Move Azure build pipelines to OneBranch #1877
Conversation
This reverts commit 063dfba.
|
@georou What is your plan for a release pipeline? I don't see one introduced by this PR. FWIW, for all the 1ES PT pipeline migrations I've done, I've just reused the existing YAML files for the 1ES PT variety, which kept me from having to create new pipelines in AzDO. It also avoided having YAML files for deprecated pipelines that could confuse folks who want to look at the new pipeline files. |
|
Still unclear to me why this isn't just a normal GHA workflow. |
|
@riverar put simply, Microsoft has compliance requirements for shipping software that to date is only implemented on Azure Pipelines, AFAIK. |
|
Are we shipping software in this repository though? It's a bunch of non-executable metadata. 😂 (I understand Microsoft is sensitive to this right now though!) |
|
Yes we ship binary tools in addition to metadata and NuGet packages that are signed by Microsoft. GHA doesn't support our workflows. |
All these pipelines now run in the github-private/microsoft ADO project, which has its own (very slim) repo associated with it, and uses this github repository as a pipeline resource. The release pipeline YAML has moved there, but we could move it here if we want, I think. |
As part of compliance with updated security requirements, production pipelines must run in a 1ES environment. To do this, pipelines are converting to use OneBranch pipeline templates.
This changes how artifacts are published and the build environment is slightly different, resulting in some small changes to the build files.
As a backup plan, the existing azure pipeline scripts are left in place. These will be removed in the future.