From 512bea3f46d1bc7d24ca676079a43e3853dfa32e Mon Sep 17 00:00:00 2001 From: Dmitrii Korolev Date: Thu, 8 May 2025 17:26:26 +0200 Subject: [PATCH 1/8] fix --- .azure/pipelines/templates/build.yaml | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/.azure/pipelines/templates/build.yaml b/.azure/pipelines/templates/build.yaml index 7aacb7e0ebf..c68033788e4 100644 --- a/.azure/pipelines/templates/build.yaml +++ b/.azure/pipelines/templates/build.yaml @@ -54,17 +54,18 @@ parameters: jobs: # Approval needed for publishing to nuget.org -- ${{ if and(eq(parameters.codesign, true), eq(parameters.publish_nuget, true)) }}: - - job: PreDeploymentApprovalJob - displayName: Pre-Deployment Approval - condition: succeeded() - timeoutInMinutes: 2880 - pool: server - steps: - - task: ManualValidation@1 - inputs: - notifyUsers: ${{ variables.notifyUsers }} - approvers: ${{ variables.approvers }} +- job: PreDeploymentApprovalJob + displayName: Pre-Deployment Approval + timeoutInMinutes: 2880 + pool: server + steps: + - ${{ if and(eq(parameters.codesign, true), eq(parameters.publish_nuget, true)) }}: + - task: ManualValidation@1 + inputs: + notifyUsers: ${{ variables.notifyUsers }} + approvers: ${{ variables.approvers }} + - ${{ if not(and(eq(parameters.codesign, true), eq(parameters.publish_nuget, true))) }}: + - script: echo "No approval required. Skipping manual validation." # Build, sign dlls, build nuget pkgs, then sign them - job: Build @@ -237,4 +238,4 @@ jobs: inputs: Contents: '**\*.dmp' TargetFolder: '$(Build.ArtifactStagingDirectory)/test_outputs_${{category}}_${{framework}}_$(Build.BuildId)' - OverWrite: true \ No newline at end of file + OverWrite: true From d88427c90ece9eb5cc2d7ec5d5e816fac97a6384 Mon Sep 17 00:00:00 2001 From: Dmitrii Korolev Date: Thu, 8 May 2025 17:30:23 +0200 Subject: [PATCH 2/8] try powershell? --- .azure/pipelines/templates/build.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.azure/pipelines/templates/build.yaml b/.azure/pipelines/templates/build.yaml index c68033788e4..b083b661bc0 100644 --- a/.azure/pipelines/templates/build.yaml +++ b/.azure/pipelines/templates/build.yaml @@ -65,7 +65,11 @@ jobs: notifyUsers: ${{ variables.notifyUsers }} approvers: ${{ variables.approvers }} - ${{ if not(and(eq(parameters.codesign, true), eq(parameters.publish_nuget, true))) }}: - - script: echo "No approval required. Skipping manual validation." + - task: PowerShell@2 + inputs: + targetType: 'inline' + script: | + Write-Host "No approval required. Skipping manual validation." # Build, sign dlls, build nuget pkgs, then sign them - job: Build From adb51325fd6a9244cd9a1bfaf1c26775c0774497 Mon Sep 17 00:00:00 2001 From: Dmitrii Korolev Date: Thu, 8 May 2025 17:33:30 +0200 Subject: [PATCH 3/8] ugly fix --- .azure/pipelines/templates/build.yaml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/.azure/pipelines/templates/build.yaml b/.azure/pipelines/templates/build.yaml index b083b661bc0..fa2cb50cd9b 100644 --- a/.azure/pipelines/templates/build.yaml +++ b/.azure/pipelines/templates/build.yaml @@ -65,11 +65,13 @@ jobs: notifyUsers: ${{ variables.notifyUsers }} approvers: ${{ variables.approvers }} - ${{ if not(and(eq(parameters.codesign, true), eq(parameters.publish_nuget, true))) }}: - - task: PowerShell@2 + - task: AzureCLI@2 inputs: - targetType: 'inline' - script: | - Write-Host "No approval required. Skipping manual validation." + azureSubscription: 'dummy' + scriptType: 'bash' + scriptLocation: 'inlineScript' + inlineScript: | + echo "No approval required. Skipping manual validation." # Build, sign dlls, build nuget pkgs, then sign them - job: Build From 50ecacb29b055f26201682001ed11d6d93c094ff Mon Sep 17 00:00:00 2001 From: Dmitrii Korolev Date: Thu, 8 May 2025 17:35:03 +0200 Subject: [PATCH 4/8] test --- .azure/pipelines/templates/build.yaml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/.azure/pipelines/templates/build.yaml b/.azure/pipelines/templates/build.yaml index fa2cb50cd9b..76a8a04a3f4 100644 --- a/.azure/pipelines/templates/build.yaml +++ b/.azure/pipelines/templates/build.yaml @@ -65,13 +65,9 @@ jobs: notifyUsers: ${{ variables.notifyUsers }} approvers: ${{ variables.approvers }} - ${{ if not(and(eq(parameters.codesign, true), eq(parameters.publish_nuget, true))) }}: - - task: AzureCLI@2 - inputs: - azureSubscription: 'dummy' - scriptType: 'bash' - scriptLocation: 'inlineScript' - inlineScript: | - echo "No approval required. Skipping manual validation." + - script: "echo ##vso[build.addbuildtag]CodeQL3000" + displayName: 'Set CI CodeQL3000 tag' + condition: ne(variables.CODEQL_DIST,'') # Build, sign dlls, build nuget pkgs, then sign them - job: Build From 6fb18c4bbc1f1fbb6fcf9a2298c6faca0f9e9acd Mon Sep 17 00:00:00 2001 From: Dmitrii Korolev Date: Thu, 8 May 2025 17:37:44 +0200 Subject: [PATCH 5/8] try? --- .azure/pipelines/templates/build.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.azure/pipelines/templates/build.yaml b/.azure/pipelines/templates/build.yaml index 76a8a04a3f4..666953d8fd4 100644 --- a/.azure/pipelines/templates/build.yaml +++ b/.azure/pipelines/templates/build.yaml @@ -65,9 +65,7 @@ jobs: notifyUsers: ${{ variables.notifyUsers }} approvers: ${{ variables.approvers }} - ${{ if not(and(eq(parameters.codesign, true), eq(parameters.publish_nuget, true))) }}: - - script: "echo ##vso[build.addbuildtag]CodeQL3000" - displayName: 'Set CI CodeQL3000 tag' - condition: ne(variables.CODEQL_DIST,'') + - checkout: self # Build, sign dlls, build nuget pkgs, then sign them - job: Build From b3a22efcbe4da7d15a06c1c92c603e8bc272f5ea Mon Sep 17 00:00:00 2001 From: Dmitrii Korolev Date: Thu, 8 May 2025 17:39:10 +0200 Subject: [PATCH 6/8] if not server:pool --- .azure/pipelines/templates/build.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.azure/pipelines/templates/build.yaml b/.azure/pipelines/templates/build.yaml index 666953d8fd4..5e075ce2c24 100644 --- a/.azure/pipelines/templates/build.yaml +++ b/.azure/pipelines/templates/build.yaml @@ -57,7 +57,6 @@ jobs: - job: PreDeploymentApprovalJob displayName: Pre-Deployment Approval timeoutInMinutes: 2880 - pool: server steps: - ${{ if and(eq(parameters.codesign, true), eq(parameters.publish_nuget, true)) }}: - task: ManualValidation@1 @@ -65,7 +64,7 @@ jobs: notifyUsers: ${{ variables.notifyUsers }} approvers: ${{ variables.approvers }} - ${{ if not(and(eq(parameters.codesign, true), eq(parameters.publish_nuget, true))) }}: - - checkout: self + - script: echo "Skipping pre-deployment approval" # Build, sign dlls, build nuget pkgs, then sign them - job: Build From a5d9dcf6503f86510493c2f4f348a57397be98a0 Mon Sep 17 00:00:00 2001 From: Dmitrii Korolev Date: Thu, 8 May 2025 17:44:20 +0200 Subject: [PATCH 7/8] run approval agentlessly --- .azure/pipelines/templates/build.yaml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.azure/pipelines/templates/build.yaml b/.azure/pipelines/templates/build.yaml index 5e075ce2c24..4e201f6a15b 100644 --- a/.azure/pipelines/templates/build.yaml +++ b/.azure/pipelines/templates/build.yaml @@ -50,6 +50,10 @@ parameters: default: false displayName: Run CodeQL3000 tasks type: boolean + - name: isApprovalRequired + type: boolean + default: ${{ and(eq(parameters.codesign, true), eq(parameters.publish_nuget, true)) }} + jobs: @@ -57,13 +61,15 @@ jobs: - job: PreDeploymentApprovalJob displayName: Pre-Deployment Approval timeoutInMinutes: 2880 + ${{ if eq(parameters.isApprovalRequired, true) }}: + pool: server steps: - - ${{ if and(eq(parameters.codesign, true), eq(parameters.publish_nuget, true)) }}: + - ${{ if eq(parameters.isApprovalRequired, true) }}: - task: ManualValidation@1 inputs: notifyUsers: ${{ variables.notifyUsers }} approvers: ${{ variables.approvers }} - - ${{ if not(and(eq(parameters.codesign, true), eq(parameters.publish_nuget, true))) }}: + - ${{ if eq(parameters.isApprovalRequired, false) }}: - script: echo "Skipping pre-deployment approval" # Build, sign dlls, build nuget pkgs, then sign them From 4b7bcaa4cfde730d399da681316d543f76a903dc Mon Sep 17 00:00:00 2001 From: Dmitrii Korolev Date: Thu, 8 May 2025 17:47:08 +0200 Subject: [PATCH 8/8] fix fix --- .azure/pipelines/templates/build.yaml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/.azure/pipelines/templates/build.yaml b/.azure/pipelines/templates/build.yaml index 4e201f6a15b..cc443ddb24f 100644 --- a/.azure/pipelines/templates/build.yaml +++ b/.azure/pipelines/templates/build.yaml @@ -50,9 +50,6 @@ parameters: default: false displayName: Run CodeQL3000 tasks type: boolean - - name: isApprovalRequired - type: boolean - default: ${{ and(eq(parameters.codesign, true), eq(parameters.publish_nuget, true)) }} jobs: @@ -61,15 +58,15 @@ jobs: - job: PreDeploymentApprovalJob displayName: Pre-Deployment Approval timeoutInMinutes: 2880 - ${{ if eq(parameters.isApprovalRequired, true) }}: + ${{ if and(eq(parameters.codesign, true), eq(parameters.publish_nuget, true)) }}: pool: server steps: - - ${{ if eq(parameters.isApprovalRequired, true) }}: + - ${{ if and(eq(parameters.codesign, true), eq(parameters.publish_nuget, true)) }}: - task: ManualValidation@1 inputs: notifyUsers: ${{ variables.notifyUsers }} approvers: ${{ variables.approvers }} - - ${{ if eq(parameters.isApprovalRequired, false) }}: + - ${{ if not(and(eq(parameters.codesign, true), eq(parameters.publish_nuget, true))) }}: - script: echo "Skipping pre-deployment approval" # Build, sign dlls, build nuget pkgs, then sign them