Fix login guard to skip interactive prompts in CI/CD environments (#5528)

- Added CI/CD detection using the existing resource.IsRunningOnCI() function
- Modified ensureLogin() to check for CI/CD environment before showing interactive prompt
- If in CI/CD: returns authentication error immediately without blocking
- If interactive: preserves existing UX with automatic login prompt
- Added comprehensive tests covering multiple CI providers (GitHub Actions, Azure Pipelines, Generic CI)

Author: Copilot

cli/azd/cmd/middleware/login_guard.go

@@ -8,6 +8,7 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
 	"github.com/azure/azure-dev/cli/azd/cmd/actions"
+	"github.com/azure/azure-dev/cli/azd/internal/tracing/resource"
 	"github.com/azure/azure-dev/cli/azd/pkg/auth"
 	"github.com/azure/azure-dev/cli/azd/pkg/cloud"
 	"github.com/azure/azure-dev/cli/azd/pkg/input"
@@ -62,6 +63,11 @@ func (l *LoginGuardMiddleware) Run(ctx context.Context, next NextFn) (*actions.A
 func (l *LoginGuardMiddleware) ensureLogin(ctx context.Context) (azcore.TokenCredential, error) {
 	cred, credentialErr := l.authManager.CredentialForCurrentUser(ctx, nil)
 	if credentialErr != nil {
+		// If running in CI/CD, don't prompt for interactive login, just return the authentication error
+		if resource.IsRunningOnCI() {
+			return nil, credentialErr
+		}
+
 		loginWarning := output.WithWarningFormat("WARNING: You must be logged into Azure perform this action")
 		l.console.Message(ctx, loginWarning)
 

cli/azd/cmd/middleware/login_guard_test.go

@@ -5,6 +5,7 @@ package middleware
 
 import (
 	"context"
+	"os"
 	"strings"
 	"testing"
 
@@ -63,6 +64,59 @@ func Test_LoginGuard_Run(t *testing.T) {
 		require.Error(t, err)
 		require.Nil(t, result)
 	})
+	t.Run("NotLoggedInCI", func(t *testing.T) {
+		// Test with different CI environment variables
+		testCases := []struct {
+			envVar   string
+			envValue string
+			testName string
+		}{
+			{"GITHUB_ACTIONS", "true", "GitHub Actions"},
+			{"TF_BUILD", "True", "Azure Pipelines"},
+			{"CI", "true", "Generic CI"},
+		}
+
+		for _, tc := range testCases {
+			t.Run(tc.testName, func(t *testing.T) {
+				// Set up CI environment variable to simulate CI/CD
+				originalValue := os.Getenv(tc.envVar)
+				os.Setenv(tc.envVar, tc.envValue)
+				defer func() {
+					if originalValue == "" {
+						os.Unsetenv(tc.envVar)
+					} else {
+						os.Setenv(tc.envVar, originalValue)
+					}
+				}()
+
+				mockContext := mocks.NewMockContext(context.Background())
+				// In CI, we should NOT get a console confirmation prompt
+				// The test will fail if console.Confirm is called
+				mockContext.Console.
+					WhenConfirm(func(options input.ConsoleOptions) bool {
+						t.Fatal("Console.Confirm should not be called in CI/CD environment")
+						return false
+					})
+
+				mockAuthManager := &mockCurrentUserAuthManager{}
+				mockAuthManager.On("Cloud").Return(cloud.AzurePublic())
+				mockAuthManager.
+					On("CredentialForCurrentUser", *mockContext.Context, mock.Anything).
+					Return(nil, auth.ErrNoCurrentUser)
+
+				middleware := LoginGuardMiddleware{
+					console:        mockContext.Console,
+					authManager:    mockAuthManager,
+					workflowRunner: &workflow.Runner{},
+				}
+
+				result, err := middleware.Run(*mockContext.Context, next)
+				require.Error(t, err)
+				require.Nil(t, result)
+				require.Equal(t, auth.ErrNoCurrentUser, err)
+			})
+		}
+	})
 }
 
 func next(ctx context.Context) (*actions.ActionResult, error) {