-
Notifications
You must be signed in to change notification settings - Fork 93
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Resolve #784.
- Loading branch information
Showing
27 changed files
with
361 additions
and
91 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
28 changes: 28 additions & 0 deletions
28
eng/common/templates-official/steps/enable-internal-runtimes.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
# Obtains internal runtime download credentials and populates the 'dotnetbuilds-internal-container-read-token-base64' | ||
# variable with the base64-encoded SAS token, by default | ||
|
||
parameters: | ||
- name: federatedServiceConnection | ||
type: string | ||
default: 'dotnetbuilds-internal-read' | ||
- name: outputVariableName | ||
type: string | ||
default: 'dotnetbuilds-internal-container-read-token-base64' | ||
- name: expiryInHours | ||
type: number | ||
default: 1 | ||
- name: base64Encode | ||
type: boolean | ||
default: true | ||
|
||
steps: | ||
- ${{ if ne(variables['System.TeamProject'], 'public') }}: | ||
- template: /eng/common/templates-official/steps/get-delegation-sas.yml | ||
parameters: | ||
federatedServiceConnection: ${{ parameters.federatedServiceConnection }} | ||
outputVariableName: ${{ parameters.outputVariableName }} | ||
expiryInHours: ${{ parameters.expiryInHours }} | ||
base64Encode: ${{ parameters.base64Encode }} | ||
storageAccount: dotnetbuilds | ||
container: internal | ||
permissions: rl |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
52 changes: 52 additions & 0 deletions
52
eng/common/templates-official/steps/get-delegation-sas.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
parameters: | ||
- name: federatedServiceConnection | ||
type: string | ||
- name: outputVariableName | ||
type: string | ||
- name: expiryInHours | ||
type: number | ||
default: 1 | ||
- name: base64Encode | ||
type: boolean | ||
default: false | ||
- name: storageAccount | ||
type: string | ||
- name: container | ||
type: string | ||
- name: permissions | ||
type: string | ||
default: 'rl' | ||
|
||
steps: | ||
- task: AzureCLI@2 | ||
displayName: 'Generate delegation SAS Token for ${{ parameters.storageAccount }}/${{ parameters.container }}' | ||
inputs: | ||
azureSubscription: ${{ parameters.federatedServiceConnection }} | ||
scriptType: 'pscore' | ||
scriptLocation: 'inlineScript' | ||
inlineScript: | | ||
# Calculate the expiration of the SAS token and convert to UTC | ||
$expiry = (Get-Date).AddHours(${{ parameters.expiryInHours }}).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ") | ||
# Temporarily work around a helix issue where SAS tokens with / in them will cause incorrect downloads | ||
# of correlation payloads. https://github.com/dotnet/dnceng/issues/3484 | ||
$sas = "" | ||
do { | ||
$sas = az storage container generate-sas --account-name ${{ parameters.storageAccount }} --name ${{ parameters.container }} --permissions ${{ parameters.permissions }} --expiry $expiry --auth-mode login --as-user -o tsv | ||
if ($LASTEXITCODE -ne 0) { | ||
Write-Error "Failed to generate SAS token." | ||
exit 1 | ||
} | ||
} while($sas.IndexOf('/') -ne -1) | ||
if ($LASTEXITCODE -ne 0) { | ||
Write-Error "Failed to generate SAS token." | ||
exit 1 | ||
} | ||
if ('${{ parameters.base64Encode }}' -eq 'true') { | ||
$sas = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($sas)) | ||
} | ||
Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value" | ||
Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true]$sas" |
40 changes: 40 additions & 0 deletions
40
eng/common/templates-official/steps/get-federated-access-token.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
parameters: | ||
- name: federatedServiceConnection | ||
type: string | ||
- name: outputVariableName | ||
type: string | ||
- name: stepName | ||
type: string | ||
default: 'getFederatedAccessToken' | ||
- name: condition | ||
type: string | ||
default: '' | ||
# Resource to get a token for. Common values include: | ||
# - '499b84ac-1321-427f-aa17-267ca6975798' for Azure DevOps | ||
# - 'https://storage.azure.com/' for storage | ||
# Defaults to Azure DevOps | ||
- name: resource | ||
type: string | ||
default: '499b84ac-1321-427f-aa17-267ca6975798' | ||
- name: isStepOutputVariable | ||
type: boolean | ||
default: false | ||
|
||
steps: | ||
- task: AzureCLI@2 | ||
displayName: 'Getting federated access token for feeds' | ||
name: ${{ parameters.stepName }} | ||
${{ if ne(parameters.condition, '') }}: | ||
condition: ${{ parameters.condition }} | ||
inputs: | ||
azureSubscription: ${{ parameters.federatedServiceConnection }} | ||
scriptType: 'pscore' | ||
scriptLocation: 'inlineScript' | ||
inlineScript: | | ||
$accessToken = az account get-access-token --query accessToken --resource ${{ parameters.resource }} --output tsv | ||
if ($LASTEXITCODE -ne 0) { | ||
Write-Error "Failed to get access token for resource '${{ parameters.resource }}'" | ||
exit 1 | ||
} | ||
Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value" | ||
Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true;isOutput=${{ parameters.isStepOutputVariable }}]$accessToken" |
Oops, something went wrong.