[CI] Publish: Fix SBOM error #395
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR fixes the SBOM generation error by updating the artifact paths used between pipeline stages before publishing to AzDO feeds.
- Updated package paths in the publish YAML to reference the correct directories.
- Revised artifact names and target paths in the official pipeline file to align with the new structure.
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| eng/pipelines/templates/steps/workload-publish.yml | Updated package paths to point to the new release artifact directory. |
| eng/pipelines/official.yml | Changed artifact name and target path to match the new release structure for SBOM generation. |
| @@ -7,8 +7,8 @@ steps: | |||
| displayName: 🟣 Publish package to AzDO | |||
| inputs: | |||
| useDotNetTask: true | |||
There was a problem hiding this comment.
[nitpick] Consider adding an inline comment explaining the rationale behind the new package path to aid future maintainers in understanding this change.
| useDotNetTask: true | |
| useDotNetTask: true | |
| # The path below points to the Release/Shipping directory where the build process outputs NuGet packages. | |
| # This ensures only finalized, shippable packages are published. |
Copilot uses AI. Check for mistakes.
| inputs: | ||
| artifactName: PackageArtifacts | ||
| targetPath: $(Pipeline.Workspace)/PackageArtifacts | ||
| artifactName: Artifacts_Windows_NT_Release | ||
| targetPath: $(Pipeline.Workspace)/Artifacts_Windows_NT_Release |
There was a problem hiding this comment.
[nitpick] Ensure that the updated artifact name is consistently applied across all related pipeline tasks; adding a comment here might help clarify the new naming convention.
Copilot uses AI. Check for mistakes.
| artifactName: Artifacts_Windows_NT_Release | ||
| targetPath: $(Pipeline.Workspace)/Artifacts_Windows_NT_Release |
There was a problem hiding this comment.
Why was the artifact name changed? And this name seems arbitrary (meaning, it has no relationship to the build being created). We don't build any binaries so naming it this is misleading.
| packagesToPush: $(Pipeline.Workspace)/Artifacts_Windows_NT_Release/packages/Release/Shipping/*.nupkg | ||
| packageParentPath: $(Pipeline.Workspace)/Artifacts_Windows_NT_Release/ |
There was a problem hiding this comment.
So, what was wrong with:
| packagesToPush: $(Pipeline.Workspace)/Artifacts_Windows_NT_Release/packages/Release/Shipping/*.nupkg | |
| packageParentPath: $(Pipeline.Workspace)/Artifacts_Windows_NT_Release/ | |
| packagesToPush: $(Pipeline.Workspace)/PackageArtifacts/packages/Release/Shipping/*.nupkg | |
| packageParentPath: $(Pipeline.Workspace)/PackageArtifacts/ |
Currently there is an error before publishing to AzDO feeds related to SBOM generation.
Packages were imported from the previous stage without SBOM information.