Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use 1es releasejob for deployments #48555

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Use 1es releasejob for deployments #48555

wants to merge 8 commits into from
+156 −179

Conversation

hallipr
Copy link
Member

@hallipr hallipr commented Mar 4, 2025

  • Only use deployment: step for package deployment job
    • deployment steps should not clone the repo or download resources other than build artifacts
  • Stage the credscan suppression file with the build artifact instead of downloading from github

@hallipr hallipr requested review from weshaggard and benbp as code owners March 4, 2025 22:15
@hallipr hallipr force-pushed the users/pahallis/1es-deployment branch from 4680d20 to ffe84e1 Compare March 5, 2025 00:13
scbedd
scbedd reviewed Mar 5, 2025
View reviewed changes
eng/pipelines/templates/stages/archetype-net-release.yml
outputParentDirectory: '$(Pipeline.Workspace)'
outputs:
- output: nuget
displayName: 'Publish ${{artifact.name}} package to NuGet.org'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm a little bit weirded out by the output artifacts used here, as historically I believe they were added to reduce the amount of generated YML. We should try a build of storage or comunication release (just up to triggering the release) to ensure that we don't hit max yml size without having this output inlined in the templatecontext.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The output artifacts allow you to compress your injected SDL steps by combining all of the scans across all of your outputs. This is in contract to inline output tasks like 1ES.PublishNuget or 1ES.PublishArtifact that will inject all of the sdl steps per inlined task.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The amount of YML doesn't really change. We were declaring 2 job outputs per artifact, and now we're declaring 2 publish tasks per artifact.

@hallipr hallipr force-pushed the users/pahallis/1es-deployment branch from 29c44ac to b0c179e Compare March 5, 2025 21:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@weshaggard weshaggard weshaggard left review comments

@scbedd scbedd scbedd left review comments

@benbp benbp Awaiting requested review from benbp benbp is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@hallipr @weshaggard @scbedd