Update static article to emphasize OIDC and update login action

Author: juliakm

articles/storage/blobs/storage-blobs-static-site-github-actions.md

@@ -6,7 +6,7 @@ ms.service: azure-blob-storage
 ms.topic: how-to
 ms.author: shaas
 ms.reviewer: dineshm
-ms.date: 01/24/2022
+ms.date: 02/12/2025
 ms.custom: devx-track-javascript, github-actions-azure, devx-track-azurecli
 ---
 
@@ -39,8 +39,7 @@ An Azure subscription and GitHub account.
 
 ## Add your workflow
 
-# [Service principal](#tab/userlevel)
-
+# [OpenID Connect](#tab/openid)
 
 1. Go to **Actions** for your GitHub repository.
 
@@ -51,30 +50,51 @@ An Azure subscription and GitHub account.
 1. Delete everything after the `on:` section of your workflow file. For example, your remaining workflow may look like this.
 
     ```yaml
-    name: CI
+    name: CI with OpenID Connect
 
     on:
         push:
             branches: [ main ]
     ```
 
-1. Rename your workflow `Blob storage website CI` and add the checkout and login actions. These actions will check out your site code and authenticate with Azure using the `AZURE_CREDENTIALS` GitHub secret you created earlier.
+1. Add a permissions section. 
+
 
     ```yaml
-    name: Blob storage website CI
+    name: CI with OpenID Connect
 
     on:
         push:
             branches: [ main ]
 
+    permissions:
+          id-token: write
+          contents: read
+    ```
+
+1. Add checkout and login actions. These actions will check out your site code and authenticate with Azure using the GitHub secrets you created earlier.
+
+    ```yaml
+    name: CI with OpenID Connect
+
+    on:
+        push:
+            branches: [ main ]
+
+    permissions:
+          id-token: write
+          contents: read
+
     jobs:
       build:
         runs-on: ubuntu-latest
         steps:
         - uses: actions/checkout@v3
-        - uses: azure/login@v1
+        - uses: azure/login@v2
           with:
-              creds: ${{ secrets.AZURE_CREDENTIALS }}
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
     ```
 
 1. Use the Azure CLI action to upload your code to blob storage and to purge your CDN endpoint. For `az storage blob upload-batch`, replace the placeholder with your storage account name. The script will upload to the `$web` container. For `az cdn endpoint purge`, replace the placeholders with your CDN profile name, CDN endpoint name, and resource group. To speed up your CDN purge, you can add the `--no-wait` option to `az cdn endpoint purge`. To enhance security, you can also add the `--account-key` option with your [storage account key](../common/storage-account-keys-manage.md).
@@ -95,20 +115,26 @@ An Azure subscription and GitHub account.
 1. Complete your workflow by adding an action to logout of Azure. Here is the completed workflow. The file will appear in the `.github/workflows` folder of your repository.
 
     ```yaml
-    name: Blob storage website CI
+    name: CI with OpenID Connect
 
     on:
         push:
             branches: [ main ]
 
+    permissions:
+          id-token: write
+          contents: read
+
     jobs:
       build:
         runs-on: ubuntu-latest
         steps:
         - uses: actions/checkout@v3
-        - uses: azure/login@v1
+        - uses: azure/login@v2
           with:
-              creds: ${{ secrets.AZURE_CREDENTIALS }}
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
 
         - name: Upload to blob storage
           uses: azure/CLI@v1
@@ -128,7 +154,8 @@ An Azure subscription and GitHub account.
           if: always()
     ```
 
-# [OpenID Connect](#tab/openid)
+# [Service principal](#tab/userlevel)
+
 
 1. Go to **Actions** for your GitHub repository.
 
@@ -139,51 +166,30 @@ An Azure subscription and GitHub account.
 1. Delete everything after the `on:` section of your workflow file. For example, your remaining workflow may look like this.
 
     ```yaml
-    name: CI with OpenID Connect
-
-    on:
-        push:
-            branches: [ main ]
-    ```
-
-1. Add a permissions section. 
-
-
-    ```yaml
-    name: CI with OpenID Connect
+    name: CI
 
     on:
         push:
             branches: [ main ]
-
-    permissions:
-          id-token: write
-          contents: read
     ```
 
-1. Add checkout and login actions. These actions will check out your site code and authenticate with Azure using the GitHub secrets you created earlier.
+1. Rename your workflow `Blob storage website CI` and add the checkout and login actions. These actions will check out your site code and authenticate with Azure using the `AZURE_CREDENTIALS` GitHub secret you created earlier.
 
     ```yaml
-    name: CI with OpenID Connect
+    name: Blob storage website CI
 
     on:
         push:
             branches: [ main ]
 
-    permissions:
-          id-token: write
-          contents: read
-
     jobs:
       build:
         runs-on: ubuntu-latest
         steps:
         - uses: actions/checkout@v3
-        - uses: azure/login@v1
+        - uses: azure/login@v2
           with:
-          client-id: ${{ secrets.AZURE_CLIENT_ID }}
-          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
-          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+              creds: ${{ secrets.AZURE_CREDENTIALS }}
     ```
 
 1. Use the Azure CLI action to upload your code to blob storage and to purge your CDN endpoint. For `az storage blob upload-batch`, replace the placeholder with your storage account name. The script will upload to the `$web` container. For `az cdn endpoint purge`, replace the placeholders with your CDN profile name, CDN endpoint name, and resource group. To speed up your CDN purge, you can add the `--no-wait` option to `az cdn endpoint purge`. To enhance security, you can also add the `--account-key` option with your [storage account key](../common/storage-account-keys-manage.md).
@@ -204,26 +210,20 @@ An Azure subscription and GitHub account.
 1. Complete your workflow by adding an action to logout of Azure. Here is the completed workflow. The file will appear in the `.github/workflows` folder of your repository.
 
     ```yaml
-    name: CI with OpenID Connect
+    name: Blob storage website CI
 
     on:
         push:
             branches: [ main ]
 
-    permissions:
-          id-token: write
-          contents: read
-
     jobs:
       build:
         runs-on: ubuntu-latest
         steps:
         - uses: actions/checkout@v3
-        - uses: azure/login@v1
+        - uses: azure/login@v2
           with:
-          client-id: ${{ secrets.AZURE_CLIENT_ID }}
-          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
-          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+              creds: ${{ secrets.AZURE_CREDENTIALS }}
 
         - name: Upload to blob storage
           uses: azure/CLI@v1
@@ -242,6 +242,7 @@ An Azure subscription and GitHub account.
                 az logout
           if: always()
     ```
+
 ---
 
 ## Review your deployment