Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions NuGet.Config

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nuget.config

Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<packageSources>
<clear />
<!-- Do not add any additional feeds if new packages are needed they need to come from our azure-sdk-for-net DevOps feed which has an upstream set to nuget.org -->
<add key="azure-sdk-for-net" value="https://pkgs.dev.azure.com/azure-sdk/public/_packaging/azure-sdk-for-net/nuget/v3/index.json" />
</packageSources>
<disabledPackageSources>
<clear />
</disabledPackageSources>
</configuration>
1 change: 1 addition & 0 deletions eng/common/pipelines/templates/1es-redirect.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ extends:
parameters:
settings:
skipBuildTagsForGitHubPullRequests: true
networkIsolationPolicy: Permissive, CFSClean
sdl:
codeql:
compiled:
Expand Down
49 changes: 49 additions & 0 deletions eng/common/pipelines/templates/steps/auth-dev-feed.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
parameters:
DevFeedName: 'public/azure-sdk-for-python'
EnableTwineAuth: true
EnablePipAuth: true
EnableUvAuth: true

steps:
- pwsh: |
# For safety default to publishing to the private feed.
# Publish to https://dev.azure.com/azure-sdk/internal/_packaging?_a=feed&feed=azure-sdk-for-python-pr
$devopsFeedName = 'internal/azure-sdk-for-python-pr'
if ('$(Build.Repository.Name)' -eq 'Azure/azure-sdk-for-python') {
# Publish to https://dev.azure.com/azure-sdk/public/_packaging?_a=feed&feed=azure-sdk-for-python
$devopsFeedName = '${{ parameters.DevFeedName }}'
}
echo "##vso[task.setvariable variable=DevFeedName]$devopsFeedName"
echo "Using DevopsFeed = $devopsFeedName"
displayName: Setup DevOpsFeedName

- ${{ if eq(parameters.EnableTwineAuth, true) }}:
- task: TwineAuthenticate@0
displayName: 'Twine Authenticate to feed'
inputs:
artifactFeeds: $(DevFeedName)

- ${{ if eq(parameters.EnablePipAuth, true) }}:
- task: PipAuthenticate@1
displayName: 'Pip Authenticate to feed'
inputs:
artifactFeeds: $(DevFeedName)
onlyAddExtraIndex: false

- ${{ if eq(parameters.EnableUvAuth, true) }}:
- pwsh: |
if ($env:PIP_INDEX_URL) {
Write-Host "Found pip index URL: $($env:PIP_INDEX_URL)"
# UV_DEFAULT_INDEX is the canonical replacement for the deprecated UV_INDEX_URL (uv 0.4.23+).
# PIP_INDEX_URL is set by PipAuthenticate@1 and contains embedded credentials, which uv
# will use for Basic auth against the ADO feed (and its PyPI upstream) per astral-sh/uv#12651.
Write-Host "##vso[task.setvariable variable=UV_DEFAULT_INDEX]$($env:PIP_INDEX_URL)"
# Disable keyring so uv uses the URL-embedded credentials directly.
Write-Host "##vso[task.setvariable variable=UV_KEYRING_PROVIDER]disabled"
} else {
Write-Host "##[warning]PIP_INDEX_URL not set - uv will fall back to public PyPI."
}
# Force any managed Python downloads to go directly to GitHub releases
# rather than the default CDN (releases.astral.sh).
Write-Host "##vso[task.setvariable variable=UV_PYTHON_INSTALL_MIRROR]https://github.com/astral-sh/python-build-standalone/releases/download"
displayName: 'Configure UV Authentication'
17 changes: 17 additions & 0 deletions eng/common/pipelines/templates/steps/maven-authenticate.yml

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we'll also probably need all of those for typespec-azure

Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
parameters:
SourceDirectory: $(Build.SourcesDirectory)

steps:
# Copy mirror settings to default Maven location so all requests go through CFS
- pwsh: |
$m2Dir = if ($env:USERPROFILE) { "$env:USERPROFILE\.m2" } else { "$HOME/.m2" }
New-Item -ItemType Directory -Force -Path $m2Dir | Out-Null
Copy-Item -Path "${{ parameters.SourceDirectory }}/eng/settings.xml" -Destination "$m2Dir/settings.xml"
displayName: 'Setup Maven mirror settings'

# Authenticate with Azure Artifacts feeds
# MavenAuthenticate adds <server> entries to ~/.m2/settings.xml matching mirror id 'azure-sdk-for-java'
- task: MavenAuthenticate@0
displayName: 'Maven Authenticate'
inputs:
artifactsFeeds: 'azure-sdk-for-java'
4 changes: 4 additions & 0 deletions eng/emitters/pipelines/templates/steps/build-step.yml
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,10 @@ steps:

- template: /eng/common/pipelines/templates/steps/create-authenticated-npmrc.yml

- template: /eng/common/pipelines/templates/steps/auth-dev-feed.yml

- template: /eng/common/pipelines/templates/steps/maven-authenticate.yml

- task: NodeTool@0
displayName: Install Node.js
retryCountOnTaskFailure: 3
Expand Down
Loading