Merge pull request #3830 from github/koesie10/azure-mi-publishing

Publish extension using Azure credentials

Author: koesie10

.github/workflows/release.yml

@@ -124,8 +124,9 @@ jobs:
     needs: build
     environment: publish-vscode-marketplace
     runs-on: ubuntu-latest
-    env:
-      VSCE_TOKEN: ${{ secrets.VSCE_TOKEN }}
+    permissions:
+      contents: read
+      id-token: write
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -139,9 +140,19 @@ jobs:
         with:
           name: vscode-codeql-extension
 
+      - name: Azure User-assigned managed identity login
+        uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          allow-no-subscriptions: true
+
       - name: Publish to Registry
-        run: |
-          npx @vscode/vsce publish -p $VSCE_TOKEN --packagePath *.vsix
+        uses: azure/cli@v2
+        with:
+          azcliversion: latest
+          inlineScript: |
+            npx @vscode/vsce publish --azure-credential --packagePath *.vsix
 
   open-vsx-publish:
     name: Publish to Open VSX Registry