Move admin center / publish to env authentication to action rather than inline powershell

Actions/CheckAuthContext/CheckAuthContext.ps1

@@ -0,0 +1,46 @@
+Param(
+    [Parameter(HelpMessage = "Name of the secret to check (e.g., 'adminCenterApiCredentials' or comma-separated list to check multiple)", Mandatory = $true)]
+    [string] $secretName,
+    [Parameter(HelpMessage = "Environment name (for error messages)", Mandatory = $false)]
+    [string] $environmentName = ''
+)
+
+. (Join-Path -Path $PSScriptRoot -ChildPath "..\AL-Go-Helper.ps1" -Resolve)
+
+$secrets = $env:Secrets | ConvertFrom-Json | ConvertTo-HashTable
+
+# Check each secret name in order
+$authContext = $null
+$foundSecretName = ''
+foreach ($name in ($secretName -split ',')) {
+    $name = $name.Trim()
+    if ($secrets.ContainsKey($name) -and $secrets."$name") {
+        Write-Host "Using $name secret"
+        $authContext = $secrets."$name"
+        $foundSecretName = $name
+        break
+    }
+}
+
+if ($authContext) {
+    Write-Host "AuthContext provided in secret $foundSecretName! Using this information for authentication."
+} else {
+    Write-Host "No AuthContext provided, initiating Device Code flow"
+    DownloadAndImportBcContainerHelper
+    $authContext = New-BcAuthContext -includeDeviceLogin -deviceLoginTimeout ([TimeSpan]::FromSeconds(0))
+    if ($null -eq $authContext) {
+        OutputError "Failed to acquire authentication context via device code flow."
+        return
+    }
+
+    # Build appropriate error message
+    if ($environmentName) {
+        $message = "AL-Go needs access to the Business Central Environment $($environmentName.Split(' ')[0]) and could not locate a secret called $($secretName -replace ',', ' or ')"
+    }
+    else {
+        $message = "AL-Go needs access to the Business Central Admin Center Api and could not locate a secret called $($secretName -replace ',', ' or ') (https://aka.ms/ALGoSettings#AdminCenterApiCredentialsSecretName)"
+    }
+
+    Add-Content -Encoding UTF8 -Path $ENV:GITHUB_STEP_SUMMARY -Value "$message`n`n$($authContext.message)"
+    Add-Content -Encoding UTF8 -Path $env:GITHUB_OUTPUT -Value "deviceCode=$($authContext.deviceCode)"
+}

Actions/CheckAuthContext/README.md

@@ -0,0 +1,32 @@
+# Check Auth Context
+
+Check if Admin Center Api Credentials / AuthContext are provided in secrets. If not, initiate device code flow for authentication.
+
+## INPUT
+
+### ENV variables
+
+| Name | Description |
+| :-- | :-- |
+| Settings | env.Settings must be set by a prior call to the ReadSettings Action |
+| Secrets | env.Secrets must be set to the secrets output from ReadSecrets Action |
+
+### Parameters
+
+| Name | Required | Description | Default value |
+| :-- | :-: | :-- | :-- |
+| shell | | The shell (powershell or pwsh) in which the PowerShell script in this action should run | powershell |
+| secretName | Yes | Name of the secret to check (comma-separated list to check multiple in order) | |
+| environmentName | | Environment name (for error messages when deploying to environments) | |
+
+## OUTPUT
+
+### ENV variables
+
+none
+
+### OUTPUT variables
+
+| Name | Description |
+| :-- | :-- |
+| deviceCode | Device code for authentication (only set if device login is required) |

Actions/CheckAuthContext/action.yaml

@@ -0,0 +1,34 @@
+name: Check Auth Context
+author: Microsoft Corporation
+inputs:
+  shell:
+    description: Shell in which you want to run the action (powershell or pwsh)
+    required: false
+    default: powershell
+  secretName:
+    description: Name of the secret to check (e.g., 'adminCenterApiCredentials' or comma-separated list to check multiple)
+    required: true
+  environmentName:
+    description: Environment name (for error messages)
+    required: false
+    default: ''
+outputs:
+  deviceCode:
+    description: Device code for authentication (if device login is required)
+    value: ${{ steps.CheckAuthContext.outputs.deviceCode }}
+runs:
+  using: composite
+  steps:
+    - name: run
+      shell: ${{ inputs.shell }}
+      id: CheckAuthContext
+      env:
+        _secretName: ${{ inputs.secretName }}
+        _environmentName: ${{ inputs.environmentName }}
+      run: |
+        ${{ github.action_path }}/../Invoke-AlGoAction.ps1 -ActionName "CheckAuthContext" -Action {
+          ${{ github.action_path }}/CheckAuthContext.ps1 -secretName $ENV:_secretName -environmentName $ENV:_environmentName
+        }
+branding:
+  icon: terminal
+  color: blue

RELEASENOTES.md

@@ -1,5 +1,6 @@
 ### Issues
 
+- Issue 2113 Using the action "Create Online Dev. Environment" fails in Initialization phase
 - Issue 2107 Publish a specific build mode to an environment
 - Issue 1915 CICD fails on releases/26.x branch - '26.x' cannot be recognized as a semantic version string
 

Templates/AppSource App/.github/workflows/CreateOnlineDevelopmentEnvironment.yaml

@@ -79,24 +79,12 @@ jobs:
 
       - name: Check AdminCenterApiCredentials / Initiate Device Login (open to see code)
         id: authenticate
-        run: |
-          $errorActionPreference = "Stop"; $ProgressPreference = "SilentlyContinue"; Set-StrictMode -Version 2.0
-          $settings = $env:Settings | ConvertFrom-Json
-          if ('${{ fromJson(steps.ReadSecrets.outputs.Secrets).adminCenterApiCredentials }}') {
-            Write-Host "AdminCenterApiCredentials provided in secret $($settings.adminCenterApiCredentialsSecretName)!"
-            Add-Content -Encoding UTF8 -path $ENV:GITHUB_STEP_SUMMARY -value "Admin Center Api Credentials was provided in a secret called $($settings.adminCenterApiCredentialsSecretName). Using this information for authentication."
-          }
-          else {
-            Write-Host "AdminCenterApiCredentials not provided, initiating Device Code flow"
-            $ALGoHelperPath = "$([System.IO.Path]::GetTempFileName()).ps1"
-            $webClient = New-Object System.Net.WebClient
-            $webClient.DownloadFile('https://raw.githubusercontent.com/microsoft/AL-Go-Actions/main/AL-Go-Helper.ps1', $ALGoHelperPath)
-            . $ALGoHelperPath
-            DownloadAndImportBcContainerHelper
-            $authContext = New-BcAuthContext -includeDeviceLogin -deviceLoginTimeout ([TimeSpan]::FromSeconds(0))
-            Add-Content -Encoding UTF8 -path $ENV:GITHUB_STEP_SUMMARY -value "AL-Go needs access to the Business Central Admin Center Api and could not locate a secret called $($settings.adminCenterApiCredentialsSecretName) (https://aka.ms/ALGoSettings#AdminCenterApiCredentialsSecretName)`n`n$($authContext.message)"
-            Add-Content -Encoding UTF8 -Path $env:GITHUB_OUTPUT -Value "deviceCode=$($authContext.deviceCode)"
-          }
+        uses: microsoft/AL-Go-Actions/CheckAuthContext@main
+        env:
+          Secrets: '${{ steps.ReadSecrets.outputs.Secrets }}'
+        with:
+          shell: powershell
+          secretName: 'adminCenterApiCredentials'
 
   CreateDevelopmentEnvironment:
     needs: [ Initialization ]

Templates/AppSource App/.github/workflows/PublishToEnvironment.yaml

@@ -92,35 +92,13 @@ jobs:
       - name: Authenticate
         id: Authenticate
         if: steps.DetermineDeploymentEnvironments.outputs.UnknownEnvironment == 1
-        run: |
-          $envName = '${{ steps.envName.outputs.envName }}'
-          $secretName = ''
-          $secrets = '${{ steps.ReadSecrets.outputs.Secrets }}' | ConvertFrom-Json
-          $authContext = $null
-          "$($envName)-AuthContext", "$($envName)_AuthContext", "AuthContext" | ForEach-Object {
-            if (!($authContext)) {
-              if ($secrets."$_") {
-                Write-Host "Using $_ secret as AuthContext"
-                $authContext = $secrets."$_"
-                $secretName = $_
-              }
-            }
-          }
-          if ($authContext) {
-            Write-Host "AuthContext provided in secret $secretName!"
-            Add-Content -Encoding UTF8 -path $ENV:GITHUB_STEP_SUMMARY -value "AuthContext was provided in a secret called $secretName. Using this information for authentication."
-          }
-          else {
-            Write-Host "No AuthContext provided for $envName, initiating Device Code flow"
-            $ALGoHelperPath = "$([System.IO.Path]::GetTempFileName()).ps1"
-            $webClient = New-Object System.Net.WebClient
-            $webClient.DownloadFile('https://raw.githubusercontent.com/microsoft/AL-Go-Actions/main/AL-Go-Helper.ps1', $ALGoHelperPath)
-            . $ALGoHelperPath
-            DownloadAndImportBcContainerHelper
-            $authContext = New-BcAuthContext -includeDeviceLogin -deviceLoginTimeout ([TimeSpan]::FromSeconds(0))
-            Add-Content -Encoding UTF8 -path $ENV:GITHUB_STEP_SUMMARY -value "AL-Go needs access to the Business Central Environment $('${{ steps.envName.outputs.envName }}'.Split(' ')[0]) and could not locate a secret called ${{ steps.envName.outputs.envName }}_AuthContext`n`n$($authContext.message)"
-            Add-Content -Encoding UTF8 -Path $env:GITHUB_OUTPUT -Value "deviceCode=$($authContext.deviceCode)"
-          }
+        uses: microsoft/AL-Go-Actions/CheckAuthContext@main
+        env:
+          Secrets: '${{ steps.ReadSecrets.outputs.Secrets }}'
+        with:
+          shell: powershell
+          secretName: '${{ steps.envName.outputs.envName }}-AuthContext,${{ steps.envName.outputs.envName }}_AuthContext,AuthContext'
+          environmentName: ${{ steps.envName.outputs.envName }}
 
   Deploy:
     needs: [ Initialization ]

Templates/Per Tenant Extension/.github/workflows/CreateOnlineDevelopmentEnvironment.yaml

@@ -79,24 +79,12 @@ jobs:
 
       - name: Check AdminCenterApiCredentials / Initiate Device Login (open to see code)
         id: authenticate
-        run: |
-          $errorActionPreference = "Stop"; $ProgressPreference = "SilentlyContinue"; Set-StrictMode -Version 2.0
-          $settings = $env:Settings | ConvertFrom-Json
-          if ('${{ fromJson(steps.ReadSecrets.outputs.Secrets).adminCenterApiCredentials }}') {
-            Write-Host "AdminCenterApiCredentials provided in secret $($settings.adminCenterApiCredentialsSecretName)!"
-            Add-Content -Encoding UTF8 -path $ENV:GITHUB_STEP_SUMMARY -value "Admin Center Api Credentials was provided in a secret called $($settings.adminCenterApiCredentialsSecretName). Using this information for authentication."
-          }
-          else {
-            Write-Host "AdminCenterApiCredentials not provided, initiating Device Code flow"
-            $ALGoHelperPath = "$([System.IO.Path]::GetTempFileName()).ps1"
-            $webClient = New-Object System.Net.WebClient
-            $webClient.DownloadFile('https://raw.githubusercontent.com/microsoft/AL-Go-Actions/main/AL-Go-Helper.ps1', $ALGoHelperPath)
-            . $ALGoHelperPath
-            DownloadAndImportBcContainerHelper
-            $authContext = New-BcAuthContext -includeDeviceLogin -deviceLoginTimeout ([TimeSpan]::FromSeconds(0))
-            Add-Content -Encoding UTF8 -path $ENV:GITHUB_STEP_SUMMARY -value "AL-Go needs access to the Business Central Admin Center Api and could not locate a secret called $($settings.adminCenterApiCredentialsSecretName) (https://aka.ms/ALGoSettings#AdminCenterApiCredentialsSecretName)`n`n$($authContext.message)"
-            Add-Content -Encoding UTF8 -Path $env:GITHUB_OUTPUT -Value "deviceCode=$($authContext.deviceCode)"
-          }
+        uses: microsoft/AL-Go-Actions/CheckAuthContext@main
+        env:
+          Secrets: '${{ steps.ReadSecrets.outputs.Secrets }}'
+        with:
+          shell: powershell
+          secretName: 'adminCenterApiCredentials'
 
   CreateDevelopmentEnvironment:
     needs: [ Initialization ]

Templates/Per Tenant Extension/.github/workflows/PublishToEnvironment.yaml

@@ -92,35 +92,13 @@ jobs:
       - name: Authenticate
         id: Authenticate
         if: steps.DetermineDeploymentEnvironments.outputs.UnknownEnvironment == 1
-        run: |
-          $envName = '${{ steps.envName.outputs.envName }}'
-          $secretName = ''
-          $secrets = '${{ steps.ReadSecrets.outputs.Secrets }}' | ConvertFrom-Json
-          $authContext = $null
-          "$($envName)-AuthContext", "$($envName)_AuthContext", "AuthContext" | ForEach-Object {
-            if (!($authContext)) {
-              if ($secrets."$_") {
-                Write-Host "Using $_ secret as AuthContext"
-                $authContext = $secrets."$_"
-                $secretName = $_
-              }
-            }
-          }
-          if ($authContext) {
-            Write-Host "AuthContext provided in secret $secretName!"
-            Add-Content -Encoding UTF8 -path $ENV:GITHUB_STEP_SUMMARY -value "AuthContext was provided in a secret called $secretName. Using this information for authentication."
-          }
-          else {
-            Write-Host "No AuthContext provided for $envName, initiating Device Code flow"
-            $ALGoHelperPath = "$([System.IO.Path]::GetTempFileName()).ps1"
-            $webClient = New-Object System.Net.WebClient
-            $webClient.DownloadFile('https://raw.githubusercontent.com/microsoft/AL-Go-Actions/main/AL-Go-Helper.ps1', $ALGoHelperPath)
-            . $ALGoHelperPath
-            DownloadAndImportBcContainerHelper
-            $authContext = New-BcAuthContext -includeDeviceLogin -deviceLoginTimeout ([TimeSpan]::FromSeconds(0))
-            Add-Content -Encoding UTF8 -path $ENV:GITHUB_STEP_SUMMARY -value "AL-Go needs access to the Business Central Environment $('${{ steps.envName.outputs.envName }}'.Split(' ')[0]) and could not locate a secret called ${{ steps.envName.outputs.envName }}_AuthContext`n`n$($authContext.message)"
-            Add-Content -Encoding UTF8 -Path $env:GITHUB_OUTPUT -Value "deviceCode=$($authContext.deviceCode)"
-          }
+        uses: microsoft/AL-Go-Actions/CheckAuthContext@main
+        env:
+          Secrets: '${{ steps.ReadSecrets.outputs.Secrets }}'
+        with:
+          shell: powershell
+          secretName: '${{ steps.envName.outputs.envName }}-AuthContext,${{ steps.envName.outputs.envName }}_AuthContext,AuthContext'
+          environmentName: ${{ steps.envName.outputs.envName }}
 
   Deploy:
     needs: [ Initialization ]