Skip to content

Split PR pipeline into independent net8 stages; add MI E2E stage on MSALMSIV2#3933

Merged
iarekk merged 2 commits into
masterfrom
iarekk/mi-e2e-msalmsiv2-stages
Jul 9, 2026
Merged

Split PR pipeline into independent net8 stages; add MI E2E stage on MSALMSIV2#3933
iarekk merged 2 commits into
masterfrom
iarekk/mi-e2e-msalmsiv2-stages

Conversation

@iarekk

@iarekk iarekk commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Split the PR pipeline (azure-pipelines.yml) from a single job into independent stages so suites that only need .NET 8 no longer wait on the full multi-TFM build.

Stages

  • Build (critical path) — full multi-TFM build + unit tests. The unit project targets net462/net472 (via Directory.Build.props), so it needs the complete build.
  • IntegrationTests (dependsOn: []) — builds only the integration project (net8.0).
  • E2ETests (dependsOn: []) — builds only WebAppUiTests + TokenAcquirerTests (net8.0); runs browser/host E2E excluding Category=MI_E2E.
  • ManagedIdentityE2E (dependsOn: []) — runs Category=MI_E2E on the MSALMSIV2 VM pool (needs a VM with an assigned MI/IMDS). UAMI client id updated to the one assigned on that pool.

Other

  • Test steps split into granular templates; template-run-unit-tests.yaml kept as an aggregator so the release build is unchanged.
  • Added template-build-test-project.yaml (single-project net8.0 build) and template-run-managed-identity-e2e-tests.yaml.

Verified locally: all four target projects build net8.0; pipeline YAML parses.

iarekk and others added 2 commits July 9, 2026 18:02
…SALMSIV2

Build (full multi-TFM + unit tests) stays critical path; IntegrationTests,
E2ETests (non-MI) and ManagedIdentityE2E run independently (dependsOn: []).
MI tests run on the MSALMSIV2 VM pool with its assigned UAMI.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The MI stage only installed .NET 8, but global.json pins SDK 10.0.x, so
dotnet restore failed with 'A compatible .NET SDK was not found'. Add
UseDotNet useGlobalJson:true (keeping 8.0.x for the net8.0 test runtime).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@iarekk
iarekk marked this pull request as ready for review July 9, 2026 17:27
@iarekk
iarekk requested a review from a team as a code owner July 9, 2026 17:27
@iarekk
iarekk merged commit 01076c1 into master Jul 9, 2026
11 checks passed
@iarekk
iarekk deleted the iarekk/mi-e2e-msalmsiv2-stages branch July 9, 2026 17:55
gladjohn added a commit that referenced this pull request Jul 9, 2026
Copilot AI added a commit that referenced this pull request Jul 9, 2026
…est template, original MI client ID; delete 5 added template files
gladjohn pushed a commit that referenced this pull request Jul 9, 2026
* Initial plan

* Revert PRs #3933 and #3934: restore single-job pipeline, aggregated test template, original MI client ID; delete 5 added template files

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
iarekk added a commit that referenced this pull request Jul 10, 2026
iarekk added a commit that referenced this pull request Jul 10, 2026
Restores the 4-stage PR pipeline and extra unit-test coverage from
#3933/#3934 (reverted in #3936), with two fixes so the managed-identity
E2E test runs on every pool that consumes these tests:

- TokenAcquirer MI test now reads the UAMI client id from
  IDWEB_MI_UAMI_CLIENTID, falling back to the Msal_Integration_tests
  identity (45344e7d) assigned to the Wilson pool used by the
  id4s-official pipeline. That pipeline needs no changes.
- template-run-managed-identity-e2e-tests.yaml sets IDWEB_MI_UAMI_CLIENTID
  to the msiv2uami identity (6325cd32) assigned to the MSALMSIV2 pool,
  so the Id.Web PR pipeline and IdWeb OneBranch official MI job use it.

Also re-adds the net462/net472 dotnet test steps that VSTest@2 cannot
discover on hosted agents.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
iarekk added a commit that referenced this pull request Jul 10, 2026
iarekk added a commit that referenced this pull request Jul 10, 2026
Restores the 4-stage PR pipeline and extra unit-test coverage from
#3933/#3934 (reverted in #3936), with two fixes so the managed-identity
E2E test runs on every pool that consumes these tests:

- TokenAcquirer MI test now reads the UAMI client id from
  IDWEB_MI_UAMI_CLIENTID, falling back to the Msal_Integration_tests
  identity (45344e7d) assigned to the Wilson pool used by the
  id4s-official pipeline. That pipeline needs no changes.
- template-run-managed-identity-e2e-tests.yaml sets IDWEB_MI_UAMI_CLIENTID
  to the msiv2uami identity (6325cd32) assigned to the MSALMSIV2 pool,
  so the Id.Web PR pipeline and IdWeb OneBranch official MI job use it.

Also re-adds the net472 dotnet test step that VSTest@2 cannot discover
on hosted agents.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
github-actions Bot pushed a commit to EelcoLos/nx-tinkering that referenced this pull request Jul 14, 2026
Updated
[Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web)
from 4.12.2 to 4.13.0.

<details>
<summary>Release notes</summary>

_Sourced from [Microsoft.Identity.Web's
releases](https://github.com/AzureAD/microsoft-identity-web/releases)._

## 4.13.0

## What's Changed
* Categorize managed-identity E2E tests and exclude them from the PR
build by @​iarekk in
AzureAD/microsoft-identity-web#3923
* Add more tests for TokenAcquisitionMetadata.ExpiresOn from
AuthenticationResult by @​neha-bhargava in
AzureAD/microsoft-identity-web#3904
* Test: consolidate MI E2E test onto shared Msal_Integration_tests UAMI
by @​RyAuld in
AzureAD/microsoft-identity-web#3926
* docs: Credential architecture internals documentation by @​gladjohn in
AzureAD/microsoft-identity-web#3886
* Potential fix for code scanning alert no. 35: Missing cross-site
request forgery token validation by @​gladjohn in
AzureAD/microsoft-identity-web#3929
* Register IAuthorizationHeaderProvider2 in DI by @​neha-bhargava in
AzureAD/microsoft-identity-web#3927
* Bump Microsoft.Identity.Client to 4.86.0 by @​neha-bhargava in
AzureAD/microsoft-identity-web#3931
* Split PR pipeline into independent net8 stages; add MI E2E stage on
MSALMSIV2 by @​iarekk in
AzureAD/microsoft-identity-web#3933
* Run missing unit test projects in the ADO PR build by @​iarekk in
AzureAD/microsoft-identity-web#3934
* Revert PRs #​3933 and #​3934: restore single-job PR pipeline by
@​gladjohn with @​Copilot in
AzureAD/microsoft-identity-web#3936


**Full Changelog**:
AzureAD/microsoft-identity-web@4.12.2...4.13.0

Commits viewable in [compare
view](AzureAD/microsoft-identity-web@4.12.2...4.13.0).
</details>

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.Identity.Web&package-manager=nuget&previous-version=4.12.2&new-version=4.13.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Eelco Los <5102501+EelcoLos@users.noreply.github.com>
This was referenced Jul 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants