Today my Github Action that has been working fine for the past 3 weeks broke.
My credentials have not changed and are not expired.
The broken code was this:
deploy-stage:
name: Deploy to Stage
needs: build-and-push
runs-on: ubuntu-24.04
environment: stage
steps:
- name: Log in to Azure
uses: azure/login@v3
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
I fixed the problem by doing this instead now:
deploy-stage:
name: Deploy to Stage
needs: build-and-push
runs-on: ubuntu-24.04
environment: stage
steps:
- name: Log in to Azure
run: |
az login --service-principal --username ${{ vars.AZURE_CLIENT_ID }} --password ${{ secrets.AZURE_CLIENT_SECRET }} --tenant ${{ vars.AZURE_TENANT_ID }}
az account set --subscription ${{ vars.AZURE_SUBSCRIPTION_ID }}
Central log lines
2026-04-16T11:06:00.2493644Z Attempting Azure CLI login by using service principal with secret...
2026-04-16T11:06:00.9759705Z ##[error]AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app '***'. Trace ID: 71be4db5-dd18-461c-bbbe-4d1857f60900 Correlation ID: 6d2385ef-544a-4ba1-8020-5076d155d2f0 Timestamp: 2026-04-16 11:06:00Z
2026-04-16T11:06:00.9775160Z ##[error]The error may be caused by passing a service principal certificate with --password. Please note that --password no longer accepts a service principal certificate. To pass a service principal certificate, use --certificate instead.
2026-04-16T11:06:01.0676751Z ##[error]Login failed with Error: The process '/usr/bin/az' failed with exit code 1. Double check if the 'auth-type' is correct. Refer to https://github.com/Azure/login#readme for more information.
Full raw logs
2026-04-16T11:05:46.6296481Z Current runner version: '2.333.1'
2026-04-16T11:05:46.6392919Z ##[group]Runner Image Provisioner
2026-04-16T11:05:46.6394438Z Hosted Compute Agent
2026-04-16T11:05:46.6395484Z Version: 20260213.493
2026-04-16T11:05:46.6396539Z Commit: 5c115507f6dd24b8de37d8bbe0bb4509d0cc0fa3
2026-04-16T11:05:46.6397672Z Build Date: 2026-02-13T00:28:41Z
2026-04-16T11:05:46.6399034Z Worker ID: ***d0be4704-aed0-43e5-9a75-677735e1fcdd***
2026-04-16T11:05:46.6400268Z Azure Region: eastus
2026-04-16T11:05:46.6401293Z ##[endgroup]
2026-04-16T11:05:46.6404060Z ##[group]Operating System
2026-04-16T11:05:46.6405267Z Ubuntu
2026-04-16T11:05:46.6406141Z 24.04.4
2026-04-16T11:05:46.6406953Z LTS
2026-04-16T11:05:46.6407887Z ##[endgroup]
2026-04-16T11:05:46.6408836Z ##[group]Runner Image
2026-04-16T11:05:46.6410427Z Image: ubuntu-24.04
2026-04-16T11:05:46.6411390Z Version: 20260406.80.1
2026-04-16T11:05:46.6413763Z Included Software: https://github.com/actions/runner-images/blob/ubuntu24/20260406.80/images/ubuntu/Ubuntu2404-Readme.md
2026-04-16T11:05:46.6416398Z Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu24%2F20260406.80
2026-04-16T11:05:46.6418044Z ##[endgroup]
2026-04-16T11:05:46.6420093Z ##[group]GITHUB_TOKEN Permissions
2026-04-16T11:05:46.6443587Z Contents: read
2026-04-16T11:05:46.6444584Z Metadata: read
2026-04-16T11:05:46.6445595Z ##[endgroup]
2026-04-16T11:05:46.6448639Z Secret source: Actions
2026-04-16T11:05:46.6450319Z Prepare workflow directory
2026-04-16T11:05:46.7420510Z Prepare all required actions
2026-04-16T11:05:46.7537192Z Getting action download info
2026-04-16T11:05:47.1039666Z Download action repository 'azure/login@v3' (SHA:532459ea530d8321f2fb9bb10d1e0bcf23869a43)
2026-04-16T11:05:47.4113830Z Download action repository 'azure/webapps-deploy@v2' (SHA:b733af8291ed8f84a5ac5b92f571c2e149f25047)
2026-04-16T11:05:47.7284498Z Complete job name: Deploy to Stage
2026-04-16T11:05:47.8006942Z ##[group]Run azure/login@v3
2026-04-16T11:05:47.8007922Z with:
2026-04-16T11:05:47.8009922Z creds: ***
2026-04-16T11:05:47.8010566Z enable-AzPSSession: false
2026-04-16T11:05:47.8011234Z environment: azurecloud
2026-04-16T11:05:47.8011892Z allow-no-subscriptions: false
2026-04-16T11:05:47.8013023Z audience: api://AzureADTokenExchange
2026-04-16T11:05:47.8013773Z auth-type: SERVICE_PRINCIPAL
2026-04-16T11:05:47.8014743Z env:
2026-04-16T11:05:47.8015324Z IMAGE_NAME: eet-adminsite-api
2026-04-16T11:05:47.8016018Z ##[endgroup]
2026-04-16T11:05:47.8562280Z Running Azure CLI Login.
2026-04-16T11:05:59.9973555Z [command]/usr/bin/az cloud set -n azurecloud
2026-04-16T11:06:00.2391861Z Done setting cloud: "azurecloud"
2026-04-16T11:06:00.2474867Z Note: Azure/login action also supports OIDC login mechanism. Refer https://github.com/azure/login#configure-a-service-principal-with-a-federated-credential-to-use-oidc-based-authentication for more details.
2026-04-16T11:06:00.2493644Z Attempting Azure CLI login by using service principal with secret...
2026-04-16T11:06:00.9759705Z ##[error]AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app '***'. Trace ID: 71be4db5-dd18-461c-bbbe-4d1857f60900 Correlation ID: 6d2385ef-544a-4ba1-8020-5076d155d2f0 Timestamp: 2026-04-16 11:06:00Z
2026-04-16T11:06:00.9775160Z ##[error]The error may be caused by passing a service principal certificate with --password. Please note that --password no longer accepts a service principal certificate. To pass a service principal certificate, use --certificate instead.
2026-04-16T11:06:01.0676751Z ##[error]Login failed with Error: The process '/usr/bin/az' failed with exit code 1. Double check if the 'auth-type' is correct. Refer to https://github.com/Azure/login#readme for more information.
2026-04-16T11:06:01.1004486Z Post job cleanup.
2026-04-16T11:06:01.1639320Z Clearing azure cli accounts from the local cache.
2026-04-16T11:06:01.1666725Z [command]/usr/bin/az account clear
2026-04-16T11:06:01.7599362Z Cleaning up orphan processes
2026-04-16T11:06:01.8095742Z Terminate orphan process: pid (2083) (python3)
Today my Github Action that has been working fine for the past 3 weeks broke.
My credentials have not changed and are not expired.
The broken code was this:
I fixed the problem by doing this instead now:
Central log lines
Full raw logs