Skip to content

Publishing to BAR/Maestro will no longer support tokens #9164

New issue
New issue
Closed
#9182
Closed
Publishing to BAR/Maestro will no longer support tokens#9164
#9182
Assignees
pjcollins
Labels
Area: xamarin-android BuildIssues building the xamarin-android repo *itself*.
Milestone
 
.NET 9
@premun

Description

@premun
premun
opened on Aug 2, 2024

Android framework version

Other

Affected platform version

CI/eng

Description

I noticed that you're still using $(MaestroAccessToken) when publishing internal builds in

android/build-tools/automation/azure-pipelines.yaml

Line 606 in 95bf32a

-p:BuildAssetRegistryToken=$(MaestroAccessToken)
.

This token is getting deprecated in favour of using a secretless auth via a service connection.
You will need to change how you do this or your internal builds will soon break.
The change is not complicated and goes as follows:

If your pipeline has something like this:

- task: DotNetCoreCLI@2
  displayName: generate and publish BAR manifest
  inputs:
    projects: $(System.DefaultWorkingDirectory)\build-tools\create-packs\Microsoft.Android.Sdk.proj
    arguments: >-
      -t:PushManifestToBuildAssetRegistry
      -p:BuildAssetRegistryToken=$(MaestroAccessToken)
      -p:OutputPath=$(Build.StagingDirectory)\nuget-signed\
      -c $(XA.Build.Configuration) -bl:$(System.DefaultWorkingDirectory)\bin\Build$(XA.Build.Configuration)\push-bar-manifest.binlog
  condition: and(succeeded(), eq('${{ parameters.pushXAPackagesToMaestro }}', 'true'))

it will need to change to something like this:

- task: AzureCLI@2
  displayName: "Publish to the .NET Core build asset registry (BAR)"
  inputs:
    azureSubscription: "Darc: Maestro Production"
    scriptType: ps
    scriptLocation: inlineScript
    inlineScript: >
      dotnet build $(System.DefaultWorkingDirectory)\build-tools\create-packs\Microsoft.Android.Sdk.proj
      -t:PushManifestToBuildAssetRegistry
      -p:BuildAssetRegistryToken=$(MaestroAccessToken)
      -p:OutputPath=$(Build.StagingDirectory)\nuget-signed\
      -c $(XA.Build.Configuration) -bl:$(System.DefaultWorkingDirectory)\bin\Build$(XA.Build.Configuration)\push-bar-manifest.binlog
  condition: and(succeeded(), eq('${{ parameters.pushXAPackagesToMaestro }}', 'true'))

The differences between the snippets above are:

  • AzureCLI@2 task is used
  • The “Darc: Maestro Production” service connection is used.
    Your pipeline will need to be approved to use this connection (reach out to First Responders).
  • The $(MaestroAccessToken) secret is removed

Steps to Reproduce

A problem with internal builds of this repo

Did you find any workaround?

No response

Relevant log output

No response

Metadata

Metadata

Assignees

Labels

Area: xamarin-android BuildIssues building the xamarin-android repo *itself*.

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions