search

Azure / autorest

OpenAPI (f.k.a Swagger) Specification code generator. Supports C#, PowerShell, Go, Java, Node.js, TypeScript, Python
MIT License
4.54k stars 728 forks source link

Transition release phase to ESRP #4986

Open scbedd opened 6 days ago

scbedd commented 6 days ago

Hey autorest folks!

Filing an issue to recommend an update to your release process. All the published packages from the azure-sdk team going to npm are now published through the ESRP release process. Given the relative ease of the work, I recommend that you take advantage of the trail we've already blazed.

For you, it's effectively changing publish.yaml to utilize EsrpRelease. Below is a hard example of what this looks during the actual release phase.

                  # download the 1es.published artifact
                  - download: current
                    artifact: drop
                    timeoutInMinutes: 5

                  # "tag" is 'latest' or 'beta' or whatever else npmjs.org tag. 
                  # this step merely isolates the tgz of the releasing npm package into its own directory
                  # so the ESRP publishing process cannot get confused
                  - pwsh: |
                      Write-Host "Will deploy with tag of $(Tag)"
                      Get-ChildItem "$(Pipeline.Workspace)/drop" -Recurse -Force `
                        | Where-Object { $_.Name -like "*.tgz" } `
                        | Copy-Item -Destination "$(Build.ArtifactStagingDirectory)"
                      Get-ChildItem "$(Build.ArtifactStagingDirectory)" -Recurse -Force | % { Write-Host $_.FullName }
                    displayName: Move artifact to $(Build.ArtifactStagingDirectory)

                  # you operate within azure-sdk/internal, so you do not need to worry about these service connections
                  - task: EsrpRelease@7
                    inputs:
                      displayName: 'Publish oav to ESRP'
                      ConnectedServiceName: 'Azure SDK Engineering System'
                      ClientId: '5f81938c-2544-4f1f-9251-dd9de5b8a81b'
                      KeyVaultName: 'AzureSDKEngKeyVault'
                      AuthCertName: 'azure-sdk-esrp-release-auth-certificate'
                      SignCertName: 'azure-sdk-esrp-release-sign-certificate'
                      Intent: 'PackageDistribution'
                      ContentType: 'npm'
                      FolderLocation: $(Build.ArtifactStagingDirectory)
                      Owners: ${{ coalesce(variables['Build.RequestedForEmail'], 'azuresdk@microsoft.com') }}
                      Approvers: 'azuresdk@microsoft.com'
                      ServiceEndpointUrl: 'https://api.esrp.microsoft.com'
                      MainPublisher: 'ESRPRELPACMANTEST'
                      DomainTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47'
                      productstate: $(Tag)

The only pre-req to publish your packages through this methodology is that microsoft1es is a maintainer or the packages being released. Take a look at Owners, productState (this is the "tag" on npmjs.org the package will publish under), FolderLocation, anddisplayName`. Everything else is set the way you need.