Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rework SetupNuGetSources to support WIF Service Connections #14758

Merged
merged 16 commits into from
May 30, 2024
Merged

Rework SetupNuGetSources to support WIF Service Connections #14758

merged 16 commits into from
May 30, 2024

Conversation

mmitche
Copy link
Member

@mmitche mmitche commented May 8, 2024
edited

Adds a set of templates which generate aad tokens in pipelines, and uses these templates in a new template which enables internal sources.

There are a few interesting aspects to this:

  • Remove the use of PATs when authenticating to feeds that are in the same project. Instead, just add the feeds and call NuGetAuthenticate.
  • Alter SetupNuGetSources.ps1 so that it doesn't bake a PAT into the NuGet.config. Instead, use the environment variable strategy.
  • I did not change SetupNuGetSources.sh except to enable its use without a PAT (so that devs can use it on a local machine). The reason is that I wanted to avoid having to parse and generate json in bash. in addition, the powershell ecosystem is pretty robust at this point. We can use powershell in all build cases.
  • Existing uses of SetupNuGetSources.ps1 should still work even without switching over from PAT usage, if they have a subsequent call to NuGetAuthenticate

To double check:

@mmitche mmitche marked this pull request as ready for review May 28, 2024 15:31
@mmitche
Copy link
Member Author

mmitche commented May 28, 2024

I've got a couple more tests to run with this for arcade main, and I want to rerun my msbuild tests. But this should be g2g after that.

@mmitche mmitche changed the title Initial cut of federated access to nuget sources Rework SetupNuGetSources to support WIF Service Connections May 28, 2024
@mmitche
Copy link
Member Author

mmitche commented May 28, 2024

Test with replaced SetupNugetSources.ps1/sh in existing infra: https://dev.azure.com/dnceng/internal/_build/results?buildId=2461793&view=results
Test with new templates: https://dev.azure.com/dnceng/internal/_build/results?buildId=2461803&view=results

Need a couple of SB tweaks

@mmitche
Copy link
Member Author

mmitche commented May 29, 2024

Test with new SetupNuGetSources, without using the new templates except in source-build.yml: https://dev.azure.com/dnceng/internal/_build/results?buildId=2462612&view=results

@mmitche
Copy link
Member Author

mmitche commented May 29, 2024

Hold on merging until I have places that use the script updated to include a NuGetAuthenticate call after.

@mmitche
Copy link
Member Author

mmitche commented May 29, 2024

PRs opened.

@mmitche mmitche merged commit a8feae4 into dotnet:main May 30, 2024
11 checks passed
@MilenaHristova
Copy link
Member

@mmitche can we backport that to release/8.0?

@mmitche
Copy link
Member Author

mmitche commented May 30, 2024

Yes, it will get backported to 8 and 6. I'll be starting that today, but I want to get a few verified usages before merging

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@garath garath garath left review comments

@MilenaHristova MilenaHristova MilenaHristova left review comments

@riarenas riarenas riarenas approved these changes

@chcosta chcosta Awaiting requested review from chcosta

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@mmitche @MilenaHristova @garath @riarenas