-
Notifications
You must be signed in to change notification settings - Fork 298
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AZ commands won't work if run within a docker container #362
Comments
Hi @Israphel , when you run az in a docker container, it means an independent and isolated env, unless you share the host settings with it. You can refer to the implementation of Azure CLI Action. |
I'm not talking about running the whole job in a docker container, I'm talking about a github action that is written as a docker container, with the following lines inside action.yaml: runs:
using: 'docker'
image: 'Dockerfile' which is a common practice. The azure CLI action is node16 and not docker so I can't use it as a reference. The question is: are docker actions supported after using this azure/login action ? |
Hi @Israphel, yes, docker actions are supported after using Azure/Login. When you sign in with a user account, Azure CLI generates and stores an authentication refresh token in the |
Even tho that action uses docker commands inside, it is still a typescript action and not a docker action, so it doesn't really answer my question. We have develop an action using the azure sdk for python (not the cli) and it will be nice to run it as a docker action. Why don't the azure login action expose env vars rather than storing the credentials to .azure? similar to how the workload identity in AKS works. Is there an example of a real docker action running after azure login? |
@Israphel Azure Login Action is based on Azure CLI and Azure PowerShell, which are 2 popular Azure Client tools. If you are using Azure SDK for python, that means you are implementing your own client tool, which is out of the scope of Azure Login Action, or Azure CLI. In that case, I suggest you to login with Azure SDK directly. |
Using the SDK is completely normal, why would we develop an action writing a wrapper around azure cli while the official sdks exist? anyway, the conclusion is clear: Actions made with docker are not compatible with this login action. Any other action that calls docker run and mount .azure works, but real docker actions don't. |
I have successfully logged in to Azure by using OIDC:
and AZ works fine after that step if I run them directly with azure/CLI@v1 or just by typing az commands.
however, if I create a basic github action that uses the docker container mcr.microsoft.com/azure-cli and I try to run commands right after the login, I get:
ERROR: Please run 'az login' to setup account.
what's the trick to run custom github actions that depend on the login? is this action exposing the required ENV VARS which are needed? I know for a fact that my client id has enough permissions since inline az commands works, but that forces me to only use "composite" actions and not Docker actions.
The text was updated successfully, but these errors were encountered: