From d5f3c77690e507bab82bb44ce3f7befa89c74a2a Mon Sep 17 00:00:00 2001
From: Koen Vlaswinkel <koesie10@github.com>
Date: Mon, 18 Nov 2024 14:00:40 +0100
Subject: [PATCH] Publish extension using Azure credentials

---
 .github/workflows/release.yml | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index f73de3546..54c482db9 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -124,8 +124,9 @@ jobs:
     needs: build
     environment: publish-vscode-marketplace
     runs-on: ubuntu-latest
-    env:
-      VSCE_TOKEN: ${{ secrets.VSCE_TOKEN }}
+    permissions:
+      contents: read
+      id-token: write
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -139,9 +140,19 @@ jobs:
         with:
           name: vscode-codeql-extension
 
+      - name: Azure User-assigned managed identity login
+        uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          allow-no-subscriptions: true
+
       - name: Publish to Registry
-        run: |
-          npx @vscode/vsce publish -p $VSCE_TOKEN --packagePath *.vsix
+        uses: azure/cli@v2
+        with:
+          azcliversion: latest
+          inlineScript: |
+            npx @vscode/vsce publish --azure-credential --packagePath *.vsix
 
   open-vsx-publish:
     name: Publish to Open VSX Registry