We need to protect the pipeline from these breaks since they can occur at any point and disrupt a release. I suggest we always have the pipeline YAML pinned to a build-specific version of the task and have a system in place (ideally, automated) that would submit a PR in this repo to update to the latest version. In that case, we need to ensure the PR build does exercise the SBOM generation path. Upon merge, that would then get rolled out to the consuming repos.
The implementation of the
AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask
has repeatedly broken our pipelines. See https://github.com/dotnet/docker-tools/pull/990, https://github.com/dotnet/docker-tools/issues/1152, https://github.com/dotnet/docker-tools/pull/1045.We need to protect the pipeline from these breaks since they can occur at any point and disrupt a release. I suggest we always have the pipeline YAML pinned to a build-specific version of the task and have a system in place (ideally, automated) that would submit a PR in this repo to update to the latest version. In that case, we need to ensure the PR build does exercise the SBOM generation path. Upon merge, that would then get rolled out to the consuming repos.