Merge branch 'main' into feature/codeql

.github/workflows/AzureDevOps.yml

@@ -1,49 +1,60 @@
-name: Sync issue to Azure DevOps work item
+name: Sync GitHub Issues to Azure DevOps Work Items
 
 on:
   issues:
     types:
-      [labeled] #, opened, edited, deleted, closed, reopened, labeled, unlabeled, assigned
+      - labeled
   issue_comment:
-    types: [created, edited, deleted]
-
+    types:
+      - created
+      - edited
+
 concurrency:
   group: issue-${{ github.event.issue.number }}
   cancel-in-progress: false
 
-# Extra permissions needed to login with Entra ID service principal via federated identity
 permissions:
   id-token: write
   issues: write
+  contents: read
 
 jobs:
   updateAzDO:
     if: github.event.label.name == 'sprint'
     runs-on: ubuntu-latest
-    environment: ado
+    environment: azurecloud
+
     steps:
+      # Step 1: Login to Azure using federated identity
       - name: Login to Azure
         uses: azure/login@v2
         with:
           client-id: ${{ secrets.ENTRA_APP_CLIENT_ID }}
           tenant-id: ${{ secrets.ENTRA_APP_TENANT_ID }}
-          allow-no-subscriptions: true
+          subscription-id: ${{ secrets.ADO_SUBSCRIPTION_ID }}
+          environment: azurecloud
+          # allow-no-subscriptions: true
+          # enable-debug-logs: true
+
+      # Step 2: Obtain Azure DevOps token
       - name: Get Azure DevOps token
         id: get_ado_token
         run: |
-          # The resource ID for Azure DevOps is always 499b84ac-1321-427f-aa17-267ca6975798
-          # https://learn.microsoft.com/azure/devops/integrate/get-started/authentication/service-principal-managed-identity
-          # az account set -s $(secrets.ADO_SUBSCRIPTION_ID)
-          echo "ado_token=$(az account get-access-token --resource 499b84ac-1321-427f-aa17-267ca6975798 --query "accessToken" --output tsv)" >> $GITHUB_ENV
-      - uses: pavelhorak/github-actions-issue-to-work-item@main
+          # Fetch Azure DevOps token using resource ID 499b84ac-1321-427f-aa17-267ca6975798
+          ado_token=$(az account get-access-token --resource 499b84ac-1321-427f-aa17-267ca6975798 --query "accessToken" --output tsv)
+          echo "ado_token=${ado_token}" >> $GITHUB_ENV
+
+      # Step 3: Sync GitHub issue to Azure DevOps work item
+      - name: Sync issue to Azure DevOps
+        uses: pavelhorak/github-actions-issue-to-work-item@main
         env:
           ado_token: "${{ env.ado_token }}"
           github_token: "${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}"
           ado_organization: "${{ secrets.ADO_ORGANIZATION }}"
           ado_project: "${{ secrets.ADO_PROJECT }}"
           ado_area_path: "${{ secrets.ADO_AREA_PATH }}"
           ado_iteration_path: "${{ secrets.ADO_ITERATION_PATH }}"
-          ado_wit: "User Story"
+          ado_wit: "User Story" # Work Item Type
           ado_new_state: "Committed"
           ado_active_state: "In Progress"
           ado_close_state: "Completed"