Skip to content

[release/v7.4] Hardcode Official templates (#26928) #26962

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jshigetomi merged 1 commit into from
Mar 9, 2026
Merged

[release/v7.4] Hardcode Official templates (#26928) #26962

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 14 additions & 6 deletions .pipelines/PowerShell-Coordinated_Packages-Official.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,11 +25,12 @@ parameters:
displayName: Enable MSBuild Binary Logs
type: boolean
default: false
- name: OfficialBuild
- name: FORCE_CODEQL
displayName: Debugging - Enable CodeQL and set cadence to 1 hour
type: boolean
default: false

name: bins-$(BUILD.SOURCEBRANCHNAME)-prod.${{ parameters.OfficialBuild }}-$(Build.BuildId)
name: bins-$(BUILD.SOURCEBRANCHNAME)-prod.true-$(Build.BuildId)

resources:
repositories:
Expand Down Expand Up @@ -78,19 +79,26 @@ variables:
- group: mscodehub-feed-read-akv
- name: ENABLE_MSBUILD_BINLOGS
value: ${{ parameters.ENABLE_MSBUILD_BINLOGS }}
- name: templateFile
value: ${{ iif ( parameters.OfficialBuild, 'v2/OneBranch.Official.CrossPlat.yml@onebranchTemplates', 'v2/OneBranch.NonOfficial.CrossPlat.yml@onebranchTemplates' ) }}
- ${{ if eq(parameters['FORCE_CODEQL'],'true') }}:
# Cadence is hours before CodeQL will allow a re-upload of the database
- name: CodeQL.Cadence
value: 1
- name: CODEQL_ENABLED
Comment on lines +82 to +86
Copy link

Copilot AI Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FORCE_CODEQL is described as enabling CodeQL, but this pipeline only sets CodeQL.Cadence/CODEQL_ENABLED here; the build templates it invokes (e.g. .pipelines/templates/windows-hosted-build.yml and linux.yml) gate CodeQL3000Init/Finalize strictly on Build.SourceBranch == refs/heads/master. That means FORCE_CODEQL: true won’t actually enable CodeQL runs on non-master branches. Consider wiring the CodeQL task conditions in those templates to variables['CODEQL_ENABLED'] (or similar), or rename/remove this parameter to avoid implying behavior it can’t provide.

Copilot uses AI. Check for mistakes.
${{ if or(eq(variables['Build.SourceBranch'], 'refs/heads/master'), eq(parameters['FORCE_CODEQL'],'true')) }}:
value: true
${{ else }}:
value: false
# Fix for BinSkim ICU package error in Linux containers
- name: DOTNET_SYSTEM_GLOBALIZATION_INVARIANT
value: true
# Disable BinSkim at job level to override NonOfficial template defaults
- name: ob_sdl_binskim_enabled
value: false
- name: ps_official_build
value: ${{ parameters.OfficialBuild }}
value: true

extends:
template: ${{ variables.templateFile }}
template: v2/OneBranch.Official.CrossPlat.yml@onebranchTemplates
parameters:
featureFlags:
LinuxHostVersion:
Expand Down
11 changes: 3 additions & 8 deletions .pipelines/PowerShell-Packages-Official.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,14 +24,11 @@ parameters: # parameters are shown up in ADO UI in a build queue time
displayName: Skip Signing
type: string
default: 'NO'
- name: OfficialBuild
type: boolean
default: false
- name: disableNetworkIsolation
type: boolean
default: false

name: pkgs-$(BUILD.SOURCEBRANCHNAME)-prod.${{ parameters.OfficialBuild }}-$(Build.BuildId)
name: pkgs-$(BUILD.SOURCEBRANCHNAME)-prod.true-$(Build.BuildId)

variables:
- name: CDP_DEFINITION_BUILD_COUNT
Expand Down Expand Up @@ -67,8 +64,6 @@ variables:
- name: branchCounter
value: $[counter(variables['branchCounterKey'], 1)]
- group: MSIXSigningProfile
- name: templateFile
value: ${{ iif ( parameters.OfficialBuild, 'v2/OneBranch.Official.CrossPlat.yml@onebranchTemplates', 'v2/OneBranch.NonOfficial.CrossPlat.yml@onebranchTemplates' ) }}
- name: disableNetworkIsolation
value: ${{ parameters.disableNetworkIsolation }}

Expand All @@ -89,7 +84,7 @@ resources:
ref: refs/heads/main

extends:
template: ${{ variables.templateFile }}
template: v2/OneBranch.Official.CrossPlat.yml@onebranchTemplates
parameters:
cloudvault:
enabled: false
Expand Down Expand Up @@ -294,7 +289,7 @@ extends:
jobs:
- template: /.pipelines/templates/package-create-msix.yml@self
parameters:
OfficialBuild: ${{ parameters.OfficialBuild }}
OfficialBuild: true

- stage: upload
displayName: 'Upload'
Expand Down
9 changes: 2 additions & 7 deletions .pipelines/PowerShell-Release-Official-Azure.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,8 @@ parameters: # parameters are shown up in ADO UI in a build queue time
displayName: Skip Signing
type: string
default: 'NO'
- name: OfficialBuild
type: boolean
default: false

name: ev2-$(BUILD.SOURCEBRANCHNAME)-prod.${{ parameters.OfficialBuild }}-$(Build.BuildId)
name: ev2-$(BUILD.SOURCEBRANCHNAME)-prod.true-$(Build.BuildId)

variables:
- name: CDP_DEFINITION_BUILD_COUNT
Expand Down Expand Up @@ -49,8 +46,6 @@ variables:
- name: LinuxContainerImage
value: mcr.microsoft.com/onebranch/azurelinux/build:3.0
- group: PoolNames
- name: templateFile
value: ${{ iif ( parameters.OfficialBuild, 'v2/OneBranch.Official.CrossPlat.yml@onebranchTemplates', 'v2/OneBranch.NonOfficial.CrossPlat.yml@onebranchTemplates' ) }}

resources:
repositories:
Expand All @@ -72,7 +67,7 @@ resources:
- releases/*

extends:
template: ${{ variables.templateFile }}
template: v2/OneBranch.Official.CrossPlat.yml@onebranchTemplates
parameters:
featureFlags:
WindowsHostVersion:
Expand Down
11 changes: 3 additions & 8 deletions .pipelines/PowerShell-Release-Official.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,11 +29,8 @@ parameters: # parameters are shown up in ADO UI in a build queue time
displayName: Skip MSIX Publish
type: boolean
default: false
- name: OfficialBuild
type: boolean
default: false

name: release-$(BUILD.SOURCEBRANCHNAME)-prod.${{ parameters.OfficialBuild }}-$(Build.BuildId)
name: release-$(BUILD.SOURCEBRANCHNAME)-prod.true-$(Build.BuildId)

variables:
- name: CDP_DEFINITION_BUILD_COUNT
Expand Down Expand Up @@ -65,10 +62,8 @@ variables:
- name: ReleaseTagVar
value: ${{ parameters.ReleaseTagVar }}
- group: PoolNames
- name: templateFile
value: ${{ iif ( parameters.OfficialBuild, 'v2/OneBranch.Official.CrossPlat.yml@onebranchTemplates', 'v2/OneBranch.NonOfficial.CrossPlat.yml@onebranchTemplates' ) }}
- name: releaseEnvironment
value: ${{ iif ( parameters.OfficialBuild, 'Production', 'Test' ) }}
value: 'Production'
# Fix for BinSkim ICU package error in Linux containers
- name: DOTNET_SYSTEM_GLOBALIZATION_INVARIANT
value: true
Expand Down Expand Up @@ -97,7 +92,7 @@ resources:
- releases/*

extends:
template: ${{ variables.templateFile }}
template: v2/OneBranch.Official.CrossPlat.yml@onebranchTemplates
parameters:
release:
category: NonAzure
Expand Down
9 changes: 2 additions & 7 deletions .pipelines/PowerShell-vPack-Official.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,6 @@
trigger: none

parameters: # parameters are shown up in ADO UI in a build queue time
- name: OfficialBuild
type: boolean
default: true
- name: 'createVPack'
displayName: 'Create and Submit VPack'
type: boolean
Expand Down Expand Up @@ -33,7 +30,7 @@ parameters: # parameters are shown up in ADO UI in a build queue time
- Netlock
default: "R1"

name: vPack_$(Build.SourceBranchName)_Prod.${{ parameters.OfficialBuild }}_Create.${{ parameters.createVPack }}_Name.${{ parameters.vPackName}}_$(date:yyyyMMdd).$(rev:rr)
name: vPack_$(Build.SourceBranchName)_Prod.true_Create.${{ parameters.createVPack }}_Name.${{ parameters.vPackName}}_$(date:yyyyMMdd).$(rev:rr)

variables:
- name: CDP_DEFINITION_BUILD_COUNT
Expand All @@ -58,8 +55,6 @@ variables:
value: ${{ parameters.ReleaseTagVar }}
- group: Azure Blob variable group
- group: certificate_logical_to_actual # used within signing task
- name: templateFile
value: ${{ iif ( parameters.OfficialBuild, 'v2/Microsoft.Official.yml@onebranchTemplates', 'v2/Microsoft.NonOfficial.yml@onebranchTemplates' ) }}
- group: DotNetPrivateBuildAccess
- group: certificate_logical_to_actual
- name: netiso
Expand All @@ -75,7 +70,7 @@ resources:
ref: refs/heads/main

extends:
template: ${{ variables.templateFile }}
template: v2/Microsoft.Official.yml@onebranchTemplates
parameters:
platform:
name: 'windows_undocked' # windows undocked
Expand Down
Loading