Open riarenas opened 5 months ago
Ops: Need to determine how much work this will be, and what the deadline (if any) is for this work.
while the documentation mentions that this is not something enforced by 1ES PT. It specifically calls scenarios where PR builds have any access to the same resources as official builds, and we share the machine pools and images with things like the signing resources.
I don't think there will be a separate deadline tracking this, but isolating internal PRs is still the right thing to do according to the guidance and motivation.
Guidance in https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/1es-pipeline-templates/onboardingesteams/security-compliance shows we need to separate the PR and official build environment entirely. New hosted pools and service connections.
Release Note Category
Release Note Description