From 9a0623af330451b20dca6162a3127dedb8ea35e4 Mon Sep 17 00:00:00 2001 From: "Brandon Waterloo [MSFT]" <36966225+bwateratmsft@users.noreply.github.com> Date: Thu, 29 Jan 2026 11:39:17 -0500 Subject: [PATCH 1/2] Try new pipelines --- .../compliance/CredScanSuppressions.json | 10 --- .../compliance/PoliCheckExclusions.xml | 11 ---- .azure-pipelines/release-npm.yml | 42 ------------ .../1esmain.yml => .config/build.yml | 66 +++++++++---------- .config/release.yml | 51 ++++++++++++++ .../compliance => .config}/tsaoptions.json | 28 ++++---- 6 files changed, 95 insertions(+), 113 deletions(-) delete mode 100644 .azure-pipelines/compliance/CredScanSuppressions.json delete mode 100644 .azure-pipelines/compliance/PoliCheckExclusions.xml delete mode 100644 .azure-pipelines/release-npm.yml rename .azure-pipelines/1esmain.yml => .config/build.yml (62%) create mode 100644 .config/release.yml rename {.azure-pipelines/compliance => .config}/tsaoptions.json (96%) diff --git a/.azure-pipelines/compliance/CredScanSuppressions.json b/.azure-pipelines/compliance/CredScanSuppressions.json deleted file mode 100644 index a04c7ae3..00000000 --- a/.azure-pipelines/compliance/CredScanSuppressions.json +++ /dev/null @@ -1,10 +0,0 @@ -// More info at https://eng.ms/docs/microsoft-security/security/azure-security/cloudai-security-fundamentals-engineering/cred-bot-trinity/credential-risk-exposure-defense/troubleshoot_guides/local-suppressions -{ - "tool": "Credential Scanner", - "suppressions": [ - { - "hash": "w/yYaqoTFu/NCkKHDlTys3CUaiD1oUfPeYtWpI04Bws=", - "_justification": "This code is adding an auth header to a request, it is not a secret." - } - ] -} diff --git a/.azure-pipelines/compliance/PoliCheckExclusions.xml b/.azure-pipelines/compliance/PoliCheckExclusions.xml deleted file mode 100644 index 564475e2..00000000 --- a/.azure-pipelines/compliance/PoliCheckExclusions.xml +++ /dev/null @@ -1,11 +0,0 @@ - - - - NODE_MODULES|BACKUPTEMPLATES|.VSCODE-TEST|DIST - - - - - - NOTICE.HTML - diff --git a/.azure-pipelines/release-npm.yml b/.azure-pipelines/release-npm.yml deleted file mode 100644 index d3c2a735..00000000 --- a/.azure-pipelines/release-npm.yml +++ /dev/null @@ -1,42 +0,0 @@ -trigger: none # Disable the branch trigger -pr: none # Disable PR trigger - -# Choose a package to publish at the time of job creation -parameters: - - name: packageToPublish - displayName: Package to Publish - type: string - values: - - microsoft-vscode-processutils - - microsoft-vscode-container-client - - microsoft-vscode-docker-registries - - microsoft-vscode-inproc-mcp - - name: publishVersion - displayName: Publish Version - type: string - - name: dryRun - displayName: Dry Run - type: boolean - default: false - -# Grab the base templates from https://github.com/microsoft/vscode-azuretools/tree/main/azure-pipelines -resources: - repositories: - - repository: templates - type: github - name: microsoft/vscode-azuretools - ref: main - endpoint: GitHub-AzureTools - pipelines: - - pipeline: build # This must be "build" - source: \Azure Tools\VSCode\Packages\vscode-docker-extensibility # name of the pipeline that produces the artifacts - -# Use those base templates -extends: - template: azure-pipelines/1es-release-npm.yml@templates - parameters: - packageToPublish: ${{ parameters.packageToPublish }} - publishVersion: ${{ parameters.publishVersion }} - dryRun: ${{ parameters.dryRun }} - OwnerAlias: "devinb" - ApproverAlias: "bwater" diff --git a/.azure-pipelines/1esmain.yml b/.config/build.yml similarity index 62% rename from .azure-pipelines/1esmain.yml rename to .config/build.yml index c8554075..0ab1d675 100644 --- a/.azure-pipelines/1esmain.yml +++ b/.config/build.yml @@ -1,36 +1,30 @@ -# Trigger the build whenever `main` or `rel/*` is updated -trigger: - - main - - rel/* - -# Disable PR trigger -pr: none - -# Scheduled nightly build of `main` -schedules: - - cron: "0 0 * * *" - displayName: Nightly scheduled build - always: false # Don't rebuild if there haven't been changes - branches: - include: - - main - -# `resources` specifies the location of templates to pick up, use it to get AzExt templates -resources: - repositories: - - repository: azExtTemplates - type: github - name: microsoft/vscode-azuretools - ref: main - endpoint: GitHub-AzureTools # The service connection to use when accessing this repository - -variables: - # Required by MicroBuild template - - name: TeamName - value: "Container Tools Team" - -# Use those templates -extends: - template: azure-pipelines/1esmain.yml@azExtTemplates - parameters: - enableSigning: false +# Trigger the build whenever `main` or `rel/*` is updated +trigger: + - main + - rel/* + +# Disable PR trigger +pr: none + +# Scheduled nightly build of `main` +schedules: + - cron: "0 0 * * *" + displayName: Nightly scheduled build + always: false # Don't rebuild if there haven't been changes + branches: + include: + - main + +resources: + repositories: + # Use the shared templates from microsoft/vscode-azuretools + - repository: azExtTemplates + type: github + name: microsoft/vscode-azuretools + ref: bmw/pipelinesv2_2 # TODO: update to final branch + endpoint: GitHub-AzureTools # The service connection to use when accessing this repository + +extends: + template: azdo-pipelines/1es-mb-main.yml@azExtTemplates # Use the main build template + parameters: + signType: none diff --git a/.config/release.yml b/.config/release.yml new file mode 100644 index 00000000..bf4ea52d --- /dev/null +++ b/.config/release.yml @@ -0,0 +1,51 @@ +# Only run this pipeline when manually triggered +trigger: none +pr: none + +parameters: + # Choose a package to publish at the time of job creation + - name: packageToPublish + displayName: Package to publish + type: string + values: + - microsoft-vscode-processutils + - microsoft-vscode-container-client + - microsoft-vscode-docker-registries + - microsoft-vscode-inproc-mcp + # The version to publish--used for ensuring the expected version is published + - name: publishVersion + displayName: Version to publish + type: string + # Whether to do a dry run (i.e., not actually publish) + - name: dryRun + displayName: Dry run + type: boolean + default: false + +resources: + pipelines: + # Reference the build pipeline to get the artifacts + - pipeline: build # This must be "build" + source: \Azure Tools\VSCode\Packages\vscode-docker-extensibility # Name of the pipeline that produces the artifacts + repositories: + # Use the shared templates from microsoft/vscode-azuretools + - repository: azExtTemplates + type: github + name: microsoft/vscode-azuretools + ref: bmw/pipelinesv2_2 # TODO: update to final branch + endpoint: GitHub-AzureTools # The service connection to use when accessing this repository + +variables: + # Pick up shared AZCode variables + - template: azdo-pipelines/azcode.variables.yml@azExtTemplates + +extends: + template: azdo-pipelines/1es-mb-release-npm.yml@azExtTemplates # Use the NPM release template + parameters: + packageToPublish: ${{ parameters.packageToPublish }} + publishVersion: ${{ parameters.publishVersion }} + dryRun: ${{ parameters.dryRun }} + ownerAliases: ${{ variables.npmReleaseOwnerAliases }} + approverAliases: ${{ variables.npmReleaseApproverAliases }} + gitHubServiceConnection: ${{ variables.gitHubServiceConnection }} + releaseApprovalEnvironment: VSCodeDockerExtensionPublish diff --git a/.azure-pipelines/compliance/tsaoptions.json b/.config/tsaoptions.json similarity index 96% rename from .azure-pipelines/compliance/tsaoptions.json rename to .config/tsaoptions.json index 30552aa5..c3df8067 100644 --- a/.azure-pipelines/compliance/tsaoptions.json +++ b/.config/tsaoptions.json @@ -1,14 +1,14 @@ -{ - "tsaVersion": "TsaV2", - "codeBase": "NewOrUpdate", - "codeBaseName": "vscode-docker-extensibility", - "tsaStamp": "DevDiv", - "notificationAliases": [ - "DockerToolsTeam@microsoft.com" - ], - "instanceUrl": "https://devdiv.visualstudio.com", - "projectName": "DevDiv", - "areaPath": "DevDiv\\VS Azure Tools\\Container Tools", - "iterationPath": "DevDiv", - "allTools": true -} +{ + "tsaVersion": "TsaV2", + "codeBase": "NewOrUpdate", + "codeBaseName": "vscode-docker-extensibility", + "tsaStamp": "DevDiv", + "notificationAliases": [ + "DockerToolsTeam@microsoft.com" + ], + "instanceUrl": "https://devdiv.visualstudio.com", + "projectName": "DevDiv", + "areaPath": "DevDiv\\VS Azure Tools\\Container Tools", + "iterationPath": "DevDiv", + "allTools": true +} From 16e7ce954b80e5fb9149ca52b2997b8469b2cc93 Mon Sep 17 00:00:00 2001 From: "Brandon Waterloo [MSFT]" <36966225+bwateratmsft@users.noreply.github.com> Date: Thu, 29 Jan 2026 16:03:44 -0500 Subject: [PATCH 2/2] `TeamName` var --- .config/build.yml | 4 ++++ .config/release.yml | 2 ++ 2 files changed, 6 insertions(+) diff --git a/.config/build.yml b/.config/build.yml index 0ab1d675..b89af2a8 100644 --- a/.config/build.yml +++ b/.config/build.yml @@ -24,6 +24,10 @@ resources: ref: bmw/pipelinesv2_2 # TODO: update to final branch endpoint: GitHub-AzureTools # The service connection to use when accessing this repository +variables: + - name: TeamName + value: "Container Tools Team" # Required for MicroBuild signing and telemetry + extends: template: azdo-pipelines/1es-mb-main.yml@azExtTemplates # Use the main build template parameters: diff --git a/.config/release.yml b/.config/release.yml index bf4ea52d..2c3e5449 100644 --- a/.config/release.yml +++ b/.config/release.yml @@ -38,6 +38,8 @@ resources: variables: # Pick up shared AZCode variables - template: azdo-pipelines/azcode.variables.yml@azExtTemplates + - name: TeamName + value: "Container Tools Team" # Required for MicroBuild signing and telemetry extends: template: azdo-pipelines/1es-mb-release-npm.yml@azExtTemplates # Use the NPM release template