Create a separate job for events requiring Az CLI

.github/workflows/event-processor.yml

@@ -17,7 +17,11 @@ on:
 permissions: {}
 
 jobs:
-  event-handler:
+  # This event requires the Azure CLI to get the LABEL_SERVICE_API_KEY from the vault.
+  # Because the azure/login step adds time costly pre/post Az CLI commands to any every job
+  # it's used in, split this into its own job so only the event that needs the Az CLI pays
+  # the cost.
+  event-handler-with-azure:
     permissions:
       issues: write
       pull-requests: write
@@ -26,17 +30,16 @@ jobs:
       contents: read
     name: Handle ${{ github.event_name }} ${{ github.event.action }} event
     runs-on: ubuntu-latest
+    if: ${{ github.event_name == 'issues' && github.event.action == 'opened' }}
     steps:
       - name: 'Az CLI login'
-        if: ${{ github.event_name == 'issues' && github.event.action == 'opened' }}
-        uses: azure/[email protected]
+        uses: azure/login@v1
         with:
             client-id: ${{ secrets.AZURE_CLIENT_ID }}
             tenant-id: ${{ secrets.AZURE_TENANT_ID }}
             subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
 
       - name: 'Run Azure CLI commands'
-        if: ${{ github.event_name == 'issues' && github.event.action == 'opened' }}
         run: |
           LABEL_SERVICE_API_KEY=$(az keyvault secret show \
             --vault-name issue-labeler \
@@ -94,3 +97,58 @@ jobs:
           # https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           LABEL_SERVICE_API_KEY: ${{ env.LABEL_SERVICE_API_KEY }}
+
+  event-handler:
+    permissions:
+      issues: write
+      pull-requests: write
+    name: Handle ${{ github.event_name }} ${{ github.event.action }} event
+    runs-on: ubuntu-latest
+    if: ${{ github.event_name != 'issues' || github.event.action != 'opened' }}
+    steps:
+      # To run github-event-processor built from source, for testing purposes, uncomment everything
+      # in between the Start/End-Build From Source comments and comment everything in between the
+      # Start/End-Install comments
+      # Start-Install
+      - name: Install GitHub Event Processor
+        run: >
+          dotnet tool install
+          Azure.Sdk.Tools.GitHubEventProcessor
+          --version 1.0.0-dev.20240229.2
+          --add-source https://pkgs.dev.azure.com/azure-sdk/public/_packaging/azure-sdk-for-net/nuget/v3/index.json
+          --global
+        shell: bash
+      # End-Install
+
+      # Testing checkout of sources from the Azure/azure-sdk-tools repository
+      # The ref: is the SHA from the pull request in that repository or the
+      # refs/pull/<PRNumber>/merge for the latest on any given PR. If the repository
+      # is a fork eg. <User>/azure-sdk-tools then the repository down below will
+      # need to point to that fork
+      # Start-Build
+      # - name: Checkout tools repo for GitHub Event Processor sources
+      #   uses: actions/checkout@v3
+      #   with:
+      #     repository: Azure/azure-sdk-tools
+      #     path: azure-sdk-tools
+      #     ref: <refs/pull/<PRNumber>/merge> or <sha>
+
+      # - name: Build and install GitHubEventProcessor from sources
+      #   run: |
+      #     dotnet pack
+      #     dotnet tool install --global --prerelease --add-source ../../../artifacts/packages/Debug Azure.Sdk.Tools.GitHubEventProcessor
+      #   shell: bash
+      #   working-directory: azure-sdk-tools/tools/github-event-processor/Azure.Sdk.Tools.GitHubEventProcessor
+      # End-Build
+
+      - name: Process Action Event
+        run: |
+          cat > payload.json << 'EOF'
+          ${{ toJson(github.event) }}
+          EOF
+          github-event-processor ${{ github.event_name }} payload.json
+        shell: bash
+        env:
+          # This is a temporary secret generated by github
+          # https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}