-automl-forecasting-energy-demand-pipeline-pipeline.yml index 1dc3821cf3d..4aca130e173 100644 --- a/.github/workflows/cli-jobs-pipelines-automl-forecasting-energy-demand-pipeline-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-automl-forecasting-energy-demand-pipeline-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-automl-forecasting-energy-demand-pipeline-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-automl-image-instance-segmentation-task-fridge-items-pipeline-pipeline.yml b/.github/workflows/cli-jobs-pipelines-automl-image-instance-segmentation-task-fridge-items-pipeline-pipeline.yml index ff159cca3d3..66730488e60 100644 --- a/.github/workflows/cli-jobs-pipelines-automl-image-instance-segmentation-task-fridge-items-pipeline-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-automl-image-instance-segmentation-task-fridge-items-pipeline-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-automl-image-instance-segmentation-task-fridge-items-pipeline-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-automl-image-multiclass-classification-fridge-items-pipeline-pipeline.yml b/.github/workflows/cli-jobs-pipelines-automl-image-multiclass-classification-fridge-items-pipeline-pipeline.yml index d443274d3f1..6727082dd25 100644 --- a/.github/workflows/cli-jobs-pipelines-automl-image-multiclass-classification-fridge-items-pipeline-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-automl-image-multiclass-classification-fridge-items-pipeline-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-automl-image-multiclass-classification-fridge-items-pipeline-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-automl-image-multilabel-classification-fridge-items-pipeline-pipeline.yml b/.github/workflows/cli-jobs-pipelines-automl-image-multilabel-classification-fridge-items-pipeline-pipeline.yml index 4f95e959c91..4d4438a6b31 100644 --- a/.github/workflows/cli-jobs-pipelines-automl-image-multilabel-classification-fridge-items-pipeline-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-automl-image-multilabel-classification-fridge-items-pipeline-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-automl-image-multilabel-classification-fridge-items-pipeline-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-automl-image-object-detection-task-fridge-items-pipeline-pipeline.yml b/.github/workflows/cli-jobs-pipelines-automl-image-object-detection-task-fridge-items-pipeline-pipeline.yml index ff620c354fe..6b9fabf3940 100644 --- a/.github/workflows/cli-jobs-pipelines-automl-image-object-detection-task-fridge-items-pipeline-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-automl-image-object-detection-task-fridge-items-pipeline-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-automl-image-object-detection-task-fridge-items-pipeline-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-cifar-10-pipeline.yml b/.github/workflows/cli-jobs-pipelines-cifar-10-pipeline.yml index 8a60b0d5719..ff7484f376a 100644 --- a/.github/workflows/cli-jobs-pipelines-cifar-10-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-cifar-10-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-cifar-10-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-iris-batch-prediction-using-parallel-pipeline.yml b/.github/workflows/cli-jobs-pipelines-iris-batch-prediction-using-parallel-pipeline.yml index 57cc5d2287e..2ad8f2e4aec 100644 --- a/.github/workflows/cli-jobs-pipelines-iris-batch-prediction-using-parallel-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-iris-batch-prediction-using-parallel-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-iris-batch-prediction-using-parallel-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-mnist-batch-identification-using-parallel-pipeline.yml b/.github/workflows/cli-jobs-pipelines-mnist-batch-identification-using-parallel-pipeline.yml index d70f4ae4c5c..025b54fc576 100644 --- a/.github/workflows/cli-jobs-pipelines-mnist-batch-identification-using-parallel-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-mnist-batch-identification-using-parallel-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-mnist-batch-identification-using-parallel-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-nyc-taxi-pipeline.yml b/.github/workflows/cli-jobs-pipelines-nyc-taxi-pipeline.yml index 53b086f9d11..4b65252d2a4 100644 --- a/.github/workflows/cli-jobs-pipelines-nyc-taxi-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-nyc-taxi-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-nyc-taxi-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-tensorflow-image-segmentation-pipeline.yml b/.github/workflows/cli-jobs-pipelines-tensorflow-image-segmentation-pipeline.yml index 3993eebc293..6df4502abce 100644 --- a/.github/workflows/cli-jobs-pipelines-tensorflow-image-segmentation-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-tensorflow-image-segmentation-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-tensorflow-image-segmentation-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-1a_e2e_local_components-pipeline-registry.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-1a_e2e_local_components-pipeline-registry.yml index 318b14b952f..f613d9f8584 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-1a_e2e_local_components-pipeline-registry.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-1a_e2e_local_components-pipeline-registry.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-1a_e2e_local_components-pipeline-registry.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-1a_e2e_local_components-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-1a_e2e_local_components-pipeline.yml index ffcaec76951..36ea8dde6d9 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-1a_e2e_local_components-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-1a_e2e_local_components-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-1a_e2e_local_components-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-1b_e2e_registered_components-pipeline-registry.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-1b_e2e_registered_components-pipeline-registry.yml index 18ed513e0f4..d8b04553d80 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-1b_e2e_registered_components-pipeline-registry.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-1b_e2e_registered_components-pipeline-registry.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-1b_e2e_registered_components-pipeline-registry.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-1b_e2e_registered_components-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-1b_e2e_registered_components-pipeline.yml index 8797c35b744..e89fdf8db09 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-1b_e2e_registered_components-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-1b_e2e_registered_components-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-1b_e2e_registered_components-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-2a_basic_component-pipeline-registry.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-2a_basic_component-pipeline-registry.yml index ce9c33c4d02..3fad454dc51 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-2a_basic_component-pipeline-registry.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-2a_basic_component-pipeline-registry.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-2a_basic_component-pipeline-registry.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-2a_basic_component-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-2a_basic_component-pipeline.yml index 34256fc6b3d..be2255bd251 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-2a_basic_component-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-2a_basic_component-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-2a_basic_component-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-2b_component_with_input_output-pipeline-registry.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-2b_component_with_input_output-pipeline-registry.yml index 37a7af58c57..1e4694b78d4 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-2b_component_with_input_output-pipeline-registry.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-2b_component_with_input_output-pipeline-registry.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-2b_component_with_input_output-pipeline-registry.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-2b_component_with_input_output-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-2b_component_with_input_output-pipeline.yml index 6a990564be7..de5630794bc 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-2b_component_with_input_output-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-2b_component_with_input_output-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-2b_component_with_input_output-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-3a_basic_pipeline-pipeline-registry.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-3a_basic_pipeline-pipeline-registry.yml index c08ca13b831..8be6dbac52a 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-3a_basic_pipeline-pipeline-registry.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-3a_basic_pipeline-pipeline-registry.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-3a_basic_pipeline-pipeline-registry.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-3a_basic_pipeline-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-3a_basic_pipeline-pipeline.yml index 064bc8522b4..230005286e1 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-3a_basic_pipeline-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-3a_basic_pipeline-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-3a_basic_pipeline-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-3b_pipeline_with_data-pipeline-registry.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-3b_pipeline_with_data-pipeline-registry.yml index a9f5093d966..87cccccb5b5 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-3b_pipeline_with_data-pipeline-registry.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-3b_pipeline_with_data-pipeline-registry.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-3b_pipeline_with_data-pipeline-registry.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-3b_pipeline_with_data-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-3b_pipeline_with_data-pipeline.yml index eeb2e17c815..f5724a85f86 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-3b_pipeline_with_data-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-3b_pipeline_with_data-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-3b_pipeline_with_data-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-4a_local_data_input-pipeline-registry.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-4a_local_data_input-pipeline-registry.yml index 85235dbfa3a..7446005c18b 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-4a_local_data_input-pipeline-registry.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-4a_local_data_input-pipeline-registry.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-4a_local_data_input-pipeline-registry.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-4a_local_data_input-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-4a_local_data_input-pipeline.yml index 73f8fae9c03..f04cc6e6ec3 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-4a_local_data_input-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-4a_local_data_input-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-4a_local_data_input-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-4b_datastore_datapath_uri-pipeline-registry.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-4b_datastore_datapath_uri-pipeline-registry.yml index 54670763599..da75c42753d 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-4b_datastore_datapath_uri-pipeline-registry.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-4b_datastore_datapath_uri-pipeline-registry.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-4b_datastore_datapath_uri-pipeline-registry.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-4b_datastore_datapath_uri-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-4b_datastore_datapath_uri-pipeline.yml index 023a297777b..ec6dbb81c0a 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-4b_datastore_datapath_uri-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-4b_datastore_datapath_uri-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-4b_datastore_datapath_uri-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-4c_web_url_input-pipeline-registry.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-4c_web_url_input-pipeline-registry.yml index 7b60f9b3282..383879b0326 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-4c_web_url_input-pipeline-registry.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-4c_web_url_input-pipeline-registry.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-4c_web_url_input-pipeline-registry.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-4c_web_url_input-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-4c_web_url_input-pipeline.yml index c387e8aeafa..dae7dd14a6c 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-4c_web_url_input-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-4c_web_url_input-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-4c_web_url_input-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-4d_data_input-pipeline-registry.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-4d_data_input-pipeline-registry.yml index 6b5a47e0d25..6f4526a55eb 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-4d_data_input-pipeline-registry.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-4d_data_input-pipeline-registry.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-4d_data_input-pipeline-registry.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-4d_data_input-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-4d_data_input-pipeline.yml index 7eaa99cf813..15d342eb642 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-4d_data_input-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-4d_data_input-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-4d_data_input-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-5a_env_public_docker_image-pipeline-registry.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-5a_env_public_docker_image-pipeline-registry.yml index 9ecd7862e25..f5a641933da 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-5a_env_public_docker_image-pipeline-registry.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-5a_env_public_docker_image-pipeline-registry.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-5a_env_public_docker_image-pipeline-registry.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-5a_env_public_docker_image-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-5a_env_public_docker_image-pipeline.yml index 49a9ceb0bf1..e045a158a07 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-5a_env_public_docker_image-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-5a_env_public_docker_image-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-5a_env_public_docker_image-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-5b_env_registered-pipeline-registry.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-5b_env_registered-pipeline-registry.yml index da294a6ca78..28470da7c60 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-5b_env_registered-pipeline-registry.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-5b_env_registered-pipeline-registry.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-5b_env_registered-pipeline-registry.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-5b_env_registered-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-5b_env_registered-pipeline.yml index 8691df29025..355bd7d2309 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-5b_env_registered-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-5b_env_registered-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-5b_env_registered-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-5c_env_conda_file-pipeline-registry.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-5c_env_conda_file-pipeline-registry.yml index d52346f81d9..ccc3900c7d6 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-5c_env_conda_file-pipeline-registry.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-5c_env_conda_file-pipeline-registry.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-5c_env_conda_file-pipeline-registry.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-5c_env_conda_file-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-5c_env_conda_file-pipeline.yml index d5fab2fdffc..b0eb2540285 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-5c_env_conda_file-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-5c_env_conda_file-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-5c_env_conda_file-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-6a_tf_hello_world-pipeline-registry.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-6a_tf_hello_world-pipeline-registry.yml index 4263e0d98f9..f2f5842ccbc 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-6a_tf_hello_world-pipeline-registry.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-6a_tf_hello_world-pipeline-registry.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-6a_tf_hello_world-pipeline-registry.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-6a_tf_hello_world-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-6a_tf_hello_world-pipeline.yml index 073151c002d..c892179fdd7 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-6a_tf_hello_world-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-6a_tf_hello_world-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-6a_tf_hello_world-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-6b_pytorch_hello_world-pipeline-registry.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-6b_pytorch_hello_world-pipeline-registry.yml index 1fc23a383ae..add0e0d5bad 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-6b_pytorch_hello_world-pipeline-registry.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-6b_pytorch_hello_world-pipeline-registry.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-6b_pytorch_hello_world-pipeline-registry.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-6b_pytorch_hello_world-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-6b_pytorch_hello_world-pipeline.yml index a5e19d4d266..401f98e22cf 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-6b_pytorch_hello_world-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-6b_pytorch_hello_world-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-6b_pytorch_hello_world-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-6c_r_iris-pipeline-registry.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-6c_r_iris-pipeline-registry.yml index 6ba015d075b..886602b298a 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-6c_r_iris-pipeline-registry.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-6c_r_iris-pipeline-registry.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-6c_r_iris-pipeline-registry.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-basics-6c_r_iris-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-basics-6c_r_iris-pipeline.yml index c952c35c2af..37eeec3f2bf 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-basics-6c_r_iris-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-basics-6c_r_iris-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-basics-6c_r_iris-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-image_classification_with_densenet-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-image_classification_with_densenet-pipeline.yml index 1a51c7ac73b..7c81e09c296 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-image_classification_with_densenet-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-image_classification_with_densenet-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-image_classification_with_densenet-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-nyc_taxi_data_regression-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-nyc_taxi_data_regression-pipeline.yml index 0e849e83b1b..de9d62578b6 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-nyc_taxi_data_regression-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-nyc_taxi_data_regression-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-nyc_taxi_data_regression-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-nyc_taxi_data_regression-single-job-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-nyc_taxi_data_regression-single-job-pipeline.yml index dc4c2423877..5642900c0e0 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-nyc_taxi_data_regression-single-job-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-nyc_taxi_data_regression-single-job-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-nyc_taxi_data_regression-single-job-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-pipeline_job_with_flow_as_component-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-pipeline_job_with_flow_as_component-pipeline.yml index 68b9f9ba4c4..d014f255e39 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-pipeline_job_with_flow_as_component-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-pipeline_job_with_flow_as_component-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-pipeline_job_with_flow_as_component-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-pipeline_with_hyperparameter_sweep-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-pipeline_with_hyperparameter_sweep-pipeline.yml index 88523c5e7e3..3d753f1e577 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-pipeline_with_hyperparameter_sweep-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-pipeline_with_hyperparameter_sweep-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-pipeline_with_hyperparameter_sweep-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-pipeline_with_pipeline_component-nyc_taxi_data_regression_with_pipeline_component-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-pipeline_with_pipeline_component-nyc_taxi_data_regression_with_pipeline_component-pipeline.yml index a41ed46c7bf..01136b6e0b9 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-pipeline_with_pipeline_component-nyc_taxi_data_regression_with_pipeline_component-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-pipeline_with_pipeline_component-nyc_taxi_data_regression_with_pipeline_component-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-pipeline_with_pipeline_component-nyc_taxi_data_regression_with_pipeline_component-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-pipelines-with-components-pipeline_with_pipeline_component-pipeline_with_train_eval_pipeline_component-pipeline.yml b/.github/workflows/cli-jobs-pipelines-with-components-pipeline_with_pipeline_component-pipeline_with_train_eval_pipeline_component-pipeline.yml index 1c4fb95c039..9e352e67845 100644 --- a/.github/workflows/cli-jobs-pipelines-with-components-pipeline_with_pipeline_component-pipeline_with_train_eval_pipeline_component-pipeline.yml +++ b/.github/workflows/cli-jobs-pipelines-with-components-pipeline_with_pipeline_component-pipeline_with_train_eval_pipeline_component-pipeline.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-pipelines-with-components-pipeline_with_pipeline_component-pipeline_with_train_eval_pipeline_component-pipeline.yml - cli/run-pipeline-jobs.sh - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-single-step-dask-nyctaxi-job.yml b/.github/workflows/cli-jobs-single-step-dask-nyctaxi-job.yml index 7865007dffb..efbb381e20e 100644 --- a/.github/workflows/cli-jobs-single-step-dask-nyctaxi-job.yml +++ b/.github/workflows/cli-jobs-single-step-dask-nyctaxi-job.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-single-step-dask-nyctaxi-job.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-single-step-gpu_perf-gpu_perf_job.yml b/.github/workflows/cli-jobs-single-step-gpu_perf-gpu_perf_job.yml index 3c9a1d9e4a8..40a0098f53f 100644 --- a/.github/workflows/cli-jobs-single-step-gpu_perf-gpu_perf_job.yml +++ b/.github/workflows/cli-jobs-single-step-gpu_perf-gpu_perf_job.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-single-step-gpu_perf-gpu_perf_job.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-single-step-julia-iris-job.yml b/.github/workflows/cli-jobs-single-step-julia-iris-job.yml index 9fabf471362..64f42c15d31 100644 --- a/.github/workflows/cli-jobs-single-step-julia-iris-job.yml +++ b/.github/workflows/cli-jobs-single-step-julia-iris-job.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-single-step-julia-iris-job.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-single-step-lightgbm-iris-job-sweep.yml b/.github/workflows/cli-jobs-single-step-lightgbm-iris-job-sweep.yml index 433680d285a..cbc6eb1ea10 100644 --- a/.github/workflows/cli-jobs-single-step-lightgbm-iris-job-sweep.yml +++ b/.github/workflows/cli-jobs-single-step-lightgbm-iris-job-sweep.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-single-step-lightgbm-iris-job-sweep.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-single-step-lightgbm-iris-job.yml b/.github/workflows/cli-jobs-single-step-lightgbm-iris-job.yml index 99902335492..a170af398f4 100644 --- a/.github/workflows/cli-jobs-single-step-lightgbm-iris-job.yml +++ b/.github/workflows/cli-jobs-single-step-lightgbm-iris-job.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-single-step-lightgbm-iris-job.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-single-step-pytorch-cifar-distributed-job.yml b/.github/workflows/cli-jobs-single-step-pytorch-cifar-distributed-job.yml index 1137f1ce5bb..636a109ac08 100644 --- a/.github/workflows/cli-jobs-single-step-pytorch-cifar-distributed-job.yml +++ b/.github/workflows/cli-jobs-single-step-pytorch-cifar-distributed-job.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-single-step-pytorch-cifar-distributed-job.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-single-step-pytorch-iris-job.yml b/.github/workflows/cli-jobs-single-step-pytorch-iris-job.yml index 43c2cfaa6d2..4d75bd7830a 100644 --- a/.github/workflows/cli-jobs-single-step-pytorch-iris-job.yml +++ b/.github/workflows/cli-jobs-single-step-pytorch-iris-job.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-single-step-pytorch-iris-job.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-single-step-pytorch-word-language-model-job.yml b/.github/workflows/cli-jobs-single-step-pytorch-word-language-model-job.yml index 75f802bc7bd..c2aedf74fce 100644 --- a/.github/workflows/cli-jobs-single-step-pytorch-word-language-model-job.yml +++ b/.github/workflows/cli-jobs-single-step-pytorch-word-language-model-job.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-single-step-pytorch-word-language-model-job.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-single-step-r-accidents-job.yml b/.github/workflows/cli-jobs-single-step-r-accidents-job.yml index a7caed55bf3..0bfcbc144f1 100644 --- a/.github/workflows/cli-jobs-single-step-r-accidents-job.yml +++ b/.github/workflows/cli-jobs-single-step-r-accidents-job.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-single-step-r-accidents-job.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-single-step-r-iris-job.yml b/.github/workflows/cli-jobs-single-step-r-iris-job.yml index ca0aca0eb93..0af7d40d9c5 100644 --- a/.github/workflows/cli-jobs-single-step-r-iris-job.yml +++ b/.github/workflows/cli-jobs-single-step-r-iris-job.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-single-step-r-iris-job.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-single-step-scikit-learn-diabetes-job.yml b/.github/workflows/cli-jobs-single-step-scikit-learn-diabetes-job.yml index d525a88046f..d27fd6c5fad 100644 --- a/.github/workflows/cli-jobs-single-step-scikit-learn-diabetes-job.yml +++ b/.github/workflows/cli-jobs-single-step-scikit-learn-diabetes-job.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-single-step-scikit-learn-diabetes-job.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-single-step-scikit-learn-iris-job-docker-context.yml b/.github/workflows/cli-jobs-single-step-scikit-learn-iris-job-docker-context.yml index b39657fe5cf..1622ca2fdac 100644 --- a/.github/workflows/cli-jobs-single-step-scikit-learn-iris-job-docker-context.yml +++ b/.github/workflows/cli-jobs-single-step-scikit-learn-iris-job-docker-context.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-single-step-scikit-learn-iris-job-docker-context.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-single-step-scikit-learn-iris-job-sweep.yml b/.github/workflows/cli-jobs-single-step-scikit-learn-iris-job-sweep.yml index ff2804f3cec..48c3d812475 100644 --- a/.github/workflows/cli-jobs-single-step-scikit-learn-iris-job-sweep.yml +++ b/.github/workflows/cli-jobs-single-step-scikit-learn-iris-job-sweep.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-single-step-scikit-learn-iris-job-sweep.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-single-step-scikit-learn-iris-job.yml b/.github/workflows/cli-jobs-single-step-scikit-learn-iris-job.yml index de60e8c66b6..feafb4a1265 100644 --- a/.github/workflows/cli-jobs-single-step-scikit-learn-iris-job.yml +++ b/.github/workflows/cli-jobs-single-step-scikit-learn-iris-job.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-single-step-scikit-learn-iris-job.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-single-step-scikit-learn-iris-notebook-job.yml b/.github/workflows/cli-jobs-single-step-scikit-learn-iris-notebook-job.yml index 7e9d0502f86..6af524eb504 100644 --- a/.github/workflows/cli-jobs-single-step-scikit-learn-iris-notebook-job.yml +++ b/.github/workflows/cli-jobs-single-step-scikit-learn-iris-notebook-job.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-single-step-scikit-learn-iris-notebook-job.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-single-step-tensorflow-mnist-distributed-horovod-job.yml b/.github/workflows/cli-jobs-single-step-tensorflow-mnist-distributed-horovod-job.yml index a8790f3c7cf..77655facc61 100644 --- a/.github/workflows/cli-jobs-single-step-tensorflow-mnist-distributed-horovod-job.yml +++ b/.github/workflows/cli-jobs-single-step-tensorflow-mnist-distributed-horovod-job.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-single-step-tensorflow-mnist-distributed-horovod-job.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-single-step-tensorflow-mnist-distributed-job.yml b/.github/workflows/cli-jobs-single-step-tensorflow-mnist-distributed-job.yml index fa499826ff0..89ba5c94518 100644 --- a/.github/workflows/cli-jobs-single-step-tensorflow-mnist-distributed-job.yml +++ b/.github/workflows/cli-jobs-single-step-tensorflow-mnist-distributed-job.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-single-step-tensorflow-mnist-distributed-job.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-single-step-tensorflow-mnist-job.yml b/.github/workflows/cli-jobs-single-step-tensorflow-mnist-job.yml index 4fc687a97f4..be5b0492523 100644 --- a/.github/workflows/cli-jobs-single-step-tensorflow-mnist-job.yml +++ b/.github/workflows/cli-jobs-single-step-tensorflow-mnist-job.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-jobs-single-step-tensorflow-mnist-job.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-spark-attached-spark-pipeline-default-identity.yml b/.github/workflows/cli-jobs-spark-attached-spark-pipeline-default-identity.yml index e3e87f383d2..d1bfc3cca94 100644 --- a/.github/workflows/cli-jobs-spark-attached-spark-pipeline-default-identity.yml +++ b/.github/workflows/cli-jobs-spark-attached-spark-pipeline-default-identity.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-spark-attached-spark-pipeline-default-identity.yml - cli/jobs/spark/data/titanic.csv - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-spark-attached-spark-pipeline-managed-identity.yml b/.github/workflows/cli-jobs-spark-attached-spark-pipeline-managed-identity.yml index 9acc36c8f43..842b9bb2003 100644 --- a/.github/workflows/cli-jobs-spark-attached-spark-pipeline-managed-identity.yml +++ b/.github/workflows/cli-jobs-spark-attached-spark-pipeline-managed-identity.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-spark-attached-spark-pipeline-managed-identity.yml - cli/jobs/spark/data/titanic.csv - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-spark-attached-spark-pipeline-user-identity.yml b/.github/workflows/cli-jobs-spark-attached-spark-pipeline-user-identity.yml index 20ec8b611c8..44f5a2e20f5 100644 --- a/.github/workflows/cli-jobs-spark-attached-spark-pipeline-user-identity.yml +++ b/.github/workflows/cli-jobs-spark-attached-spark-pipeline-user-identity.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-spark-attached-spark-pipeline-user-identity.yml - cli/jobs/spark/data/titanic.csv - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-spark-attached-spark-standalone-default-identity.yml b/.github/workflows/cli-jobs-spark-attached-spark-standalone-default-identity.yml index 8d0ef42b7a1..375c69b7932 100644 --- a/.github/workflows/cli-jobs-spark-attached-spark-standalone-default-identity.yml +++ b/.github/workflows/cli-jobs-spark-attached-spark-standalone-default-identity.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-spark-attached-spark-standalone-default-identity.yml - cli/jobs/spark/data/titanic.csv - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-spark-attached-spark-standalone-managed-identity.yml b/.github/workflows/cli-jobs-spark-attached-spark-standalone-managed-identity.yml index c2ccc731e63..abc6bdd0bb6 100644 --- a/.github/workflows/cli-jobs-spark-attached-spark-standalone-managed-identity.yml +++ b/.github/workflows/cli-jobs-spark-attached-spark-standalone-managed-identity.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-spark-attached-spark-standalone-managed-identity.yml - cli/jobs/spark/data/titanic.csv - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-spark-attached-spark-standalone-user-identity.yml b/.github/workflows/cli-jobs-spark-attached-spark-standalone-user-identity.yml index 0db5cac89f6..2093de1f501 100644 --- a/.github/workflows/cli-jobs-spark-attached-spark-standalone-user-identity.yml +++ b/.github/workflows/cli-jobs-spark-attached-spark-standalone-user-identity.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-spark-attached-spark-standalone-user-identity.yml - cli/jobs/spark/data/titanic.csv - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-spark-serverless-spark-pipeline-default-identity.yml b/.github/workflows/cli-jobs-spark-serverless-spark-pipeline-default-identity.yml index 39e8d4383d1..67429d3bb30 100644 --- a/.github/workflows/cli-jobs-spark-serverless-spark-pipeline-default-identity.yml +++ b/.github/workflows/cli-jobs-spark-serverless-spark-pipeline-default-identity.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-spark-serverless-spark-pipeline-default-identity.yml - cli/jobs/spark/data/titanic.csv - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-spark-serverless-spark-pipeline-managed-identity.yml b/.github/workflows/cli-jobs-spark-serverless-spark-pipeline-managed-identity.yml index 9d7374d6673..1bd6ca58ba7 100644 --- a/.github/workflows/cli-jobs-spark-serverless-spark-pipeline-managed-identity.yml +++ b/.github/workflows/cli-jobs-spark-serverless-spark-pipeline-managed-identity.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-spark-serverless-spark-pipeline-managed-identity.yml - cli/jobs/spark/data/titanic.csv - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-spark-serverless-spark-pipeline-user-identity.yml b/.github/workflows/cli-jobs-spark-serverless-spark-pipeline-user-identity.yml index 3e5ea3bd26e..627a2a1fd9c 100644 --- a/.github/workflows/cli-jobs-spark-serverless-spark-pipeline-user-identity.yml +++ b/.github/workflows/cli-jobs-spark-serverless-spark-pipeline-user-identity.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-spark-serverless-spark-pipeline-user-identity.yml - cli/jobs/spark/data/titanic.csv - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-spark-serverless-spark-standalone-default-identity.yml b/.github/workflows/cli-jobs-spark-serverless-spark-standalone-default-identity.yml index 0d20822b907..0c9f6014d6a 100644 --- a/.github/workflows/cli-jobs-spark-serverless-spark-standalone-default-identity.yml +++ b/.github/workflows/cli-jobs-spark-serverless-spark-standalone-default-identity.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-spark-serverless-spark-standalone-default-identity.yml - cli/jobs/spark/data/titanic.csv - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-spark-serverless-spark-standalone-managed-identity.yml b/.github/workflows/cli-jobs-spark-serverless-spark-standalone-managed-identity.yml index 9a607113aac..cea5fead6ee 100644 --- a/.github/workflows/cli-jobs-spark-serverless-spark-standalone-managed-identity.yml +++ b/.github/workflows/cli-jobs-spark-serverless-spark-standalone-managed-identity.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-spark-serverless-spark-standalone-managed-identity.yml - cli/jobs/spark/data/titanic.csv - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-jobs-spark-serverless-spark-standalone-user-identity.yml b/.github/workflows/cli-jobs-spark-serverless-spark-standalone-user-identity.yml index ed8622abe1c..e3b5dcdac14 100644 --- a/.github/workflows/cli-jobs-spark-serverless-spark-standalone-user-identity.yml +++ b/.github/workflows/cli-jobs-spark-serverless-spark-standalone-user-identity.yml @@ -17,6 +17,8 @@ on: - .github/workflows/cli-jobs-spark-serverless-spark-standalone-user-identity.yml - cli/jobs/spark/data/titanic.csv - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -29,7 +31,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-resources-compute-cluster-basic.yml b/.github/workflows/cli-resources-compute-cluster-basic.yml index 651fd92afd0..be7fcbd796c 100644 --- a/.github/workflows/cli-resources-compute-cluster-basic.yml +++ b/.github/workflows/cli-resources-compute-cluster-basic.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-resources-compute-cluster-basic.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-resources-compute-cluster-location.yml b/.github/workflows/cli-resources-compute-cluster-location.yml index 23e8d007587..c250048979f 100644 --- a/.github/workflows/cli-resources-compute-cluster-location.yml +++ b/.github/workflows/cli-resources-compute-cluster-location.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-resources-compute-cluster-location.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-resources-compute-cluster-low-priority.yml b/.github/workflows/cli-resources-compute-cluster-low-priority.yml index f74641c9740..9a461d5f68b 100644 --- a/.github/workflows/cli-resources-compute-cluster-low-priority.yml +++ b/.github/workflows/cli-resources-compute-cluster-low-priority.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-resources-compute-cluster-low-priority.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-resources-compute-cluster-minimal.yml b/.github/workflows/cli-resources-compute-cluster-minimal.yml index 0dae8f14700..db536341409 100644 --- a/.github/workflows/cli-resources-compute-cluster-minimal.yml +++ b/.github/workflows/cli-resources-compute-cluster-minimal.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-resources-compute-cluster-minimal.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-resources-compute-cluster-ssh-password.yml b/.github/workflows/cli-resources-compute-cluster-ssh-password.yml index 4a582756f4a..171818f2829 100644 --- a/.github/workflows/cli-resources-compute-cluster-ssh-password.yml +++ b/.github/workflows/cli-resources-compute-cluster-ssh-password.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-resources-compute-cluster-ssh-password.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-resources-compute-cluster-system-identity.yml b/.github/workflows/cli-resources-compute-cluster-system-identity.yml index 7349eb1509b..05c991c4715 100644 --- a/.github/workflows/cli-resources-compute-cluster-system-identity.yml +++ b/.github/workflows/cli-resources-compute-cluster-system-identity.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-resources-compute-cluster-system-identity.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-responsible-ai-cli-responsibleaidashboard-housing-classification-cli-responsibleaidashboard-housing-classification.yml b/.github/workflows/cli-responsible-ai-cli-responsibleaidashboard-housing-classification-cli-responsibleaidashboard-housing-classification.yml index 1b0162d3122..37da0ff6eef 100644 --- a/.github/workflows/cli-responsible-ai-cli-responsibleaidashboard-housing-classification-cli-responsibleaidashboard-housing-classification.yml +++ b/.github/workflows/cli-responsible-ai-cli-responsibleaidashboard-housing-classification-cli-responsibleaidashboard-housing-classification.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-responsible-ai-cli-responsibleaidashboard-housing-classification-cli-responsibleaidashboard-housing-classification.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-responsible-ai-cli-responsibleaidashboard-programmer-regression-cli-responsibleaidashboard-programmer-regression.yml b/.github/workflows/cli-responsible-ai-cli-responsibleaidashboard-programmer-regression-cli-responsibleaidashboard-programmer-regression.yml index 237838ddfa3..01578c166c9 100644 --- a/.github/workflows/cli-responsible-ai-cli-responsibleaidashboard-programmer-regression-cli-responsibleaidashboard-programmer-regression.yml +++ b/.github/workflows/cli-responsible-ai-cli-responsibleaidashboard-programmer-regression-cli-responsibleaidashboard-programmer-regression.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-responsible-ai-cli-responsibleaidashboard-programmer-regression-cli-responsibleaidashboard-programmer-regression.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/cli-schedules-schedules-cron-job-schedule.yml b/.github/workflows/cli-schedules-schedules-cron-job-schedule.yml index 5ecd9ed2cdf..70b585603e4 100644 --- a/.github/workflows/cli-schedules-schedules-cron-job-schedule.yml +++ b/.github/workflows/cli-schedules-schedules-cron-job-schedule.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-schedules-schedules-cron-job-schedule.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-schedules-schedules-cron-with-settings-job-schedule.yml b/.github/workflows/cli-schedules-schedules-cron-with-settings-job-schedule.yml index 266ae7da62d..eb989a256e6 100644 --- a/.github/workflows/cli-schedules-schedules-cron-with-settings-job-schedule.yml +++ b/.github/workflows/cli-schedules-schedules-cron-with-settings-job-schedule.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-schedules-schedules-cron-with-settings-job-schedule.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-schedules-schedules-recurrence-job-schedule.yml b/.github/workflows/cli-schedules-schedules-recurrence-job-schedule.yml index 350b6739bd1..a89ede98571 100644 --- a/.github/workflows/cli-schedules-schedules-recurrence-job-schedule.yml +++ b/.github/workflows/cli-schedules-schedules-recurrence-job-schedule.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-schedules-schedules-recurrence-job-schedule.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-batch-score-rest.yml b/.github/workflows/cli-scripts-batch-score-rest.yml index a29366de0cd..17ba73ca69e 100644 --- a/.github/workflows/cli-scripts-batch-score-rest.yml +++ b/.github/workflows/cli-scripts-batch-score-rest.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-batch-score-rest.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-batch-score.yml b/.github/workflows/cli-scripts-batch-score.yml index 02ad643e03a..3822f1f964e 100644 --- a/.github/workflows/cli-scripts-batch-score.yml +++ b/.github/workflows/cli-scripts-batch-score.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-batch-score.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-custom-container-minimal-multimodel.yml b/.github/workflows/cli-scripts-deploy-custom-container-minimal-multimodel.yml index a14bdbc3cc1..5b6b9d8a2ff 100644 --- a/.github/workflows/cli-scripts-deploy-custom-container-minimal-multimodel.yml +++ b/.github/workflows/cli-scripts-deploy-custom-container-minimal-multimodel.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-custom-container-minimal-multimodel.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-custom-container-minimal-single-model.yml b/.github/workflows/cli-scripts-deploy-custom-container-minimal-single-model.yml index 7ee7acd818b..38283060fd2 100644 --- a/.github/workflows/cli-scripts-deploy-custom-container-minimal-single-model.yml +++ b/.github/workflows/cli-scripts-deploy-custom-container-minimal-single-model.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-custom-container-minimal-single-model.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-custom-container-mlflow-multideployment-scikit.yml b/.github/workflows/cli-scripts-deploy-custom-container-mlflow-multideployment-scikit.yml index 24169c7961b..4bc2889dddf 100644 --- a/.github/workflows/cli-scripts-deploy-custom-container-mlflow-multideployment-scikit.yml +++ b/.github/workflows/cli-scripts-deploy-custom-container-mlflow-multideployment-scikit.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-custom-container-mlflow-multideployment-scikit.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-custom-container-r-multimodel-plumber.yml b/.github/workflows/cli-scripts-deploy-custom-container-r-multimodel-plumber.yml index c3e83b280a6..778f28e55ee 100644 --- a/.github/workflows/cli-scripts-deploy-custom-container-r-multimodel-plumber.yml +++ b/.github/workflows/cli-scripts-deploy-custom-container-r-multimodel-plumber.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-custom-container-r-multimodel-plumber.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-custom-container-tfserving-half-plus-two-integrated.yml b/.github/workflows/cli-scripts-deploy-custom-container-tfserving-half-plus-two-integrated.yml index 0c97c67eb5a..e830681592a 100644 --- a/.github/workflows/cli-scripts-deploy-custom-container-tfserving-half-plus-two-integrated.yml +++ b/.github/workflows/cli-scripts-deploy-custom-container-tfserving-half-plus-two-integrated.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-custom-container-tfserving-half-plus-two-integrated.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-custom-container-tfserving-half-plus-two.yml b/.github/workflows/cli-scripts-deploy-custom-container-tfserving-half-plus-two.yml index d6737640970..25faf116cfd 100644 --- a/.github/workflows/cli-scripts-deploy-custom-container-tfserving-half-plus-two.yml +++ b/.github/workflows/cli-scripts-deploy-custom-container-tfserving-half-plus-two.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-custom-container-tfserving-half-plus-two.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-custom-container-torchserve-densenet.yml b/.github/workflows/cli-scripts-deploy-custom-container-torchserve-densenet.yml index 9be2f190713..27000bce47c 100644 --- a/.github/workflows/cli-scripts-deploy-custom-container-torchserve-densenet.yml +++ b/.github/workflows/cli-scripts-deploy-custom-container-torchserve-densenet.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-custom-container-torchserve-densenet.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-custom-container-torchserve-huggingface-textgen.yml b/.github/workflows/cli-scripts-deploy-custom-container-torchserve-huggingface-textgen.yml index a5e12c32504..0253e6d5799 100644 --- a/.github/workflows/cli-scripts-deploy-custom-container-torchserve-huggingface-textgen.yml +++ b/.github/workflows/cli-scripts-deploy-custom-container-torchserve-huggingface-textgen.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-custom-container-torchserve-huggingface-textgen.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-custom-container-triton-single-model.yml b/.github/workflows/cli-scripts-deploy-custom-container-triton-single-model.yml index 65b06f9d541..20ac6785285 100644 --- a/.github/workflows/cli-scripts-deploy-custom-container-triton-single-model.yml +++ b/.github/workflows/cli-scripts-deploy-custom-container-triton-single-model.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-custom-container-triton-single-model.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-local-endpoint.yml b/.github/workflows/cli-scripts-deploy-local-endpoint.yml index ec5d487ffc6..4a2473028e3 100644 --- a/.github/workflows/cli-scripts-deploy-local-endpoint.yml +++ b/.github/workflows/cli-scripts-deploy-local-endpoint.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-local-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-managed-online-endpoint-access-resource-sai.yml b/.github/workflows/cli-scripts-deploy-managed-online-endpoint-access-resource-sai.yml index 362af12cca8..40cac03f2e2 100644 --- a/.github/workflows/cli-scripts-deploy-managed-online-endpoint-access-resource-sai.yml +++ b/.github/workflows/cli-scripts-deploy-managed-online-endpoint-access-resource-sai.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-managed-online-endpoint-access-resource-sai.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-managed-online-endpoint-access-resource-uai.yml b/.github/workflows/cli-scripts-deploy-managed-online-endpoint-access-resource-uai.yml index fe02639885f..ff6112d519c 100644 --- a/.github/workflows/cli-scripts-deploy-managed-online-endpoint-access-resource-uai.yml +++ b/.github/workflows/cli-scripts-deploy-managed-online-endpoint-access-resource-uai.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-managed-online-endpoint-access-resource-uai.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-managed-online-endpoint-ncd.yml b/.github/workflows/cli-scripts-deploy-managed-online-endpoint-ncd.yml index e15e34a9bd2..ad61a4b66ac 100644 --- a/.github/workflows/cli-scripts-deploy-managed-online-endpoint-ncd.yml +++ b/.github/workflows/cli-scripts-deploy-managed-online-endpoint-ncd.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-managed-online-endpoint-ncd.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-managed-online-endpoint.yml b/.github/workflows/cli-scripts-deploy-managed-online-endpoint.yml index 7a5dff362aa..f0668461592 100644 --- a/.github/workflows/cli-scripts-deploy-managed-online-endpoint.yml +++ b/.github/workflows/cli-scripts-deploy-managed-online-endpoint.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-managed-online-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-mlcompute-create_with-system-identity.yml b/.github/workflows/cli-scripts-deploy-mlcompute-create_with-system-identity.yml index 16df4dbb88c..da5d652e798 100644 --- a/.github/workflows/cli-scripts-deploy-mlcompute-create_with-system-identity.yml +++ b/.github/workflows/cli-scripts-deploy-mlcompute-create_with-system-identity.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-mlcompute-create_with-system-identity.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-mlcompute-update-to-system-identity.yml b/.github/workflows/cli-scripts-deploy-mlcompute-update-to-system-identity.yml index 1528c7cc5ed..cab8930dd71 100644 --- a/.github/workflows/cli-scripts-deploy-mlcompute-update-to-system-identity.yml +++ b/.github/workflows/cli-scripts-deploy-mlcompute-update-to-system-identity.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-mlcompute-update-to-system-identity.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-mlcompute-update-to-user-identity.yml b/.github/workflows/cli-scripts-deploy-mlcompute-update-to-user-identity.yml index 3bcab97e9ed..38ad0ea5e72 100644 --- a/.github/workflows/cli-scripts-deploy-mlcompute-update-to-user-identity.yml +++ b/.github/workflows/cli-scripts-deploy-mlcompute-update-to-user-identity.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-mlcompute-update-to-user-identity.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-moe-autoscale.yml b/.github/workflows/cli-scripts-deploy-moe-autoscale.yml index e89bfc01187..6a10813cfdb 100644 --- a/.github/workflows/cli-scripts-deploy-moe-autoscale.yml +++ b/.github/workflows/cli-scripts-deploy-moe-autoscale.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-moe-autoscale.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-moe-binary-payloads.yml b/.github/workflows/cli-scripts-deploy-moe-binary-payloads.yml index 181be83a400..5616b310f7d 100644 --- a/.github/workflows/cli-scripts-deploy-moe-binary-payloads.yml +++ b/.github/workflows/cli-scripts-deploy-moe-binary-payloads.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-moe-binary-payloads.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-moe-inference-schema.yml b/.github/workflows/cli-scripts-deploy-moe-inference-schema.yml index 3a787f99e32..9843ab49296 100644 --- a/.github/workflows/cli-scripts-deploy-moe-inference-schema.yml +++ b/.github/workflows/cli-scripts-deploy-moe-inference-schema.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-moe-inference-schema.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-moe-keyvault.yml b/.github/workflows/cli-scripts-deploy-moe-keyvault.yml index 0e766c12645..6dee1394806 100644 --- a/.github/workflows/cli-scripts-deploy-moe-keyvault.yml +++ b/.github/workflows/cli-scripts-deploy-moe-keyvault.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-moe-keyvault.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-moe-minimal-single-model-registered.yml b/.github/workflows/cli-scripts-deploy-moe-minimal-single-model-registered.yml index 31648ed7c1c..25de8f893bd 100644 --- a/.github/workflows/cli-scripts-deploy-moe-minimal-single-model-registered.yml +++ b/.github/workflows/cli-scripts-deploy-moe-minimal-single-model-registered.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-moe-minimal-single-model-registered.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-moe-openapi.yml b/.github/workflows/cli-scripts-deploy-moe-openapi.yml index 1b618e685a8..3c9b74fc3c9 100644 --- a/.github/workflows/cli-scripts-deploy-moe-openapi.yml +++ b/.github/workflows/cli-scripts-deploy-moe-openapi.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-moe-openapi.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-moe-vnet-mlflow.yml b/.github/workflows/cli-scripts-deploy-moe-vnet-mlflow.yml index 0d56eb6fa88..2e1e1fd9305 100644 --- a/.github/workflows/cli-scripts-deploy-moe-vnet-mlflow.yml +++ b/.github/workflows/cli-scripts-deploy-moe-vnet-mlflow.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-moe-vnet-mlflow.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-moe-vnet.yml b/.github/workflows/cli-scripts-deploy-moe-vnet.yml index b02367a91f5..870c13aff4f 100644 --- a/.github/workflows/cli-scripts-deploy-moe-vnet.yml +++ b/.github/workflows/cli-scripts-deploy-moe-vnet.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-moe-vnet.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-rest.yml b/.github/workflows/cli-scripts-deploy-rest.yml index ffabc1ad049..ade7de9fa95 100644 --- a/.github/workflows/cli-scripts-deploy-rest.yml +++ b/.github/workflows/cli-scripts-deploy-rest.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-rest.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-safe-rollout-kubernetes-online-endpoints.yml b/.github/workflows/cli-scripts-deploy-safe-rollout-kubernetes-online-endpoints.yml index 2aeb9f3295e..c3c9a604fda 100644 --- a/.github/workflows/cli-scripts-deploy-safe-rollout-kubernetes-online-endpoints.yml +++ b/.github/workflows/cli-scripts-deploy-safe-rollout-kubernetes-online-endpoints.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-safe-rollout-kubernetes-online-endpoints.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-safe-rollout-online-endpoints.yml b/.github/workflows/cli-scripts-deploy-safe-rollout-online-endpoints.yml index 927a11b9e4a..82a0da68ae2 100644 --- a/.github/workflows/cli-scripts-deploy-safe-rollout-online-endpoints.yml +++ b/.github/workflows/cli-scripts-deploy-safe-rollout-online-endpoints.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-safe-rollout-online-endpoints.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-deploy-triton-managed-online-endpoint.yml b/.github/workflows/cli-scripts-deploy-triton-managed-online-endpoint.yml index 2fca4e9f90c..97799e28a85 100644 --- a/.github/workflows/cli-scripts-deploy-triton-managed-online-endpoint.yml +++ b/.github/workflows/cli-scripts-deploy-triton-managed-online-endpoint.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-deploy-triton-managed-online-endpoint.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-misc.yml b/.github/workflows/cli-scripts-misc.yml index b91b794e9a0..44e17e2d937 100644 --- a/.github/workflows/cli-scripts-misc.yml +++ b/.github/workflows/cli-scripts-misc.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-misc.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-mlflow-uri.yml b/.github/workflows/cli-scripts-mlflow-uri.yml index e13ebe910fd..50e92fb772d 100644 --- a/.github/workflows/cli-scripts-mlflow-uri.yml +++ b/.github/workflows/cli-scripts-mlflow-uri.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-mlflow-uri.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-train-rest.yml b/.github/workflows/cli-scripts-train-rest.yml index 26d144c5ab8..da5663b81a0 100644 --- a/.github/workflows/cli-scripts-train-rest.yml +++ b/.github/workflows/cli-scripts-train-rest.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-train-rest.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/cli-scripts-train.yml b/.github/workflows/cli-scripts-train.yml index 9859a8b5d45..f74f0702288 100644 --- a/.github/workflows/cli-scripts-train.yml +++ b/.github/workflows/cli-scripts-train.yml @@ -16,6 +16,8 @@ on: - infra/bootstrapping/** - .github/workflows/cli-scripts-train.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -28,7 +30,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/nyc_taxi_data_regression-env_train.yml b/.github/workflows/nyc_taxi_data_regression-env_train.yml index 04643ab58b4..20fd7eac0ff 100644 --- a/.github/workflows/nyc_taxi_data_regression-env_train.yml +++ b/.github/workflows/nyc_taxi_data_regression-env_train.yml @@ -12,6 +12,8 @@ on: - infra/bootstrapping/** - .github/workflows/nyc_taxi_data_regression-env_train.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -24,7 +26,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/.github/workflows/sdk-assets-assets-in-registry-share-data-using-registry.yml b/.github/workflows/sdk-assets-assets-in-registry-share-data-using-registry.yml index 29f634eed80..124530b58c0 100644 --- a/.github/workflows/sdk-assets-assets-in-registry-share-data-using-registry.yml +++ b/.github/workflows/sdk-assets-assets-in-registry-share-data-using-registry.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-assets-assets-in-registry-share-models-components-environments.yml b/.github/workflows/sdk-assets-assets-in-registry-share-models-components-environments.yml index 55cffbc99c2..bf8ee786db5 100644 --- a/.github/workflows/sdk-assets-assets-in-registry-share-models-components-environments.yml +++ b/.github/workflows/sdk-assets-assets-in-registry-share-models-components-environments.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-assets-component-component.yml b/.github/workflows/sdk-assets-component-component.yml index 932ab23f506..6cf1e508a5e 100644 --- a/.github/workflows/sdk-assets-component-component.yml +++ b/.github/workflows/sdk-assets-component-component.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-assets-data-data.yml b/.github/workflows/sdk-assets-data-data.yml index 80e238d7755..2f78d0c1675 100644 --- a/.github/workflows/sdk-assets-data-data.yml +++ b/.github/workflows/sdk-assets-data-data.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-assets-data-working_with_mltable.yml b/.github/workflows/sdk-assets-data-working_with_mltable.yml index 4e845df0238..99d21a68a2d 100644 --- a/.github/workflows/sdk-assets-data-working_with_mltable.yml +++ b/.github/workflows/sdk-assets-data-working_with_mltable.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-assets-environment-environment.yml b/.github/workflows/sdk-assets-environment-environment.yml index e4e2b137964..23ce5006b50 100644 --- a/.github/workflows/sdk-assets-environment-environment.yml +++ b/.github/workflows/sdk-assets-environment-environment.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-assets-model-model.yml b/.github/workflows/sdk-assets-model-model.yml index afb45bc2273..f6a3739b8d6 100644 --- a/.github/workflows/sdk-assets-model-model.yml +++ b/.github/workflows/sdk-assets-model-model.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-batch-deploy-models-custom-outputs-parquet-custom-output-batch.yml b/.github/workflows/sdk-endpoints-batch-deploy-models-custom-outputs-parquet-custom-output-batch.yml index 7993aaac043..b1ddc62d5bc 100644 --- a/.github/workflows/sdk-endpoints-batch-deploy-models-custom-outputs-parquet-custom-output-batch.yml +++ b/.github/workflows/sdk-endpoints-batch-deploy-models-custom-outputs-parquet-custom-output-batch.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-batch-deploy-models-heart-classifier-mlflow-mlflow-for-batch-tabular.yml b/.github/workflows/sdk-endpoints-batch-deploy-models-heart-classifier-mlflow-mlflow-for-batch-tabular.yml index d658c27fc3f..ff0b2f60225 100644 --- a/.github/workflows/sdk-endpoints-batch-deploy-models-heart-classifier-mlflow-mlflow-for-batch-tabular.yml +++ b/.github/workflows/sdk-endpoints-batch-deploy-models-heart-classifier-mlflow-mlflow-for-batch-tabular.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-batch-deploy-models-huggingface-text-summarization-text-summarization-batch.yml b/.github/workflows/sdk-endpoints-batch-deploy-models-huggingface-text-summarization-text-summarization-batch.yml index f5cc3b75599..fb63ac7721d 100644 --- a/.github/workflows/sdk-endpoints-batch-deploy-models-huggingface-text-summarization-text-summarization-batch.yml +++ b/.github/workflows/sdk-endpoints-batch-deploy-models-huggingface-text-summarization-text-summarization-batch.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-batch-deploy-models-imagenet-classifier-imagenet-classifier-batch.yml b/.github/workflows/sdk-endpoints-batch-deploy-models-imagenet-classifier-imagenet-classifier-batch.yml index 607d3e08f8f..12eb8c7a053 100644 --- a/.github/workflows/sdk-endpoints-batch-deploy-models-imagenet-classifier-imagenet-classifier-batch.yml +++ b/.github/workflows/sdk-endpoints-batch-deploy-models-imagenet-classifier-imagenet-classifier-batch.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-batch-deploy-models-imagenet-classifier-imagenet-classifier-mlflow.yml b/.github/workflows/sdk-endpoints-batch-deploy-models-imagenet-classifier-imagenet-classifier-mlflow.yml index 96701dfc9df..0f5155354ed 100644 --- a/.github/workflows/sdk-endpoints-batch-deploy-models-imagenet-classifier-imagenet-classifier-mlflow.yml +++ b/.github/workflows/sdk-endpoints-batch-deploy-models-imagenet-classifier-imagenet-classifier-mlflow.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-batch-deploy-models-mnist-classifier-mnist-batch.yml b/.github/workflows/sdk-endpoints-batch-deploy-models-mnist-classifier-mnist-batch.yml index e32f3a8c187..730e7297d80 100644 --- a/.github/workflows/sdk-endpoints-batch-deploy-models-mnist-classifier-mnist-batch.yml +++ b/.github/workflows/sdk-endpoints-batch-deploy-models-mnist-classifier-mnist-batch.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-batch-deploy-pipelines-batch-scoring-with-preprocessing-sdk-deploy-and-test.yml b/.github/workflows/sdk-endpoints-batch-deploy-pipelines-batch-scoring-with-preprocessing-sdk-deploy-and-test.yml index 98870aa2046..10a2e3cdd1b 100644 --- a/.github/workflows/sdk-endpoints-batch-deploy-pipelines-batch-scoring-with-preprocessing-sdk-deploy-and-test.yml +++ b/.github/workflows/sdk-endpoints-batch-deploy-pipelines-batch-scoring-with-preprocessing-sdk-deploy-and-test.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-batch-deploy-pipelines-hello-batch-sdk-deploy-and-test.yml b/.github/workflows/sdk-endpoints-batch-deploy-pipelines-hello-batch-sdk-deploy-and-test.yml index 15b860cd75d..d5b55f35422 100644 --- a/.github/workflows/sdk-endpoints-batch-deploy-pipelines-hello-batch-sdk-deploy-and-test.yml +++ b/.github/workflows/sdk-endpoints-batch-deploy-pipelines-hello-batch-sdk-deploy-and-test.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-batch-deploy-pipelines-training-with-components-sdk-deploy-and-test.yml b/.github/workflows/sdk-endpoints-batch-deploy-pipelines-training-with-components-sdk-deploy-and-test.yml index 12046d4ef50..f7d91a75eb9 100644 --- a/.github/workflows/sdk-endpoints-batch-deploy-pipelines-training-with-components-sdk-deploy-and-test.yml +++ b/.github/workflows/sdk-endpoints-batch-deploy-pipelines-training-with-components-sdk-deploy-and-test.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-custom-container-online-endpoints-custom-container-multimodel.yml b/.github/workflows/sdk-endpoints-online-custom-container-online-endpoints-custom-container-multimodel.yml index 34e76ee42f4..c3256b31ae8 100644 --- a/.github/workflows/sdk-endpoints-online-custom-container-online-endpoints-custom-container-multimodel.yml +++ b/.github/workflows/sdk-endpoints-online-custom-container-online-endpoints-custom-container-multimodel.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-custom-container-online-endpoints-custom-container.yml b/.github/workflows/sdk-endpoints-online-custom-container-online-endpoints-custom-container.yml index 4edbb96c574..ab565705337 100644 --- a/.github/workflows/sdk-endpoints-online-custom-container-online-endpoints-custom-container.yml +++ b/.github/workflows/sdk-endpoints-online-custom-container-online-endpoints-custom-container.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-custom-container-triton-online-endpoints-triton-cc.yml b/.github/workflows/sdk-endpoints-online-custom-container-triton-online-endpoints-triton-cc.yml index 1bfd57e7878..53a5d8c57ea 100644 --- a/.github/workflows/sdk-endpoints-online-custom-container-triton-online-endpoints-triton-cc.yml +++ b/.github/workflows/sdk-endpoints-online-custom-container-triton-online-endpoints-triton-cc.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-kubernetes-kubernetes-online-endpoints-safe-rollout.yml b/.github/workflows/sdk-endpoints-online-kubernetes-kubernetes-online-endpoints-safe-rollout.yml index 09d4bfd4c97..7a71a154944 100644 --- a/.github/workflows/sdk-endpoints-online-kubernetes-kubernetes-online-endpoints-safe-rollout.yml +++ b/.github/workflows/sdk-endpoints-online-kubernetes-kubernetes-online-endpoints-safe-rollout.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-kubernetes-kubernetes-online-endpoints-simple-deployment.yml b/.github/workflows/sdk-endpoints-online-kubernetes-kubernetes-online-endpoints-simple-deployment.yml index 858a43045d2..0a06ca2327d 100644 --- a/.github/workflows/sdk-endpoints-online-kubernetes-kubernetes-online-endpoints-simple-deployment.yml +++ b/.github/workflows/sdk-endpoints-online-kubernetes-kubernetes-online-endpoints-simple-deployment.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-llm-langchain-1_langchain_basic_deploy.yml b/.github/workflows/sdk-endpoints-online-llm-langchain-1_langchain_basic_deploy.yml index 85c256cf827..d6f67aeb832 100644 --- a/.github/workflows/sdk-endpoints-online-llm-langchain-1_langchain_basic_deploy.yml +++ b/.github/workflows/sdk-endpoints-online-llm-langchain-1_langchain_basic_deploy.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-llm-semantic-kernel-1_semantic_http_server.yml b/.github/workflows/sdk-endpoints-online-llm-semantic-kernel-1_semantic_http_server.yml index 68a8e8c9bcf..46f4ff4de09 100644 --- a/.github/workflows/sdk-endpoints-online-llm-semantic-kernel-1_semantic_http_server.yml +++ b/.github/workflows/sdk-endpoints-online-llm-semantic-kernel-1_semantic_http_server.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-managed-managed-identities-online-endpoints-managed-identity-sai.yml b/.github/workflows/sdk-endpoints-online-managed-managed-identities-online-endpoints-managed-identity-sai.yml index fa789fa504e..b13f7f483f7 100644 --- a/.github/workflows/sdk-endpoints-online-managed-managed-identities-online-endpoints-managed-identity-sai.yml +++ b/.github/workflows/sdk-endpoints-online-managed-managed-identities-online-endpoints-managed-identity-sai.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-managed-managed-identities-online-endpoints-managed-identity-uai.yml b/.github/workflows/sdk-endpoints-online-managed-managed-identities-online-endpoints-managed-identity-uai.yml index 41941ce7c83..a219bb43d89 100644 --- a/.github/workflows/sdk-endpoints-online-managed-managed-identities-online-endpoints-managed-identity-uai.yml +++ b/.github/workflows/sdk-endpoints-online-managed-managed-identities-online-endpoints-managed-identity-uai.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-managed-online-endpoints-binary-payloads.yml b/.github/workflows/sdk-endpoints-online-managed-online-endpoints-binary-payloads.yml index 684b22b727c..b5f45403e7c 100644 --- a/.github/workflows/sdk-endpoints-online-managed-online-endpoints-binary-payloads.yml +++ b/.github/workflows/sdk-endpoints-online-managed-online-endpoints-binary-payloads.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-managed-online-endpoints-inference-schema.yml b/.github/workflows/sdk-endpoints-online-managed-online-endpoints-inference-schema.yml index e8a7d81cb38..29d15edb5ce 100644 --- a/.github/workflows/sdk-endpoints-online-managed-online-endpoints-inference-schema.yml +++ b/.github/workflows/sdk-endpoints-online-managed-online-endpoints-inference-schema.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-managed-online-endpoints-keyvault.yml b/.github/workflows/sdk-endpoints-online-managed-online-endpoints-keyvault.yml index c061acc3d44..c2d28df0867 100644 --- a/.github/workflows/sdk-endpoints-online-managed-online-endpoints-keyvault.yml +++ b/.github/workflows/sdk-endpoints-online-managed-online-endpoints-keyvault.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-managed-online-endpoints-multimodel.yml b/.github/workflows/sdk-endpoints-online-managed-online-endpoints-multimodel.yml index 78eedab9455..cb09962f5e8 100644 --- a/.github/workflows/sdk-endpoints-online-managed-online-endpoints-multimodel.yml +++ b/.github/workflows/sdk-endpoints-online-managed-online-endpoints-multimodel.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-managed-online-endpoints-openapi.yml b/.github/workflows/sdk-endpoints-online-managed-online-endpoints-openapi.yml index 969b979fa92..6245cd74527 100644 --- a/.github/workflows/sdk-endpoints-online-managed-online-endpoints-openapi.yml +++ b/.github/workflows/sdk-endpoints-online-managed-online-endpoints-openapi.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-managed-online-endpoints-safe-rollout.yml b/.github/workflows/sdk-endpoints-online-managed-online-endpoints-safe-rollout.yml index 065782c5c29..d204773b56a 100644 --- a/.github/workflows/sdk-endpoints-online-managed-online-endpoints-safe-rollout.yml +++ b/.github/workflows/sdk-endpoints-online-managed-online-endpoints-safe-rollout.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-managed-online-endpoints-simple-deployment.yml b/.github/workflows/sdk-endpoints-online-managed-online-endpoints-simple-deployment.yml index 1d1e7570ac2..b6bf3e68aa6 100644 --- a/.github/workflows/sdk-endpoints-online-managed-online-endpoints-simple-deployment.yml +++ b/.github/workflows/sdk-endpoints-online-managed-online-endpoints-simple-deployment.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-mlflow-online-endpoints-deploy-mlflow-model-with-script.yml b/.github/workflows/sdk-endpoints-online-mlflow-online-endpoints-deploy-mlflow-model-with-script.yml index afcdd13dfb1..7c8f712cc38 100644 --- a/.github/workflows/sdk-endpoints-online-mlflow-online-endpoints-deploy-mlflow-model-with-script.yml +++ b/.github/workflows/sdk-endpoints-online-mlflow-online-endpoints-deploy-mlflow-model-with-script.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-mlflow-online-endpoints-deploy-mlflow-model.yml b/.github/workflows/sdk-endpoints-online-mlflow-online-endpoints-deploy-mlflow-model.yml index 010c3014931..3e3c22e2123 100644 --- a/.github/workflows/sdk-endpoints-online-mlflow-online-endpoints-deploy-mlflow-model.yml +++ b/.github/workflows/sdk-endpoints-online-mlflow-online-endpoints-deploy-mlflow-model.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-endpoints-online-triton-single-model-online-endpoints-triton.yml b/.github/workflows/sdk-endpoints-online-triton-single-model-online-endpoints-triton.yml index 6776e31edc2..da71665e5dc 100644 --- a/.github/workflows/sdk-endpoints-online-triton-single-model-online-endpoints-triton.yml +++ b/.github/workflows/sdk-endpoints-online-triton-single-model-online-endpoints-triton.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-featurestore_sample-automation-test-test_featurestore_cli_samples.yml b/.github/workflows/sdk-featurestore_sample-automation-test-test_featurestore_cli_samples.yml index 282ed8a7dc4..82b97da710d 100644 --- a/.github/workflows/sdk-featurestore_sample-automation-test-test_featurestore_cli_samples.yml +++ b/.github/workflows/sdk-featurestore_sample-automation-test-test_featurestore_cli_samples.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh - sdk/python/featurestore_sample/** +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-featurestore_sample-automation-test-test_featurestore_sdk_samples.yml b/.github/workflows/sdk-featurestore_sample-automation-test-test_featurestore_sdk_samples.yml index 44d952db6b3..221981fc21d 100644 --- a/.github/workflows/sdk-featurestore_sample-automation-test-test_featurestore_sdk_samples.yml +++ b/.github/workflows/sdk-featurestore_sample-automation-test-test_featurestore_sdk_samples.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh - sdk/python/featurestore_sample/** +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-featurestore_sample-automation-test-test_featurestore_vnet_samples.yml b/.github/workflows/sdk-featurestore_sample-automation-test-test_featurestore_vnet_samples.yml index 45b1ea3dab2..c44ee8685d9 100644 --- a/.github/workflows/sdk-featurestore_sample-automation-test-test_featurestore_vnet_samples.yml +++ b/.github/workflows/sdk-featurestore_sample-automation-test-test_featurestore_vnet_samples.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh - sdk/python/featurestore_sample/** +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-foundation-models-azure_openai-oai-v1-openai_completions_finetune.yml b/.github/workflows/sdk-foundation-models-azure_openai-oai-v1-openai_completions_finetune.yml index 60e4da93489..01a3dd3e73b 100644 --- a/.github/workflows/sdk-foundation-models-azure_openai-oai-v1-openai_completions_finetune.yml +++ b/.github/workflows/sdk-foundation-models-azure_openai-oai-v1-openai_completions_finetune.yml @@ -1,81 +1,85 @@ -# This code is autogenerated. -# Code is generated by running custom script: python3 readme.py -# Any manual changes to this file may cause incorrect behavior. -# Any manual changes will be overwritten if the code is regenerated. - -name: sdk-foundation-models-azure_openai-oai-v1-openai_completions_finetune -# This file is created by sdk/python/readme.py. -# Please do not edit directly. -on: - workflow_dispatch: - schedule: - - cron: "23 2/12 * * *" - pull_request: - branches: - - main - paths: - - sdk/python/foundation-models/azure_openai/oai-v1/** - - .github/workflows/sdk-foundation-models-azure_openai-oai-v1-openai_completions_finetune.yml - - sdk/python/dev-requirements.txt - - infra/bootstrapping/** - - sdk/python/setup.sh - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true -jobs: - build: - runs-on: ubuntu-latest - steps: - - name: check out repo - uses: actions/checkout@v2 - - name: setup python - uses: actions/setup-python@v2 - with: - python-version: "3.10" - - name: pip install notebook reqs - run: pip install -r sdk/python/dev-requirements.txt - - name: azure login - uses: azure/login@v1 - with: - creds: ${{secrets.AZUREML_CREDENTIALS}} - - name: bootstrap resources - run: | - echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; - bash bootstrap.sh - working-directory: infra/bootstrapping - continue-on-error: false - - name: setup SDK - run: | - source "${{ github.workspace }}/infra/bootstrapping/sdk_helpers.sh"; - source "${{ github.workspace }}/infra/bootstrapping/init_environment.sh"; - bash setup.sh - working-directory: sdk/python - continue-on-error: true - - name: validate readme - run: | - python check-readme.py "${{ github.workspace }}/sdk/python/foundation-models/azure_openai/oai-v1" - working-directory: infra/bootstrapping - continue-on-error: false - - name: setup-cli - run: | - source "${{ github.workspace }}/infra/bootstrapping/sdk_helpers.sh"; - source "${{ github.workspace }}/infra/bootstrapping/init_environment.sh"; - bash setup.sh - working-directory: cli - continue-on-error: true - - name: run foundation-models/azure_openai/oai-v1/openai_completions_finetune.ipynb - run: | - source "${{ github.workspace }}/infra/bootstrapping/sdk_helpers.sh"; - source "${{ github.workspace }}/infra/bootstrapping/init_environment.sh"; - bash "${{ github.workspace }}/infra/bootstrapping/sdk_helpers.sh" generate_workspace_config "../../.azureml/config.json"; - bash "${{ github.workspace }}/infra/bootstrapping/sdk_helpers.sh" replace_template_values "openai_completions_finetune.ipynb"; - [ -f "../../.azureml/config" ] && cat "../../.azureml/config"; - papermill -k python openai_completions_finetune.ipynb openai_completions_finetune.output.ipynb - working-directory: sdk/python/foundation-models/azure_openai/oai-v1 - - name: upload notebook's working folder as an artifact - if: ${{ always() }} - uses: actions/upload-artifact@v2 - with: - name: openai_completions_finetune - path: sdk/python/foundation-models/azure_openai/oai-v1 +# This code is autogenerated. +# Code is generated by running custom script: python3 readme.py +# Any manual changes to this file may cause incorrect behavior. +# Any manual changes will be overwritten if the code is regenerated. + +name: sdk-foundation-models-azure_openai-oai-v1-openai_completions_finetune +# This file is created by sdk/python/readme.py. +# Please do not edit directly. +on: + workflow_dispatch: + schedule: + - cron: "23 2/12 * * *" + pull_request: + branches: + - main + paths: + - sdk/python/foundation-models/azure_openai/oai-v1/** + - .github/workflows/sdk-foundation-models-azure_openai-oai-v1-openai_completions_finetune.yml + - sdk/python/dev-requirements.txt + - infra/bootstrapping/** + - sdk/python/setup.sh + +permissions: + id-token: write +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: check out repo + uses: actions/checkout@v2 + - name: setup python + uses: actions/setup-python@v2 + with: + python-version: "3.10" + - name: pip install notebook reqs + run: pip install -r sdk/python/dev-requirements.txt + - name: azure login + uses: azure/login@v1 + with: + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} + - name: bootstrap resources + run: | + echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; + bash bootstrap.sh + working-directory: infra/bootstrapping + continue-on-error: false + - name: setup SDK + run: | + source "${{ github.workspace }}/infra/bootstrapping/sdk_helpers.sh"; + source "${{ github.workspace }}/infra/bootstrapping/init_environment.sh"; + bash setup.sh + working-directory: sdk/python + continue-on-error: true + - name: validate readme + run: | + python check-readme.py "${{ github.workspace }}/sdk/python/foundation-models/azure_openai/oai-v1" + working-directory: infra/bootstrapping + continue-on-error: false + - name: setup-cli + run: | + source "${{ github.workspace }}/infra/bootstrapping/sdk_helpers.sh"; + source "${{ github.workspace }}/infra/bootstrapping/init_environment.sh"; + bash setup.sh + working-directory: cli + continue-on-error: true + - name: run foundation-models/azure_openai/oai-v1/openai_completions_finetune.ipynb + run: | + source "${{ github.workspace }}/infra/bootstrapping/sdk_helpers.sh"; + source "${{ github.workspace }}/infra/bootstrapping/init_environment.sh"; + bash "${{ github.workspace }}/infra/bootstrapping/sdk_helpers.sh" generate_workspace_config "../../.azureml/config.json"; + bash "${{ github.workspace }}/infra/bootstrapping/sdk_helpers.sh" replace_template_values "openai_completions_finetune.ipynb"; + [ -f "../../.azureml/config" ] && cat "../../.azureml/config"; + papermill -k python openai_completions_finetune.ipynb openai_completions_finetune.output.ipynb + working-directory: sdk/python/foundation-models/azure_openai/oai-v1 + - name: upload notebook's working folder as an artifact + if: ${{ always() }} + uses: actions/upload-artifact@v2 + with: + name: openai_completions_finetune + path: sdk/python/foundation-models/azure_openai/oai-v1 diff --git a/.github/workflows/sdk-foundation-models-huggingface-inference-question-answering-question-answering-online-endpoint.yml b/.github/workflows/sdk-foundation-models-huggingface-inference-question-answering-question-answering-online-endpoint.yml index 8608732addc..dd655a40132 100644 --- a/.github/workflows/sdk-foundation-models-huggingface-inference-question-answering-question-answering-online-endpoint.yml +++ b/.github/workflows/sdk-foundation-models-huggingface-inference-question-answering-question-answering-online-endpoint.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-foundation-models-huggingface-inference-token-classification-token-classification-online-endpoint.yml b/.github/workflows/sdk-foundation-models-huggingface-inference-token-classification-token-classification-online-endpoint.yml index 52b700a9ccb..d0748187ee9 100644 --- a/.github/workflows/sdk-foundation-models-huggingface-inference-token-classification-token-classification-online-endpoint.yml +++ b/.github/workflows/sdk-foundation-models-huggingface-inference-token-classification-token-classification-online-endpoint.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-foundation-models-huggingface-inference-translation-translation-online-endpoint.yml b/.github/workflows/sdk-foundation-models-huggingface-inference-translation-translation-online-endpoint.yml index 062d1635482..71139ace4a5 100644 --- a/.github/workflows/sdk-foundation-models-huggingface-inference-translation-translation-online-endpoint.yml +++ b/.github/workflows/sdk-foundation-models-huggingface-inference-translation-translation-online-endpoint.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-foundation-models-huggingface-inference-zero-shot-classification-zero-shot-classification-online-endpoint.yml b/.github/workflows/sdk-foundation-models-huggingface-inference-zero-shot-classification-zero-shot-classification-online-endpoint.yml index b3355ea4aeb..d09d2aa7bb5 100644 --- a/.github/workflows/sdk-foundation-models-huggingface-inference-zero-shot-classification-zero-shot-classification-online-endpoint.yml +++ b/.github/workflows/sdk-foundation-models-huggingface-inference-zero-shot-classification-zero-shot-classification-online-endpoint.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-foundation-models-system-import-import_model_into_registry.yml b/.github/workflows/sdk-foundation-models-system-import-import_model_into_registry.yml index 529c5962bed..8f252be20ee 100644 --- a/.github/workflows/sdk-foundation-models-system-import-import_model_into_registry.yml +++ b/.github/workflows/sdk-foundation-models-system-import-import_model_into_registry.yml @@ -22,6 +22,8 @@ on: env: MMDETECTION_MODEL_ID: None MMDETECTION_TASK_NAME: image-object-detection +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-foundation-models-system-import-import_model_into_registry_new_model.yml b/.github/workflows/sdk-foundation-models-system-import-import_model_into_registry_new_model.yml index 55491223634..889c0496a2d 100644 --- a/.github/workflows/sdk-foundation-models-system-import-import_model_into_registry_new_model.yml +++ b/.github/workflows/sdk-foundation-models-system-import-import_model_into_registry_new_model.yml @@ -19,6 +19,8 @@ env: TASK_NAME: fill-mask MMDETECTION_MODEL_ID: None MMDETECTION_TASK_NAME: image-object-detection +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -37,7 +39,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-foundation-models-system-import-import_model_into_registry_new_model_image_tasks.yml b/.github/workflows/sdk-foundation-models-system-import-import_model_into_registry_new_model_image_tasks.yml index 56ed98d402a..34a7bd0775a 100644 --- a/.github/workflows/sdk-foundation-models-system-import-import_model_into_registry_new_model_image_tasks.yml +++ b/.github/workflows/sdk-foundation-models-system-import-import_model_into_registry_new_model_image_tasks.yml @@ -19,6 +19,8 @@ env: TASK_NAME: image-classification MMDETECTION_MODEL_ID: faster-rcnn_r50_fpn_1x_coco MMDETECTION_TASK_NAME: image-object-detection +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -37,7 +39,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-classification-task-bankmarketing-automl-classification-task-bankmarketing.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-classification-task-bankmarketing-automl-classification-task-bankmarketing.yml index 8aa802df941..b375ad55a33 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-classification-task-bankmarketing-automl-classification-task-bankmarketing.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-classification-task-bankmarketing-automl-classification-task-bankmarketing.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-distributed-tcn-automl-forecasting-distributed-tcn.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-distributed-tcn-automl-forecasting-distributed-tcn.yml index 9377b5366ab..d730213c625 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-distributed-tcn-automl-forecasting-distributed-tcn.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-distributed-tcn-automl-forecasting-distributed-tcn.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-github-dau-auto-ml-forecasting-github-dau.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-github-dau-auto-ml-forecasting-github-dau.yml index e255e0480fc..53218a2d124 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-github-dau-auto-ml-forecasting-github-dau.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-github-dau-auto-ml-forecasting-github-dau.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -42,7 +44,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-orange-juice-sales-automl-forecasting-orange-juice-sales-mlflow.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-orange-juice-sales-automl-forecasting-orange-juice-sales-mlflow.yml index 4fdc85fa13c..0ceb7abba63 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-orange-juice-sales-automl-forecasting-orange-juice-sales-mlflow.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-orange-juice-sales-automl-forecasting-orange-juice-sales-mlflow.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -42,7 +44,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-recipes-univariate-automl-forecasting-recipe-univariate-experiment-settings.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-recipes-univariate-automl-forecasting-recipe-univariate-experiment-settings.yml index 0c545f9b6b4..c6557a9f495 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-recipes-univariate-automl-forecasting-recipe-univariate-experiment-settings.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-recipes-univariate-automl-forecasting-recipe-univariate-experiment-settings.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-recipes-univariate-automl-forecasting-recipe-univariate-run.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-recipes-univariate-automl-forecasting-recipe-univariate-run.yml index 81a2fb914f7..3c30da273bb 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-recipes-univariate-automl-forecasting-recipe-univariate-run.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-recipes-univariate-automl-forecasting-recipe-univariate-run.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -42,7 +44,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-task-bike-share-auto-ml-forecasting-bike-share.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-task-bike-share-auto-ml-forecasting-bike-share.yml index 18df38dcf40..ff9d4f61268 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-task-bike-share-auto-ml-forecasting-bike-share.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-task-bike-share-auto-ml-forecasting-bike-share.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -42,7 +44,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-task-energy-demand-automl-forecasting-task-energy-demand-advanced-mlflow.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-task-energy-demand-automl-forecasting-task-energy-demand-advanced-mlflow.yml index dbb589d19e0..519338f0b3b 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-task-energy-demand-automl-forecasting-task-energy-demand-advanced-mlflow.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-task-energy-demand-automl-forecasting-task-energy-demand-advanced-mlflow.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -42,7 +44,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-task-energy-demand-automl-forecasting-task-energy-demand-advanced.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-task-energy-demand-automl-forecasting-task-energy-demand-advanced.yml index 6d5229e87e1..9600db284d1 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-task-energy-demand-automl-forecasting-task-energy-demand-advanced.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-forecasting-task-energy-demand-automl-forecasting-task-energy-demand-advanced.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-classification-multiclass-task-fridge-items-automl-image-classification-multiclass-task-fridge-items.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-classification-multiclass-task-fridge-items-automl-image-classification-multiclass-task-fridge-items.yml index d6efd0446d0..5efd8562631 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-classification-multiclass-task-fridge-items-automl-image-classification-multiclass-task-fridge-items.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-classification-multiclass-task-fridge-items-automl-image-classification-multiclass-task-fridge-items.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-classification-multilabel-task-fridge-items-automl-image-classification-multilabel-task-fridge-items.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-classification-multilabel-task-fridge-items-automl-image-classification-multilabel-task-fridge-items.yml index ca45e17b8f1..34e2e711fd2 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-classification-multilabel-task-fridge-items-automl-image-classification-multilabel-task-fridge-items.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-classification-multilabel-task-fridge-items-automl-image-classification-multilabel-task-fridge-items.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-instance-segmentation-task-fridge-items-automl-image-instance-segmentation-task-fridge-items.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-instance-segmentation-task-fridge-items-automl-image-instance-segmentation-task-fridge-items.yml index dfcfea0b0f0..04b8dd9d827 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-instance-segmentation-task-fridge-items-automl-image-instance-segmentation-task-fridge-items.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-instance-segmentation-task-fridge-items-automl-image-instance-segmentation-task-fridge-items.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-object-detection-task-fridge-items-automl-image-object-detection-task-fridge-items.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-object-detection-task-fridge-items-automl-image-object-detection-task-fridge-items.yml index 3e1418aa762..1bbee42cfd5 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-object-detection-task-fridge-items-automl-image-object-detection-task-fridge-items.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-object-detection-task-fridge-items-automl-image-object-detection-task-fridge-items.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-object-detection-task-fridge-items-batch-scoring-image-object-detection-batch-scoring-non-mlflow-model.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-object-detection-task-fridge-items-batch-scoring-image-object-detection-batch-scoring-non-mlflow-model.yml index 628f6fec30b..36aa3eb5831 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-object-detection-task-fridge-items-batch-scoring-image-object-detection-batch-scoring-non-mlflow-model.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-image-object-detection-task-fridge-items-batch-scoring-image-object-detection-batch-scoring-non-mlflow-model.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-classification-multiclass-task-sentiment-analysis-automl-nlp-multiclass-sentiment-mlflow.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-classification-multiclass-task-sentiment-analysis-automl-nlp-multiclass-sentiment-mlflow.yml index 387a457dfff..f182196bb0c 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-classification-multiclass-task-sentiment-analysis-automl-nlp-multiclass-sentiment-mlflow.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-classification-multiclass-task-sentiment-analysis-automl-nlp-multiclass-sentiment-mlflow.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-classification-multiclass-task-sentiment-analysis-automl-nlp-multiclass-sentiment.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-classification-multiclass-task-sentiment-analysis-automl-nlp-multiclass-sentiment.yml index 20a8dfcdb12..f383339bf65 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-classification-multiclass-task-sentiment-analysis-automl-nlp-multiclass-sentiment.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-classification-multiclass-task-sentiment-analysis-automl-nlp-multiclass-sentiment.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-classification-multilabel-task-paper-categorization-automl-nlp-multilabel-paper-cat.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-classification-multilabel-task-paper-categorization-automl-nlp-multilabel-paper-cat.yml index af14f8f24a1..bbc8af96dd5 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-classification-multilabel-task-paper-categorization-automl-nlp-multilabel-paper-cat.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-classification-multilabel-task-paper-categorization-automl-nlp-multilabel-paper-cat.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-named-entity-recognition-task-automl-nlp-text-ner-task.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-named-entity-recognition-task-automl-nlp-text-ner-task.yml index 038ed5dc2f3..43ff702d964 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-named-entity-recognition-task-automl-nlp-text-ner-task.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-named-entity-recognition-task-automl-nlp-text-ner-task.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-named-entity-recognition-task-distributed-sweeping-automl-nlp-text-ner-task-distributed-with-sweeping.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-named-entity-recognition-task-distributed-sweeping-automl-nlp-text-ner-task-distributed-with-sweeping.yml index 8e27ee19f0b..dbc233196ac 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-named-entity-recognition-task-distributed-sweeping-automl-nlp-text-ner-task-distributed-with-sweeping.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-nlp-text-named-entity-recognition-task-distributed-sweeping-automl-nlp-text-ner-task-distributed-with-sweeping.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-regression-task-hardware-performance-automl-regression-task-hardware-performance.yml b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-regression-task-hardware-performance-automl-regression-task-hardware-performance.yml index 230a20b9d72..753488836cb 100644 --- a/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-regression-task-hardware-performance-automl-regression-task-hardware-performance.yml +++ b/.github/workflows/sdk-jobs-automl-standalone-jobs-automl-regression-task-hardware-performance-automl-regression-task-hardware-performance.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-configuration.yml b/.github/workflows/sdk-jobs-configuration.yml index 51fd9e92774..59b0cce7493 100644 --- a/.github/workflows/sdk-jobs-configuration.yml +++ b/.github/workflows/sdk-jobs-configuration.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-parallel-1a_oj_sales_prediction-oj_sales_prediction.yml b/.github/workflows/sdk-jobs-parallel-1a_oj_sales_prediction-oj_sales_prediction.yml index 7f924686cdd..69a0c4bbc50 100644 --- a/.github/workflows/sdk-jobs-parallel-1a_oj_sales_prediction-oj_sales_prediction.yml +++ b/.github/workflows/sdk-jobs-parallel-1a_oj_sales_prediction-oj_sales_prediction.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-parallel-2a_iris_batch_prediction-iris_batch_prediction.yml b/.github/workflows/sdk-jobs-parallel-2a_iris_batch_prediction-iris_batch_prediction.yml index 7a2bf45d01b..f4dd96b080f 100644 --- a/.github/workflows/sdk-jobs-parallel-2a_iris_batch_prediction-iris_batch_prediction.yml +++ b/.github/workflows/sdk-jobs-parallel-2a_iris_batch_prediction-iris_batch_prediction.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-parallel-3a_mnist_batch_identification-mnist_batch_prediction.yml b/.github/workflows/sdk-jobs-parallel-3a_mnist_batch_identification-mnist_batch_prediction.yml index f185918a829..e12ea597da8 100644 --- a/.github/workflows/sdk-jobs-parallel-3a_mnist_batch_identification-mnist_batch_prediction.yml +++ b/.github/workflows/sdk-jobs-parallel-3a_mnist_batch_identification-mnist_batch_prediction.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1a_pipeline_with_components_from_yaml-pipeline_with_components_from_yaml.yml b/.github/workflows/sdk-jobs-pipelines-1a_pipeline_with_components_from_yaml-pipeline_with_components_from_yaml.yml index 242cdb608a4..8d775a73e02 100644 --- a/.github/workflows/sdk-jobs-pipelines-1a_pipeline_with_components_from_yaml-pipeline_with_components_from_yaml.yml +++ b/.github/workflows/sdk-jobs-pipelines-1a_pipeline_with_components_from_yaml-pipeline_with_components_from_yaml.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1b_pipeline_with_python_function_components-pipeline_with_python_function_components.yml b/.github/workflows/sdk-jobs-pipelines-1b_pipeline_with_python_function_components-pipeline_with_python_function_components.yml index cafb955d2e1..3f7a15d6e8d 100644 --- a/.github/workflows/sdk-jobs-pipelines-1b_pipeline_with_python_function_components-pipeline_with_python_function_components.yml +++ b/.github/workflows/sdk-jobs-pipelines-1b_pipeline_with_python_function_components-pipeline_with_python_function_components.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1c_pipeline_with_hyperparameter_sweep-pipeline_with_hyperparameter_sweep.yml b/.github/workflows/sdk-jobs-pipelines-1c_pipeline_with_hyperparameter_sweep-pipeline_with_hyperparameter_sweep.yml index 29df8585cd9..364ce3f829c 100644 --- a/.github/workflows/sdk-jobs-pipelines-1c_pipeline_with_hyperparameter_sweep-pipeline_with_hyperparameter_sweep.yml +++ b/.github/workflows/sdk-jobs-pipelines-1c_pipeline_with_hyperparameter_sweep-pipeline_with_hyperparameter_sweep.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1d_pipeline_with_non_python_components-pipeline_with_non_python_components.yml b/.github/workflows/sdk-jobs-pipelines-1d_pipeline_with_non_python_components-pipeline_with_non_python_components.yml index d2440ffb967..17ca99201c9 100644 --- a/.github/workflows/sdk-jobs-pipelines-1d_pipeline_with_non_python_components-pipeline_with_non_python_components.yml +++ b/.github/workflows/sdk-jobs-pipelines-1d_pipeline_with_non_python_components-pipeline_with_non_python_components.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1e_pipeline_with_registered_components-pipeline_with_registered_components.yml b/.github/workflows/sdk-jobs-pipelines-1e_pipeline_with_registered_components-pipeline_with_registered_components.yml index 3c565dab454..376692be41f 100644 --- a/.github/workflows/sdk-jobs-pipelines-1e_pipeline_with_registered_components-pipeline_with_registered_components.yml +++ b/.github/workflows/sdk-jobs-pipelines-1e_pipeline_with_registered_components-pipeline_with_registered_components.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1g_pipeline_with_parallel_nodes-pipeline_with_parallel_nodes.yml b/.github/workflows/sdk-jobs-pipelines-1g_pipeline_with_parallel_nodes-pipeline_with_parallel_nodes.yml index 7a59fab5cdb..c51e7ba8e8d 100644 --- a/.github/workflows/sdk-jobs-pipelines-1g_pipeline_with_parallel_nodes-pipeline_with_parallel_nodes.yml +++ b/.github/workflows/sdk-jobs-pipelines-1g_pipeline_with_parallel_nodes-pipeline_with_parallel_nodes.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-classification-bankmarketing-in-pipeline-automl-classification-bankmarketing-in-pipeline.yml b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-classification-bankmarketing-in-pipeline-automl-classification-bankmarketing-in-pipeline.yml index 8665b08b1dc..695e424d6a3 100644 --- a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-classification-bankmarketing-in-pipeline-automl-classification-bankmarketing-in-pipeline.yml +++ b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-classification-bankmarketing-in-pipeline-automl-classification-bankmarketing-in-pipeline.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-forecasting-in-pipeline-automl-forecasting-in-pipeline.yml b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-forecasting-in-pipeline-automl-forecasting-in-pipeline.yml index 40b7d0d4b4a..7fc33d35e7e 100644 --- a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-forecasting-in-pipeline-automl-forecasting-in-pipeline.yml +++ b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-forecasting-in-pipeline-automl-forecasting-in-pipeline.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-image-classification-multiclass-in-pipeline-automl-image-classification-multiclass-in-pipeline.yml b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-image-classification-multiclass-in-pipeline-automl-image-classification-multiclass-in-pipeline.yml index 2aaf9aaa3be..6141be3c530 100644 --- a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-image-classification-multiclass-in-pipeline-automl-image-classification-multiclass-in-pipeline.yml +++ b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-image-classification-multiclass-in-pipeline-automl-image-classification-multiclass-in-pipeline.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-image-classification-multilabel-in-pipeline-automl-image-classification-multilabel-in-pipeline.yml b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-image-classification-multilabel-in-pipeline-automl-image-classification-multilabel-in-pipeline.yml index 815e75fa766..ec1b779365c 100644 --- a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-image-classification-multilabel-in-pipeline-automl-image-classification-multilabel-in-pipeline.yml +++ b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-image-classification-multilabel-in-pipeline-automl-image-classification-multilabel-in-pipeline.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-image-instance-segmentation-in-pipeline-automl-image-instance-segmentation-in-pipeline.yml b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-image-instance-segmentation-in-pipeline-automl-image-instance-segmentation-in-pipeline.yml index 6aa5dc5a6e8..94c4e529966 100644 --- a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-image-instance-segmentation-in-pipeline-automl-image-instance-segmentation-in-pipeline.yml +++ b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-image-instance-segmentation-in-pipeline-automl-image-instance-segmentation-in-pipeline.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-image-object-detection-in-pipeline-automl-image-object-detection-in-pipeline.yml b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-image-object-detection-in-pipeline-automl-image-object-detection-in-pipeline.yml index e7d6711a989..ecbcfc67c09 100644 --- a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-image-object-detection-in-pipeline-automl-image-object-detection-in-pipeline.yml +++ b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-image-object-detection-in-pipeline-automl-image-object-detection-in-pipeline.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-regression-house-pricing-in-pipeline-automl-regression-house-pricing-in-pipeline.yml b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-regression-house-pricing-in-pipeline-automl-regression-house-pricing-in-pipeline.yml index 0e5cebd9082..194f29b6eff 100644 --- a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-regression-house-pricing-in-pipeline-automl-regression-house-pricing-in-pipeline.yml +++ b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-regression-house-pricing-in-pipeline-automl-regression-house-pricing-in-pipeline.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-text-classification-in-pipeline-automl-text-classification-in-pipeline.yml b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-text-classification-in-pipeline-automl-text-classification-in-pipeline.yml index 0e8835af75e..baacea8faaa 100644 --- a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-text-classification-in-pipeline-automl-text-classification-in-pipeline.yml +++ b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-text-classification-in-pipeline-automl-text-classification-in-pipeline.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-text-classification-multilabel-in-pipeline-automl-text-classification-multilabel-in-pipeline.yml b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-text-classification-multilabel-in-pipeline-automl-text-classification-multilabel-in-pipeline.yml index ad9a417c85c..315fe29e348 100644 --- a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-text-classification-multilabel-in-pipeline-automl-text-classification-multilabel-in-pipeline.yml +++ b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-text-classification-multilabel-in-pipeline-automl-text-classification-multilabel-in-pipeline.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-text-ner-named-entity-recognition-in-pipeline-automl-text-ner-named-entity-recognition-in-pipeline.yml b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-text-ner-named-entity-recognition-in-pipeline-automl-text-ner-named-entity-recognition-in-pipeline.yml index ac5a6357ec6..0b36e883599 100644 --- a/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-text-ner-named-entity-recognition-in-pipeline-automl-text-ner-named-entity-recognition-in-pipeline.yml +++ b/.github/workflows/sdk-jobs-pipelines-1h_automl_in_pipeline-automl-text-ner-named-entity-recognition-in-pipeline-automl-text-ner-named-entity-recognition-in-pipeline.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1i_pipeline_with_spark_nodes-pipeline_with_spark_nodes.yml b/.github/workflows/sdk-jobs-pipelines-1i_pipeline_with_spark_nodes-pipeline_with_spark_nodes.yml index 5d08f0562a2..78df61a195a 100644 --- a/.github/workflows/sdk-jobs-pipelines-1i_pipeline_with_spark_nodes-pipeline_with_spark_nodes.yml +++ b/.github/workflows/sdk-jobs-pipelines-1i_pipeline_with_spark_nodes-pipeline_with_spark_nodes.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1j_pipeline_with_pipeline_component-nyc_taxi_data_regression_with_pipeline_component-nyc_taxi_data_regression_with_pipeline_component.yml b/.github/workflows/sdk-jobs-pipelines-1j_pipeline_with_pipeline_component-nyc_taxi_data_regression_with_pipeline_component-nyc_taxi_data_regression_with_pipeline_component.yml index 4b9e2052fe2..7e37ad008af 100644 --- a/.github/workflows/sdk-jobs-pipelines-1j_pipeline_with_pipeline_component-nyc_taxi_data_regression_with_pipeline_component-nyc_taxi_data_regression_with_pipeline_component.yml +++ b/.github/workflows/sdk-jobs-pipelines-1j_pipeline_with_pipeline_component-nyc_taxi_data_regression_with_pipeline_component-nyc_taxi_data_regression_with_pipeline_component.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1j_pipeline_with_pipeline_component-pipeline_with_train_eval_pipeline_component-pipeline_with_train_eval_pipeline_component.yml b/.github/workflows/sdk-jobs-pipelines-1j_pipeline_with_pipeline_component-pipeline_with_train_eval_pipeline_component-pipeline_with_train_eval_pipeline_component.yml index bdbb4206400..bc10f2a3abf 100644 --- a/.github/workflows/sdk-jobs-pipelines-1j_pipeline_with_pipeline_component-pipeline_with_train_eval_pipeline_component-pipeline_with_train_eval_pipeline_component.yml +++ b/.github/workflows/sdk-jobs-pipelines-1j_pipeline_with_pipeline_component-pipeline_with_train_eval_pipeline_component-pipeline_with_train_eval_pipeline_component.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1k_demand_forecasting_with_pipeline_components-automl-forecasting-demand-hierarchical-timesers-in-pipeline-automl-forecasting-demand-hts.yml b/.github/workflows/sdk-jobs-pipelines-1k_demand_forecasting_with_pipeline_components-automl-forecasting-demand-hierarchical-timesers-in-pipeline-automl-forecasting-demand-hts.yml index 52e7083ee89..3e041c6d20e 100644 --- a/.github/workflows/sdk-jobs-pipelines-1k_demand_forecasting_with_pipeline_components-automl-forecasting-demand-hierarchical-timesers-in-pipeline-automl-forecasting-demand-hts.yml +++ b/.github/workflows/sdk-jobs-pipelines-1k_demand_forecasting_with_pipeline_components-automl-forecasting-demand-hierarchical-timesers-in-pipeline-automl-forecasting-demand-hts.yml @@ -19,6 +19,8 @@ on: - sdk/python/dev-requirements.txt - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -37,7 +39,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1k_demand_forecasting_with_pipeline_components-automl-forecasting-demand-many-models-in-pipeline-automl-forecasting-demand-many-models-in-pipeline.yml b/.github/workflows/sdk-jobs-pipelines-1k_demand_forecasting_with_pipeline_components-automl-forecasting-demand-many-models-in-pipeline-automl-forecasting-demand-many-models-in-pipeline.yml index 82cf4eb9ee4..7cf86de7b71 100644 --- a/.github/workflows/sdk-jobs-pipelines-1k_demand_forecasting_with_pipeline_components-automl-forecasting-demand-many-models-in-pipeline-automl-forecasting-demand-many-models-in-pipeline.yml +++ b/.github/workflows/sdk-jobs-pipelines-1k_demand_forecasting_with_pipeline_components-automl-forecasting-demand-many-models-in-pipeline-automl-forecasting-demand-many-models-in-pipeline.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-1l_flow_in_pipeline-flow_in_pipeline.yml b/.github/workflows/sdk-jobs-pipelines-1l_flow_in_pipeline-flow_in_pipeline.yml index 0e4ca14034c..785611f7cc3 100644 --- a/.github/workflows/sdk-jobs-pipelines-1l_flow_in_pipeline-flow_in_pipeline.yml +++ b/.github/workflows/sdk-jobs-pipelines-1l_flow_in_pipeline-flow_in_pipeline.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-2a_train_mnist_with_tensorflow-train_mnist_with_tensorflow.yml b/.github/workflows/sdk-jobs-pipelines-2a_train_mnist_with_tensorflow-train_mnist_with_tensorflow.yml index e0564926da3..a3e1da3e813 100644 --- a/.github/workflows/sdk-jobs-pipelines-2a_train_mnist_with_tensorflow-train_mnist_with_tensorflow.yml +++ b/.github/workflows/sdk-jobs-pipelines-2a_train_mnist_with_tensorflow-train_mnist_with_tensorflow.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-2b_train_cifar_10_with_pytorch-train_cifar_10_with_pytorch.yml b/.github/workflows/sdk-jobs-pipelines-2b_train_cifar_10_with_pytorch-train_cifar_10_with_pytorch.yml index 2f626065cba..bac29401f7d 100644 --- a/.github/workflows/sdk-jobs-pipelines-2b_train_cifar_10_with_pytorch-train_cifar_10_with_pytorch.yml +++ b/.github/workflows/sdk-jobs-pipelines-2b_train_cifar_10_with_pytorch-train_cifar_10_with_pytorch.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-2c_nyc_taxi_data_regression-nyc_taxi_data_regression.yml b/.github/workflows/sdk-jobs-pipelines-2c_nyc_taxi_data_regression-nyc_taxi_data_regression.yml index 2abfcfe3a59..b1a1b2aca33 100644 --- a/.github/workflows/sdk-jobs-pipelines-2c_nyc_taxi_data_regression-nyc_taxi_data_regression.yml +++ b/.github/workflows/sdk-jobs-pipelines-2c_nyc_taxi_data_regression-nyc_taxi_data_regression.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-2d_image_classification_with_densenet-image_classification_with_densenet.yml b/.github/workflows/sdk-jobs-pipelines-2d_image_classification_with_densenet-image_classification_with_densenet.yml index cc6e575e78a..0ba6eeae5d9 100644 --- a/.github/workflows/sdk-jobs-pipelines-2d_image_classification_with_densenet-image_classification_with_densenet.yml +++ b/.github/workflows/sdk-jobs-pipelines-2d_image_classification_with_densenet-image_classification_with_densenet.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-pipelines-2e_image_classification_keras_minist_convnet-image_classification_keras_minist_convnet.yml b/.github/workflows/sdk-jobs-pipelines-2e_image_classification_keras_minist_convnet-image_classification_keras_minist_convnet.yml index 87226af6dd8..0d330c4a384 100644 --- a/.github/workflows/sdk-jobs-pipelines-2e_image_classification_keras_minist_convnet-image_classification_keras_minist_convnet.yml +++ b/.github/workflows/sdk-jobs-pipelines-2e_image_classification_keras_minist_convnet-image_classification_keras_minist_convnet.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-single-step-debug-and-monitor-debug-and-monitor.yml b/.github/workflows/sdk-jobs-single-step-debug-and-monitor-debug-and-monitor.yml index dced9df140c..c73672875b9 100644 --- a/.github/workflows/sdk-jobs-single-step-debug-and-monitor-debug-and-monitor.yml +++ b/.github/workflows/sdk-jobs-single-step-debug-and-monitor-debug-and-monitor.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-single-step-lightgbm-iris-lightgbm-iris-sweep.yml b/.github/workflows/sdk-jobs-single-step-lightgbm-iris-lightgbm-iris-sweep.yml index 79c8131ec2b..08dceb59be9 100644 --- a/.github/workflows/sdk-jobs-single-step-lightgbm-iris-lightgbm-iris-sweep.yml +++ b/.github/workflows/sdk-jobs-single-step-lightgbm-iris-lightgbm-iris-sweep.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-single-step-pytorch-distributed-training-distributed-cifar10.yml b/.github/workflows/sdk-jobs-single-step-pytorch-distributed-training-distributed-cifar10.yml index c374acea09e..1a225bced27 100644 --- a/.github/workflows/sdk-jobs-single-step-pytorch-distributed-training-distributed-cifar10.yml +++ b/.github/workflows/sdk-jobs-single-step-pytorch-distributed-training-distributed-cifar10.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-single-step-pytorch-distributed-training-yolov5-objectdetectionAzureML.yml b/.github/workflows/sdk-jobs-single-step-pytorch-distributed-training-yolov5-objectdetectionAzureML.yml index eee059c3486..275d9566a44 100644 --- a/.github/workflows/sdk-jobs-single-step-pytorch-distributed-training-yolov5-objectdetectionAzureML.yml +++ b/.github/workflows/sdk-jobs-single-step-pytorch-distributed-training-yolov5-objectdetectionAzureML.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-single-step-pytorch-iris-pytorch-iris.yml b/.github/workflows/sdk-jobs-single-step-pytorch-iris-pytorch-iris.yml index c3c0771a0a1..67730019713 100644 --- a/.github/workflows/sdk-jobs-single-step-pytorch-iris-pytorch-iris.yml +++ b/.github/workflows/sdk-jobs-single-step-pytorch-iris-pytorch-iris.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-single-step-pytorch-train-hyperparameter-tune-deploy-with-pytorch-train-hyperparameter-tune-deploy-with-pytorch.yml b/.github/workflows/sdk-jobs-single-step-pytorch-train-hyperparameter-tune-deploy-with-pytorch-train-hyperparameter-tune-deploy-with-pytorch.yml index ccad0103e9e..a1782d96fbf 100644 --- a/.github/workflows/sdk-jobs-single-step-pytorch-train-hyperparameter-tune-deploy-with-pytorch-train-hyperparameter-tune-deploy-with-pytorch.yml +++ b/.github/workflows/sdk-jobs-single-step-pytorch-train-hyperparameter-tune-deploy-with-pytorch-train-hyperparameter-tune-deploy-with-pytorch.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-single-step-r-accidents-accident-prediction.yml b/.github/workflows/sdk-jobs-single-step-r-accidents-accident-prediction.yml index 95ff65a1505..84dfc0f17e5 100644 --- a/.github/workflows/sdk-jobs-single-step-r-accidents-accident-prediction.yml +++ b/.github/workflows/sdk-jobs-single-step-r-accidents-accident-prediction.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-single-step-scikit-learn-diabetes-sklearn-diabetes.yml b/.github/workflows/sdk-jobs-single-step-scikit-learn-diabetes-sklearn-diabetes.yml index 3d8237c5a3c..aad6bdf6da0 100644 --- a/.github/workflows/sdk-jobs-single-step-scikit-learn-diabetes-sklearn-diabetes.yml +++ b/.github/workflows/sdk-jobs-single-step-scikit-learn-diabetes-sklearn-diabetes.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-single-step-scikit-learn-iris-iris-scikit-learn.yml b/.github/workflows/sdk-jobs-single-step-scikit-learn-iris-iris-scikit-learn.yml index 24bfedc1089..54e63e3904a 100644 --- a/.github/workflows/sdk-jobs-single-step-scikit-learn-iris-iris-scikit-learn.yml +++ b/.github/workflows/sdk-jobs-single-step-scikit-learn-iris-iris-scikit-learn.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-single-step-scikit-learn-mnist-sklearn-mnist.yml b/.github/workflows/sdk-jobs-single-step-scikit-learn-mnist-sklearn-mnist.yml index 6a376f4593b..6a414550da4 100644 --- a/.github/workflows/sdk-jobs-single-step-scikit-learn-mnist-sklearn-mnist.yml +++ b/.github/workflows/sdk-jobs-single-step-scikit-learn-mnist-sklearn-mnist.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-single-step-tensorflow-mnist-distributed-horovod-tensorflow-mnist-distributed-horovod.yml b/.github/workflows/sdk-jobs-single-step-tensorflow-mnist-distributed-horovod-tensorflow-mnist-distributed-horovod.yml index 46c5b288257..7773ec9d1e4 100644 --- a/.github/workflows/sdk-jobs-single-step-tensorflow-mnist-distributed-horovod-tensorflow-mnist-distributed-horovod.yml +++ b/.github/workflows/sdk-jobs-single-step-tensorflow-mnist-distributed-horovod-tensorflow-mnist-distributed-horovod.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-single-step-tensorflow-mnist-distributed-tensorflow-mnist-distributed.yml b/.github/workflows/sdk-jobs-single-step-tensorflow-mnist-distributed-tensorflow-mnist-distributed.yml index aff322667e6..648cb7461c3 100644 --- a/.github/workflows/sdk-jobs-single-step-tensorflow-mnist-distributed-tensorflow-mnist-distributed.yml +++ b/.github/workflows/sdk-jobs-single-step-tensorflow-mnist-distributed-tensorflow-mnist-distributed.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-single-step-tensorflow-mnist-tensorflow-mnist.yml b/.github/workflows/sdk-jobs-single-step-tensorflow-mnist-tensorflow-mnist.yml index 7fbae732691..33b284cd13a 100644 --- a/.github/workflows/sdk-jobs-single-step-tensorflow-mnist-tensorflow-mnist.yml +++ b/.github/workflows/sdk-jobs-single-step-tensorflow-mnist-tensorflow-mnist.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-spark-automation-run_interactive_session_notebook.yml b/.github/workflows/sdk-jobs-spark-automation-run_interactive_session_notebook.yml index 1c30bb836f1..1ca88709e71 100644 --- a/.github/workflows/sdk-jobs-spark-automation-run_interactive_session_notebook.yml +++ b/.github/workflows/sdk-jobs-spark-automation-run_interactive_session_notebook.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-spark-submit_spark_pipeline_jobs.yml b/.github/workflows/sdk-jobs-spark-submit_spark_pipeline_jobs.yml index 7822b89a3e3..3cb69be2146 100644 --- a/.github/workflows/sdk-jobs-spark-submit_spark_pipeline_jobs.yml +++ b/.github/workflows/sdk-jobs-spark-submit_spark_pipeline_jobs.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-spark-submit_spark_standalone_jobs.yml b/.github/workflows/sdk-jobs-spark-submit_spark_standalone_jobs.yml index b59cc42286d..e17ae3b3726 100644 --- a/.github/workflows/sdk-jobs-spark-submit_spark_standalone_jobs.yml +++ b/.github/workflows/sdk-jobs-spark-submit_spark_standalone_jobs.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-jobs-spark-submit_spark_standalone_jobs_managed_vnet.yml b/.github/workflows/sdk-jobs-spark-submit_spark_standalone_jobs_managed_vnet.yml index 827b71c2ae2..51b0f44be6d 100644 --- a/.github/workflows/sdk-jobs-spark-submit_spark_standalone_jobs_managed_vnet.yml +++ b/.github/workflows/sdk-jobs-spark-submit_spark_standalone_jobs_managed_vnet.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-resources-compute-attach_manage_spark_pools.yml b/.github/workflows/sdk-resources-compute-attach_manage_spark_pools.yml index 847c15808c0..6c7a1b214e8 100644 --- a/.github/workflows/sdk-resources-compute-attach_manage_spark_pools.yml +++ b/.github/workflows/sdk-resources-compute-attach_manage_spark_pools.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-resources-compute-compute.yml b/.github/workflows/sdk-resources-compute-compute.yml index 432951bdf83..7d21f9e3196 100644 --- a/.github/workflows/sdk-resources-compute-compute.yml +++ b/.github/workflows/sdk-resources-compute-compute.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-resources-connections-connections.yml b/.github/workflows/sdk-resources-connections-connections.yml index ed778713052..171b9a75a18 100644 --- a/.github/workflows/sdk-resources-connections-connections.yml +++ b/.github/workflows/sdk-resources-connections-connections.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-resources-registry-registry-create.yml b/.github/workflows/sdk-resources-registry-registry-create.yml index e2671c2bc0b..6cff911162a 100644 --- a/.github/workflows/sdk-resources-registry-registry-create.yml +++ b/.github/workflows/sdk-resources-registry-registry-create.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-resources-workspace-workspace.yml b/.github/workflows/sdk-resources-workspace-workspace.yml index 5ae2c0eb6c0..68ad1f4eb89 100644 --- a/.github/workflows/sdk-resources-workspace-workspace.yml +++ b/.github/workflows/sdk-resources-workspace-workspace.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-mlflow-deployment-with-explanations-mlflow-deployment-with-explanations.yml b/.github/workflows/sdk-responsible-ai-mlflow-deployment-with-explanations-mlflow-deployment-with-explanations.yml index b43f17bf9d9..86d9777acc9 100644 --- a/.github/workflows/sdk-responsible-ai-mlflow-deployment-with-explanations-mlflow-deployment-with-explanations.yml +++ b/.github/workflows/sdk-responsible-ai-mlflow-deployment-with-explanations-mlflow-deployment-with-explanations.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-diabetes-decision-making-responsibleaidashboard-diabetes-decision-making.yml b/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-diabetes-decision-making-responsibleaidashboard-diabetes-decision-making.yml index 9b3c5e6339b..f60786ba36a 100644 --- a/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-diabetes-decision-making-responsibleaidashboard-diabetes-decision-making.yml +++ b/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-diabetes-decision-making-responsibleaidashboard-diabetes-decision-making.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-diabetes-regression-model-debugging-responsibleaidashboard-diabetes-regression-model-debugging.yml b/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-diabetes-regression-model-debugging-responsibleaidashboard-diabetes-regression-model-debugging.yml index 3a2137cf597..938212484a9 100644 --- a/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-diabetes-regression-model-debugging-responsibleaidashboard-diabetes-regression-model-debugging.yml +++ b/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-diabetes-regression-model-debugging-responsibleaidashboard-diabetes-regression-model-debugging.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-education-student-attrition-classificaton-responsibleaidashboard-education-student-attrition-classificaton.yml b/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-education-student-attrition-classificaton-responsibleaidashboard-education-student-attrition-classificaton.yml index e046b707a7f..126eae18763 100644 --- a/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-education-student-attrition-classificaton-responsibleaidashboard-education-student-attrition-classificaton.yml +++ b/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-education-student-attrition-classificaton-responsibleaidashboard-education-student-attrition-classificaton.yml @@ -19,6 +19,8 @@ on: - sdk/python/dev-requirements.txt - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -39,7 +41,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-finance-loan-classification-responsibleaidashboard-finance-loan-classification.yml b/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-finance-loan-classification-responsibleaidashboard-finance-loan-classification.yml index 213bbdc2830..479e8fc5bc1 100644 --- a/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-finance-loan-classification-responsibleaidashboard-finance-loan-classification.yml +++ b/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-finance-loan-classification-responsibleaidashboard-finance-loan-classification.yml @@ -19,6 +19,8 @@ on: - sdk/python/dev-requirements.txt - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -39,7 +41,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-healthcare-covid-classification-responsibleaidashboard-healthcare-covid-classification.yml b/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-healthcare-covid-classification-responsibleaidashboard-healthcare-covid-classification.yml index f0ddfec3ef6..8960079639e 100644 --- a/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-healthcare-covid-classification-responsibleaidashboard-healthcare-covid-classification.yml +++ b/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-healthcare-covid-classification-responsibleaidashboard-healthcare-covid-classification.yml @@ -19,6 +19,8 @@ on: - sdk/python/dev-requirements.txt - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -39,7 +41,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-housing-classification-model-debugging-responsibleaidashboard-housing-classification-model-debugging.yml b/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-housing-classification-model-debugging-responsibleaidashboard-housing-classification-model-debugging.yml index 663fac9bb61..3e136045b0e 100644 --- a/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-housing-classification-model-debugging-responsibleaidashboard-housing-classification-model-debugging.yml +++ b/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-housing-classification-model-debugging-responsibleaidashboard-housing-classification-model-debugging.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-housing-decision-making-responsibleaidashboard-housing-decision-making.yml b/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-housing-decision-making-responsibleaidashboard-housing-decision-making.yml index 74e7c41f229..b04ef10ee98 100644 --- a/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-housing-decision-making-responsibleaidashboard-housing-decision-making.yml +++ b/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-housing-decision-making-responsibleaidashboard-housing-decision-making.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-programmer-regression-model-debugging-responsibleaidashboard-programmer-regression-model-debugging.yml b/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-programmer-regression-model-debugging-responsibleaidashboard-programmer-regression-model-debugging.yml index a34350f6751..a1e62a4725b 100644 --- a/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-programmer-regression-model-debugging-responsibleaidashboard-programmer-regression-model-debugging.yml +++ b/.github/workflows/sdk-responsible-ai-tabular-responsibleaidashboard-programmer-regression-model-debugging-responsibleaidashboard-programmer-regression-model-debugging.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-multilabel-text-classification-covid-events.yml b/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-multilabel-text-classification-covid-events.yml index bf7150c272b..05d0885ad7f 100644 --- a/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-multilabel-text-classification-covid-events.yml +++ b/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-multilabel-text-classification-covid-events.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-text-classification-DBPedia.yml b/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-text-classification-DBPedia.yml index 0d717b8ef86..4f1e30f3997 100644 --- a/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-text-classification-DBPedia.yml +++ b/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-text-classification-DBPedia.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-text-classification-blbooksgenre.yml b/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-text-classification-blbooksgenre.yml index 1dfe6a658a2..9f473f8e44a 100644 --- a/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-text-classification-blbooksgenre.yml +++ b/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-text-classification-blbooksgenre.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-text-classification-financial-news-responsibleaidashboard-text-classification-financial-news.yml b/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-text-classification-financial-news-responsibleaidashboard-text-classification-financial-news.yml index 2f4f6940416..adbcf712e2a 100644 --- a/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-text-classification-financial-news-responsibleaidashboard-text-classification-financial-news.yml +++ b/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-text-classification-financial-news-responsibleaidashboard-text-classification-financial-news.yml @@ -19,6 +19,8 @@ on: - sdk/python/dev-requirements.txt - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -39,7 +41,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-text-question-answering-squad.yml b/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-text-question-answering-squad.yml index 03aa63af753..7b7fcb5cc72 100644 --- a/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-text-question-answering-squad.yml +++ b/.github/workflows/sdk-responsible-ai-text-responsibleaidashboard-text-question-answering-squad.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-automl-image-classification-fridge.yml b/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-automl-image-classification-fridge.yml index 37b6b004d75..245701ab0b1 100644 --- a/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-automl-image-classification-fridge.yml +++ b/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-automl-image-classification-fridge.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-automl-object-detection-fridge-private-data.yml b/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-automl-object-detection-fridge-private-data.yml index bd06163e850..dd255c6d895 100644 --- a/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-automl-object-detection-fridge-private-data.yml +++ b/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-automl-object-detection-fridge-private-data.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-image-classification-fridge.yml b/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-image-classification-fridge.yml index 60f8838e1b2..b13eba362df 100644 --- a/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-image-classification-fridge.yml +++ b/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-image-classification-fridge.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-image-flower-classification.yml b/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-image-flower-classification.yml index ce180664ae7..ab2fc1ca59e 100644 --- a/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-image-flower-classification.yml +++ b/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-image-flower-classification.yml @@ -19,6 +19,8 @@ on: - sdk/python/dev-requirements.txt - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -39,7 +41,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-image-multilabel-classification-fridge.yml b/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-image-multilabel-classification-fridge.yml index c1dc302dd3a..83717a11527 100644 --- a/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-image-multilabel-classification-fridge.yml +++ b/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-image-multilabel-classification-fridge.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-object-detection-MSCOCO.yml b/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-object-detection-MSCOCO.yml index 9b20a642877..49f7a1a281b 100644 --- a/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-object-detection-MSCOCO.yml +++ b/.github/workflows/sdk-responsible-ai-vision-responsibleaidashboard-object-detection-MSCOCO.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -40,7 +42,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-schedules-job-schedule.yml b/.github/workflows/sdk-schedules-job-schedule.yml index 611e6f79565..e1b4ab44dc3 100644 --- a/.github/workflows/sdk-schedules-job-schedule.yml +++ b/.github/workflows/sdk-schedules-job-schedule.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-using-mltable-delimited-files-example-delimited-files-example.yml b/.github/workflows/sdk-using-mltable-delimited-files-example-delimited-files-example.yml index 87eaf1e7cc2..32cff5ecb21 100644 --- a/.github/workflows/sdk-using-mltable-delimited-files-example-delimited-files-example.yml +++ b/.github/workflows/sdk-using-mltable-delimited-files-example-delimited-files-example.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-using-mltable-delta-lake-example-delta-lake-example.yml b/.github/workflows/sdk-using-mltable-delta-lake-example-delta-lake-example.yml index 42bad2f5be9..54dc7164dea 100644 --- a/.github/workflows/sdk-using-mltable-delta-lake-example-delta-lake-example.yml +++ b/.github/workflows/sdk-using-mltable-delta-lake-example-delta-lake-example.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-using-mltable-from-paths-example-from-paths-example.yml b/.github/workflows/sdk-using-mltable-from-paths-example-from-paths-example.yml index c37eb2deed0..39f8f71962e 100644 --- a/.github/workflows/sdk-using-mltable-from-paths-example-from-paths-example.yml +++ b/.github/workflows/sdk-using-mltable-from-paths-example-from-paths-example.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-using-mltable-local-to-cloud-mltable-local-to-cloud.yml b/.github/workflows/sdk-using-mltable-local-to-cloud-mltable-local-to-cloud.yml index 0c430ace506..90012100002 100644 --- a/.github/workflows/sdk-using-mltable-local-to-cloud-mltable-local-to-cloud.yml +++ b/.github/workflows/sdk-using-mltable-local-to-cloud-mltable-local-to-cloud.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/sdk-using-mltable-quickstart-mltable-quickstart.yml b/.github/workflows/sdk-using-mltable-quickstart-mltable-quickstart.yml index 95b98e0d47c..0d9029cf048 100644 --- a/.github/workflows/sdk-using-mltable-quickstart-mltable-quickstart.yml +++ b/.github/workflows/sdk-using-mltable-quickstart-mltable-quickstart.yml @@ -20,6 +20,8 @@ on: - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -38,7 +40,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/tutorials-azureml-getting-started-azureml-getting-started-studio.yml b/.github/workflows/tutorials-azureml-getting-started-azureml-getting-started-studio.yml index 054d1ebe516..c4233c793a9 100644 --- a/.github/workflows/tutorials-azureml-getting-started-azureml-getting-started-studio.yml +++ b/.github/workflows/tutorials-azureml-getting-started-azureml-getting-started-studio.yml @@ -19,6 +19,8 @@ on: - sdk/python/dev-requirements.txt - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -39,7 +41,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/tutorials-azureml-in-a-day-azureml-in-a-day.yml b/.github/workflows/tutorials-azureml-in-a-day-azureml-in-a-day.yml index c8388781cd8..36bc2bd7939 100644 --- a/.github/workflows/tutorials-azureml-in-a-day-azureml-in-a-day.yml +++ b/.github/workflows/tutorials-azureml-in-a-day-azureml-in-a-day.yml @@ -19,6 +19,8 @@ on: - sdk/python/dev-requirements.txt - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -39,7 +41,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/tutorials-e2e-distributed-pytorch-image-e2e-object-classification-distributed-pytorch.yml b/.github/workflows/tutorials-e2e-distributed-pytorch-image-e2e-object-classification-distributed-pytorch.yml index 84b4b575cab..fc67ac7eaf1 100644 --- a/.github/workflows/tutorials-e2e-distributed-pytorch-image-e2e-object-classification-distributed-pytorch.yml +++ b/.github/workflows/tutorials-e2e-distributed-pytorch-image-e2e-object-classification-distributed-pytorch.yml @@ -19,6 +19,8 @@ on: - sdk/python/dev-requirements.txt - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -39,7 +41,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/tutorials-e2e-ds-experience-e2e-ml-workflow.yml b/.github/workflows/tutorials-e2e-ds-experience-e2e-ml-workflow.yml index 570719987d8..7acb7d5812f 100644 --- a/.github/workflows/tutorials-e2e-ds-experience-e2e-ml-workflow.yml +++ b/.github/workflows/tutorials-e2e-ds-experience-e2e-ml-workflow.yml @@ -19,6 +19,8 @@ on: - sdk/python/dev-requirements.txt - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -39,7 +41,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/tutorials-get-started-notebooks-cloud-workstation.yml b/.github/workflows/tutorials-get-started-notebooks-cloud-workstation.yml index e41550b021f..6363b8ce5b6 100644 --- a/.github/workflows/tutorials-get-started-notebooks-cloud-workstation.yml +++ b/.github/workflows/tutorials-get-started-notebooks-cloud-workstation.yml @@ -19,6 +19,8 @@ on: - sdk/python/dev-requirements.txt - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -39,7 +41,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/tutorials-get-started-notebooks-deploy-model.yml b/.github/workflows/tutorials-get-started-notebooks-deploy-model.yml index 3804c68e009..d005a47fa38 100644 --- a/.github/workflows/tutorials-get-started-notebooks-deploy-model.yml +++ b/.github/workflows/tutorials-get-started-notebooks-deploy-model.yml @@ -19,6 +19,8 @@ on: - sdk/python/dev-requirements.txt - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -37,7 +39,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/tutorials-get-started-notebooks-explore-data.yml b/.github/workflows/tutorials-get-started-notebooks-explore-data.yml index 3a34e918ef6..e9e781e15d2 100644 --- a/.github/workflows/tutorials-get-started-notebooks-explore-data.yml +++ b/.github/workflows/tutorials-get-started-notebooks-explore-data.yml @@ -19,6 +19,8 @@ on: - sdk/python/dev-requirements.txt - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -37,7 +39,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/tutorials-get-started-notebooks-pipeline.yml b/.github/workflows/tutorials-get-started-notebooks-pipeline.yml index bd2d5ed7e7a..9286c67d598 100644 --- a/.github/workflows/tutorials-get-started-notebooks-pipeline.yml +++ b/.github/workflows/tutorials-get-started-notebooks-pipeline.yml @@ -19,6 +19,8 @@ on: - sdk/python/dev-requirements.txt - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -39,7 +41,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/tutorials-get-started-notebooks-quickstart.yml b/.github/workflows/tutorials-get-started-notebooks-quickstart.yml index 0bbdce12713..9a76f1c6c8e 100644 --- a/.github/workflows/tutorials-get-started-notebooks-quickstart.yml +++ b/.github/workflows/tutorials-get-started-notebooks-quickstart.yml @@ -19,6 +19,8 @@ on: - sdk/python/dev-requirements.txt - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -39,7 +41,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/.github/workflows/tutorials-get-started-notebooks-train-model.yml b/.github/workflows/tutorials-get-started-notebooks-train-model.yml index e7f11246fde..7000b2becf4 100644 --- a/.github/workflows/tutorials-get-started-notebooks-train-model.yml +++ b/.github/workflows/tutorials-get-started-notebooks-train-model.yml @@ -19,6 +19,8 @@ on: - sdk/python/dev-requirements.txt - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -39,7 +41,9 @@ jobs: - name: azure login uses: azure/login@v1 with: - creds: ${{secrets.AZUREML_CREDENTIALS}} + client-id: ${{ secrets.OIDC_AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_AZURE_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }} - name: bootstrap resources run: | echo '${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}'; diff --git a/cli/readme.py b/cli/readme.py index dbda70f002e..f536e8f891d 100644 --- a/cli/readme.py +++ b/cli/readme.py @@ -52,7 +52,6 @@ \n# Code is generated by running custom script: python3 readme.py\ \n# Any manual changes to this file may cause incorrect behavior.\ \n# Any manual changes will be overwritten if the code is regenerated.\n" -CREDENTIALS = "${{secrets.AZUREML_CREDENTIALS}}" BRANCH = "main" # default - do not change # Duplicate name in working directory during checkout # https://github.com/actions/checkout/issues/739 @@ -422,7 +421,6 @@ def write_job_workflow(job): posix_project_dir = project_dir.replace(os.sep, "/") is_pipeline_sample = "jobs/pipelines" in job is_spark_sample = "jobs/spark" in job - creds = CREDENTIALS schedule_hour, schedule_minute = get_schedule_time(filename) # Duplicate name in working directory during checkout # https://github.com/actions/checkout/issues/739 @@ -444,6 +442,8 @@ def write_job_workflow(job): if is_spark_sample: workflow_yaml += " - cli/jobs/spark/data/titanic.csv\n" "" workflow_yaml += f""" - cli/setup.sh +permissions: + id-token: write concurrency: group: {GITHUB_CONCURRENCY_GROUP} cancel-in-progress: true @@ -456,7 +456,9 @@ def write_job_workflow(job): - name: azure login uses: azure/login@v1 with: - creds: {creds} + client-id: ${{{{ secrets.OIDC_AZURE_CLIENT_ID }}}} + tenant-id: ${{{{ secrets.OIDC_AZURE_TENANT_ID }}}} + subscription-id: ${{{{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }}}} - name: bootstrap resources run: | echo '{GITHUB_CONCURRENCY_GROUP}'; @@ -505,7 +507,6 @@ def write_job_using_registry_components_workflow(job): posix_project_dir = project_dir.replace(os.sep, "/") folder_name = project_dir.split(os.sep)[-1] is_pipeline_sample = "jobs/pipelines" in job - creds = CREDENTIALS schedule_hour, schedule_minute = get_schedule_time(filename) # Duplicate name in working directory during checkout # https://github.com/actions/checkout/issues/739 @@ -525,6 +526,8 @@ def write_job_using_registry_components_workflow(job): if is_pipeline_sample: workflow_yaml += " - cli/run-pipeline-jobs.sh\n" "" workflow_yaml += f""" - cli/setup.sh +permissions: + id-token: write concurrency: group: {GITHUB_CONCURRENCY_GROUP} cancel-in-progress: true @@ -537,7 +540,9 @@ def write_job_using_registry_components_workflow(job): - name: azure login uses: azure/login@v1 with: - creds: {creds} + client-id: ${{{{ secrets.OIDC_AZURE_CLIENT_ID }}}} + tenant-id: ${{{{ secrets.OIDC_AZURE_TENANT_ID }}}} + subscription-id: ${{{{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }}}} - name: bootstrap resources run: | echo '{GITHUB_CONCURRENCY_GROUP}'; @@ -588,7 +593,6 @@ def write_endpoint_workflow(endpoint): for deployment in deployments if not any(excluded in deployment for excluded in EXCLUDED_DEPLOYMENTS) ] - creds = CREDENTIALS schedule_hour, schedule_minute = get_schedule_time(filename) endpoint_type = ( "online" @@ -616,6 +620,8 @@ def write_endpoint_workflow(endpoint): - infra/bootstrapping/** - .github/workflows/cli-{hyphenated}.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: {GITHUB_CONCURRENCY_GROUP} cancel-in-progress: true @@ -628,7 +634,9 @@ def write_endpoint_workflow(endpoint): - name: azure login uses: azure/login@v1 with: - creds: {creds} + client-id: ${{{{ secrets.OIDC_AZURE_CLIENT_ID }}}} + tenant-id: ${{{{ secrets.OIDC_AZURE_TENANT_ID }}}} + subscription-id: ${{{{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }}}} - name: bootstrap resources run: | bash bootstrap.sh @@ -694,7 +702,6 @@ def write_asset_workflow(asset): filename, project_dir, hyphenated = parse_path(asset) project_dir = project_dir.replace(os.sep, "/") posix_asset = asset.replace(os.sep, "/") - creds = CREDENTIALS schedule_hour, schedule_minute = get_schedule_time(filename) workflow_yaml = f"""{READONLY_HEADER} name: cli-{hyphenated} @@ -710,6 +717,8 @@ def write_asset_workflow(asset): - infra/bootstrapping/** - .github/workflows/cli-{hyphenated}.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: {GITHUB_CONCURRENCY_GROUP} cancel-in-progress: true @@ -722,7 +731,9 @@ def write_asset_workflow(asset): - name: azure login uses: azure/login@v1 with: - creds: {creds} + client-id: ${{{{ secrets.OIDC_AZURE_CLIENT_ID }}}} + tenant-id: ${{{{ secrets.OIDC_AZURE_TENANT_ID }}}} + subscription-id: ${{{{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }}}} - name: bootstrap resources run: | bash bootstrapping/bootstrap.sh @@ -757,7 +768,6 @@ def write_asset_workflow(asset): def write_script_workflow(script): filename, project_dir, hyphenated = parse_path(script) project_dir = project_dir.replace(os.sep, "/") - creds = CREDENTIALS schedule_hour, schedule_minute = get_schedule_time(filename) workflow_yaml = f"""{READONLY_HEADER} name: cli-scripts-{hyphenated} @@ -773,6 +783,8 @@ def write_script_workflow(script): - infra/bootstrapping/** - .github/workflows/cli-scripts-{hyphenated}.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: {GITHUB_CONCURRENCY_GROUP} cancel-in-progress: true @@ -785,7 +797,9 @@ def write_script_workflow(script): - name: azure login uses: azure/login@v1 with: - creds: {creds} + client-id: ${{{{ secrets.OIDC_AZURE_CLIENT_ID }}}} + tenant-id: ${{{{ secrets.OIDC_AZURE_TENANT_ID }}}} + subscription-id: ${{{{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }}}} - name: bootstrap resources run: | bash bootstrap.sh @@ -819,7 +833,6 @@ def write_schedule_workflow(schedule): filename, project_dir, hyphenated = parse_path(schedule) project_dir = project_dir.replace(os.sep, "/") posix_schedule = schedule.replace(os.sep, "/") - creds = CREDENTIALS schedule_hour, schedule_minute = get_schedule_time(filename) workflow_yaml = f"""{READONLY_HEADER} name: cli-schedules-{hyphenated} @@ -835,6 +848,8 @@ def write_schedule_workflow(schedule): - infra/bootstrapping/** - .github/workflows/cli-schedules-{hyphenated}.yml - cli/setup.sh +permissions: + id-token: write concurrency: group: {GITHUB_CONCURRENCY_GROUP} cancel-in-progress: true @@ -847,7 +862,9 @@ def write_schedule_workflow(schedule): - name: azure login uses: azure/login@v1 with: - creds: {creds} + client-id: ${{{{ secrets.OIDC_AZURE_CLIENT_ID }}}} + tenant-id: ${{{{ secrets.OIDC_AZURE_TENANT_ID }}}} + subscription-id: ${{{{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }}}} - name: bootstrap resources run: | bash bootstrap.sh diff --git a/sdk/python/readme.py b/sdk/python/readme.py index a6f6c43dbe9..b69b6316f9e 100644 --- a/sdk/python/readme.py +++ b/sdk/python/readme.py @@ -199,7 +199,6 @@ def write_notebook_workflow( ) is_spark_notebook_sample = ("jobs-spark" in classification) or ("_spark_" in name) is_featurestore_sample = "featurestore_sample" in classification - creds = "${{secrets.AZUREML_CREDENTIALS}}" # Duplicate name in working directory during checkout # https://github.com/actions/checkout/issues/739 github_workspace = "${{ github.workspace }}" @@ -242,6 +241,8 @@ def write_notebook_workflow( if is_featurestore_sample: workflow_yaml += f""" - sdk/python/featurestore_sample/**""" workflow_yaml += f""" +permissions: + id-token: write concurrency: group: {GITHUB_CONCURRENCY_GROUP} cancel-in-progress: true @@ -260,7 +261,9 @@ def write_notebook_workflow( - name: azure login uses: azure/login@v1 with: - creds: {creds} + client-id: ${{{{ secrets.OIDC_AZURE_CLIENT_ID }}}} + tenant-id: ${{{{ secrets.OIDC_AZURE_TENANT_ID }}}} + subscription-id: ${{{{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }}}} - name: bootstrap resources run: | echo '{GITHUB_CONCURRENCY_GROUP}'; diff --git a/tutorials/readme.py b/tutorials/readme.py index 9ddddad240e..3ff06978b17 100644 --- a/tutorials/readme.py +++ b/tutorials/readme.py @@ -111,7 +111,6 @@ def write_notebook_workflow( is_pipeline_notebook = ("jobs-pipelines" in classification) or ( "assets-component" in classification ) - creds = "${{secrets.AZUREML_CREDENTIALS}}" # Duplicate name in working directory during checkout # https://github.com/actions/checkout/issues/739 github_workspace = "${{ github.workspace }}" @@ -149,6 +148,8 @@ def write_notebook_workflow( - sdk/python/dev-requirements.txt - infra/bootstrapping/** - sdk/python/setup.sh +permissions: + id-token: write concurrency: group: {GITHUB_CONCURRENCY_GROUP} cancel-in-progress: true @@ -167,7 +168,9 @@ def write_notebook_workflow( - name: azure login uses: azure/login@v1 with: - creds: {creds} + client-id: ${{{{ secrets.OIDC_AZURE_CLIENT_ID }}}} + tenant-id: ${{{{ secrets.OIDC_AZURE_TENANT_ID }}}} + subscription-id: ${{{{ secrets.OIDC_AZURE_SUBSCRIPTION_ID }}}} - name: bootstrap resources run: | echo '{GITHUB_CONCURRENCY_GROUP}';