From 2e74da03f381efe4ef20e1d3de40a92b9b1b1f20 Mon Sep 17 00:00:00 2001
From: Cory Dransfeldt <cdransfeldt@adobe.com>
Date: Fri, 20 Jun 2025 14:41:44 -0700
Subject: [PATCH 1/2] fix(azure-preview-workflow): update resource url to
 remove + use same token pattern

---
 .github/workflows/publish-site.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/publish-site.yml b/.github/workflows/publish-site.yml
index ca1b363fab1..5340b2cfc96 100644
--- a/.github/workflows/publish-site.yml
+++ b/.github/workflows/publish-site.yml
@@ -131,7 +131,8 @@ jobs:
           AZURE_STORAGE_SAS_TOKEN: ${{ secrets.AZURE_STORAGE_SAS_TOKEN }}
           PR_HASH: ${{ steps.pr_hash.outputs.hash }}
         run: |
+          CLEAN_SAS_TOKEN=$(echo "${AZURE_STORAGE_SAS_TOKEN}" | tr -d '\n\r\t ')
           echo "Cleaning up deployment: ${PR_HASH}/"
-          azcopy remove "https://spectrumcss.z13.web.core.windows.net/\$web/${PR_HASH}/?${AZURE_STORAGE_SAS_TOKEN}" \
+          azcopy remove "https://spectrumcss.blob.core.windows.net/\$web/${PR_HASH}/?${CLEAN_SAS_TOKEN}" \
             --recursive || echo "Cleanup completed (some files may not exist)"
           echo "Cleanup completed for PR deployment: ${PR_HASH}/"

From 9e5a94ceff0c6b3cd6bc5eff6c0f53823719a9bc Mon Sep 17 00:00:00 2001
From: Cory Dransfeldt <cdransfeldt@adobe.com>
Date: Mon, 23 Jun 2025 19:03:22 -0700
Subject: [PATCH 2/2] fix(azure-preview-workflow): remove sas tokens; use env
 vars

---
 .github/workflows/publish-site.yml | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/publish-site.yml b/.github/workflows/publish-site.yml
index 5340b2cfc96..653b98bfb97 100644
--- a/.github/workflows/publish-site.yml
+++ b/.github/workflows/publish-site.yml
@@ -28,6 +28,12 @@ permissions:
   contents: read
   pull-requests: write
 
+env:
+  AZCOPY_AUTO_LOGIN_TYPE: SPN
+  AZCOPY_SPA_APPLICATION_ID: ${{ secrets.AZURE_CLIENT_ID }}
+  AZCOPY_SPA_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
+  AZCOPY_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+
 jobs:
   build_and_deploy_job:
     if: github.event_name == 'pull_request' && github.event.action != 'closed'
@@ -88,13 +94,11 @@ jobs:
       - name: Deploy to Azure Blob Storage
         id: deploy
         env:
-          AZURE_STORAGE_SAS_TOKEN: ${{ secrets.AZURE_STORAGE_SAS_TOKEN }}
           PR_HASH: ${{ steps.pr_hash.outputs.hash }}
         run: |
-          CLEAN_SAS_TOKEN=$(echo "${AZURE_STORAGE_SAS_TOKEN}" | tr -d '\n\r\t ')
           echo "Uploading Storybook to ${PR_HASH}"
           azcopy copy "/home/runner/work/spectrum-css/spectrum-css/dist/*" --log-level=INFO \
-            "https://spectrumcss.blob.core.windows.net/\$web/${PR_HASH}/?${CLEAN_SAS_TOKEN}" \
+            "https://spectrumcss.blob.core.windows.net/\$web/${PR_HASH}/" \
             --recursive \
             --from-to LocalBlob
           docs_url="https://spectrumcss.z13.web.core.windows.net/${PR_HASH}"
@@ -128,11 +132,9 @@ jobs:
           sudo mv azcopy /usr/local/bin/
       - name: Clean up PR deployment
         env:
-          AZURE_STORAGE_SAS_TOKEN: ${{ secrets.AZURE_STORAGE_SAS_TOKEN }}
           PR_HASH: ${{ steps.pr_hash.outputs.hash }}
         run: |
-          CLEAN_SAS_TOKEN=$(echo "${AZURE_STORAGE_SAS_TOKEN}" | tr -d '\n\r\t ')
           echo "Cleaning up deployment: ${PR_HASH}/"
-          azcopy remove "https://spectrumcss.blob.core.windows.net/\$web/${PR_HASH}/?${CLEAN_SAS_TOKEN}" \
+          azcopy remove "https://spectrumcss.blob.core.windows.net/\$web/${PR_HASH}/" \
             --recursive || echo "Cleanup completed (some files may not exist)"
           echo "Cleanup completed for PR deployment: ${PR_HASH}/"