From 7dedba1a4f2ade5b561cfb5c79206e5157eec8c4 Mon Sep 17 00:00:00 2001
From: Wes Haggard <weshaggard@users.noreply.github.com>
Date: Wed, 29 May 2024 13:08:26 -0700
Subject: [PATCH] Update to use opensource api token (#5668)

---
 .vscode/cspell.json                               |  1 +
 .../templates/stages/archetype-cpp-release.yml    | 15 ++++++++++++---
 eng/scripts/Get-TriggeringUserGitHubAlias.ps1     |  9 ++-------
 3 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/.vscode/cspell.json b/.vscode/cspell.json
index 69681c3d3..48733b4cf 100644
--- a/.vscode/cspell.json
+++ b/.vscode/cspell.json
@@ -199,6 +199,7 @@
     "pkcs",
     "Pkcs",
     "pscredential",
+    "pscore",
     "psscriptanalyzer",
     "PUCHAR",
     "PVOID",
diff --git a/eng/pipelines/templates/stages/archetype-cpp-release.yml b/eng/pipelines/templates/stages/archetype-cpp-release.yml
index 933d5a59d..4ed89f950 100644
--- a/eng/pipelines/templates/stages/archetype-cpp-release.yml
+++ b/eng/pipelines/templates/stages/archetype-cpp-release.yml
@@ -195,15 +195,24 @@ stages:
                           OpenAsDraft: ${{ parameters.TestPipeline }}
                           CloseAfterOpenForTesting: '${{ parameters.TestPipeline }}'
 
+                      - task: AzureCLI@2
+                        displayName: Authenticate to OpenSource API
+                        condition: and(succeeded(), eq(variables['PublishToVcpkg'], 'true'))
+                        inputs:
+                          azureSubscription: opensource-api-connection
+                          scriptType: pscore
+                          scriptLocation: inlineScript
+                          inlineScript: |
+                            $jwt_accessToken = az account get-access-token --resource "api://2789159d-8d8b-4d13-b90b-ca29c1707afd" --query "accessToken" --output tsv
+                            Write-Host "##vso[task.setvariable variable=opensource-api-token;isSecret=true]$jwt_accessToken"
+
                       # Workaround: -Fallback uses names from CODEOWNERS who
                       # should be notified about the release in the event of a
                       # failure to resolve the appropriate aliases.
                       - pwsh: |
                           $notifyUsers = ./eng/scripts/Get-TriggeringUserGitHubAlias.ps1 `
                             -EmailAddress "$($env:BUILD_REQUESTEDFOREMAIL)" `
-                            -ClientId '$(opensource-aad-app-id)' `
-                            -ClientSecret '$(opensource-aad-secret)' `
-                            -TenantId '$(opensource-aad-tenant-id)' `
+                            -OpenApiToken "$(opensource-api-token)" `
                             -Fallback '@rickwinter @ahsonkhan @antkmsft @gearama @LarryOsterman'
 
                           $prComment = "Adding ${{ artifact.Name }} to release"
diff --git a/eng/scripts/Get-TriggeringUserGitHubAlias.ps1 b/eng/scripts/Get-TriggeringUserGitHubAlias.ps1
index 9f69cf549..bf62c4cdb 100644
--- a/eng/scripts/Get-TriggeringUserGitHubAlias.ps1
+++ b/eng/scripts/Get-TriggeringUserGitHubAlias.ps1
@@ -1,17 +1,12 @@
 param(
     [string] $EmailAddress = $env:BUILD_REQUESTEDFOREMAIL,
-    [string] $ClientId,
-    [string] $ClientSecret,
-    [string] $TenantId,
+    [string] $OpenApiToken,
     [string] $Fallback
 )
 
 . "$PSScriptRoot/../common/scripts/Helpers/Metadata-Helpers.ps1"
 
-$allUsers = GetAllGitHubUsers `
-    -TenantId $TenantId `
-    -ClientId $ClientId `
-    -ClientSecret $ClientSecret
+$allUsers = GetAllGitHubUsers -Token $OpenApiToken
 
 if (!$allUsers) {
     Write-Host "Failed to get all GitHub users"