Update build pipeline to auth with OpenId and use actions with Node.js 20

.github/actions/actionAzVmRunCommand/action.yml

@@ -5,7 +5,7 @@ description: "This action uses az vm run-command in order to execute a command i
   # WARNING: This action ONLY checks the exit code of the last command. If your script input is made of multiple commands, 
   # make sure that a failure early results in the last command failing or not executing, otherwise it could mask errors. 
   # Some options to do this include using [set -euo pipeline] or equivalents, or using the && operator to connect console commands
-  # WARNING: This action hasn't been tested with script files. 
+  # WARNING: This action hasn't been tested with script files.
 inputs:
   commandName:
     description: "Name of the command to execute"
@@ -15,10 +15,10 @@ inputs:
     required: true
 runs:
   using: "composite"
-  steps:      
+  steps:
     - name: Execute the command in Linux
       if: ${{ env.os == 'linux' }}
-      uses: azure/CLI@v1
+      uses: azure/CLI@v2
       with:
         inlineScript: |
           az vm run-command create \

.github/workflows/buildPipeline.yml

@@ -8,6 +8,9 @@ on:
   pull_request:
     branches: [ "master" ]
 
+permissions:
+  id-token: write
+  contents: read
 
 # A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
@@ -41,16 +44,17 @@ jobs:
       rgName: dcap-github-actions-agents-rg
       location: ${{ matrix.location }}
       branchName: ${{ github.head_ref }}
-
 
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
-      - uses: azure/login@v1
+      - uses: azure/login@v2
         with:
-          creds: ${{ secrets.AZURE_CREDENTIALS }}
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
 
       - name: Create VM
         uses: azure/CLI@v1
@@ -215,7 +219,7 @@ jobs:
 
       - name: Cleanup
         if: always()
-        uses: azure/CLI@v1
+        uses: azure/CLI@v2
         with:
           inlineScript: |
             az vm delete \
@@ -258,14 +262,16 @@ jobs:
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
-      - uses: azure/login@v1
+      - uses: azure/login@v2
         with:
-          creds: ${{ secrets.AZURE_CREDENTIALS }}
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
 
       - name: Start VM
-        uses: azure/CLI@v1
+        uses: azure/CLI@v2
         with:
           inlineScript: |
             az vm start \
@@ -276,7 +282,7 @@ jobs:
         run: sleep 60
 
       - name: Clone the DCAP repo after cleaning up the previous execution
-        uses: azure/CLI@v1
+        uses: azure/CLI@v2
         with:
           inlineScript: |
             az vm run-command create \
@@ -294,7 +300,7 @@ jobs:
             if [[ "$result" == *"DCAP_Build_Step_Successfully_Completed"* ]]; then echo "Step successfully executed"; else exit 1; fi
 
       - name: Build Azure DCAP
-        uses: azure/CLI@v1
+        uses: azure/CLI@v2
         with:
           inlineScript: |
             az vm run-command create \
@@ -312,7 +318,7 @@ jobs:
             if [[ "$result" == *"DCAP_Build_Step_Successfully_Completed"* ]]; then echo "Step successfully executed"; else exit 1; fi
 
       - name: Run Azure DCAP unit tests
-        uses: azure/CLI@v1
+        uses: azure/CLI@v2
         with:
           inlineScript: |
             az vm run-command create \
@@ -331,7 +337,7 @@ jobs:
 
       - name: Stop VM
         if: always()
-        uses: azure/CLI@v1
+        uses: azure/CLI@v2
         with:
           inlineScript: |
             az vm deallocate \
@@ -368,14 +374,16 @@ jobs:
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
-      - uses: azure/login@v1
+      - uses: azure/login@v2
         with:
-          creds: ${{ secrets.AZURE_CREDENTIALS }}
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
 
       - name: Create VM
-        uses: azure/CLI@v1
+        uses: azure/CLI@v2
         with:
           inlineScript: |
             az vm create \
@@ -513,7 +521,7 @@ jobs:
 
       - name: Cleanup
         if: always()
-        uses: azure/CLI@v1
+        uses: azure/CLI@v2
         with:
           inlineScript: |
             az vm delete \
@@ -561,14 +569,16 @@ jobs:
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
-      - uses: azure/login@v1
+      - uses: azure/login@v2
         with:
-          creds: ${{ secrets.AZURE_CREDENTIALS }}
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
 
       - name: Create VM
-        uses: azure/CLI@v1
+        uses: azure/CLI@v2
         with:
           inlineScript: |
             az vm create \
@@ -731,7 +741,7 @@ jobs:
 
       - name: Cleanup
         if: always()
-        uses: azure/CLI@v1
+        uses: azure/CLI@v2
         with:
           inlineScript: |
             az vm delete \