swap to 1est runner identity (Azure#169)

aamgayle · Feb 28, 2024 · ae1b243 · ae1b243
1 parent aa4f99d
commit ae1b243
Showing 1 changed file with 5 additions and 8 deletions.
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -15,7 +15,7 @@ permissions:
 
 jobs: 
   release:
-    runs-on: ["self-hosted", "1ES.Pool=app-routing-operator-github-runner-pool"]
+    runs-on: ["self-hosted", "1ES.Pool=${{ vars.RUNNER_BASE_NAME }}-ubuntu"]
     steps:
       # always read the changelog in main
       - uses: actions/checkout@v3
@@ -38,12 +38,10 @@ jobs:
         id: buildx
         uses: docker/setup-buildx-action@16c0bc4a6e6ada2cfd8afd41d22d95379cf7c32a # v2.8.0
 
-      - name: Azure login
-        uses: azure/login@v1
-        with:
-          client-id: ${{ secrets.AZURE_CLIENT_ID }}
-          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
-          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      - name: Authenticate to ACR
+        run: |
+          az login --identity
+          az acr login -n ${{ secrets.AZURE_REGISTRY_SERVER }}
 
       - name: Create or update release
         uses: ncipollo/release-action@a2e71bdd4e7dab70ca26a852f29600c98b33153e # v1.12.0
@@ -65,7 +63,6 @@ jobs:
           VERSION: ${{ inputs.version }}
         run: |
           TAG="${{ secrets.AZURE_REGISTRY_SERVER }}/public/aks/aks-app-routing-operator:$VERSION"
-          az acr login -n ${{ secrets.AZURE_REGISTRY_SERVER }}
           docker buildx build --platform "amd64,arm64" --tag "${TAG}" --output type=registry .
 
       - name: Run Trivy vulnerability scanner