FEAT: Migrate Release (and dummy) Pipelines to use ReleaseJob#511
FEAT: Migrate Release (and dummy) Pipelines to use ReleaseJob#511gargsaumya wants to merge 1 commit intomainfrom
Conversation
…leaseJob Related work items: #43946
There was a problem hiding this comment.
Pull request overview
This PR migrates the official and dummy OneBranch release pipelines to a two-job structure that separates artifact preparation/validation from ESRP publishing, using releaseJob for policy-compliant ESRP execution.
Changes:
- Split pipelines into
PrepAndValidate(custom pool) +PyPIRelease/DummyRelease(templateContext.type: releaseJobon hosted pool). - Standardized wheel release input to
$(Build.SourcesDirectory)/artifacts/distand removed some redundant staging steps. - Improved dry-run messaging when release parameters are disabled.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
| OneBranchPipelines/official-release-pipeline.yml | Restructures official release into prep/validate + ESRP release job; updates artifact paths and summaries. |
| OneBranchPipelines/dummy-release-pipeline.yml | Mirrors the restructure for the dummy pipeline; moves ESRP step into a release job and updates artifact paths/summaries. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| Write-Host "Verifying wheel file integrity..." | ||
|
|
||
| $wheels = Get-ChildItem -Path "$(Build.SourcesDirectory)/dist" -Filter "*.whl" | ||
| $wheels = Get-ChildItem -Path "$(Build.SourcesDirectory)/artifacts/dist" -Filter "*.whl" |
There was a problem hiding this comment.
The wheel integrity step will succeed even if no wheels are present (Get-ChildItem returns empty → loop never runs → $allValid stays true). Add an explicit check to fail fast when no *.whl files are found in artifacts/dist, so a release can’t proceed with an empty or mis-downloaded artifact set.
| $wheels = Get-ChildItem -Path "$(Build.SourcesDirectory)/artifacts/dist" -Filter "*.whl" | |
| $wheels = @(Get-ChildItem -Path "$(Build.SourcesDirectory)/artifacts/dist" -Filter "*.whl") | |
| if ($wheels.Count -eq 0) { | |
| Write-Error "No wheel files were found in $(Build.SourcesDirectory)/artifacts/dist. Failing release to prevent publishing with empty or missing artifacts." | |
| exit 1 | |
| } | |
| dependsOn: PrepAndValidate | ||
|
|
||
| templateContext: | ||
| type: releaseJob |
There was a problem hiding this comment.
For a non-official/test pipeline, consider explicitly setting templateContext.isProduction: false (if supported by the OneBranch template) on this releaseJob. This makes it harder for future template/default changes to accidentally treat the dummy release job as production-gated behavior and keeps the intent (“test only”) unambiguous.
| type: releaseJob | |
| type: releaseJob | |
| isProduction: false |
| Write-Host "- Downloaded symbols from build pipeline" | ||
| if ("${{ parameters.publishSymbols }}" -eq "True") { | ||
| Write-Host "- Published symbols to SqlClientDrivers org" |
There was a problem hiding this comment.
The pipeline summary implies symbols can be published, but the earlier symbol staging logic only copies "$(Build.SourcesDirectory)/artifacts/symbols/.pdb" (non-recursive). If PDBs are in nested folders, PublishSymbols@2 (SearchPattern **/.pdb) won’t see them. Update the staging step to copy recursively or point the SymbolsFolder directly at artifacts/symbols.
| # This ensures no accidental production releases to PyPI | ||
| ContentType: 'Maven' | ||
| ContentSource: 'Folder' | ||
| FolderLocation: '$(Build.SourcesDirectory)/artifacts/dist' |
There was a problem hiding this comment.
This release job publishes from
| FolderLocation: '$(Build.SourcesDirectory)/artifacts/dist' | |
| # Release from the same staged directory validated in PrepAndValidate | |
| # so integrity verification covers the exact files being released. | |
| FolderLocation: '$(Build.SourcesDirectory)/dist' |
| if ("${{ parameters.publishSymbols }}" -eq "True") { | ||
| Write-Host "✓ Symbol publishing to SqlClientDrivers org" | ||
| } |
There was a problem hiding this comment.
This summary calls out symbol publishing, but the current symbol staging in PrepAndValidate only copies root-level .pdb files (non-recursive) from artifacts/symbols. If PDBs are nested, PublishSymbols@2 (SearchPattern **/.pdb) will miss most symbols. Copy recursively or set the SymbolsFolder to artifacts/symbols.
Work Item / Issue Reference
Summary
This pull request restructures both the dummy and official release pipelines to improve clarity, enforce OneBranch policy requirements, and streamline artifact handling. The main changes include splitting the pipelines into explicit preparation/validation and release jobs, ensuring ESRP release steps run on the correct pool, updating artifact paths, and enhancing dry run handling.
Pipeline Restructuring and Policy Compliance:
Split the pipelines into two explicit jobs:
PrepAndValidate(for downloading, validating, and staging artifacts using a custom pool) and a release job (DummyReleaseorPyPIRelease) that runs on a 1ES hosted pool as required by OneBranch policy. ESRP release steps are now only in the release job, which depends on the preparation job. (OneBranchPipelines/dummy-release-pipeline.yml,OneBranchPipelines/official-release-pipeline.yml) [1] [2] [3] [4]ESRP release jobs now use
templateContext.type: releaseJoband ensure artifact download and publishing steps are run in the correct environment, preventing accidental production releases from test pipelines. (OneBranchPipelines/dummy-release-pipeline.yml,OneBranchPipelines/official-release-pipeline.yml) [1] [2]Artifact Path and Handling Updates:
Changed artifact and wheel file paths throughout the pipelines to use the new consolidated artifact location (
$(Build.SourcesDirectory)/artifacts/dist) instead of the previousdistfolder. This affects validation, ESRP release, and summary steps. (OneBranchPipelines/dummy-release-pipeline.yml,OneBranchPipelines/official-release-pipeline.yml) [1] [2] [3]Removed unnecessary steps for copying wheels to a separate
distfolder, as the new artifact structure makes this redundant. (OneBranchPipelines/official-release-pipeline.yml)Dry Run and Summary Improvements:
OneBranchPipelines/dummy-release-pipeline.yml,OneBranchPipelines/official-release-pipeline.yml) [1] [2] [3] [4]Step Renumbering and Minor Cleanups:
OneBranchPipelines/dummy-release-pipeline.yml,OneBranchPipelines/official-release-pipeline.yml) [1] [2] [3] [4]These changes make the pipelines more robust, easier to understand, and compliant with internal release policies.