You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
a self-hosted runner in an Azure VM with the software provided by the GHES instance.
Issue:
When Azure/login is used on a self-hosted runner, the job is unable to access the id-token variable's permissions. id-token has been set to both Write and Write-All in many iterations of the job to no success. Please make sure to give write permissions to id-token in the workflow.
the azure/login v2.1.1 action fails at line 570, the try-catch sends back Login failed with Error: Error message: Cannot read properties of undefined (reading 'message'). Double check if the 'auth-type' is correct. Refer to https://github.com/Azure/login#readme for more information.
the OIDC token URL appears to be generated , but
it fails at line 565: const id_token = yield OidcClient.getCall(id_token_url);
They are available when using a curl - v command from the runner machine.
However this still results in a failed run with the following information:
The id_token_url (Line 559) variable , when visited via a browser from my machine, or curl -v from the gitRunner machine is always the same response: The user 'System:PublicAccess;aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa' is not authorized to access this resource.
The person assigned to my issue suggested I bring this up here.
Thanks for any assistance.
The text was updated successfully, but these errors were encountered:
Coming from this post: Azure/login#477
Environments
Issue:
Please make sure to give write permissions to id-token in the workflow.
Login failed with Error: Error message: Cannot read properties of undefined (reading 'message'). Double check if the 'auth-type' is correct. Refer to https://github.com/Azure/login#readme for more information.
const id_token = yield OidcClient.getCall(id_token_url);
Following advice from this post: Azure/login#283
However this still results in a failed run with the following information:
The id_token_url (Line 559) variable , when visited via a browser from my machine, or curl -v from the gitRunner machine is always the same response:
The user 'System:PublicAccess;aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa' is not authorized to access this resource.
The person assigned to my issue suggested I bring this up here.
Thanks for any assistance.
The text was updated successfully, but these errors were encountered: