From 690be42e33d010c0b8bd328cce69dc7ad2772313 Mon Sep 17 00:00:00 2001 From: Chidozie Ononiwu Date: Fri, 26 Jun 2026 14:21:32 -0700 Subject: [PATCH 1/2] Only login-to-github got private repos --- eng/pipelines/templates/jobs/ci.tests.yml | 3 +++ eng/pipelines/templates/jobs/live.tests.yml | 3 +++ eng/pipelines/templates/steps/build-package-artifacts.yml | 3 +++ 3 files changed, 9 insertions(+) diff --git a/eng/pipelines/templates/jobs/ci.tests.yml b/eng/pipelines/templates/jobs/ci.tests.yml index e64687eac48c..a19fa242b250 100644 --- a/eng/pipelines/templates/jobs/ci.tests.yml +++ b/eng/pipelines/templates/jobs/ci.tests.yml @@ -86,6 +86,9 @@ jobs: Write-Host "##vso[task.setvariable variable=DOTNET_ROOT]$dotnetroot" displayName: 'Set DOTNET_ROOT' + - ${{ if endsWith(variables['Build.Repository.Name'], '-pr') }}: + - template: /eng/common/pipelines/templates/steps/login-to-github.yml + - template: /eng/common/pipelines/templates/steps/sparse-checkout.yml parameters: ${{ if endsWith(variables['Build.Repository.Name'], '-pr') }}: diff --git a/eng/pipelines/templates/jobs/live.tests.yml b/eng/pipelines/templates/jobs/live.tests.yml index f259636e0fa3..12b51fc0a50c 100644 --- a/eng/pipelines/templates/jobs/live.tests.yml +++ b/eng/pipelines/templates/jobs/live.tests.yml @@ -107,6 +107,9 @@ jobs: container: $[ variables['Container'] ] steps: + - ${{ if endsWith(variables['Build.Repository.Name'], '-pr') }}: + - template: /eng/common/pipelines/templates/steps/login-to-github.yml + - template: /eng/common/pipelines/templates/steps/sparse-checkout.yml parameters: ${{ if endsWith(variables['Build.Repository.Name'], '-pr') }}: diff --git a/eng/pipelines/templates/steps/build-package-artifacts.yml b/eng/pipelines/templates/steps/build-package-artifacts.yml index a23eaab611d2..d882960d97e1 100644 --- a/eng/pipelines/templates/steps/build-package-artifacts.yml +++ b/eng/pipelines/templates/steps/build-package-artifacts.yml @@ -25,6 +25,9 @@ parameters: default: [] steps: + - ${{ if endsWith(variables['Build.Repository.Name'], '-pr') }}: + - template: /eng/common/pipelines/templates/steps/login-to-github.yml + - template: /eng/common/pipelines/templates/steps/sparse-checkout.yml parameters: ${{ if endsWith(variables['Build.Repository.Name'], '-pr') }}: From a4af5132d93cff163502db73bb63cd1dd00af952 Mon Sep 17 00:00:00 2001 From: Chidozie Ononiwu Date: Mon, 29 Jun 2026 16:33:54 -0700 Subject: [PATCH 2/2] Use minimal checkout for private repo --- eng/pipelines/aggregate-reports.yml | 5 +---- eng/pipelines/conda-update-pipeline.yml | 1 + eng/pipelines/docindex.yml | 4 +++- eng/pipelines/templates/jobs/ci.tests.yml | 18 +++++++++++++++++- eng/pipelines/templates/jobs/live.tests.yml | 18 +++++++++++++++++- .../stages/archetype-python-release.yml | 4 +++- .../templates/stages/python-analyze-weekly.yml | 13 ++++++++----- .../steps/build-package-artifacts.yml | 18 +++++++++++++++++- .../templates/steps/verify-autorest.yml | 1 + eng/pipelines/tsp-spec-sync.yml | 1 + 10 files changed, 69 insertions(+), 14 deletions(-) diff --git a/eng/pipelines/aggregate-reports.yml b/eng/pipelines/aggregate-reports.yml index 977266c10a77..90435cf1b19d 100644 --- a/eng/pipelines/aggregate-reports.yml +++ b/eng/pipelines/aggregate-reports.yml @@ -87,10 +87,7 @@ stages: displayName: 'Prep Environment' - template: /eng/common/pipelines/templates/steps/login-to-github.yml - parameters: - TokenOwners: - - azure - + - task: PythonScript@0 condition: succeededOrFailed() env: diff --git a/eng/pipelines/conda-update-pipeline.yml b/eng/pipelines/conda-update-pipeline.yml index 9b936df59519..83937704f074 100644 --- a/eng/pipelines/conda-update-pipeline.yml +++ b/eng/pipelines/conda-update-pipeline.yml @@ -125,3 +125,4 @@ extends: - [ ] After upload, delete the dummy libraries and make the new packages publicly available in Conda. - [ ] Create an AKA link for new release logs here: http://aka.ms/ BaseBranchName: main + AuthToken: '' \ No newline at end of file diff --git a/eng/pipelines/docindex.yml b/eng/pipelines/docindex.yml index a41dd18876da..cdf8408bcd06 100644 --- a/eng/pipelines/docindex.yml +++ b/eng/pipelines/docindex.yml @@ -116,6 +116,7 @@ jobs: TargetRepoName: $(DocRepoName) TargetRepoOwner: $(DocRepoOwner) WorkingDirectory: $(DocRepoLocation) + AuthToken: '' - task: AzureCLI@2 displayName: Queue Docs CI build for main @@ -200,7 +201,8 @@ jobs: WorkingDirectory: $(DocRepoLocation) ScriptDirectory: $(Build.SourcesDirectory)/eng/common/scripts PushArgs: -f - + AuthToken: '' + - task: AzureCLI@2 displayName: Queue Docs CI build for daily branch inputs: diff --git a/eng/pipelines/templates/jobs/ci.tests.yml b/eng/pipelines/templates/jobs/ci.tests.yml index a19fa242b250..62b435a97c5d 100644 --- a/eng/pipelines/templates/jobs/ci.tests.yml +++ b/eng/pipelines/templates/jobs/ci.tests.yml @@ -87,12 +87,28 @@ jobs: displayName: 'Set DOTNET_ROOT' - ${{ if endsWith(variables['Build.Repository.Name'], '-pr') }}: + - checkout: self + displayName: 'Sparse checkout eng/common/scripts for GitHub login' + path: s/_login_scripts + sparseCheckoutDirectories: eng/common/scripts + fetchDepth: 1 + + - pwsh: | + $source = "$(Build.SourcesDirectory)/_login_scripts/eng" + $dest = "$(Agent.TempDirectory)" + Copy-Item -Recurse -Force $source $dest + Remove-Item -Recurse -Force "$(Build.SourcesDirectory)/*" -ErrorAction SilentlyContinue + Remove-Item -Recurse -Force "$(Build.SourcesDirectory)/.git" -ErrorAction SilentlyContinue + displayName: Copy and clean repo checkout folder + - template: /eng/common/pipelines/templates/steps/login-to-github.yml + parameters: + ScriptDirectory: "$(Agent.TempDirectory)/eng/common/scripts" - template: /eng/common/pipelines/templates/steps/sparse-checkout.yml parameters: ${{ if endsWith(variables['Build.Repository.Name'], '-pr') }}: - TokenToUseForAuth: $(azuresdk-github-pat) + TokenToUseForAuth: $(GH_TOKEN) Paths: - '**' diff --git a/eng/pipelines/templates/jobs/live.tests.yml b/eng/pipelines/templates/jobs/live.tests.yml index 12b51fc0a50c..478b4291736b 100644 --- a/eng/pipelines/templates/jobs/live.tests.yml +++ b/eng/pipelines/templates/jobs/live.tests.yml @@ -108,12 +108,28 @@ jobs: steps: - ${{ if endsWith(variables['Build.Repository.Name'], '-pr') }}: + - checkout: self + displayName: 'Sparse checkout eng/common/scripts for GitHub login' + path: s/_login_scripts + sparseCheckoutDirectories: eng/common/scripts + fetchDepth: 1 + + - pwsh: | + $source = "$(Build.SourcesDirectory)/_login_scripts/eng" + $dest = "$(Agent.TempDirectory)" + Copy-Item -Recurse -Force $source $dest + Remove-Item -Recurse -Force "$(Build.SourcesDirectory)/*" -ErrorAction SilentlyContinue + Remove-Item -Recurse -Force "$(Build.SourcesDirectory)/.git" -ErrorAction SilentlyContinue + displayName: Copy and clean repo checkout folder + - template: /eng/common/pipelines/templates/steps/login-to-github.yml + parameters: + ScriptDirectory: "$(Agent.TempDirectory)/eng/common/scripts" - template: /eng/common/pipelines/templates/steps/sparse-checkout.yml parameters: ${{ if endsWith(variables['Build.Repository.Name'], '-pr') }}: - TokenToUseForAuth: $(azuresdk-github-pat) + TokenToUseForAuth: $(GH_TOKEN) Paths: - '**' diff --git a/eng/pipelines/templates/stages/archetype-python-release.yml b/eng/pipelines/templates/stages/archetype-python-release.yml index 389ac773c7a5..46ca2ffb075e 100644 --- a/eng/pipelines/templates/stages/archetype-python-release.yml +++ b/eng/pipelines/templates/stages/archetype-python-release.yml @@ -96,6 +96,7 @@ stages: ReleaseSha: $(Build.SourceVersion) RepoId: Azure/azure-sdk-for-python WorkingDirectory: $(System.DefaultWorkingDirectory) + AuthToken: '' - ${{if ne(artifact.skipPublishPackage, 'true')}}: - deployment: PublishPackage @@ -352,7 +353,8 @@ stages: CommitMsg: "Increment package version after release of ${{ artifact.name }}" PRTitle: "Increment version for ${{ parameters.ServiceDirectory }} releases" CloseAfterOpenForTesting: '${{ parameters.TestPipeline }}' - + AuthToken: '' + - ${{if and(eq(variables['Build.Reason'], 'Manual'), eq(variables['System.TeamProject'], 'internal'))}}: - template: /eng/pipelines/templates/jobs/smoke.tests.yml parameters: diff --git a/eng/pipelines/templates/stages/python-analyze-weekly.yml b/eng/pipelines/templates/stages/python-analyze-weekly.yml index c0687f6d6a15..482cc56da95c 100644 --- a/eng/pipelines/templates/stages/python-analyze-weekly.yml +++ b/eng/pipelines/templates/stages/python-analyze-weekly.yml @@ -32,6 +32,9 @@ stages: - script: | python -m pip install -r eng/ci_tools.txt displayName: 'Prep Environment' + + - template: /eng/common/pipelines/templates/steps/login-to-github.yml + - task: PythonScript@0 displayName: 'Run Pylint Next' continueOnError: true @@ -44,7 +47,7 @@ stages: --disablecov --filter-type="Omit_management" env: - GH_TOKEN: $(azuresdk-github-pat) + GH_TOKEN: $(GH_TOKEN) - task: PythonScript@0 displayName: 'Run MyPy Next' @@ -57,7 +60,7 @@ stages: --checks="next-mypy" --disablecov env: - GH_TOKEN: $(azuresdk-github-pat) + GH_TOKEN: $(GH_TOKEN) - task: PythonScript@0 displayName: 'Run Pyright Next' @@ -70,7 +73,7 @@ stages: --checks="next-pyright" --disablecov env: - GH_TOKEN: $(azuresdk-github-pat) + GH_TOKEN: $(GH_TOKEN) - script: | python -m pip install PyGithub>=1.59.0 @@ -86,7 +89,7 @@ stages: --service="${{ parameters.ServiceDirectory }}" --disablecov env: - GH_TOKEN: $(azuresdk-github-pat) + GH_TOKEN: $(GH_TOKEN) SYSTEM_ACCESSTOKEN: $(System.AccessToken) - task: UsePythonVersion@0 @@ -108,4 +111,4 @@ stages: --service="${{ parameters.ServiceDirectory }}" --checks="next-sphinx" env: - GH_TOKEN: $(azuresdk-github-pat) + GH_TOKEN: $(GH_TOKEN) diff --git a/eng/pipelines/templates/steps/build-package-artifacts.yml b/eng/pipelines/templates/steps/build-package-artifacts.yml index d882960d97e1..6a5499104942 100644 --- a/eng/pipelines/templates/steps/build-package-artifacts.yml +++ b/eng/pipelines/templates/steps/build-package-artifacts.yml @@ -26,12 +26,28 @@ parameters: steps: - ${{ if endsWith(variables['Build.Repository.Name'], '-pr') }}: + - checkout: self + displayName: 'Sparse checkout eng/common/scripts for GitHub login' + path: s/_login_scripts + sparseCheckoutDirectories: eng/common/scripts + fetchDepth: 1 + + - pwsh: | + $source = "$(Build.SourcesDirectory)/_login_scripts/eng" + $dest = "$(Agent.TempDirectory)" + Copy-Item -Recurse -Force $source $dest + Remove-Item -Recurse -Force "$(Build.SourcesDirectory)/*" -ErrorAction SilentlyContinue + Remove-Item -Recurse -Force "$(Build.SourcesDirectory)/.git" -ErrorAction SilentlyContinue + displayName: Copy and clean repo checkout folder + - template: /eng/common/pipelines/templates/steps/login-to-github.yml + parameters: + ScriptDirectory: "$(Agent.TempDirectory)/eng/common/scripts" - template: /eng/common/pipelines/templates/steps/sparse-checkout.yml parameters: ${{ if endsWith(variables['Build.Repository.Name'], '-pr') }}: - TokenToUseForAuth: $(azuresdk-github-pat) + TokenToUseForAuth: $(GH_TOKEN) Paths: - '**' diff --git a/eng/pipelines/templates/steps/verify-autorest.yml b/eng/pipelines/templates/steps/verify-autorest.yml index f3b581459ac2..5fe8ff73d8c8 100644 --- a/eng/pipelines/templates/steps/verify-autorest.yml +++ b/eng/pipelines/templates/steps/verify-autorest.yml @@ -47,3 +47,4 @@ steps: CommitMsg: "Regenerated code from nightly builds" PRTitle: "Automated autorest generation" PRBranchName: 'autorest-${{ parameters.ServiceDirectory }}' + AuthToken: '' diff --git a/eng/pipelines/tsp-spec-sync.yml b/eng/pipelines/tsp-spec-sync.yml index 649488d9d905..e9abdbbf0dbb 100644 --- a/eng/pipelines/tsp-spec-sync.yml +++ b/eng/pipelines/tsp-spec-sync.yml @@ -55,4 +55,5 @@ extends: Generated from workflow triggered by PR #$(System.PullRequest.PullRequestNumber). CommitMsg: 'Auto-update TSP client generated code' + AuthToken: ''