From 2fda9b1fa4abf8b121e93e99901a1b04e7ace6f2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jo=C3=A3o=20Moreno?= <joao.moreno@microsoft.com>
Date: Fri, 22 Mar 2024 10:43:33 +0100
Subject: [PATCH] use oidc for deep classifier (#208382)

* use oidc for deep classifier

* secrets -> vars

* try allow-no-subscriptions

* Update permissions in deep-classifier-runner.yml

* :lipstick:

* update ref
---
 .github/workflows/deep-classifier-runner.yml | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/deep-classifier-runner.yml b/.github/workflows/deep-classifier-runner.yml
index 576bfa12fc3..71954a68c10 100644
--- a/.github/workflows/deep-classifier-runner.yml
+++ b/.github/workflows/deep-classifier-runner.yml
@@ -1,4 +1,9 @@
 name: "Deep Classifier: Runner"
+
+permissions:
+  id-token: write
+  contents: read
+
 on:
   schedule:
     - cron: 0 * * * *
@@ -9,7 +14,13 @@ on:
 jobs:
   main:
     runs-on: ubuntu-latest
+    environment: main
     steps:
+      - uses: azure/login@v1
+        with:
+            client-id: ${{ vars.AZURE_CLIENT_ID }}
+            tenant-id: ${{ vars.AZURE_TENANT_ID }}
+            allow-no-subscriptions: true
       - name: Checkout Actions
         uses: actions/checkout@v4
         with:
@@ -47,8 +58,4 @@ jobs:
         with:
           configPath: classifier
           allowLabels: "info-needed|new release|error-telemetry|*english-please|translation-required"
-          tenantId: ${{secrets.TOOLS_TENANT_ID}}
-          clientId: ${{secrets.TOOLS_CLIENT_ID}}
-          clientSecret: ${{secrets.TOOLS_CLIENT_SECRET}}
-          clientScope: ${{secrets.TOOLS_CLIENT_SCOPE}}
           token: ${{secrets.VSCODE_ISSUE_TRIAGE_BOT_PAT}}