CLI for Microsoft 365 Login
GitHub action to login to a tenant using CLI for Microsoft 365.
This GitHub Action (created using typescript) uses CLI for Microsoft 365, specifically the login command, to allow you log in to Microsoft 365.
Usage
Pre-requisites
Create a workflow .yml
file in your .github/workflows
directory. An example workflow is available below. For more information, reference the GitHub Help Documentation for Creating a workflow file.
Inputs
ADMIN_USERNAME
: Username (upn) of the adminADMIN_PASSWORD
: Password of the adminCERTIFICATE_ENCODED
: Base64-encoded string with certificate private keyCERTIFICATE_PASSWORD
: Password for the certificateAPP_ID
: App ID of the Azure AD application to use for certificate authentication. If not specified, use the app specified in the 'CLIMICROSOFT365_AADAPPID' environment variable. If the environment variable is not defined, use the multitenant PnP Management Shell appTENANT
: ID of the tenant from which accounts should be able to authenticate. Usecommon
ororganization
if the app is multitenant. If not specified, use the tenant specified in theCLIMICROSOFT365_TENANT
environment variable. If the environment variable is not defined, it will usecommon
as the tenant identifierCLI_VERSION
: Acceptslatest
,next
or a specific version tag. Otherwise, installs thelatest
version when omitted
All inputs are optional. But depending of the authentication type chosen, following pair of inputs will be necessary:
authType
ispassword
:ADMIN_USERNAME
andADMIN_PASSWORD
are requiredauthType
iscertificate
: at leastCERTIFICATE_ENCODED
andAPP_ID
are required- Depending on the certificate provided, if encoded with password,
CERTIFICATE_PASSWORD
will be required
- Depending on the certificate provided, if encoded with password,
Optional requirement
Since this action requires sensitive information such as user name, password and encoded certificate for example, it would be ideal to store them securely. We can achieve this in a GitHub repo by using secrets. So, click on settings
tab in your repo and add:
-
2 new secrets if
authType
ispassword
:ADMIN_USERNAME
- store the admin user name in this (e.g. user@contoso.onmicrosoft.com)ADMIN_PASSWORD
- store the password of that user in this.
-
2 new secrets if
authType
iscertificate
:CERTIFICATE_ENCODED
- store the Base64-encoded string of the certificate stored in the Azure AD applicationCERTIFICATE_PASSWORD
- store the certificate password
-
2 new secrets if using a custom Azure AD identity:
APP_ID
- store App ID of the Azure AD application to use for authenticationTENANT
- store the ID of the tenant from which accounts should be able to authenticate
These secrets are encrypted and can only be used by GitHub actions.
Example workflow - CLI for Microsoft 365 Login (user name / password authentication)
On every push
build the code and then login to Microsoft 365 before deploying, using user login / password authentication.
name: SPFx CICD with Cli for Microsoft 365
on: [push]
jobs:
build:
##
## Build code omitted
##
deploy:
needs: build
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [18.x]
steps:
##
## Code to get the package omitted
##
# CLI for Microsoft 365 login action
- name: Login to tenant
uses: pnp/action-cli-login@v2
with:
ADMIN_USERNAME: ${{ secrets.ADMIN_USERNAME }}
ADMIN_PASSWORD: ${{ secrets.ADMIN_PASSWORD }}
##
## Code to deploy the package to tenant omitted
##
Example workflow - CLI for Microsoft 365 Login (certificate authentication)
On every push
build the code and then login to Microsoft 365 before deploying, using certificate authentication.
name: SPFx CICD with Cli for Microsoft 365
on: [push]
jobs:
build:
##
## Build code omitted
##
deploy:
needs: build
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [18.x]
steps:
##
## Code to get the package omitted
##
# CLI for Microsoft 365 login action
- name: Login to tenant
uses: pnp/action-cli-login@v2
with:
TENANT: ${{ secrets.TENANT }}
APP_ID: ${{ secrets.APP_ID }}
CERTIFICATE_ENCODED: ${{ secrets.CERTIFICATE_ENCODED }}
CERTIFICATE_PASSWORD: ${{ secrets.CERTIFICATE_PASSWORD }}
##
## Code to deploy the package to tenant omitted
##
Example workflow - CLI for Microsoft 365 Login (beta version of the CLI)
On every push
build the code and then login to Microsoft 365 before deploying, using beta version of the CLI.
name: SPFx CICD with Cli for Microsoft 365
on: [push]
jobs:
build:
##
## Build code omitted
##
deploy:
needs: build
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [18.x]
steps:
##
## Code to get the package omitted
##
# CLI for Microsoft 365 login action
- name: Login to tenant
uses: pnp/action-cli-login@v2
with:
TENANT: ${{ secrets.TENANT }}
APP_ID: ${{ secrets.APP_ID }}
CERTIFICATE_ENCODED: ${{ secrets.CERTIFICATE_ENCODED }}
CERTIFICATE_PASSWORD: ${{ secrets.CERTIFICATE_PASSWORD }}
CLI_VERSION: next
##
## Code to deploy the package to tenant omitted
##
Self-hosted runners
If self-hosted runners are used for running the workflow, then please make sure that they have PowerShell
or bash
installed on them.