From 06602b3e7a5f3ea9f1d1fe3ee481d06eb8889846 Mon Sep 17 00:00:00 2001
From: Gabriel Ebner <gebner@gebner.org>
Date: Tue, 14 May 2024 12:05:18 -0700
Subject: [PATCH] wip

---
 .github/workflows/ci.yml | 53 +++++++++++++++++++++++-----------------
 1 file changed, 30 insertions(+), 23 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index bc302d3..2ddca51 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -13,34 +13,14 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
-    environment: vsm-deploy
-
-    permissions:
-      id-token: write
 
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Azure login
-        uses: azure/login@v2
-        if: startsWith(github.ref, 'refs/tags/v')
-        with:
-          client-id: '3731ab8b-c8ea-4d0c-99c1-e75a8c88fd72'
-          tenant-id: '72f988bf-86f1-41af-91ab-2d7cd011db47'
-          allow-no-subscriptions: true
-
-      - name: fetch user id
-        run: |
-          az rest -u https://app.vssps.visualstudio.com/_apis/profile/profiles/me --resource 499b84ac-1321-427f-aa17-267ca6975798
-
       - name: Install dependencies
         run: npm install
 
-      - name: check vsce
-        run: |
-          npx vsce verify-pat --azure-credential
-
       - name: Compile
         run: npm run compile
 
@@ -64,6 +44,35 @@ jobs:
             fstar-language-server-*.js
           if-no-files-found: error
 
+  deploy:
+    needs: build
+    runs-on: ubuntu-latest
+    environment: vsm-deploy
+
+    permissions:
+      id-token: write
+
+    needs:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install dependencies
+        run: npm install
+
+      - name: Download artifact from build job
+        uses: actions/download-artifact@v4
+
+      - name: Azure workload identity federation login
+        uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          allow-no-subscriptions: true
+
+      - run: npx vsce verify-pat --azure-credential
+
+      - run: ls
+
       - name: Upload extension to github release
         if: startsWith(github.ref, 'refs/tags/v')
         uses: softprops/action-gh-release@v1
@@ -78,6 +87,4 @@ jobs:
       - name: Publish packaged extension
         if: startsWith(github.ref, 'refs/tags/v')
         run: |
-          npx vsce publish -i *.vsix
-        env:
-          VSCE_PAT: ${{ secrets.VSCE_PAT }}
+          npx vsce publish --azure-credential -i *.vsix