Transition non-common azure-sdk-tools definitions to GithubApp#15457
Open
Transition non-common azure-sdk-tools definitions to GithubApp#15457
azure-sdk-tools definitions to GithubApp#15457Conversation
…arate, then the improvement, then this can merge
scbedd
requested review from
JiaqiZhang-Dev,
benbp,
chunyu3 and
lirenhe
as code owners
scbedd
requested review from
a team,
mikeharder,
richardpark-msft and
weidongxu-microsoft
as code owners
github-actions
Bot
added
the
azsdk-cli
Contributor
There was a problem hiding this comment.
Pull request overview
This PR continues the repo-wide migration away from the azuresdk-github-pat secret by switching various pipelines/scripts to use GitHub App installation tokens minted via login-to-github.yml, and updating git auth URLs to the x-access-token: format required for App tokens.
Changes:
- Add
/eng/common/.../login-to-github.ymlto multiple pipelines and swap$(azuresdk-github-pat)usages to$(GH_TOKEN)/$(GH_TOKEN_<Owner>). - Update HTTPS clone/push URL construction to
https://x-access-token:<token>@github.com/...in PowerShell/TS/C#. - Update
create-pull-request.ymlcallers to passAuthToken: ''so the template performs auto-login.
Show a summary per file
| File | Description |
|---|---|
| tools/test-proxy/tests.yml | Removes a no-op comment in the test stage definition. |
| tools/test-proxy/scripts/test-scripts/assets.Tests.Helpers.ps1 | Switches clone URL to x-access-token format. |
| tools/test-proxy/pipelines/proxy-solution-integration-tests.yml | Adds GitHub App login step and uses $(GH_TOKEN) for integration tests. |
| tools/test-proxy/pipelines/proxy-cli-integration-tests.yml | Adds GitHub App login step and uses $(GH_TOKEN) for integration tests. |
| tools/test-proxy/Azure.Sdk.Tools.TestProxy/Store/GitStore.cs | Switches clone URL to x-access-token format. |
| tools/stress-cluster/cluster/kubernetes/stress-test-addons/publish.yml | Uses AuthToken: '' to rely on create-pull-request auto-login. |
| tools/sdk-ai-bots/azure-sdk-qa-bot-knowledge-sync/sync_knowledge.yml | Adds GitHub App login step and swaps PAT variable to $(GH_TOKEN). |
| tools/sdk-ai-bots/azure-sdk-qa-bot-knowledge-sync/src/DailySyncKnowledge.ts | Switches authenticated URL format to x-access-token. |
| tools/azure-rest-api-specs-examples-automation/samples-automation.yml | Adds GitHub App login step and replaces PAT usage with $(GH_TOKEN). |
| tools/azsdk-cli/auto-documentation.yml | Uses AuthToken: '' to rely on create-pull-request auto-login. |
| tools/assets-automation/tests.yml | Adds GitHub App login step and replaces PAT usage with $(GH_TOKEN). |
| eng/pipelines/update-release-branch-in-specs.yml | Adds GitHub App login step and threads $(GH_TOKEN) into the merge template. |
| eng/pipelines/tools-repo-versioning.yml | Adds GitHub App login step and uses $(GH_TOKEN) for tag push URL. |
| eng/pipelines/templates/steps/sync-repo-merge-branch.yml | Replaces PAT env usage with a passed-in GH_TOKEN parameter. |
| eng/pipelines/templates/steps/sync-directory.yml | Replaces PAT usage with $(GH_TOKEN) for pushes/comments/metrics (but adds an unused AuthToken parameter). |
| eng/pipelines/templates/steps/ref-updater.yml | Uses AuthToken: '' to rely on create-pull-request auto-login. |
| eng/pipelines/templates/stages/archetype-sdk-tool-repo-sync.yml | Adds GitHub App login steps and replaces PATs with $(GH_TOKEN). |
| eng/pipelines/templates/stages/archetype-sdk-publish-net.yml | Adds GitHub App login and uses per-owner tokens ($(GH_TOKEN_Azure), $(GH_TOKEN_azure-sdk)). |
| eng/pipelines/templates/stages/archetype-autorest-preview.yml | Adds GitHub App login and updates git push URL/token usage (currently has token wiring issues). |
| eng/pipelines/setup-tutorial-branch.yml | Adds GitHub App login step and replaces PAT input with $(GH_TOKEN). |
| eng/pipelines/pipeline-owners-extraction.yml | Adds GitHub App login step and replaces PAT usage with $(GH_TOKEN); uses auto-login for PR creation. |
| eng/pipelines/merge-docs-main-to-live.yml | Adds GitHub App login and updates git URL/token usage; passes AuthToken into sync step. |
| eng/pipelines/branch-cleanup.yml | Adds multi-owner GitHub App login and swaps PATs to per-owner tokens. |
| eng/pipelines/agent-pool-migration.yml | Uses AuthToken: '' to rely on create-pull-request auto-login. |
Copilot's findings
- Files reviewed: 24/24 changed files
- Comments generated: 3
Comment on lines
+495
to
+499
| - template: /eng/common/pipelines/templates/steps/login-to-github.yml | ||
| parameters: | ||
| TokenOwners: | ||
| - azure-sdk | ||
|
|
ronniegeraghty
added
the
AzSDK Tools Agent
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Affected ADO Pipeline Definitions
Related to #9842
eng/pipelines/agent-pool-migration.ymleng/pipelines/branch-cleanup.ymleng/pipelines/mirror-repos.ymleng/pipelines/pipeline-owners-extraction.ymltools/azure-rest-api-specs-examples-automation/samples-automation.ymleng/pipelines/merge-docs-main-to-live.ymltools/sdk-ai-bots/azure-sdk-qa-bot-knowledge-sync/sync_knowledge.ymltools/sdk-ai-bots/azure-sdk-qa-bot-knowledge-sync/sync_knowledge.ymltools/stress-cluster/cluster/kubernetes/stress-test-addons/publish.ymltools/stress-cluster/services/Stress.Watcher/ci.ymlsrc/dotnet/APIView/APIViewJsonUtility/ci.ymltools/azsdk-cli/ci.ymlsrc/dotnet/Azure.ClientSdk.Analyzers/ci.ymltools/codeowners-utils/ci.ymltools/content-validation/ci.ymltools/apiview/parsers/csharp-api-parser/ci.ymltools/github-event-processor/ci.ymltools/http-fault-injector/ci.ymltools/identity-resolution/ci.ymltools/net-changelog-gen-mgmt/ci.ymltools/notification-configuration/ci.ymltools/pipeline-generator/ci.ymltools/pipeline-owners-extractor/ci.ymleng/pipelines/tools-repo-versioning.ymltools/secret-management/ci.ymltools/snippet-generator/ci.ymltools/apiview/parsers/swagger-api-parser/ci.ymleng/pipelines/sync-.github.ymleng/pipelines/sync-eng-common.ymltools/test-proxy/ci.ymltools/test-proxy/tests.ymleng/pipelines/update-release-branch-in-specs.ymleng/pipelines/setup-tutorial-branch.yml