◐ Shell
clean mode source ↗

[release/v7.7.0-preview.1] Download PMC Packages through `TemplateContext` by jshigetomi · Pull Request #27332 · PowerShell/PowerShell

Copilot

Backport of #27326 to release/v7.7.0-preview.1

Triggered by @jshigetomi on behalf of @jshigetomi

Original CL Label: CL-BuildPackaging

/cc @PowerShell/powershell-maintainers

Impact

REQUIRED: Choose either Tooling Impact or Customer Impact (or both). At least one checkbox must be selected.

Tooling Impact

  • Required tooling change
  • Optional tooling change (include reasoning)

Required tooling change. Modifies the Azure DevOps release pipeline templates that publish PowerShell packages to PMC (packages.microsoft.com) via Ev2. Without this change, the v7.7.0-preview.1 release pipeline cannot publish packages because the Ev2 environment has disallowed the previously-used DownloadPipelineArtifact task in the publish stage. The PR migrates artifact download to templateContext.inputs, parameterizes the publish stage (releaseEnvironment / approvalServiceEnvironment / stagePrefix / skipEv2Push), and adds a NonOfficial dry-run path that validates the new artifact download approach without performing the actual Ev2 push.

Customer Impact

  • Customer reported
  • Found internally

Regression

REQUIRED: Check exactly one box.

  • Yes
  • No

This is not a regression.

Testing

Verified by:

  1. Cherry-picking the merge commit onto release/v7.7.0-preview.1 (one trivial conflict resolved — see Merge Conflicts section).
  2. Subagent-validated the resolved YAML for syntax correctness, presence of all 4 templateContext.inputs artifact entries, both SDL variables (ob_sdl_credscan_suppressionsFile, ob_sdl_tsa_configFile), removal of legacy - download: PSPackagesOfficial steps, and correct pwsh copy logic using $(Pipeline.Workspace) directly.
  3. Pipeline-level validation will occur via the NonOfficial dry-run pipeline once this PR's CI runs (the original PR specifically added a NonOfficial path that exercises templateContext.inputs artifact download with skipEv2Push: true).

Functional verification of PMC publishing will happen during the actual v7.7.0-preview.1 release using the publish stage with production parameters.

Risk

REQUIRED: Check exactly one box.

  • High
  • Medium
  • Low

High risk because this modifies the release publishing pipeline (Ev2 push to PMC) on the live release branch. However, this aligns the v7.7.0-preview.1 release branch with the same Ev2 publishing infrastructure now used in master, v7.4.15, and v7.6.1 backports. The Ev2 environment has disallowed the previous DownloadArtifacts task, so any publish from this branch will fail without this fix. Note: original PR has no Backport-7.7.x-* label at all — proceeding at user request given the unblock-release justification stated in the PR body.

Merge Conflicts

Single conflict in .pipelines/templates/release-prep-for-ev2.yml at the ob_sdl_credscan_suppressionsFile variable (same conflict as the v7.4.15 backport). The PR changed this path from backslashes to forward slashes AND added a new ob_sdl_tsa_configFile variable. Resolution: kept the release branch's existing backslash path for ob_sdl_credscan_suppressionsFile (no functional change to that var on this branch) and added the new ob_sdl_tsa_configFile variable as introduced by the PR. All other hunks (templateContext.inputs block, removed - download: PSPackagesOfficial steps, updated pwsh copy logic) applied cleanly.