Make pre and post action cleanup (`az account clear`) optional for better performance on ephemeral runners

[maskati]

The pre and post action cleanup is somewhat time consuming, especially for otherwise short actions. It is also unnecessary in some contexts, for example when running on GitHub hosted runners or ephemeral self-hosted runners. I agree that the current is a good secure by default implementation, but there should ideally be an opt-out for use cases where it is known that the action will be running in a clean environment with no logged in context, allowing the user of the action to optimize for performance.

[MoChilia]

Hi @maskati, this makes sense. Performing pre/post cleanup for Azure/login on runners that are ephemeral for only one job is unnecessary. We should consider how to bypass such scenarios to save time for users.

[kardiojack]

Just wanted to provide support for this improvement. The clearing of credentials is taking over a minute for some of my actions. 60-90 seconds is not a huge deal in isolation, but many actions would take 10-20 seconds total if not for the Az Login pre and post slowdown...and these times add up for a busy repo with a merge queue and many actions run per day.

[vrdse]

In addition to the performance, the pre login cleanup also throws a warning and is skipped, if pwsh is not yet installed. Thus, I second the request. Though, parameter documentation should be clear about the security implications for non-ephemeral runners.

[YanaXu]

Hi @maskati & @Storm-BE & @olafurnielsen & @vrdse & @JosiahSiegel& @lanni-energinet & @kardiojack & @baksetercx ,

we've released a new version v2.2.0. In this version, we removed the pre step and added 2 env variables to enable/disable pre or post cleanup. v2 is aligned with v2.2.0 now. Please try the new version. You can also refer to Enable/Disable the cleanup steps.

Just FYI, the time cost is mainly for login context initialization. After we remove pre step, the main step may need more time.