FLAM-27: Fixing Deploy to Azure App Service permissions, faster Delete Latest Tag step

.github/actions/remove-old-latest-tags/action.yml

@@ -14,10 +14,12 @@ runs:
     - name: Delete Latest Tag
       shell: pwsh
       run: |
-        git config user.email '41898282+github-actions[bot]@users.noreply.github.com'
+        git config user.email 'github-actions[bot]@users.noreply.github.com'
         git config user.name 'github-actions[bot]'
-        git fetch --tags
+
+        git fetch --tags --no-recurse-submodules
         $latestTag = (git tag --list '${{ inputs.tag-prefix }}/latest')
+
         if ($latestTag)
         {
             git tag --delete '${{ inputs.tag-prefix }}/latest'

.github/workflows/deploy-to-azure-app-service.yml

@@ -3,10 +3,6 @@ name: Deploy to Azure App Service
 concurrency:
   group: ${{ inputs.app-name }}AzureWorkflow
 
-permissions:
-  id-token: write
-  contents: read
-
 on:
   workflow_call:
     secrets:
@@ -267,9 +263,9 @@ jobs:
         if: ${{ inputs.skip-update-latest-tag != 'true' }}
         run: |
           git tag '${{ inputs.tag-prefix }}/latest'
-          git push origin 'refs/tags/${{ inputs.tag-prefix }}/latest'
+          git push origin '${{ inputs.tag-prefix }}/latest'
           git tag '${{ inputs.tag-prefix }}/${{ steps.create-timestamp.outputs.timestamp-tag }}'
-          git push origin 'refs/tags/${{ inputs.tag-prefix }}/${{ steps.create-timestamp.outputs.timestamp-tag }}'
+          git push origin '${{ inputs.tag-prefix }}/${{ steps.create-timestamp.outputs.timestamp-tag }}'
 
       - name: Start Web App Slot
         run: |

.github/workflows/markdown-lint.yml

@@ -33,7 +33,8 @@ on:
         default: \n
       timeout-minutes:
         type: number
-        default: 1
+        # Sometimes the job is slow to start, so we have to factor in that.
+        default: 3
         description: Configuration for the timeout-minutes parameter of the workflow.
 
 jobs:

.github/workflows/post-pull-request-checks-automation.yml

@@ -43,7 +43,8 @@ on:
         default: merge
       timeout-minutes:
         type: number
-        default: 1
+        # Sometimes the job is slow to start, so we have to factor in that.
+        default: 3
         description: Configuration for the timeout-minutes parameter of the workflow.
       run-only-latest-workflow:
         type: string

.github/workflows/swap-azure-web-app-slots.yml

@@ -165,7 +165,7 @@ jobs:
                 throw 'Tag prefix not set, exiting'
             }
 
-            git config user.email '41898282+github-actions[bot]@users.noreply.github.com'
+            git config user.email 'github-actions[bot]@users.noreply.github.com'
             git config user.name 'github-actions[bot]'
 
             $tagExists = (git tag --list '${{ inputs.swap-prefix }}/latest')

.github/workflows/tag-version.yml

@@ -125,7 +125,7 @@ jobs:
           git fetch origin ${{ inputs.merge-target }}
           git checkout ${{ inputs.merge-target }}
           # Setting the credentials is needed even with the --no-commit merge.
-          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
           git config user.name "github-actions[bot]"
           # Merge without taking any changes from the release branch.
           git merge --strategy=ours --no-commit ${{ inputs.expected-ref }}

Docs/Workflows/AzureHosting/DeployToAzureAppService.md

@@ -8,6 +8,10 @@ name: Deploy to Azure App Service
 on:
   workflow_dispatch:
 
+permissions:
+  id-token: write
+  contents: write
+
 jobs:
   deploy-to-azure-app-service:
     name: Deploy to Azure App Service