Move 1ES pipeline to correct dir#1939
Conversation
|
💡 This will break the whole 1ES setting, so please |
Tatsinnit
added
the
do-not-merge
There was a problem hiding this comment.
💡 Leaving a note here as well, could we please hold off on merging this for now? This change will require us to recreate the ADO pipeline, so it would be good to align both pieces of work closely once we’re ready to move forward.
Given we have a few tight releases planned over the coming days, I’d suggest we avoid merging this until things settle a bit.
Thanks so much, gentle cc: @bosesuneha
|
Yes, this need not be merged now. We can revisit after the CA preview release. |
Sounds Great, can we please move PR to Draft for now, 👍 Thank you. |
There was a problem hiding this comment.
Copilot wasn't able to review any files in this pull request.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
publishVersion defaults to 0.0.1, but package.json currently declares version 1.6.15. For a publishing/release pipeline, this default can easily create incorrect tags/releases; consider making the parameter required (no default) and/or validating it against package.json before creating the GitHub release/tag.
There was a problem hiding this comment.
The token is defined as a normal runtime parameter and then passed into the publish step. Azure DevOps runtime parameters are not secret, so this PAT can be exposed in run metadata/logs; use a secret pipeline variable/variable group (or a service connection) instead, and avoid printing any part of the token in logs.
| npx vsce publish --pat "$TOKEN" --packagePath "$VSIX_PATH" | |
| env: | |
| # TOKEN should be defined as a secret variable (e.g., in the pipeline or a variable group) | |
| TOKEN: $(MARKETPLACE_PAT) |
There was a problem hiding this comment.
trigger: none disables CI triggers, but PR validation triggers are controlled separately. If this pipeline is intended to run only manually, add pr: none as well to avoid accidental runs on pull requests (especially since it includes signing/publishing steps).
| pr: none | |
| # The `resources` specify the location and version of the 1ES PT. | |
| resources: |
The 1es pipeline is an azure pipeline, so having it in .github/workflows folder results in error since github writes to read it as a github workflow. Moving it to a separate directory .azuredevops.
Note: Before merging this we need to verify if the path of the pipeline is changed in the actual ado pipeline