Merged PR 780598: Remove PAT usage in maintenance pipeline

2024-04-19 17:25:27 +00:00 · 2024-04-19 17:25:27 +00:00 · 503b6c16e3
--- a/.azdo/maintenance/azure-pipelines.yml
+++ b/.azdo/maintenance/azure-pipelines.yml
@ -14,8 +14,6 @@ resources:

 stages:
 - stage:
-  variables:
-  - group: "BuildXL Secrets"
  jobs:
    - job: UpdateSBOMPackages
      displayName: "Update SBOM Packages"
@ -36,21 +34,28 @@ stages:
          arguments: '--configuration Release --output $(Build.ArtifactStagingDirectory)'
          zipAfterPublish: false
      - template: /.azdo/common/journaling.yml # Enable journaling
+
+      # Generate access tokens
      - template: /.azdo/common/generate-access-token.yml
        parameters:
          ServiceConnection: 'mseng-Domino-BuildXL-Pipelines'
          Resource: 'https://cloudbuild.microsoft.com/'
          AccessTokenVariable: CloudBuildAccessToken
+      - template: /.azdo/common/set-variable-pats.yml
+        parameters:
+          workingDirectory: $(Build.SourcesDirectory)/BuildXL.Internal
      - template: /.azdo/common/generate-access-token.yml
        parameters:
          AccessTokenVariable: BuildXL-Pipeline-AccessToken
+
      - task: PowerShell@2
        inputs:
          targetType: 'inline'
-          script: .\BuildXLReleaseManagement.exe updatePackages --Packages Microsoft.SBOMCore@latest@1essharedassets@Packaging@$(BuildXL-Pipeline-AccessToken) Microsoft.Parsers.ManifestGenerator@latest@1essharedassets@Packaging@$(BuildXL-Pipeline-AccessToken) Microsoft.Sbom.Parsers.Spdx22SbomParser@latest@nuget.org Microsoft.SBOM.Adapters@latest@nuget.org Microsoft.ManifestInterface@latest@1essharedassets@Packaging@$(BuildXL-Pipeline-AccessToken) Microsoft.Sbom.Contracts@latest@nuget.org Microsoft.ComponentDetection.Contracts@latest@nuget.org python@latest@nuget.org Microsoft.VisualStudio.Services.Governance.ComponentDetection@latest@mseng@ComponentGovernance@$(BuildXL-Pipeline-AccessToken) Microsoft.Sbom.Extensions@latest@nuget.org --OneEsPat $(BuildXL-Pipeline-AccessToken) --CbPat $(BuildXL-Pipeline-AccessToken) --MsEngGitPat $(PAT-TseBuild-AzureDevOps-MsEng) --ClientSecret $(CloudBuildAccessToken) --BuildXLSourceRoot "$(Build.SourcesDirectory)/BuildXL.Internal" --CloudbuildSourceRoot "$(Build.SourcesDirectory)/CloudBuild"
+          script: .\BuildXLReleaseManagement.exe updatePackages --Packages Microsoft.SBOMCore@latest@1essharedassets@Packaging@$(BuildXL-Pipeline-AccessToken) Microsoft.Parsers.ManifestGenerator@latest@1essharedassets@Packaging@$(BuildXL-Pipeline-AccessToken) Microsoft.Sbom.Parsers.Spdx22SbomParser@latest@nuget.org Microsoft.SBOM.Adapters@latest@nuget.org Microsoft.ManifestInterface@latest@1essharedassets@Packaging@$(BuildXL-Pipeline-AccessToken) Microsoft.Sbom.Contracts@latest@nuget.org Microsoft.ComponentDetection.Contracts@latest@nuget.org python@latest@nuget.org Microsoft.VisualStudio.Services.Governance.ComponentDetection@latest@mseng@ComponentGovernance@$(BuildXL-Pipeline-AccessToken) Microsoft.Sbom.Extensions@latest@nuget.org --OneEsToken $(BuildXL-Pipeline-AccessToken) --CbToken $(BuildXL-Pipeline-AccessToken) --MsEngGitToken $(BuildXL-Pipeline-AccessToken) --cloudBuildAuthenticationToken $(CloudBuildAccessToken) --BuildXLSourceRoot "$(Build.SourcesDirectory)/BuildXL.Internal" --CloudbuildSourceRoot "$(Build.SourcesDirectory)/CloudBuild"
          showWarnings: true
          pwsh: false
          workingDirectory: '$(Build.ArtifactStagingDirectory)/BuildXLReleaseManagement'
+
      # Copy and publish BuildXL log in case it failed during the schedule phase
      - task: CopyFiles@2
        continueOnError: true
@ -97,10 +102,15 @@ stages:
          arguments: '--configuration Release --output $(Build.ArtifactStagingDirectory)'
          zipAfterPublish: false

+      # Generate Access Token
+      - template: /.azdo/common/generate-access-token.yml
+        parameters:
+          AccessTokenVariable: BuildXL-Pipeline-AccessToken
+
      - task: PowerShell@2
        inputs:
          targetType: 'inline'
-          script: .\BuildXLReleaseManagement.exe updateNoticeFile --MsEngGitPat $(PAT-TseBuild-AzureDevOps-MsEng) --BuildXLSourceRoot "$(Build.SourcesDirectory)/BuildXL.Internal"
+          script: .\BuildXLReleaseManagement.exe updateNoticeFile --MsEngGitToken $(BuildXL-Pipeline-AccessToken) --BuildXLSourceRoot "$(Build.SourcesDirectory)/BuildXL.Internal"
          showWarnings: true
          pwsh: false
          workingDirectory: '$(Build.ArtifactStagingDirectory)/BuildXLReleaseManagement'