Fix hidden exception in Finalize Job with graceful permission error handling

[Copilot]

This PR addresses the issue where detailed exception stack traces were being logged during the "Finalize Job" phase when system.debug was enabled, even though the job execution continued successfully.

Problem

When the Azure Pipelines Agent attempts to archive extension logs from /var/log/azure/Microsoft.VisualStudio.Services.TeamServicesAgentLinux/, it sometimes encounters permission issues accessing certain files (like the events file). The current implementation catches these exceptions and logs the full stack trace in debug mode, which can be confusing for users:

##[debug]Failed to dump Agent Azure VM extension logs. Skipping.
##[debug]Error message: System.UnauthorizedAccessException: Access to the path '/var/log/azure/Microsoft.VisualStudio.Services.TeamServicesAgentLinux/events' is denied.
 ---> System.IO.IOException: Permission denied
   --- End of inner exception stack trace ---
   at System.IO.Enumeration.FileSystemEnumerator`1.Init()
   at System.IO.Enumeration.FileSystemEnumerable`1..ctor(String directory, FindTransform transform, EnumerationOptions options, Boolean isNormalized)
   ...

Solution

Added specific exception handling in the DumpAgentExtensionLogs method to gracefully handle permission-related errors:

• UnauthorizedAccessException: Now logs a user-friendly message about permission restrictions instead of the full stack trace
• DirectoryNotFoundException: Provides clear feedback when the extension logs directory doesn't exist
• Preserves the exception message for debugging purposes without overwhelming the output
• Returns false on permission errors, causing the outer catch block to log "Agent Azure VM extension logs not found. Skipping." instead of detailed exception information

Benefits

• ✅ Cleaner debug output when system.debug is enabled
• ✅ Maintains diagnostic capability while improving user experience
• ✅ No functional changes to job execution (jobs continue to work properly)
• ✅ Minimal code change (16 lines added, 1 removed)

The fix ensures that permission issues are handled gracefully while still providing enough information for debugging purposes.

Fixes #5173.

Warning

Firewall rules blocked me from connecting to one or more addresses

I tried to connect to the following addresses, but was blocked by firewall rules:

• 03nvsblobprodwcus014.vsblob.vsassets.io
  • Triggering command: dotnet build --configuration Release (dns block)
• 055vsblobprodwcus02.vsblob.vsassets.io
  • Triggering command: dotnet build --configuration Release (dns block)
• 1g1vsblobprodwcus01.vsblob.vsassets.io
  • Triggering command: dotnet build --configuration Release (dns block)
• 3eavsblobprodwcus03.vsblob.vsassets.io
  • Triggering command: dotnet build --configuration Release (dns block)
  • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node /home/REDACTED/work/_temp/copilot-developer-action-main/dist/index.js (dns block)
• 3zgvsblobprodwcus024.vsblob.vsassets.io
  • Triggering command: dotnet build --configuration Release (dns block)
• 40qvsblobprodwcus022.vsblob.vsassets.io
  • Triggering command: dotnet build --configuration Release (dns block)
• 4fdvsblobprodwcus012.vsblob.vsassets.io
  • Triggering command: dotnet build --configuration Release (dns block)
• 5tbvsblobprodwcus06.vsblob.vsassets.io
  • Triggering command: dotnet build --configuration Release (dns block)
• 61cvsblobprodwcus010.vsblob.vsassets.io
  • Triggering command: dotnet build --configuration Release (dns block)
• 73dvsblobprodwcus07.vsblob.vsassets.io
  • Triggering command: dotnet build --configuration Release (dns block)
• 8usvsblobprodwcus011.vsblob.vsassets.io
  • Triggering command: dotnet build --configuration Release (dns block)
• 9owvsblobprodwcus020.vsblob.vsassets.io
  • Triggering command: dotnet build --configuration Release (dns block)
• arpvsblobprodwcus017.vsblob.vsassets.io
  • Triggering command: dotnet build --configuration Release (dns block)
• crcvsblobprodwcus021.vsblob.vsassets.io
  • Triggering command: dotnet build --configuration Release (dns block)
• fslvsblobprodwcus015.vsblob.vsassets.io
  • Triggering command: dotnet build --configuration Release (dns block)
• uubvsblobprodwcus018.vsblob.vsassets.io
  • Triggering command: dotnet build --configuration Release (dns block)
• vwmvsblobprodwcus016.vsblob.vsassets.io
  • Triggering command: dotnet build --configuration Release (dns block)
• xg1vsblobprodwcus019.vsblob.vsassets.io
  • Triggering command: dotnet build --configuration Release (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to my firewall allow list

---

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.