Skip to content

Fixes to Azure Public feed usage #24149

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
TravisEz13 merged 42 commits into from
Aug 15, 2024
Merged

Fixes to Azure Public feed usage #24149

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
42 commits
Select commit Hold shift + click to select a range
4ffb200
Fix code PATs
TravisEz13 Aug 5, 2024
dbdae76
Fix feed PATs
TravisEz13 Aug 5, 2024
eec598e
remove gallery commit
TravisEz13 Aug 5, 2024
98cd531
update feed url
TravisEz13 Aug 5, 2024
f64c360
Update to new variable groups
TravisEz13 Aug 5, 2024
91c0a74
Fix Variable name
TravisEz13 Aug 5, 2024
8331379
Fix credential template
TravisEz13 Aug 6, 2024
7432f7f
Disable Signing setup in prep stage
TravisEz13 Aug 6, 2024
32f67ec
Capture nuget source list
TravisEz13 Aug 6, 2024
3c7994e
lock down the firewall
TravisEz13 Aug 7, 2024
f7bc496
Add creds to feed switch to allow single switch location
TravisEz13 Aug 8, 2024
61f6b34
Use switch from build.psm1
TravisEz13 Aug 8, 2024
e9a597d
Use switch template instead of commands
TravisEz13 Aug 8, 2024
4d3cc60
update to test feed
TravisEz13 Aug 8, 2024
4cd8413
disable codeql in jobs where we don't compile
TravisEz13 Aug 8, 2024
be224de
disable code sign validation for prep
TravisEz13 Aug 8, 2024
0118e88
move capture steps to restore phase to see if it speeds things up
TravisEz13 Aug 8, 2024
3f57d1e
remove duplicate capture of nuget config
TravisEz13 Aug 8, 2024
2581515
update test service
TravisEz13 Aug 9, 2024
39b898a
Only build windows test service on windows
TravisEz13 Aug 9, 2024
c093b64
warn when no config is generated
TravisEz13 Aug 9, 2024
597efe3
try to fix test service
TravisEz13 Aug 9, 2024
8bec6b8
fix web listener refs
TravisEz13 Aug 9, 2024
c651e05
try removing dotnet tool
TravisEz13 Aug 9, 2024
de0933d
update feedname with user info
TravisEz13 Aug 12, 2024
bf3626b
update package version that is not found
TravisEz13 Aug 12, 2024
0a2ac5d
try moving failing jobs to restore phase
TravisEz13 Aug 12, 2024
6e84c38
allow nuget inset in either phase
TravisEz13 Aug 12, 2024
f5f1961
update package ref
TravisEz13 Aug 12, 2024
9280a77
use the right reporoot
TravisEz13 Aug 12, 2024
65446da
Move everything to restore
TravisEz13 Aug 13, 2024
0875678
Try adding build phase
TravisEz13 Aug 13, 2024
7d49cd2
put nuget files in the right place
TravisEz13 Aug 13, 2024
feff5c8
move bootstrap into yaml
TravisEz13 Aug 13, 2024
9eda73f
remove onebranch agent items from macos build
TravisEz13 Aug 13, 2024
36d1a69
switch to environment variable
TravisEz13 Aug 13, 2024
ed351ad
bump a couple of packages
TravisEz13 Aug 13, 2024
2792e58
fix formatting
TravisEz13 Aug 13, 2024
f816608
Fix static analysis issue
TravisEz13 Aug 14, 2024
0fad547
update feed url to test restoring everything
TravisEz13 Aug 14, 2024
6a9d973
install the AzFeed cred provider
TravisEz13 Aug 14, 2024
e31d161
fix binlog issues
TravisEz13 Aug 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 19 additions & 9 deletions .pipelines/PowerShell-Coordinated_Packages-Official.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,15 +70,20 @@ variables:
value: ${{ parameters.ReleaseTagVar }}
- name: SKIP_SIGNING
value: ${{ parameters.SKIP_SIGNING }}
- group: 'AzDevOpsArtifacts'
- group: 'mscodehub-feed-read-akv'
- group: mscodehub-feed-read-general
- group: mscodehub-feed-read-akv
- name: ENABLE_MSBUILD_BINLOGS
value: ${{ parameters.ENABLE_MSBUILD_BINLOGS }}

extends:
template: v2/OneBranch.Official.CrossPlat.yml@onebranchTemplates
parameters:
customTags: 'ES365AIMigrationTooling'
featureFlags:
LinuxHostVersion:
Network: KS3
WindowsHostVersion:
Network: KS3
globalSdl:
disableLegacyManifest: true
# disabled Armorty as we dont have any ARM templates to scan. It fails on some sample ARM templates.
Expand Down Expand Up @@ -121,15 +126,18 @@ extends:
type: windows

variables:
- name: ob_sdl_tsa_configFile
value: $(Build.SourcesDirectory)\PowerShell\.config\tsaoptions.json
- name: ob_sdl_credscan_suppressionsFile
value: $(Build.SourcesDirectory)\PowerShell\.config\suppress.json
- ${{ if eq(variables['Build.SourceBranch'], 'refs/heads/master') }}:
- name: ob_sdl_codeql_compiled_enabled
value: true
- name: ob_outputDirectory
value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT/BuildJson'
- name: ob_sdl_codeSignValidation_enabled
value: false
- name: ob_sdl_codeql_compiled_enabled
value: false
- name: ob_sdl_credscan_suppressionsFile
value: $(Build.SourcesDirectory)\PowerShell\.config\suppress.json
- name: ob_sdl_tsa_configFile
value: $(Build.SourcesDirectory)\PowerShell\.config\tsaoptions.json
- name: ob_signing_setup_enabled
value: false

steps:
- checkout: self
Expand All @@ -140,6 +148,8 @@ extends:
- pwsh: |
Get-ChildItem Env:
displayName: Capture environment variables
env:
ob_restore_phase: true # This ensures checkout is done at the beginning of the restore phase

- template: /.pipelines/templates/SetVersionVariables.yml@self
parameters:
Expand Down
1 change: 1 addition & 0 deletions .pipelines/PowerShell-Packages-Official.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ variables:
value: 'onebranch.azurecr.io/windows/ltsc2019/vse2022:latest' # Docker image which is used to build the project
- name: LinuxContainerImage
value: mcr.microsoft.com/onebranch/cbl-mariner/build:2.0
- group: mscodehub-feed-read-general
- group: mscodehub-feed-read-akv
- name: branchCounterKey
value: $[format('{0:yyyyMMdd}-{1}', pipeline.startTime,variables['Build.SourceBranch'])]
Expand Down
5 changes: 2 additions & 3 deletions .pipelines/templates/checkAzureContainer.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,8 @@ jobs:
value: $(Build.SourcesDirectory)\PowerShell\.config\tsaoptions.json
- name: ob_sdl_credscan_suppressionsFile
value: $(Build.SourcesDirectory)\PowerShell\.config\suppress.json
- ${{ if eq(variables['Build.SourceBranch'], 'refs/heads/master') }}:
- name: ob_sdl_codeql_compiled_enabled
value: true
- name: ob_sdl_codeql_compiled_enabled
value: false

displayName: Delete blob is exists
pool:
Expand Down
64 changes: 39 additions & 25 deletions .pipelines/templates/insert-nuget-config-azfeed.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,39 +1,53 @@
parameters:
- name: "repoRoot"
default: $(REPOROOT)
- name: "ob_restore_phase"
type: boolean
default: true

steps:
- task: NuGetAuthenticate@1
displayName: Install Azure Artifacts Credential Provider
inputs:
forceReinstallCredentialProvider: true

- pwsh: |
$configPath = "${env:NugetConfigDir}/nuget.config"
Import-Module ${{ parameters.repoRoot }}/build.psm1 -Force
try {
$configPath = "${env:NugetConfigDir}/nuget.config"
Import-Module ${{ parameters.repoRoot }}/build.psm1 -Force

$powerShellPublicPackages = New-NugetPackageSource -Url '$(PowerShellCore_PublicPackages)' -Name 'AzDevOpsFeed'
Write-Verbose -Verbose "Running: Switch-PSNugetConfig -Source Private -UserName '$(AzDevopsFeedUserNameKVPAT)' -ClearTextPAT '$(powershellPackageReadPat)'"
Switch-PSNugetConfig -Source Private -UserName '$(AzDevopsFeedUserNameKVPAT)' -ClearTextPAT '$(powershellPackageReadPat)'

New-NugetConfigFile -NugetPackageSource $powerShellPublicPackages -UserName $(AzDevopsFeedUserNameKVPAT) -ClearTextPAT $(mscodehubPackageReadPat) -Destination "${env:NugetConfigDir}"
if(-not (Test-Path $configPath))
{
throw "nuget.config is not created"
if(-not (Test-Path $configPath))
{
throw "nuget.config is not created"
}
}
Get-Content $configPath | Write-Verbose -Verbose
displayName: 'Add nuget.config for Azure DevOps feed for PSGallery modules'
condition: and(succeededOrFailed(), ne(variables['AzDevOpsFeed'], ''))
catch {
Get-Error
throw
}
displayName: 'Switch to production Azure DevOps feed for all nuget.configs'
condition: and(succeededOrFailed(), ne(variables['UseAzDevOpsFeed'], ''))
env:
NugetConfigDir: ${{ parameters.repoRoot }}/src/Modules
ob_restore_phase: true # This ensures checkout is done at the beginning of the restore phase
ob_restore_phase: ${{ parameters.ob_restore_phase }}

- pwsh: |
$configPath = "${env:NugetConfigDir}/nuget.config"
Import-Module ${{ parameters.repoRoot }}/build.psm1 -Force

$powerShellPublicPackages = New-NugetPackageSource -Url '$(PowerShellCore_PublicPackages)' -Name 'AzDevOpsFeed'

New-NugetConfigFile -NugetPackageSource $powerShellPublicPackages -UserName $(AzDevopsFeedUserNameKVPAT) -ClearTextPAT $(mscodehubPackageReadPat) -Destination "${env:NugetConfigDir}"
if (-not (Test-Path $configPath))
{
throw "nuget.config is not created"
Get-ChildItem ${{ parameters.repoRoot }}/nuget.config -Recurse | Foreach-Object {
Write-Verbose -Verbose "--- START $($_.fullname) ---"
get-content $_.fullname | Out-String -width 9999 -Stream | write-Verbose -Verbose
Write-Verbose -Verbose "--- END $($_.fullname) ---"
}
Get-Content $configPath | Write-Verbose -Verbose
displayName: 'Add nuget.config for Azure DevOps feed for packages'
condition: and(succeededOrFailed(), ne(variables['PSInternalNugetFeed'], ''))
displayName: 'Capture all nuget.config files'
condition: and(succeededOrFailed(), ne(variables['UseAzDevOpsFeed'], ''))
env:
ob_restore_phase: ${{ parameters.ob_restore_phase }}

- pwsh: |
Get-ChildItem -Path env:VSS* | Out-String -width 9999 -Stream | write-Verbose -Verbose
displayName: Capture VSS* Environment
condition: and(succeededOrFailed(), ne(variables['UseAzDevOpsFeed'], ''))
env:
NugetConfigDir: ${{ parameters.repoRoot }}
ob_restore_phase: true # This ensures checkout is done at the beginning of the restore phase
ob_restore_phase: ${{ parameters.ob_restore_phase }}
18 changes: 9 additions & 9 deletions .pipelines/templates/mac.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,9 @@ jobs:
- group: DotNetPrivateBuildAccess
- name: ob_outputDirectory
value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT'
- name: ob_sdl_binskim_enabled
value: true
- name: ob_sdl_credscan_suppressionsfileforartifacts
value: $(Build.SourcesDirectory)/PowerShell/.config/suppress.json
- name: PowerShellRoot
value: $(Build.SourcesDirectory)

steps:
- checkout: self
clean: true
Expand All @@ -39,19 +38,19 @@ jobs:
# make the current user the owner
sudo chown $env:USER "$(Agent.TempDirectory)/PowerShell"
displayName: 'Create $(Agent.TempDirectory)/PowerShell'
- template: /.pipelines/templates/cloneToOfficialPath.yml@self
parameters:
nativePathRoot: '$(Agent.TempDirectory)'

- pwsh: |
tools/releaseBuild/macOS/PowerShellPackageVsts.ps1 -location $(PowerShellRoot) -BootStrap
Import-Module $(PowerShellRoot)/build.psm1 -Force
Start-PSBootstrap -Package
displayName: 'Bootstrap VM'
env:
__DOTNET_RUNTIME_FEED_KEY: $(RUNTIME_SOURCEFEED_KEY)

- template: /.pipelines/templates/insert-nuget-config-azfeed.yml@self
parameters:
repoRoot: $(PowerShellRoot)
- pwsh: |
$env:AzDevOpsFeedPAT2 = '$(AzDevOpsFeedPAT2)'
$env:AzDevOpsFeedPAT2 = '$(powershellPackageReadPat)'
# Add -SkipReleaseChecks as a mitigation to unblock release.
# macos-10.15 does not allow creating a folder under root. Hence, moving the folder.

Expand All @@ -76,6 +75,7 @@ jobs:
displayName: 'Build'
env:
__DOTNET_RUNTIME_FEED_KEY: $(RUNTIME_SOURCEFEED_KEY)

- template: /.pipelines/templates/step/finalize.yml@self

- job: sign_${{ parameters.buildArchitecture }}
Expand Down
23 changes: 5 additions & 18 deletions .pipelines/templates/nupkg.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,8 @@ jobs:
value: $(Build.SourcesDirectory)\PowerShell\.config\tsaoptions.json
- name: ob_sdl_credscan_suppressionsFile
value: $(Build.SourcesDirectory)\PowerShell\.config\suppress.json
- group: 'AzDevOpsArtifacts'
- group: mscodehub-feed-read-general
- group: mscodehub-feed-read-akv
- group: DotNetPrivateBuildAccess

steps:
Expand Down Expand Up @@ -89,23 +90,9 @@ jobs:
env:
ob_restore_phase: true # This ensures this done in restore phase to workaround signing issue

- pwsh: |
$repoRoot = "$(PowerShellRoot)"
Write-Verbose -Verbose "repoRoot: $repoRoot"

$configPath = "$repoRoot/nuget.config"
Import-Module "$repoRoot/build.psm1" -Force
New-NugetConfigFile -NugetFeedUrl $(PowerShellCore_PublicPackages) -UserName $(AzDevOpsFeedUserName) -ClearTextPAT $(AzDevOpsFeedPAT2) -FeedName AzDevOpsFeed -Destination "$(PowerShellRoot)"

if(-not (Test-Path $configPath))
{
throw "nuget.config is not created"
}
Get-Content $configPath | Write-Verbose -Verbose
displayName: 'Add nuget.config for Azure DevOps feed for packages'
condition: and(succeededOrFailed(), ne(variables['PowerShellCore_PublicPackages'], ''))
env:
ob_restore_phase: true # This ensures this done in restore phase to workaround signing issue
- template: /.pipelines/templates/insert-nuget-config-azfeed.yml@self
parameters:
repoRoot: $(PowerShellRoot)

- task: NuGetToolInstaller@1
displayName: 'Install NuGet.exe'
Expand Down
5 changes: 2 additions & 3 deletions .pipelines/templates/release-MakeBlobPublic.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,9 +30,8 @@ jobs:
value: $(Build.SourcesDirectory)\PowerShell\.config\tsaoptions.json
- name: ob_sdl_credscan_suppressionsFile
value: $(Build.SourcesDirectory)\PowerShell\.config\suppress.json
- ${{ if eq(variables['Build.SourceBranch'], 'refs/heads/master') }}:
- name: ob_sdl_codeql_compiled_enabled
value: true
- name: ob_sdl_codeql_compiled_enabled
value: false

steps:
- checkout: self
Expand Down
3 changes: 2 additions & 1 deletion .pipelines/templates/release-validate-sdk.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,8 @@ jobs:
type: ${{ parameters.jobtype }}

variables:
- group: AzDevOpsArtifacts
- group: mscodehub-feed-read-general
- group: mscodehub-feed-read-akv
- group: DotNetPrivateBuildAccess
- name: ob_outputDirectory
value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT'
Expand Down
31 changes: 29 additions & 2 deletions .pipelines/templates/testartifacts.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,15 +22,22 @@ jobs:
steps:
- checkout: self
clean: true
env:
ob_restore_phase: true

- template: /.pipelines/templates/insert-nuget-config-azfeed.yml@self
parameters:
repoRoot: $(Build.SourcesDirectory)
repoRoot: $(Build.SourcesDirectory)/PowerShell
ob_restore_phase: true

- pwsh: |
Import-Module $(Build.SourcesDirectory)/PowerShell/build.psm1
Start-PSBootstrap
displayName: Bootstrap
env:
__DOTNET_RUNTIME_FEED_KEY: $(RUNTIME_SOURCEFEED_KEY)
ob_restore_phase: true

- pwsh: |
New-Item -Path '$(ob_outputDirectory)' -ItemType Directory -Force
Import-Module $(Build.SourcesDirectory)/PowerShell/build.psm1
Expand Down Expand Up @@ -58,6 +65,13 @@ jobs:
BuildTestPackage -runtime win-arm64
displayName: Build test package and upload
retryCountOnTaskFailure: 1
env:
ob_restore_phase: true

- pwsh: |
Write-Host "This doesn't do anything but make the build phase run."
displayName: Dummy build task


- job: build_testartifacts_nonwin
variables:
Expand All @@ -75,15 +89,22 @@ jobs:
steps:
- checkout: self
clean: true
env:
ob_restore_phase: true

- template: /.pipelines/templates/insert-nuget-config-azfeed.yml@self
parameters:
repoRoot: $(Build.SourcesDirectory)
repoRoot: $(Build.SourcesDirectory)/PowerShell
ob_restore_phase: true

- pwsh: |
Import-Module $(Build.SourcesDirectory)/PowerShell/build.psm1
Start-PSBootstrap
displayName: Bootstrap
env:
__DOTNET_RUNTIME_FEED_KEY: $(RUNTIME_SOURCEFEED_KEY)
ob_restore_phase: true

- pwsh: |
New-Item -Path '$(ob_outputDirectory)' -ItemType Directory -Force
Import-Module $(Build.SourcesDirectory)/PowerShell/build.psm1
Expand Down Expand Up @@ -113,3 +134,9 @@ jobs:
BuildTestPackage -runtime linux-musl-x64
displayName: Build test package and upload
retryCountOnTaskFailure: 1
env:
ob_restore_phase: true

- pwsh: |
Write-Host "This doesn't do anything but make the build phase run."
displayName: Dummy build task
5 changes: 2 additions & 3 deletions .pipelines/templates/uploadToAzure.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,8 @@ jobs:
value: $(Build.SourcesDirectory)\PowerShell\.config\tsaoptions.json
- name: ob_sdl_credscan_suppressionsFile
value: $(Build.SourcesDirectory)\PowerShell\.config\suppress.json
- ${{ if eq(variables['Build.SourceBranch'], 'refs/heads/master') }}:
- name: ob_sdl_codeql_compiled_enabled
value: true
- name: ob_sdl_codeql_compiled_enabled
value: false

steps:
- checkout: self
Expand Down
2 changes: 1 addition & 1 deletion .vsts-ci/templates/ci-build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ jobs:
displayName: Set Build Name for Non-PR
condition: ne(variables['Build.Reason'], 'PullRequest')

- ${{ if ne(variables['AzDevOpsFeed'], '') }}:
- ${{ if ne(variables['UseAzDevOpsFeed'], '') }}:
- template: /tools/releaseBuild/azureDevOps/templates/insert-nuget-config-azfeed.yml

- pwsh: |
Expand Down
Loading