From 124be385f90f2c305dde2b817cb470e4d11d2d6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexander=20K=C3=B6plinger?= Date: Wed, 18 Dec 2024 17:24:11 +0100 Subject: [PATCH] Use Agent.TempDirectory when building from archive in source-build (#45532) This avoids 1ES scanners finding secrets in Build.ArtifactStagingDirectory that we already suppressed via CredScanSuppressions.json Fixes https://github.com/dotnet/source-build/issues/4773 --- eng/pipelines/templates/jobs/vmr-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eng/pipelines/templates/jobs/vmr-build.yml b/eng/pipelines/templates/jobs/vmr-build.yml index 819cdfd531ba..0f78e311c065 100644 --- a/eng/pipelines/templates/jobs/vmr-build.yml +++ b/eng/pipelines/templates/jobs/vmr-build.yml @@ -172,7 +172,7 @@ jobs: # We either build the repo directly, or we extract them outside (which is what partners do) - ${{ if parameters.buildFromArchive }}: - name: sourcesPath - value: $(Build.ArtifactStagingDirectory)/dotnet-sources/ + value: $(Agent.TempDirectory)/dotnet-sources/ - ${{ else }}: - name: sourcesPath value: $(vmrPath)