fix: pipelines - add publish credentials#411
Merged
Conversation
Migrate teams.net-preview pipeline to extend from M365PT (M365 Governed Pipeline Template) to resolve 1ESPT drift management warning. This ensures compliance with M365 security requirements and prevents pipeline breaks after the March 16, 2026 deadline. Changes: - Add M365PT template reference from Pipelines/M365PT repository - Wrap existing stages in extends structure with M365PT.yml template - Add customBuildTags for ES365AIMigrationTooling tracking - Preserve all existing build, test, sign, and pack functionality - Maintain sign-and-pack template reference and manual approval flow Resolves 1ESPT warning: "Organization breaks pipelines that do not extend one of the following templates" Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Convert teams.net-preview pipeline to use 1ES Pipeline Template (1ESPT) instead of M365PT to resolve pipeline breaking issues while maintaining security compliance. Changes: - Switch from M365PT to 1ESPT template reference - Use 1ESPipelineTemplates/1ESPipelineTemplates repository - Update to v1/1ES.Official.PipelineTemplate.yml template - Configure 1ESPT pool (Azure-Pipelines-1ESPT-ExDShared) - Preserve all existing build, test, sign, and pack functionality Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Revert to M365PT and migrate both publish.yml and publish-preview.yaml pipelines to extend from M365PT template for M365 security compliance. Changes: - Reverted publish.yml from 1ESPT back to M365PT - Migrated publish-preview.yaml to M365PT template - Added M365PT template references for both pipelines - Wrapped stages in extends structure with M365PT.yml template - Added customBuildTags for ES365AIMigrationTooling tracking - Preserved all existing functionality including parameters and conditional stages Resolves 1ESPT drift warnings for both pipelines. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Update both publish.yml and publish-preview.yaml to use the Azure-Pipelines-1ESPT-ExDShared pool with windows-latest image instead of ubuntu-22.04. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Use correct M365PT configuration: - Repository: 1ESPipelineTemplates/M365GPT (refs/tags/release) - Template: v1/M365.Official.PipelineTemplate.yml Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Update both publish.yml and publish-preview.yaml to use 1ES Pipeline Template: - Repository: 1ESPipelineTemplates/1ESPipelineTemplates (refs/tags/release) - Template: v1/1ES.Official.PipelineTemplate.yml - Pool: Azure-Pipelines-1ESPT-ExDShared (windows-latest) This resolves the 1ESPT drift management warning. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Replace NuGetCommand@2 tasks with 1ESPT output: nuget syntax for both pipelines: - publish.yml: Use useDotNetTask for external nuget.org feed - publish-preview.yaml: - Internal: Use default NuGetCommand for internal feed - Public: Use useDotNetTask for external nuget.org feed Benefits: - Centralized artifact management in outputs section - Automatic SDL binary analysis on packageParentPath - Improved compliance with 1ESPT best practices Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Deployment jobs don't support the outputs syntax, so use 1ES.PublishNuget@1 inline task instead: - publish.yml: Use inline task in deployment job - publish-preview.yaml: - Internal: Keep output syntax (regular job) - Public: Use inline task (deployment job) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Convert internal publishing from output syntax to 1ES.PublishNuget@1 inline task for consistency across all publishing scenarios. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
1ESPT requires using 'output: pipelineArtifact' instead of PublishPipelineArtifact@1 task. Updated all artifact publishing to use the outputs section: - publish.yml: Use output: pipelineArtifact for Packages artifact - publish-preview.yaml: Use output: pipelineArtifact for PreviewPackages artifact (both Internal and Public paths) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Convert internal publishing to use outputs section exclusively: - output: pipelineArtifact for artifact publishing - output: nuget for NuGet feed publishing This avoids mixing inline tasks with outputs in the same job. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Simplify NuGet publishing by reverting to standard NuGetCommand@2 tasks instead of 1ESPT-specific outputs/inline tasks. Changes: - publish.yml: Use NuGetCommand@2 for external publishing - publish-preview.yaml: Use NuGetCommand@2 for both internal and external publishing - Keep output: pipelineArtifact for artifact publishing (required by 1ESPT) - Keep 1ESPT template, repository, and pool configuration Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Switch pool image from windows-2022 to ubuntu-24.04 - Move NuGetAuthenticate after nuget.config creation in all stages - Set allowPackageConflicts to false in preview feed publish - Remove publishFeedCredentials 'Microsoft.Teams.*' from external feed publish Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR restores NuGet publish credentials to the Azure DevOps publish pipelines so external package pushes (nuget.org) can authenticate successfully.
Changes:
- Add
publishFeedCredentialsto the1ES.PublishNuget@1task in the public release pipeline. - Add
publishFeedCredentialsto the1ES.PublishNuget@1task in the public preview pipeline.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| .azdo/publish.yml | Adds external publish credentials for the nuget.org push step. |
| .azdo/publish-preview.yaml | Adds external publish credentials for the nuget.org push step (public preview path). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
rajan-chari
approved these changes
Apr 2, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add publish credentials that was removed from before