Skip to content

Copilot workflow steps cannot access Azure/Azure DevOps APIs after azure/login@v2 #18386

New issue
New issue
Open
Open
Copilot workflow steps cannot access Azure/Azure DevOps APIs after azure/login@v2#18386
Labels
ai-inspected
@praveenkuttappan

Description

@praveenkuttappan
praveenkuttappan
opened on Feb 25, 2026

Problem Statement

GitHub Agentic Workflows currently make it difficult to execute Azure and Azure DevOps CLI/API operations from within a Copilot workflow step.

In our workflows, we want to include steps that run CLI commands (for example, Azure CLI or Azure DevOps commands) as part of the Copilot workflow execution. While we can authenticate the runner environment using managed identity via the GitHub Action azure/login@v2, this authentication context is not available inside the Copilot CLI execution environment.

As a result, Copilot workflow steps are unable to access Azure or Azure DevOps APIs even though the runner itself is already authenticated.

Current Workaround

As part of a proof of concept, we implemented the following workaround:

  • Generate an OIDC token during the runner setup
  • Write the token to a file under /tmp
  • Expose the file path via an environment variable
  • Re-authenticate inside the Copilot CLI execution using the OIDC token so that CLI commands can access Azure and Azure DevOps

While this approach works, it is:

  • Complex and error-prone
  • Difficult to standardize across workflows
  • Not intuitive for users adopting GitHub Agentic Workflows

Feature Request

Provide a first-class mechanism to transfer authentication context (for example, Azure managed identity or OIDC-based authentication) from the runner environment into the Copilot CLI execution environment.

This capability already exists in the GitHub Coding Agent, which we are using today to run authenticated CLI commands that integrate with Azure DevOps. Having similar support in GitHub Agentic Workflows would enable many additional workflow scenarios and significantly reduce complexity.

Expected Outcome

  • Copilot workflow steps can seamlessly reuse authentication established by the runner (for example, via azure/login@v2)
  • No manual token generation or file-based token passing is required
  • Parity with GitHub Coding Agent behavior for authenticated CLI execution

This enhancement would make GitHub Agentic Workflows much easier to adopt for Azure- and Azure DevOps–integrated automation scenarios.

Metadata

Metadata

Assignees

No one assigned

    Labels

    ai-inspected

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions