Skip to content

Utilize a separate pipeline for release tasks #2515

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nagilson merged 34 commits into from
Jan 9, 2026
Merged

Utilize a separate pipeline for release tasks #2515

nagilson merged 34 commits into from
Jan 9, 2026

Conversation

@nagilson
Copy link
Member

@nagilson nagilson commented Dec 4, 2025
edited
Loading

Succeeds #2411

To migrate to a standardized deployment approach, we'd like to move away from the legacy Azure DevOps release mechanisms. The best way I've seen to do that is to have a separate release pipeline which handles only release activities - the release pipeline must be quite restricted which causes issues even trying to run our security scanners and compliance tools such as SBOM, so trying to create a deployment off our existing pipeline served challenging.

This approach is based off of the vscode-csharp release pipeline. https://github.com/dotnet/vscode-csharp/blob/main/azure-pipelines/release.yml

An example run is here: https://dev.azure.com/dnceng/internal/_build/results?buildId=2858298&view=results

Other updates to make this work:

  • Signing is not done on non-CI workflows by default, so we don't run into failures trying to pack when I run test pipeline runs in internal
  • We print the pipeline workspace since it's the standard approach for staging deployment artifacts
  • We pass the artifacts and package lock files to enable npm ci install of vsce. This is because we are blocked from installing updates in a ci machine so it would fail anytime a package sub dependency got an update (which happens nearly daily)
  • updates get version logic and other logic to work in a new deployment scenario
  • verifies PAT token
  • removes custom SBOM logic as SBOM no longer fails as it used to

Thank you to @/joerobich who was very helpful in explaining the vscode-csharp-release structure.

nagilson
nagilson commented Dec 4, 2025
View reviewed changes
@nagilson nagilson mentioned this pull request Dec 4, 2025
Closed
nagilson added 21 commits December 4, 2025 11:52
@nagilson
Fix Pipeline
61d8987
@nagilson
correctly check bool value
3db9861
@nagilson
fix folder location
5b2d054
@nagilson
properly use @self
9d5b10f
@nagilson
Merge remote-tracking branch 'upstream/main' into nagilson-separate-p…
719c36a 
…ipeline-for-pub
@nagilson
fix artifact name
6c0039b
@nagilson
consume SBOM artifact
d3bce10
@nagilson
Fix Pipeline
18dc1ce
@nagilson
remove sbom disable logic - see if it works by default now
143d1a3
@nagilson
insert sbom into _manifest folder
6d42a37
@nagilson
signing should be conditional to prevent failures from trying to sign…
452e9fb 
… on manual run
@nagilson
simplify artifact, sbom is now automatic
b6bc1e2
@nagilson
get version from the artifact
357e656
@nagilson
fix ? version directory
283f93d
@nagilson
checkout self for package to make ci work
af472e4
@nagilson
try global install
bf9abc4
@nagilson
rely on win
5197cfc
@nagilson
fix pool
cd52562
@nagilson
try to get the package lock files as an artifact
ddd0f98
@nagilson
don't create a separate 'signed' package
b9677a9 
the 'signed' package is already created and overrides the unsigned one.
@nagilson
Actually do the publish step now
b17ea7c 
default test to true so we dont accidentally ship
@nagilson nagilson marked this pull request as ready for review December 10, 2025 17:50
@nagilson nagilson requested a review from a team December 10, 2025 17:55
MiYanni
MiYanni approved these changes Dec 11, 2025
View reviewed changes
jaredpar
jaredpar reviewed Jan 7, 2026
View reviewed changes
@nagilson
Throw on error with powershell inline script to prevent bad continue
a15495f 
I believe we would fail when trying to expand .version out, but this is a cleaner approach.

I've also adjusted the call to vsce to expand arguments properly and suppressed a linter issue that surfaced when pinning the linter version - in which the linter is not quite aware that we are running a Promise<R> returning function
@nagilson
Fix Linting Rule
851685e 
See comment 'await must be used to make the linter allow f to be async, which it must be' above, which elaborates on why the lint rule does not apply to this unusual context of passing an async function object
@nagilson
'test' parameter evaluation should use -eq
9dc717f
@nagilson
Add back publish step
d0c08de
@nagilson nagilson requested a review from MiYanni January 8, 2026 23:53
@nagilson nagilson merged commit f288733 into dotnet:main Jan 9, 2026
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MiYanni MiYanni MiYanni approved these changes

+1 more reviewer

@jaredpar jaredpar jaredpar left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nagilson @jaredpar @MiYanni