feat: migration of the release pipeline (wip)#197
Conversation
setting up the build pipeline
There was a problem hiding this comment.
Pull Request Overview
This pull request introduces a migration from legacy Azure DevOps pipeline templates to a modern OneBranch pipeline configuration. The migration consolidates multiple separate pipeline files into a single unified build pipeline and removes dependency on external template repositories.
Key changes:
- Complete removal of legacy pipeline configurations and template files
- Introduction of a new OneBranch-based build pipeline with integrated security scanning
- Addition of custom npm registry configuration for Azure Artifacts
Reviewed Changes
Copilot reviewed 11 out of 11 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
.azure-pipelines/release.yml |
Removed legacy release pipeline that depended on external Azure Tools templates |
.azure-pipelines/main.yml |
Removed multi-platform build pipeline with separate Windows/Linux/macOS jobs |
.azure-pipelines/1esmain.yml |
Removed 1ES pipeline configuration that used Azure Tools templates |
.azure-pipelines/build.yml |
Added new OneBranch pipeline with integrated build, package, sign, and test steps |
.azure-pipelines/common/* |
Removed all shared template files (build, test, lint, package, sbom) |
.azure-pipelines/SignExtension.signproj |
Removed legacy signing project file |
.azure-pipelines/.npmrc |
Added npm configuration for Azure Artifacts private registry |
| ${{ if eq(variables['Build.SourceBranch'], 'refs/heads/master') }}: # conditionally enable symbolsPublishing for master branch only | ||
| ob_symbolsPublishing_enabled: true # https://aka.ms/obpipelines/symbols |
There was a problem hiding this comment.
The condition checks for 'refs/heads/master' but the pipeline is configured to trigger on 'main' and 'next' branches (lines 3-4). This condition will never be true since 'master' is not in the trigger list.
| ${{ if eq(variables['Build.SourceBranch'], 'refs/heads/master') }}: # conditionally enable symbolsPublishing for master branch only | |
| ob_symbolsPublishing_enabled: true # https://aka.ms/obpipelines/symbols | |
| # Removed unreachable condition for 'refs/heads/master' |
| ob_symbolsPublishing_enabled: true # https://aka.ms/obpipelines/symbols | ||
| ob_sdl_codeSignValidation_excludes: '-|**\*.json;-|**\*.js;-|**\node_modules\**;' | ||
| # ob_sdl_suppression_suppressionFile: $(Build.SourcesDirectory)/.config/guardian/.gdnsuppress | ||
| ${{ if eq(variables['Build.SourceBranch'], 'refs/heads/main') }}: |
There was a problem hiding this comment.
This condition for enabling CodeQL on main branch is inconsistent with the symbols publishing condition above (line 84) which checks for 'master'. Both conditions should use the same branch name for consistency.
| codeql: | ||
| excludePathPatterns: '**/.vscode-test, dist' # Exclude .vscode-test and dist directories from CodeQL alerting | ||
| compiled: | ||
| ${{ if eq(variables['Build.SourceBranch'], 'refs/heads/main') }}: |
There was a problem hiding this comment.
[nitpick] This is the third instance of checking for the main branch. Consider extracting this condition into a variable to reduce duplication and improve maintainability.
| ${{ if eq(variables['Build.SourceBranch'], 'refs/heads/main') }}: | |
| ${{ if variables['isMainBranch'] }}: |
tnaum-ms
deleted the
dev/tnaum/163-use-signing-build-pipelines-for-the-extension
branch
This pull request introduces significant updates to the Azure Pipelines configuration, primarily aimed at consolidating and modernizing the CI/CD pipeline setup. Key changes include the removal of legacy pipeline configurations, the addition of a new unified build pipeline, and updates to dependency management.