@@ -168,6 +168,26 @@ stages:
168168 -WorkingDirectory '$(Build.ArtifactStagingDirectory)'
169169 -NupkgFilesDestination 'nupkgFiles'
170170
171+ task : AzureCLI@2
172+ displayName : Azure CLI Login
173+ inputs :
174+ azureSubscription : azure-sdk-apiscan
175+ scriptType : pscore
176+ scriptLocation : inlineScript
177+ addSpnToEnvironment : true
178+ inlineScript : |
179+ az --version
180+ az account show -o json
181+ Write-Host "##vso[task.setvariable variable=ARM_CLIENT_ID;issecret=true]$($env:servicePrincipalId)"
182+ Write-Host "##vso[task.setvariable variable=ARM_TENANT_ID;issecret=true]$($env:tenantId)"
183+ Write-Host "##vso[task.setvariable variable=ARM_OIDC_TOKEN;issecret=true]$($env:idToken)"
184+
185+ pwsh : |
186+ # Need to re-login with the az login so that it presists and can be used in the APISca task
187+ az login --service-principal -u $(ARM_CLIENT_ID) --tenant $(ARM_TENANT_ID) --allow-no-subscriptions --federated-token $(ARM_OIDC_TOKEN)
188+ az account show -o json
189+ displayName: Persist CLI Login for ApiScan usage
190+
171191task : securedevelopmentteam.vss-secure-development-tools.build-task-apiscan.APIScan@2
172192 displayName : ' Run APIScan'
173193 inputs :
@@ -179,8 +199,14 @@ stages:
179199 preserveLogsFolder : true
180200 verbosityLevel : standard
181201 env :
182- # azure-sdk-apiscan (81109e5f-0620-423c-a37a-c22fbf8973a7)
183- AzureServicesAuthConnectionString : runAs=App;AppId=81109e5f-0620-423c-a37a-c22fbf8973a7;TenantId=72f988bf-86f1-41af-91ab-2d7cd011db47;AppKey=$(azure-sdk-apiscan-client-secret)
202+ AzureServicesAuthConnectionString : RunAs=Developer;DeveloperTool=AzureCli
203+
204+ - pwsh : |
205+ az account show -o json
206+ az logout
207+ az account clear
208+ displayName: Logout of Azure CLI
209+ condition: succeededOrFailed()
184210
185211task : securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2
186212 displayName : ' Post Analysis (ApiScan)'
0 commit comments