Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

[release/v7.6.1] Download PMC Packages through TemplateContext #27331

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jshigetomi merged 1 commit into from
Apr 22, 2026
Merged

[release/v7.6.1] Download PMC Packages through TemplateContext #27331

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion 8 .pipelines/NonOfficial/PowerShell-Release-Azure-NonOfficial.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,10 +67,16 @@ extends:
exactToolVersion: 4.4.2
policheck:
break: true # always break the build on policheck issues. You can disable it by setting to 'false'
tsaOptionsFile: .config\tsaoptions.json
tsaOptionsFile: $(Build.SourcesDirectory)\.config\tsaoptions.json
Copy link

Copilot AI Apr 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tsaOptionsFile now points to $(Build.SourcesDirectory)\.config\tsaoptions.json, but these OneBranch pipelines commonly have the repo under $(Build.SourcesDirectory)\PowerShell (templates default REPOROOT accordingly). This path may not exist and can break TSA upload. Update to $(Build.SourcesDirectory)\PowerShell\.config\tsaoptions.json (or use a repo-relative .config\tsaoptions.json if required by the governed template).

Suggested change
tsaOptionsFile: $(Build.SourcesDirectory)\.config\tsaoptions.json
tsaOptionsFile: $(Build.SourcesDirectory)\PowerShell\.config\tsaoptions.json

Copilot uses AI. Check for mistakes.
stages:
- template: /.pipelines/templates/release-prep-for-ev2.yml@self
parameters:
skipPublish: ${{ parameters.skipPublish }}

# NonOfficial: run the publish stage to verify templateContext artifact download,
# but skip the actual Ev2 push to PMC.
- template: /.pipelines/templates/release-publish-pmc.yml@self
parameters:
releaseEnvironment: Test
stagePrefix: Test
skipEv2Push: true
2 changes: 1 addition & 1 deletion 2 .pipelines/PowerShell-Release-Official-Azure.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ extends:
exactToolVersion: 4.4.2
policheck:
break: true # always break the build on policheck issues. You can disable it by setting to 'false'
tsaOptionsFile: .config\tsaoptions.json
tsaOptionsFile: $(Build.SourcesDirectory)\.config\tsaoptions.json
Copy link

Copilot AI Apr 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tsaOptionsFile now points to $(Build.SourcesDirectory)\.config\tsaoptions.json, but in these OneBranch pipelines the repo content is typically under $(Build.SourcesDirectory)\PowerShell (for example, templates default REPOROOT to that). This path will likely not resolve and can break TSA upload. Update this to $(Build.SourcesDirectory)\PowerShell\.config\tsaoptions.json (or revert to the prior repo-relative .config\tsaoptions.json if that’s what OneBranch expects).

Suggested change
tsaOptionsFile: $(Build.SourcesDirectory)\.config\tsaoptions.json
tsaOptionsFile: $(Build.SourcesDirectory)\PowerShell\.config\tsaoptions.json

Copilot uses AI. Check for mistakes.
stages:
- template: /.pipelines/templates/release-prep-for-ev2.yml@self
parameters:
Expand Down
46 changes: 20 additions & 26 deletions 46 .pipelines/templates/release-prep-for-ev2.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,20 @@ stages:
displayName: 'Copy EV2 Files to Artifact'
pool:
type: linux
templateContext:
inputs:
- input: pipelineArtifact
pipeline: PSPackagesOfficial
artifactName: drop_linux_package_deb
- input: pipelineArtifact
pipeline: PSPackagesOfficial
artifactName: drop_linux_package_rpm
- input: pipelineArtifact
pipeline: PSPackagesOfficial
artifactName: drop_linux_package_mariner_x64
- input: pipelineArtifact
pipeline: PSPackagesOfficial
artifactName: drop_linux_package_mariner_arm64
variables:
- name: ob_outputDirectory
value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT'
Expand All @@ -24,6 +38,8 @@ stages:
- group: 'packages.microsoft.com'
- name: ob_sdl_credscan_suppressionsFile
value: $(Build.SourcesDirectory)/PowerShell/.config/suppress.json
- name: ob_sdl_tsa_configFile
value: $(Build.SourcesDirectory)/PowerShell/.config/tsaoptions.json
steps:
- checkout: self ## the global setting on lfs didn't work
lfs: false
Expand Down Expand Up @@ -99,39 +115,17 @@ stages:
env:
ob_restore_phase: true

- download: PSPackagesOfficial
artifact: 'drop_linux_package_deb'
displayName: 'Download artifact containing .deb_amd64.deb file from PSPackagesOfficial triggering pipeline'
env:
ob_restore_phase: true

- download: PSPackagesOfficial
artifact: 'drop_linux_package_rpm'
displayName: 'Download artifact containing .rh.x64_86.rpm file from PSPackagesOfficial triggering pipeline'
env:
ob_restore_phase: true

- download: PSPackagesOfficial
artifact: 'drop_linux_package_mariner_x64'
displayName: 'Download artifact containing .cm.x86_64.rpm file from PSPackagesOfficial triggering pipeline'
env:
ob_restore_phase: true

- download: PSPackagesOfficial
artifact: 'drop_linux_package_mariner_arm64'
displayName: 'Download artifact containing .cm.aarch64.rpm file from PSPackagesOfficial triggering pipeline'
env:
ob_restore_phase: true

- pwsh: |
Write-Verbose -Verbose "Copy ESRP signed .deb and .rpm packages"
$downloadedPipelineFolder = Join-Path '$(Pipeline.Workspace)' -ChildPath 'PSPackagesOfficial'
# templateContext.inputs places the PSPackagesOfficial pipelineArtifact files
# directly under $(Pipeline.Workspace), not in per-artifact subfolders.
$downloadedPipelineFolder = '$(Pipeline.Workspace)'
$srcFilesFolder = Join-Path -Path '$(Pipeline.Workspace)' -ChildPath 'SourceFiles'
New-Item -Path $srcFilesFolder -ItemType Directory
$packagesFolder = Join-Path -Path $srcFilesFolder -ChildPath 'packages'
New-Item -Path $packagesFolder -ItemType Directory

$packageFiles = Get-ChildItem -Path $downloadedPipelineFolder -Recurse -Directory -Filter "drop_*" | Get-ChildItem -File -Include *.deb, *.rpm
$packageFiles = Get-ChildItem -Path $downloadedPipelineFolder -File | Where-Object { $_.Extension -in '.deb', '.rpm' }
foreach ($file in $packageFiles)
{
Write-Verbose -Verbose "copying file: $($file.FullName)"
Expand Down
65 changes: 42 additions & 23 deletions 65 .pipelines/templates/release-publish-pmc.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,37 +1,56 @@
parameters:
- name: releaseEnvironment
type: string
default: Production
values:
- Production
- PPE
- Test
- name: approvalServiceEnvironment
type: string
default: Production
values:
- Production
- PPE
- Test
# OneBranch requires the stage name to be prefixed with the release environment.
# Official uses 'Prod' for Production; NonProd validators require '<env>' (e.g. 'Test', 'PPE').
- name: stagePrefix
type: string
default: Prod
# When true, the Ev2 push step is skipped. Useful for NonOfficial dry-runs that
# only want to validate artifact download via templateContext.inputs.
- name: skipEv2Push
type: boolean
default: false

stages:
- stage: 'Prod_Release'
- stage: ${{ parameters.stagePrefix }}_Release
displayName: 'Deploy packages to PMC with EV2'
dependsOn:
- PrepForEV2
variables:
- name: ob_release_environment
value: "Production"
value: ${{ parameters.releaseEnvironment }}
- name: repoRoot
value: $(Build.SourcesDirectory)
jobs:
- job: Prod_ReleaseJob
- job: ${{ parameters.stagePrefix }}_ReleaseJob
displayName: Publish to PMC
pool:
type: release
Copy link

Copilot AI Apr 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The release pool here doesn’t specify os: windows, while other release templates in this repo consistently set it (for example release-githubNuget.yml and release-MSIX-Publish.yml). Since the EV2 task is Windows-only, explicitly set pool.os: windows to avoid the job landing on an incompatible release agent.

Suggested change
type: release
type: release
os: windows

Copilot uses AI. Check for mistakes.

steps:
- task: DownloadPipelineArtifact@2
templateContext:
inputs:
targetPath: '$(Pipeline.Workspace)'
artifact: drop_PrepForEV2_CopyEv2FilesToArtifact
displayName: 'Download drop_PrepForEV2_CopyEv2FilesToArtifact artifact that has all files needed'
- input: pipelineArtifact
artifactName: drop_PrepForEV2_CopyEv2FilesToArtifact

- task: DownloadPipelineArtifact@2
inputs:
buildType: 'current'
targetPath: '$(Pipeline.Workspace)'
displayName: 'Download to get EV2 Files'

- task: vsrm-ev2.vss-services-ev2.adm-release-task.ExpressV2Internal@1
displayName: 'Ev2: Push to PMC'
inputs:
UseServerMonitorTask: true
EndpointProviderType: ApprovalService
ApprovalServiceEnvironment: Production
ServiceRootPath: '$(Pipeline.Workspace)/drop_PrepForEV2_CopyEV2FilesToArtifact/EV2Specs/ServiceGroupRoot'
RolloutSpecPath: '$(Pipeline.Workspace)/drop_PrepForEV2_CopyEV2FilesToArtifact/EV2Specs/ServiceGroupRoot/RolloutSpec.json'
steps:
- ${{ if not(parameters.skipEv2Push) }}:
- task: vsrm-ev2.vss-services-ev2.adm-release-task.ExpressV2Internal@1
displayName: 'Ev2: Push to PMC'
inputs:
UseServerMonitorTask: true
EndpointProviderType: ApprovalService
ApprovalServiceEnvironment: ${{ parameters.approvalServiceEnvironment }}
ServiceRootPath: '$(Pipeline.Workspace)/EV2Specs/ServiceGroupRoot'
RolloutSpecPath: '$(Pipeline.Workspace)/EV2Specs/ServiceGroupRoot/RolloutSpec.json'
Comment on lines +47 to +56
Copy link

Copilot AI Apr 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When skipEv2Push is true, this job expands to having no steps at all (the only step is conditionally omitted). That makes the NonOfficial “dry-run” stage less useful for validating the downloaded EV2 payload and can also be brittle for pipeline diagnostics. Consider adding a lightweight validation/logging step (e.g., list $(Pipeline.Workspace)/EV2Specs or assert RolloutSpec.json exists) that runs when skipEv2Push is true (or always).

Copilot uses AI. Check for mistakes.
Loading
Morty Proxy This is a proxified and sanitized view of the page, visit original site.