From b1759b1b74035f1996a6cfbca06f8bd8fcc256b8 Mon Sep 17 00:00:00 2001
From: Zhiying Lin <zhiyinglin@microsoft.com>
Date: Thu, 25 Apr 2024 15:07:01 +0800
Subject: [PATCH] fix: update mcr publishing workflow

---
 .github/workflows/build-publish-mcr.yml | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/build-publish-mcr.yml b/.github/workflows/build-publish-mcr.yml
index 32586aec..860fe8b2 100644
--- a/.github/workflows/build-publish-mcr.yml
+++ b/.github/workflows/build-publish-mcr.yml
@@ -43,7 +43,8 @@ jobs:
           # from AZURE_REGISTRY secret is not exported from here.
 
   publish-images:
-    runs-on: ubuntu-latest
+    runs-on:
+      labels: [ self-hosted, "1ES.Pool=1es-aks-fleet-networking-pool-ubuntu" ]
     needs: prepare-variables
     steps:
       - name: Set up Go ${{ env.GO_VERSION }}
@@ -53,15 +54,10 @@ jobs:
       - uses: actions/checkout@v4
         with:
           ref: ${{ needs.prepare-variables.outputs.release_tag }}
-      # reference: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure
-      - name: 'OIDC Login to Azure Public Cloud'
-        uses: azure/login@v1
-        with:
-          client-id: ${{ secrets.AZURE_CLIENT_ID }}
-          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
-          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
       - name: 'Login the ACR'
-        run: az acr login -n ${{ secrets.AZURE_REGISTRY }}
+        run: |
+          az login --identity 
+          az acr login -n ${{ secrets.AZURE_REGISTRY }}
       - name: Build and publish controller manager images
         run: |
           make push