GitHub – Azure/Login – Allow custom expiry time for OIDC token

OIDC is the recommendation method to login to Azure from GitHub pipelines now as it provides better security and doesn’t rely on storing a secret.

Currently OIDC login tokens expire in just 5 minutes🔥, causing long running scripts to fail.

Related GitHub Issue: https://github.com/Azure/login/issues/180.

Your Azure credentials have not been set up or have expired, 
1955 | please run Connect-AzAccount to set up your Azure credentials. 
1956 | ClientAssertionCredential authentication failed: A 
1957 | configuration issue is preventing authentication - check the 
1958 | error message from the server for details. You can modify the 
1959 | configuration in the application registration portal. See 
1960 | https://aka.ms/msal-net-invalid-client for details. Original 
1961 | exception: AADSTS700024: Client assertion is not within its 
1962 | valid time range. Current time: 2022-10-20T07:47:12.7446078Z, 
1963 | assertion valid from 2022-10-20T07:37:08.0000000Z, expiry time 
1964 | of assertion 2022-10-20T07:42:08.0000000Z. Review the 
1965 | documentation at

❌ Bad example – Error on deployment – assertion valid from 2022-10-20 07:37 to 2022-10-20 07:42 🔥(5 minutes)

- uses: azure/login@v1
        with:
          client-id: ${{ env.CLIENT_ID }}
          tenant-id: ${{ env.TENANT_ID }}
          subscription-id: ${{ env.SUBSCRIPTION_ID }}
          enable-AzPSSession: true

❌ Bad example – Needs 1 more parameter – (e.g. token-expiry: 30M)

- uses: azure/login@v1
        with:
          client-id: ${{ env.CLIENT_ID }}
          tenant-id: ${{ env.TENANT_ID }}
          subscription-id: ${{ env.SUBSCRIPTION_ID }}
          enable-AzPSSession: true
          token-expiry: 30M

✅ Good example – Allow the token expiry to be set to a more reasonable time

Help me deploy the right Azure resources from GitHub Actions

There have been awesome improvements to the GitHub Actions “New Workflow” screen as per the blog: Getting started with GitHub Actions just got easier!

Suggestion #1 – Give love to Azure’s Static Site offerings

When adding a GitHub action for a Gatsby GitHub project, in “Deployment” it prompts to “Deploy Node.js to Azure Web App” even though it should suggest these 2 resources:

  • “Azure Static Web Apps”
  • “Static website hosting in Azure Storage”
Figure: Bad example – This repo is a Gatsby app but it doesn’t suggest any static Azure solutions

Suggestion #2 – Give love to Azure Bot Framework

When adding a GitHub action for an Azure Bot Framework GitHub Project, in “Deployment” it prompts to “Deploy .NET Core app to an Azure Web App”, it should also suggest resources like

  • “Azure Bot Service”
  • “Language Understanding (LUIS)”
Figure: Bad example – This repo contains Azure Bot Framework code but it doesn’t suggest resources for Azure Bot Framework and LUIS

Help me see who approved Pull Requests

When I look at a list of closed Pull Requests, I can see easily see who created them, but not who approved them…

Currently, I need to click on each PR to see who approved them; or add a filter “reviewed-by:” if I want to see all items approved by a specific person…

Figure: I’d like to see “Approved by xxx” instead of just “Approved”

GitHub’s Mobile App – Support images rather than showing “binary file not shown”

For markdown users who use content + images and Pull Requests on content sites E.g. SSW Rules

> Mobile App – Support images rather than showing “binary file not shown” – Discussion #4056 – GitHub/feedback

If you agree, please:

  1. Login to GitHub
  2. Give it a heart, a like, and a rocket ship (I really don’t know the difference, nor why you can add more than one emoji )

GitHub App – Help me see a cleaner user experience (Little issue with overlapping popups)

I discovered a possible UX issue when modifying a GitHub Pull Request using the iPad App.

There are multiple popups that appear, which is noisy and unintentional.

Figure: Bad Example – The GitHub iPad app shows multiple overlaying “Got It” boxes when reviewing changes

I wonder if this is the intended UX… I am aware one benefit of this UX is that the user knows which popup to read first.

GitHub App – Help me see the changes as easily as the webpage

I  found an issue when using the GitHub App on the iPad when reviewing a Pull Request.

It’s not clear to see the changes and for small grammatical changes the web view is required.

Figure: Bad Example – Using the GitHub iPad App in dark mode you cannot see the lines highlighted (Only numbers)
Figure: Bad Example – Using the GitHub iPad App in light mode you cannot see changes within the highlighted lines
Figure: Good Example – The Web view clearly shows the highlighted changes (See the darker red and darker green)