Sync eng/common directory with azure-sdk-tools for PR 8388 (Azure#44448)

* Removal of the devops release PAT

* Don't pass in the access token, just use the AzureCLI task and do everything in the scripts

* Updates for feedback

---------

Co-authored-by: James Suplizio <[email protected]>

Author: azure-sdk

eng/common/pipelines/templates/steps/validate-all-packages.yml

@@ -10,20 +10,21 @@ steps:
       displayName: "Set as release build"
       condition: and(succeeded(), eq(variables['SetAsReleaseBuild'], ''))
 
-    - task: Powershell@2
+    - task: AzureCLI@2
       inputs:
-        filePath: $(Build.SourcesDirectory)/eng/common/scripts/Validate-All-Packages.ps1
-        arguments: >
-          -ArtifactList ('${{ convertToJson(parameters.Artifacts) }}' | ConvertFrom-Json | Select-Object Name)
-          -ArtifactPath ${{ parameters.ArtifactPath }}
-          -RepoRoot $(Build.SourcesDirectory)
-          -APIKey $(azuresdk-apiview-apikey)
-          -ConfigFileDir '${{ parameters.ConfigFileDir }}'
-          -BuildDefinition $(System.CollectionUri)$(System.TeamProject)/_build?definitionId=$(System.DefinitionId)
-          -PipelineUrl $(System.CollectionUri)$(System.TeamProject)/_build/results?buildId=$(Build.BuildId)
-          -Devops_pat '$(azuresdk-azure-sdk-devops-release-work-item-pat)'
-          -IsReleaseBuild $$(SetAsReleaseBuild)
-        pwsh: true
+        azureSubscription: opensource-api-connection
+        scriptType: pscore
+        scriptLocation: inlineScript
+        inlineScript: |
+          $(Build.SourcesDirectory)/eng/common/scripts/Validate-All-Packages.ps1 `
+            -ArtifactList ('${{ convertToJson(parameters.Artifacts) }}' | ConvertFrom-Json | Select-Object Name) `
+            -ArtifactPath ${{ parameters.ArtifactPath }} `
+            -RepoRoot $(Build.SourcesDirectory) `
+            -APIKey $(azuresdk-apiview-apikey) `
+            -ConfigFileDir '${{ parameters.ConfigFileDir }}' `
+            -BuildDefinition $(System.CollectionUri)$(System.TeamProject)/_build?definitionId=$(System.DefinitionId) `
+            -PipelineUrl $(System.CollectionUri)$(System.TeamProject)/_build/results?buildId=$(Build.BuildId) `
+            -IsReleaseBuild $$(SetAsReleaseBuild)
         workingDirectory: $(Pipeline.Workspace)
       displayName: Validate packages and update work items
       continueOnError: true

eng/common/scripts/Helpers/DevOps-WorkItem-Helpers.ps1

@@ -5,19 +5,15 @@ $ReleaseDevOpsCommonParametersWithProject = $ReleaseDevOpsCommonParameters + @("
 
 function Get-DevOpsRestHeaders()
 {
-  $headers = $null
-  if (Get-Variable -Name "devops_pat" -ValueOnly -ErrorAction "Ignore")
-  {
-    $encodedToken = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes([string]::Format("{0}:{1}", "", $devops_pat)))
-    $headers = @{ Authorization = "Basic $encodedToken" }
-  }
-  else
-  {
-    # Get a temp access token from the logged in az cli user for azure devops resource
-    $jwt_accessToken = (az account get-access-token --resource "499b84ac-1321-427f-aa17-267ca6975798" --query "accessToken" --output tsv)
-    $headers = @{ Authorization = "Bearer $jwt_accessToken" }
+  # Get a temp access token from the logged in az cli user for azure devops resource
+  $headerAccessToken = (az account get-access-token --resource "499b84ac-1321-427f-aa17-267ca6975798" --query "accessToken" --output tsv)
+
+  if ([System.String]::IsNullOrEmpty($headerAccessToken)) {
+    throw "Unable to create the DevOpsRestHeader due to access token being null or empty. The caller needs to be logged in with az login to an account with enough permissions to edit work items in the azure-sdk Release team project."
   }
 
+  $headers = @{ Authorization = "Bearer $headerAccessToken" }
+
   return $headers
 }
 
@@ -103,15 +99,6 @@ function Invoke-Query($fields, $wiql, $output = $true)
   return $workItems
 }
 
-function LoginToAzureDevops([string]$devops_pat)
-{
-  if (!$devops_pat) {
-    return
-  }
-  # based on the docs at https://aka.ms/azure-devops-cli-auth the recommendation is to set this env variable to login
-  $env:AZURE_DEVOPS_EXT_PAT = $devops_pat
-}
-
 function BuildHashKeyNoNull()
 {
   $filterNulls = $args | Where-Object { $_ }
@@ -374,7 +361,7 @@ function CreateWorkItem($title, $type, $iteration, $area, $fields, $assignedTo,
   {
     CreateWorkItemRelation $workItemId $parentId "parent" $outputCommand
   }
-  
+
   # Add a work item as related if given.
   if ($relatedId)
   {

eng/common/scripts/Update-DevOps-Release-WorkItem.ps1

@@ -15,7 +15,6 @@ param(
   [string]$packageNewLibrary = "true",
   [string]$relatedWorkItemId = $null,
   [string]$tag = $null,
-  [string]$devops_pat = $env:DEVOPS_PAT,
   [bool]$inRelease = $true
 )
 #Requires -Version 6.0
@@ -29,16 +28,10 @@ if (!(Get-Command az -ErrorAction SilentlyContinue)) {
 . (Join-Path $PSScriptRoot SemVer.ps1)
 . (Join-Path $PSScriptRoot Helpers DevOps-WorkItem-Helpers.ps1)
 
-if (!$devops_pat) {
-  az account show *> $null
-  if (!$?) {
-    Write-Host 'Running az login...'
-    az login *> $null
-  }
-}
-else {
-  # Login using PAT
-  LoginToAzureDevops $devops_pat
+az account show *> $null
+if (!$?) {
+  Write-Host 'Running az login...'
+  az login *> $null
 }
 
 az extension show -n azure-devops *> $null

eng/common/scripts/Validate-All-Packages.ps1

@@ -12,7 +12,6 @@ Param (
   [string]$BuildDefinition,
   [string]$PipelineUrl,
   [string]$APIViewUri  = "https://apiview.dev/AutoReview/GetReviewStatus",
-  [string]$Devops_pat = $env:DEVOPS_PAT,
   [bool] $IsReleaseBuild = $false
 )
 
@@ -33,8 +32,7 @@ function ProcessPackage($PackageName, $ConfigFileDir)
         -APIKey $APIKey `
         -BuildDefinition $BuildDefinition `
         -PipelineUrl $PipelineUrl `
-        -ConfigFileDir $ConfigFileDir `
-        -Devops_pat $Devops_pat
+        -ConfigFileDir $ConfigFileDir
     if ($LASTEXITCODE -ne 0) {
         Write-Error "Failed to validate package $PackageName"
         exit 1

eng/common/scripts/Validate-Package.ps1

@@ -2,20 +2,19 @@
 
 [CmdletBinding()]
 param (
-  [Parameter(Mandatory = $true)]  
+  [Parameter(Mandatory = $true)]
   [string] $PackageName,
-  [Parameter(Mandatory = $true)] 
+  [Parameter(Mandatory = $true)]
   [string] $ArtifactPath,
   [Parameter(Mandatory=$True)]
   [string] $RepoRoot,
   [Parameter(Mandatory=$True)]
-  [string] $APIKey,  
+  [string] $APIKey,
   [Parameter(Mandatory=$True)]
   [string] $ConfigFileDir,
   [string] $BuildDefinition,
   [string] $PipelineUrl,
   [string] $APIViewUri,
-  [string] $Devops_pat = $env:DEVOPS_PAT,
   [bool] $IsReleaseBuild = $false
 )
 Set-StrictMode -Version 3
@@ -24,16 +23,10 @@ Set-StrictMode -Version 3
 . ${PSScriptRoot}\Helpers\ApiView-Helpers.ps1
 . ${PSScriptRoot}\Helpers\DevOps-WorkItem-Helpers.ps1
 
-if (!$Devops_pat) {
-  az account show *> $null
-  if (!$?) {
-    Write-Host 'Running az login...'
-    az login *> $null
-  }
-}
-else {
-  # Login using PAT
-  LoginToAzureDevops $Devops_pat
+az account show *> $null
+if (!$?) {
+  Write-Host 'Running az login...'
+  az login *> $null
 }
 
 az extension show -n azure-devops *> $null
@@ -57,12 +50,12 @@ function ValidateChangeLog($changeLogPath, $versionString, $validationStatus)
             Message = ""
         }
         $changeLogFullPath = Join-Path $RepoRoot $changeLogPath
-        Write-Host "Path to change log: [$changeLogFullPath]"        
+        Write-Host "Path to change log: [$changeLogFullPath]"
         if (Test-Path $changeLogFullPath)
         {
             Confirm-ChangeLogEntry -ChangeLogLocation $changeLogFullPath -VersionString $versionString -ForRelease $true -ChangeLogStatus $ChangeLogStatus -SuppressErrors $true
             $validationStatus.Status = if ($ChangeLogStatus.IsValid) { "Success" } else { "Failed" }
-            $validationStatus.Message = $ChangeLogStatus.Message 
+            $validationStatus.Message = $ChangeLogStatus.Message
         }
         else {
             $validationStatus.Status = "Failed"
@@ -83,7 +76,7 @@ function VerifyAPIReview($packageName, $packageVersion, $language)
     $APIReviewValidation = [PSCustomObject]@{
         Name = "API Review Approval"
         Status = "Pending"
-        Message = ""    
+        Message = ""
     }
     $PackageNameValidation = [PSCustomObject]@{
         Name = "Package Name Approval"
@@ -101,7 +94,7 @@ function VerifyAPIReview($packageName, $packageVersion, $language)
             IsApproved = $false
             Details = ""
         }
-        Write-Host "Checking API review status for package $packageName with version $packageVersion. language [$language]." 
+        Write-Host "Checking API review status for package $packageName with version $packageVersion. language [$language]."
         Check-ApiReviewStatus $packageName $packageVersion $language $APIViewUri $APIKey $apiStatus $packageNameStatus
 
         Write-Host "API review approval details: $($apiStatus.Details)"
@@ -132,14 +125,14 @@ function VerifyAPIReview($packageName, $packageVersion, $language)
 
 function IsVersionShipped($packageName, $packageVersion)
 {
-    # This function will decide if a package version is already shipped or not  
+    # This function will decide if a package version is already shipped or not
     Write-Host "Checking if a version is already shipped for package $packageName with version $packageVersion."
     $parsedNewVersion = [AzureEngSemanticVersion]::new($packageVersion)
     $versionMajorMinor = "" + $parsedNewVersion.Major + "." + $parsedNewVersion.Minor
     $workItem = FindPackageWorkItem -lang $LanguageDisplayName -packageName $packageName -version $versionMajorMinor -includeClosed $true -outputCommand $false
     if ($workItem)
     {
-        # Check if the package version is already shipped    
+        # Check if the package version is already shipped
         $shippedVersionSet = ParseVersionSetFromMDField $workItem.fields["Custom.ShippedPackages"]
         if ($shippedVersionSet.ContainsKey($packageVersion)) {
             return $true
@@ -163,8 +156,8 @@ function CreateUpdatePackageWorkItem($pkgInfo)
         $setReleaseState = $false
         $plannedDate = "unknown"
     }
-        
-    # Create or update package work item  
+
+    # Create or update package work item
     &$EngCommonScriptsDir/Update-DevOps-Release-WorkItem.ps1 `
         -language $LanguageDisplayName `
         -packageName $packageName `
@@ -175,9 +168,8 @@ function CreateUpdatePackageWorkItem($pkgInfo)
         -packageNewLibrary $pkgInfo.IsNewSDK `
         -serviceName "unknown" `
         -packageDisplayName "unknown" `
-        -inRelease $IsReleaseBuild `
-        -devops_pat $Devops_pat
-    
+        -inRelease $IsReleaseBuild
+
     if ($LASTEXITCODE -ne 0)
     {
         Write-Host "Update of the Devops Release WorkItem failed."
@@ -244,7 +236,7 @@ $updatedWi = CreateUpdatePackageWorkItem $pkgInfo
 # Update validation status in package work item
 if ($updatedWi) {
     Write-Host "Updating validation status in package work item."
-    $updatedWi = UpdateValidationStatus $pkgValidationDetails $BuildDefinition $PipelineUrl    
+    $updatedWi = UpdateValidationStatus $pkgValidationDetails $BuildDefinition $PipelineUrl
 }
 
 # Fail the build if any validation is not successful for a release build
@@ -254,7 +246,7 @@ Write-Host "Package Name status:" $apireviewDetails.PackageNameApproval.Status
 
 if ($IsReleaseBuild)
 {
-    if (!$updatedWi -or $changelogStatus.Status -ne "Success" -or $apireviewDetails.ApiviewApproval.Status -ne "Approved" -or $apireviewDetails.PackageNameApproval.Status -ne "Approved") {        
+    if (!$updatedWi -or $changelogStatus.Status -ne "Success" -or $apireviewDetails.ApiviewApproval.Status -ne "Approved" -or $apireviewDetails.PackageNameApproval.Status -ne "Approved") {
         Write-Error "At least one of the Validations above failed for package $pkgName with version $versionString."
         exit 1
     }