-
Notifications
You must be signed in to change notification settings - Fork 340
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rework SetupNuGetSources to support WIF Service Connections #14758
Conversation
Co-authored-by: Michael Stuckey <michael.stuckey@gmail.com>
… setup-nuget-sources-no-pat
I've got a couple more tests to run with this for arcade main, and I want to rerun my msbuild tests. But this should be g2g after that. |
Test with replaced SetupNugetSources.ps1/sh in existing infra: https://dev.azure.com/dnceng/internal/_build/results?buildId=2461793&view=results Need a couple of SB tweaks |
Test with new SetupNuGetSources, without using the new templates except in source-build.yml: https://dev.azure.com/dnceng/internal/_build/results?buildId=2462612&view=results |
Hold on merging until I have places that use the script updated to include a NuGetAuthenticate call after. |
PRs opened. |
@mmitche can we backport that to release/8.0? |
Yes, it will get backported to 8 and 6. I'll be starting that today, but I want to get a few verified usages before merging |
steps: | ||
- template: /eng/common/core-templates/steps/get-federated-access-token.yml | ||
parameters: | ||
is1ESPipeline: true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why is is1ESPipeline
parameter needed? It's not defined in core-templates/steps/get-federated-access-token.yml
so the yaml is not valid.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's the standard pattern in these templates. The param should be added to core-templates/steps/get-federated-access-token.yml
. Surprised we haven't hit this yet.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
updated in #14942
Adds a set of templates which generate aad tokens in pipelines, and uses these templates in a new template which enables internal sources.
There are a few interesting aspects to this:
To double check: