From 261dd6831673d3b07e5118261f7e161a21d1a759 Mon Sep 17 00:00:00 2001 From: Billy O'Neal Date: Mon, 20 May 2024 12:30:38 -0700 Subject: [PATCH] DevDiv Internal Mint SAS Tokens (#38803) Mint asset caching SAS token using user-delegation SAS instead of storage keys. --- .../azure-pipelines/windows-unstable/job.yml | 24 ++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/scripts/azure-pipelines/windows-unstable/job.yml b/scripts/azure-pipelines/windows-unstable/job.yml index 263b55025c..6130cb92b4 100644 --- a/scripts/azure-pipelines/windows-unstable/job.yml +++ b/scripts/azure-pipelines/windows-unstable/job.yml @@ -14,11 +14,27 @@ jobs: value: D:\ - name: VCPKG_DOWNLOADS value: D:\downloads - - group: vcpkg-asset-caching-credentials - - name: X_VCPKG_ASSET_SOURCES - value: "x-azurl,$(root-url-wus3),$(sas-wus3),readwrite" steps: + - task: PowerShell@2 + name: mintsasstep + displayName: 'Generate Asset Cache SAS tokens' + inputs: + targetType: inline + script: | + if ($Null -eq (Get-PackageProvider -Name NuGet -ErrorAction Ignore)) { + Install-PackageProvider -Name NuGet -Force -Scope CurrentUser; + } + if ($Null -eq (Get-InstalledModule -Name PowerShellGet -MinimumVersion 2.2.1 -ErrorAction Ignore)) { + Install-Module PowerShellGet -MinimumVersion 2.2.1 -Scope CurrentUser -Force -AllowClobber + } + Install-Module -Name Az -Repository PSGallery -Scope CurrentUser -Force -AllowClobber + Connect-AzAccount -AccountId 'a81b4cd3-9d8d-4cb9-9a74-f2038f24f224' -Identity + $ctx = New-AzStorageContext -StorageAccountName 'vcpkgassetcachewus3' -UseConnectedAccount + $StartTime = Get-Date + $EndTime = $StartTime.AddDays(2) + $sas = New-AzStorageContainerSASToken -Name 'cache' -Permission rwd -StartTime $StartTime -ExpiryTime $EndTime -Context $ctx + Write-Host "##vso[task.setvariable variable=X_VCPKG_ASSET_SOURCES;isSecret=true;isOutput=true;isreadonly=true]x-azurl,https://vcpkgassetcachewus3.blob.core.windows.net/cache,$sas,readwrite" - task: DownloadBuildArtifacts@0 displayName: 'Download DropBuildNumber if not specified' inputs: @@ -63,6 +79,8 @@ jobs: displayName: 'Bootstrap vcpkg' - task: PowerShell@2 displayName: '*** Test Modified Ports' + env: + X_VCPKG_ASSET_SOURCES: $(mintsasstep.X_VCPKG_ASSET_SOURCES) inputs: failOnStderr: true filePath: 'scripts/azure-pipelines/test-modified-ports.ps1'