Add Azure Login support and consolidate release notes (#254)

* Add Azure Login support with automatic token renewal and update help text

* Delete outdated release notes files and consolidate changelog into a single file following Keep a Changelog format.

* Update CSharp/TfsCmdlets/Services/AzureCredential.cs

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Tighten version match and add failure check in release notes extraction

Agent-Logs-Url: https://github.com/igoravl/TfsCmdlets/sessions/c5d69aaa-749e-42a7-a9df-e92fea57b5fd

Co-authored-by: igoravl <725797+igoravl@users.noreply.github.com>

* Refactor PowerShell command paths in VSCode tasks to use relative workspace folder

+semver:minor

* Update Microsoft.PowerShell.SDK package version to 7.0.10

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: igoravl <725797+igoravl@users.noreply.github.com>

Author: 3 people

.github/workflows/main.yml

@@ -77,7 +77,7 @@ jobs:
         uses: actions/upload-artifact@v4
         with:
           name: releasenotes
-          path: "docs/ReleaseNotes/**"
+          path: "RELEASENOTES.md"
     outputs:
       BUILD_NAME: ${{ steps.build_module.outputs.BUILD_NAME }}
 
@@ -96,9 +96,27 @@ jobs:
         id: extract_release_notes
         shell: pwsh
         run: |
-          $fileName = (Get-ChildItem [0-9]*.md -Recurse | Sort-Object Name | Select -ExpandProperty FullName -Last 1)
-          Write-Output $fileName
-          $releaseNotes = (Get-Content $fileName -Encoding UTF8 | Select-Object -Skip 4)
+          $lines = Get-Content releasenotes/RELEASENOTES.md -Encoding UTF8
+          $version = $env:BUILD_NAME -replace '\+.*$'  # strip build metadata
+          $collecting = $false
+          $notes = @()
+          foreach ($line in $lines) {
+            if ($line -match "^## \[$([regex]::Escape($version))\]( - \d{4}-\d{2}-\d{2})?$") {
+              $collecting = $true
+              continue
+            }
+            if ($collecting -and $line -match '^## ') {
+              break
+            }
+            if ($collecting) {
+              $notes += $line
+            }
+          }
+          $releaseNotes = ($notes -join "`n").Trim()
+          if (-not $releaseNotes) {
+            Write-Error "No release notes found for version '$version' in RELEASENOTES.md"
+            exit 1
+          }
           Write-Output $releaseNotes
           Write-Output 'RELEASE_NOTES<<EOF' >> $env:GITHUB_OUTPUT
           Write-Output $releaseNotes >> $env:GITHUB_OUTPUT

.vscode/tasks.json

@@ -1,10 +1,9 @@
 {
     "version": "2.0.0",
-    "command": "powershell",
     "tasks": [
         {
             "label": "Build",
-            "command": "C:\\Program Files\\PowerShell\\7\\pwsh.exe",
+            "command": "pwsh",
             "group": {
                 "kind": "build",
                 "isDefault": true
@@ -22,7 +21,7 @@
                 "Unrestricted",
                 "-NoProfile",
                 "-File",
-                "${workspaceRoot}/build.ps1",
+                "${workspaceFolder}/Build.ps1",
                 "-Configuration",
                 "Debug",
                 "-Targets",
@@ -35,7 +34,7 @@
         },
         {
             "label": "Rebuild",
-            "command": "C:\\Program Files\\PowerShell\\7\\pwsh.exe",
+            "command": "pwsh",
             "presentation": {
                 "echo": true,
                 "reveal": "always",
@@ -49,7 +48,7 @@
                 "Unrestricted",
                 "-NoProfile",
                 "-File",
-                "${workspaceRoot}/build.ps1",
+                "${workspaceFolder}/Build.ps1",
                 "-Configuration",
                 "Debug",
                 "-Targets",
@@ -62,7 +61,7 @@
         },
         {
             "label": "Clean",
-            "command": "C:\\Program Files\\PowerShell\\7\\pwsh.exe",
+            "command": "pwsh",
             "presentation": {
                 "echo": true,
                 "reveal": "always",
@@ -76,7 +75,7 @@
                 "Unrestricted",
                 "-NoProfile",
                 "-File",
-                "${workspaceRoot}/build.ps1",
+                "${workspaceFolder}/Build.ps1",
                 "-Configuration",
                 "Debug",
                 "-Targets",
@@ -86,7 +85,7 @@
         },
         {
             "label": "Package",
-            "command": "C:\\Program Files\\PowerShell\\7\\pwsh.exe",
+            "command": "pwsh",
             "group": "none",
             "presentation": {
                 "echo": true,
@@ -101,7 +100,7 @@
                 "Unrestricted",
                 "-NoProfile",
                 "-File",
-                "${workspaceRoot}/build.ps1",
+                "${workspaceFolder}/Build.ps1",
                 "-Configuration",
                 "Release",
                 "-SkipTests",
@@ -114,7 +113,7 @@
         },
         {
             "label": "Test",
-            "command": "C:\\Program Files\\PowerShell\\7\\pwsh.exe",
+            "command": "pwsh",
             "group": "test",
             "presentation": {
                 "echo": true,
@@ -129,7 +128,7 @@
                 "Unrestricted",
                 "-NoProfile",
                 "-File",
-                "${workspaceRoot}/build.ps1",
+                "${workspaceFolder}/Build.ps1",
                 "-Configuration",
                 "Debug",
                 "-Targets",
@@ -138,7 +137,7 @@
         },
         {
             "label": "Docs",
-            "command": "C:\\Program Files\\PowerShell\\7\\pwsh.exe",
+            "command": "pwsh",
             "presentation": {
                 "echo": true,
                 "reveal": "always",
@@ -152,7 +151,7 @@
                 "Unrestricted",
                 "-NoProfile",
                 "-File",
-                "${workspaceRoot}/build.ps1",
+                "${workspaceFolder}/Build.ps1",
                 "-Configuration",
                 "Debug",
                 "-Targets",

CSharp/TfsCmdlets.SourceGenerators/Generators/Cmdlets/CmdletInfo.cs

@@ -150,6 +150,8 @@ private static IEnumerable<GeneratedProperty> GenerateCredentialProperties(Cmdle
                 ("Alias", "\"Pat\"")}, "HELP_PARAM_PERSONAL_ACCESS_TOKEN");
 
             yield return GenerateParameter("Interactive", "SwitchParameter", "ParameterSetName = \"Prompt for credential\"", "HELP_PARAM_INTERACTIVE");
+
+            yield return GenerateParameter("AzureLogin", "SwitchParameter", "ParameterSetName = \"Azure Login\"", "HELP_PARAM_AZURE_LOGIN");
         }
 
         private static IEnumerable<GeneratedProperty> GenerateCustomControllerProperty(CmdletInfo settings)
@@ -208,7 +210,7 @@ private static bool IsPipelineProperty(CmdletScope currentScope, CmdletInfo cmdl
         private static readonly string[] _scopeNames = new[]{
             "ConfigurationServer", "Organization", "TeamProjectCollection", "TeamProject", "Team" };
         private static readonly string[] _credentialParameterSetNames = new[]{
-            "Cached credentials", "User name and password", "Credential object", "Personal Access Token", "Prompt for credential" };
+            "Cached credentials", "User name and password", "Credential object", "Personal Access Token", "Prompt for credential", "Azure Login" };
 
 
         private static readonly List<(Predicate<CmdletInfo>, Func<CmdletInfo, IEnumerable<GeneratedProperty>>, string)> _generators =

CSharp/TfsCmdlets.Tests.UnitTests/TfsCmdlets.Tests.UnitTests.csproj

@@ -18,7 +18,7 @@
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
-    <PackageReference Include="Microsoft.PowerShell.SDK" Version="7.0.0" />
+    <PackageReference Include="Microsoft.PowerShell.SDK" Version="7.0.10" />
     <ProjectReference Include="..\TfsCmdlets.SourceGenerators\TfsCmdlets.SourceGenerators.csproj" />
     <ProjectReference Include="..\TfsCmdlets\TfsCmdlets.csproj" />
   </ItemGroup>

CSharp/TfsCmdlets/Cmdlets/Credential/NewCredential.cs

@@ -27,6 +27,9 @@ partial class GetCredentialController
         [Import]
         private IInteractiveAuthentication InteractiveAuthentication { get; }
 
+        [Import]
+        private ICurrentConnections CurrentConnections { get; }
+
         protected override IEnumerable Run()
         {
             var connectionMode = ConnectionMode.CachedCredentials;
@@ -39,6 +42,8 @@ protected override IEnumerable Run()
                 connectionMode = ConnectionMode.AccessToken;
             else if (Interactive)
                 connectionMode = ConnectionMode.Interactive;
+            else if (Has_AzureLogin && AzureLogin)
+                connectionMode = ConnectionMode.AzureLogin;
 
             NetworkCredential netCred = null;
 
@@ -124,6 +129,17 @@ protected override IEnumerable Run()
                         throw new Exception("Interactive authentication is not supported for TFS / Azure DevOps Server in PowerShell Core. Please use either a username/password credential or a Personal Access Token.");
                     }
 
+                case ConnectionMode.AzureLogin:
+                    {
+                        Logger.Log("Using Azure Login credentials (DefaultAzureCredential)");
+
+                        var azureCredential = new AzureCredential();
+                        CurrentConnections.AzureCredential = azureCredential;
+
+                        yield return azureCredential.CreateVssCredentials();
+                        yield break;
+                    }
+
                 default:
                     {
                         throw new Exception($"Invalid parameter set '{connectionMode}'");
@@ -150,7 +166,8 @@ private enum ConnectionMode
             CredentialObject,
             UserNamePassword,
             AccessToken,
-            Interactive
+            Interactive,
+            AzureLogin
         }
     }
 }

CSharp/TfsCmdlets/Services/AzureCredential.cs

@@ -0,0 +1,99 @@
+using Azure.Core;
+using Azure.Identity;
+using Microsoft.VisualStudio.Services.Common;
+using Microsoft.VisualStudio.Services.OAuth;
+
+namespace TfsCmdlets.Services
+{
+    /// <summary>
+    /// Helper class that wraps Azure.Identity's DefaultAzureCredential to obtain and 
+    /// automatically renew Azure DevOps access tokens.
+    /// </summary>
+    /// <remarks>
+    /// Tokens issued by Azure AD for Azure DevOps have a short lifetime (~1 hour).
+    /// This class transparently refreshes the token before it expires by checking expiry 
+    /// when <see cref="GetValidToken"/> is called. The underlying <see cref="DefaultAzureCredential"/>
+    /// chains multiple credential sources (Environment, Managed Identity, Azure CLI,
+    /// Visual Studio, etc.) so the caller only needs to be authenticated in one of them.
+    /// </remarks>
+    public sealed class AzureCredential
+    {
+        // Azure DevOps resource ID used as the token audience
+        private const string AzureDevOpsScope = "499b84ac-1321-427f-aa17-267ca6975798/.default";
+
+        // Refresh the token when it is within this margin of expiry
+        private static readonly TimeSpan RefreshMargin = TimeSpan.FromMinutes(5);
+
+        private readonly TokenCredential _tokenCredential;
+        private AccessToken _cachedToken;
+        private readonly object _lock = new object();
+
+        /// <summary>
+        /// Initializes a new instance using the default Azure credential chain.
+        /// </summary>
+        public AzureCredential()
+            : this(new DefaultAzureCredential(
+                new DefaultAzureCredentialOptions
+                {
+                    // Disable interactive browser auth to avoid hangs in unattended (CI/CD) scenarios.
+                    ExcludeInteractiveBrowserCredential = true
+                }))
+        {
+        }
+
+        /// <summary>
+        /// Initializes a new instance using the specified Azure <see cref="TokenCredential"/>.
+        /// </summary>
+        public AzureCredential(TokenCredential tokenCredential)
+        {
+            _tokenCredential = tokenCredential ?? throw new ArgumentNullException(nameof(tokenCredential));
+
+            // Eagerly acquire the first token to fail fast on auth errors
+            _cachedToken = _tokenCredential.GetToken(
+                new TokenRequestContext(new[] { AzureDevOpsScope }),
+                default);
+        }
+
+        /// <summary>
+        /// Returns true if the cached token is expired or near expiry.
+        /// </summary>
+        public bool IsTokenExpired
+        {
+            get
+            {
+                lock (_lock)
+                {
+                    return _cachedToken.ExpiresOn <= DateTimeOffset.UtcNow.Add(RefreshMargin);
+                }
+            }
+        }
+
+        /// <summary>
+        /// Gets a current, valid access token, refreshing from Azure if the cached token 
+        /// is expired or near expiry.
+        /// </summary>
+        public string GetValidToken()
+        {
+            lock (_lock)
+            {
+                if (_cachedToken.ExpiresOn <= DateTimeOffset.UtcNow.Add(RefreshMargin))
+                {
+                    _cachedToken = _tokenCredential.GetToken(
+                        new TokenRequestContext(new[] { AzureDevOpsScope }),
+                        default);
+                }
+
+                return _cachedToken.Token;
+            }
+        }
+
+        /// <summary>
+        /// Creates a new <see cref="VssCredentials"/> instance using a valid (potentially refreshed) token.
+        /// Each call returns a new instance with a fresh token.
+        /// </summary>
+        public VssCredentials CreateVssCredentials()
+        {
+            return new VssCredentials(new VssOAuthAccessTokenCredential(GetValidToken()));
+        }
+    }
+}

CSharp/TfsCmdlets/Services/ICurrentConnections.cs

@@ -12,6 +12,12 @@ public interface ICurrentConnections
 
         Models.Team Team { get; set; }
 
+        /// <summary>
+        /// Stores the AzureCredential used for Azure Login authentication,
+        /// enabling automatic token renewal for long-lived sessions.
+        /// </summary>
+        AzureCredential AzureCredential { get; set; }
+
         T Get<T>(string name);
 
         object Get(string name);

CSharp/TfsCmdlets/Services/Impl/CurrentConnectionsImpl.cs

@@ -14,6 +14,8 @@ public class CurrentConnectionsImpl: ICurrentConnections
 
         public Models.Team Team {get;set;}
 
+        public AzureCredential AzureCredential {get;set;}
+
         public T Get<T>(string name)
         {
             return (T) Get(name);
@@ -37,6 +39,7 @@ public void Reset()
             Collection = null;
             Project = null;
             Team = null;
+            AzureCredential = null;
         }
 
         public void Set(Connection server)

CSharp/TfsCmdlets/Services/Impl/DataManagerImpl.cs

@@ -251,7 +251,40 @@ private Connection CreateConnection(ClientScope scope, object overridingParamete
                     case null:
                         {
                             Logger.Log($"Get currently connected {scope}");
-                            result = ((Connection)CurrentConnections.Get(scope.ToString()))?.InnerObject;
+
+                            var cachedConnection = (Connection)CurrentConnections.Get(scope.ToString());
+
+                            // If using Azure Login and the token is expired, rebuild the connection
+                            // with a fresh token from DefaultAzureCredential
+                            if (cachedConnection != null && CurrentConnections.AzureCredential is { } azCred && azCred.IsTokenExpired)
+                            {
+                                Logger.Log("Azure Login token expired, refreshing...");
+
+                                var freshCreds = azCred.CreateVssCredentials();
+#if NETCOREAPP3_1_OR_GREATER
+                                var refreshedConn = new Microsoft.VisualStudio.Services.WebApi.VssConnection(
+                                    cachedConnection.Uri, freshCreds);
+#else
+                                AdoConnection refreshedConn = scope == ClientScope.Collection
+                                    ? (AdoConnection)TfsTeamProjectCollectionFactory.GetTeamProjectCollection(cachedConnection.Uri, freshCreds)
+                                    : (AdoConnection)new TfsConfigurationServer(cachedConnection.Uri, freshCreds);
+#endif
+                                var newConnection = new Connection(refreshedConn);
+                                newConnection.Connect();
+
+                                // Update the cached connection
+                                if (scope == ClientScope.Collection)
+                                    CurrentConnections.Collection = newConnection;
+                                else
+                                    CurrentConnections.Server = newConnection;
+
+                                Logger.Log("Azure Login token refreshed successfully.");
+                                result = newConnection.InnerObject;
+                            }
+                            else
+                            {
+                                result = cachedConnection?.InnerObject;
+                            }
 
                             break;
                         }