◐ Shell
clean mode source ↗

[release/v7.4.15] Download PMC Packages through `TemplateContext` by jshigetomi · Pull Request #27330 · PowerShell/PowerShell

Copilot

Backport of #27326 to release/v7.4.15

Triggered by @jshigetomi on behalf of @jshigetomi

Original CL Label: CL-BuildPackaging

/cc @PowerShell/powershell-maintainers

Impact

REQUIRED: Choose either Tooling Impact or Customer Impact (or both). At least one checkbox must be selected.

Tooling Impact

  • Required tooling change
  • Optional tooling change (include reasoning)

Required tooling change. Modifies the Azure DevOps release pipeline templates that publish PowerShell packages to PMC (packages.microsoft.com) via Ev2. Without this change, the v7.4.15 release pipeline cannot publish packages because the Ev2 environment has disallowed the previously-used DownloadPipelineArtifact task in the publish stage. The PR migrates artifact download to templateContext.inputs, parameterizes the publish stage (releaseEnvironment / approvalServiceEnvironment / stagePrefix / skipEv2Push), and adds a NonOfficial dry-run path that validates the new artifact download approach without performing the actual Ev2 push.

Customer Impact

  • Customer reported
  • Found internally

Regression

REQUIRED: Check exactly one box.

  • Yes
  • No

This is not a regression.

Testing

Verified by:

  1. Cherry-picking the merge commit cleanly onto release/v7.4.15 (one trivial conflict resolved — see Merge Conflicts section).
  2. Subagent-validated the resolved YAML for syntax correctness, presence of all 4 templateContext.inputs artifact entries, both SDL variables (ob_sdl_credscan_suppressionsFile, ob_sdl_tsa_configFile), removal of legacy - download: PSPackagesOfficial steps, and correct pwsh copy logic using $(Pipeline.Workspace) directly.
  3. Pipeline-level validation will occur via the NonOfficial dry-run pipeline once this PR's CI runs (the original PR specifically added a NonOfficial path that exercises templateContext.inputs artifact download with skipEv2Push: true).

Functional verification of PMC publishing will happen during the actual v7.4.15 release using the publish stage with production parameters.

Risk

REQUIRED: Check exactly one box.

  • High
  • Medium
  • Low

High risk because this modifies the release publishing pipeline (Ev2 push to PMC) on the live release branch. However, not taking this change blocks the v7.4.15 PMC release entirely — the Ev2 pipeline has disallowed the previous DownloadArtifacts task, so the existing pipeline cannot run. The change has been validated in master and is the explicit reason the original PR was authored ("PR was made to unblock 7.4.15 and 7.6.1 PMC releases"). Note: original PR currently has Backport-7.4.x-Consider (not Approved) — proceeding at user request given the unblock-release justification stated in the PR body.

Merge Conflicts

Single conflict in .pipelines/templates/release-prep-for-ev2.yml at the ob_sdl_credscan_suppressionsFile variable. The PR changed this path from backslashes to forward slashes AND added a new ob_sdl_tsa_configFile variable. Resolution: kept the release branch's existing backslash path for ob_sdl_credscan_suppressionsFile (no functional change to that var on this branch) and added the new ob_sdl_tsa_configFile variable as introduced by the PR. All other hunks (templateContext.inputs block, removed - download: PSPackagesOfficial steps, updated pwsh copy logic) applied cleanly.