This is not a Pulumi issue, though Pulumi is involved in one of the jobs in the github workflow I'm asking about. But I'm hoping someone here might be able to point me in the right direction. ISSUE: The

azure/login@v1

step is failing in one of my github action jobs. It's for what we call our UAT environment, and the equivalent azure/login is working for Dev and Test. In fact, if I put in the "Test" credentials for the UAT action, the login succeeds. We're using the old-school service principal credentials (vs. OIDC). The credentials are in the form of that chunk of json that the

az ad sp create-for-rbac...

command returns. And, importantly, the individual values from within that json are used for the Pulumi job (ARM_CLIENT_ID, ARM_CLIENT_SECRET, ARM_TENANT_ID, ARM_SUBSCRIPTION_ID). The immediate response would rightly be: well the UAT credentials must be wrong. And that would be my response. But I use the same credentials in the Pulumi job within the same workflow, and they work. Granted, for Pulumi, the client ID, client secret, subscription ID, and tenant ID are used as discrete values - whereas in the failing job they're part of that chunk of json. But the same approach works w/o issue for Dev and Test (discrete values for the Pulumi job, json for the azure/login). So I'm lost as to how to proceed. Seemed worth at least asking.

Glad you figured it out! Encoding can be a nightmare.