{C} Use Azure Artifacts feeds in release branch#29866
Merged
Conversation
️✔️AzureCLI-FullTest
|
️✔️AzureCLI-BreakingChangeTest
|
Collaborator
|
Packaging |
microsoft-github-policy-service
bot
requested review from
jiasli,
wangzelin007 and
yonzhan
yonzhan
previously approved these changes
Sep 9, 2024
bebound
changed the title
bebound
commented
Sep 9, 2024
| --target build-env \ | ||
| --build-arg cli_version=${CLI_VERSION} \ | ||
| --build-arg image=${IMAGE} \ | ||
| --secret id=PIP_INDEX_URL \ |
Contributor
Author
There was a problem hiding this comment.
--build-arg also works, but I prefer --secret as the index url contains credential and secret does not record its value in image.
Member
There was a problem hiding this comment.
It is interesting that env can be omitted:
https://docs.docker.com/build/building/secrets/#sources
When you use secrets from environment variables, you can omit the
envparameter to bind the secret to a file with the same name as the variable.
wangzelin007
previously approved these changes
Sep 11, 2024
bebound
commented
Sep 12, 2024
azure-pipelines.yml
Outdated
| - task: PipAuthenticate@1 | ||
| displayName: 'Pip Authenticate' | ||
| inputs: | ||
| artifactFeeds: 'public/azure-cli-feed' |
Contributor
Author
There was a problem hiding this comment.
This task set PIP_INDEX_URL so that this feed can be used later.
bebound
modified the milestones:
September 2024 (2024-10-08),
October 2024 (2024-11-05)
Member
|
/azp where |
|
Azure DevOps orgs getting events for this repository: |
bebound
changed the title
wangzelin007
previously approved these changes
Oct 12, 2024
bebound
commented
Oct 12, 2024
| include: | ||
| - '*' | ||
| exclude: | ||
| - 'release' |
Contributor
Author
There was a problem hiding this comment.
The public pipeline does not have the permission to run PipAuthenticate@1 task, so skip it. This also saves some resource during CLI release.
bebound
commented
Oct 15, 2024
| CLI_VERSION=`cat src/azure-cli/azure/cli/__main__.py | grep __version__ | sed s/' '//g | sed s/'__version__='// | sed s/\"//g` | ||
|
|
||
| # PIP_INDEX_URL env must exist in `docker build --secret`, use an empty string if it doesn't exist. | ||
| export PIP_INDEX_URL=${PIP_INDEX_URL} |
Contributor
Author
There was a problem hiding this comment.
Error message without empty env during docker build: ERROR: failed to stat PIP_INDEX_URL: stat PIP_INDEX_URL: no such file or directory
wangzelin007
previously approved these changes
Oct 15, 2024
jiasli
reviewed
Oct 16, 2024
azure-pipelines.yml
Outdated
| condition: eq(variables['Build.SourceBranch'], 'refs/heads/release') | ||
| displayName: 'Pip Authenticate' | ||
| inputs: | ||
| artifactFeeds: ${{ variables.AZURE_ARTIFACTS_FEEDS }} |
Member
There was a problem hiding this comment.
Other tasks use macro syntax as $(variables.AZURE_ARTIFACTS_FEEDS). Does template expression syntax work here?
My understanding is that ${{ variables.AZURE_ARTIFACTS_FEEDS }} only works for templates: https://learn.microsoft.com/en-us/azure/devops/pipelines/process/templates?view=azure-devops&pivots=templates-includes#variable-reuse
Contributor
Author
There was a problem hiding this comment.
You're right, the variable defined in ADO UI is empty when use ${{ variables.AZURE_ARTIFACTS_FEEDS }}. I've changed to $(AZURE_ARTIFACTS_FEEDS)
jiasli
approved these changes
Oct 16, 2024
wangzelin007
approved these changes
Oct 16, 2024
bebound
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Use Azure Artifacts feeds in release branch build process: PyPI, MSI, ZIP, DEB, and RPM
The public pipeline still uses PyPI as it's hard to keep the CFS feed token secret.
Ref: