Enhance pre/post
cleanup by bypassing GitHub-hosted runners
#431
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The purpose of
pre/post
cleanup is to ensure no Azure account remains active before and after a job containingazure/login
. This measure prevents incorrect operations on unexpected Azure accounts and protects against the disclosure of Azure accounts.However, certain scenarios are ephemeral for only one job and don't need
pre/post
cleanup. Two main scenarios fall into this category:az
is not pre-installed. We address this scenario by implementing PR Fix #403: Catch the error thrown inpre
andpost
steps #407.With this PR merged, it is assumed that
pre/post
cleanup will only take effect in scenarios where it is truly required.az account clear
) optional for better performance on ephemeral runners #426