Authenticate source code archival requests

2024-06-18 14:35:57 -06:00 · 2024-06-18 14:35:57 -06:00 · d1ea1326b8
--- a/azure-pipelines/Archive-SourceCode.ps1
+++ b/azure-pipelines/Archive-SourceCode.ps1
@ -35,7 +35,7 @@
 .PARAMETER SourceCodeArchivalUri
    The URI to POST the source code archival request to.
    This value will typically come automatically by a variable group associated with your pipeline.
-    You can also look it up at https://dpsrequestforms.azurewebsites.net/#/help -> SCA Request Help -> SCA API Help -> Description
+    You can also look it up at https://dpsopsrequestforms.azurewebsites.net/#/help -> SCA Request Help -> SCA API Help -> Description
 #>
 [CmdletBinding(SupportsShouldProcess = $true, PositionalBinding = $false)]
 param (
@ -76,7 +76,9 @@ param (
    [Parameter()]
    [string]$ServerPath = '',
    [Parameter()]
-    [Uri]$SourceCodeArchivalUri = $env:SOURCECODEARCHIVALURI
+    [Uri]$SourceCodeArchivalUri = $env:SOURCECODEARCHIVALURI,
+    [Parameter(Mandatory = $true)]
+    [string]$AccessToken
 )

 function Invoke-Git() {
@ -199,9 +201,13 @@ if ($PSCmdlet.ShouldProcess('source archival request', 'post')) {
        exit 1
    }

+    $headers = @{
+        'Authorization' = "Bearer $AccessToken"
+    }
+
    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

-    $Response = Invoke-WebRequest -Uri $SourceCodeArchivalUri -Method POST -Body $RequestJson -ContentType "application/json" -UseBasicParsing -SkipHttpErrorCheck
+    $Response = Invoke-WebRequest -Uri $SourceCodeArchivalUri -Method POST -Headers $headers -Body $RequestJson -ContentType "application/json" -UseBasicParsing -SkipHttpErrorCheck
    Write-Host "Status Code : " -NoNewline
    if ($Response.StatusCode -eq 200) {
        Write-Host $Response.StatusCode -ForegroundColor Green
--- a/azure-pipelines/archive-sourcecode.yml
+++ b/azure-pipelines/archive-sourcecode.yml
@ -63,7 +63,16 @@ extends:
        - powershell: azure-pipelines/variables/_pipelines.ps1
          failOnStderr: true
          displayName: ⚙ Set pipeline variables based on source
-        - powershell: >
+        - task: AzureCLI@2
+          displayName: 🔏 Authenticate with WIF service connection
+          inputs:
+            azureSubscription: VS Core Source Code Archival
+            scriptType: pscore
+            scriptLocation: inlineScript
+            inlineScript: |
+              $accessToken = az account get-access-token --query accessToken --resource api://177cf50a-4bf5-4481-8b7e-f32900dfc8e6 -o tsv
+              Write-Host "##vso[task.setvariable variable=scaToken;issecret=true]$accessToken"
+        - pwsh: >
            $TeamAlias = '$(TeamEmail)'.Substring(0, '$(TeamEmail)'.IndexOf('@'))

            azure-pipelines/Archive-SourceCode.ps1
@ -73,6 +82,7 @@ extends:
            -ProductName '$(SymbolsFeatureName)'
            -ProductLanguage English
            -Notes '${{ parameters.notes }}'
+            -AccessToken '$(scaToken)'
            -Verbose
            -WhatIf:$${{ parameters.whatif }}
          displayName: 🗃️ Submit archival request