Switch OneBranch to msazure CFS feed

Which removes the need to do complicated authentication.

Author: andyleejordan

.pipelines/DSC-Official.yml

@@ -99,25 +99,13 @@ extends:
             Write-Host "##$vstsCommandString"
           name: Package
           displayName: Set Package Version
-        - task: AzureCLI@2
-          displayName: Get Az Token
-          inputs:
-            azureSubscription: PowerShell-CICD-Feed-Access
-            scriptType: pscore
-            scriptLocation: inlineScript
-            inlineScript: |
-              $token = az account get-access-token --query accessToken --resource 499b84ac-1321-427f-aa17-267ca6975798 -o tsv
-              $vstsCommandString = "vso[task.setvariable variable=AzToken;isoutput=true]$token"
-              Write-Host "Setting token"
-              Write-Host "##$vstsCommandString"
 
       - job: BuildWin_x64
         dependsOn: SetPackageVersion
         variables:
           ob_sdl_tsa_configFile: '$(System.DefaultWorkingDirectory)\.config\tsaoptions.json'
           ob_outputDirectory: '$(Build.ArtifactStagingDirectory)'
           signSrcPath: '$(System.DefaultWorkingDirectory)\out'
-          AzToken: $[ dependencies.SetPackageVersion.outputs['AzToken'] ]
           ob_sdl_sbom_enabled: true
           ob_signing_setup_enabled: true
           ob_sdl_codeql_compiled_enabled: true
@@ -129,7 +117,6 @@ extends:
             buildName: x86_64-pc-windows-msvc
             signSrcPath: '$(signSrcPath)'
             PackageRoot: '$(PackageRoot)'
-            aztoken: '$(AzToken)'
             rustSDK: '$(Rust.SDK)'
 
       - job: BuildWin_arm64
@@ -138,7 +125,6 @@ extends:
           ob_sdl_tsa_configFile: '$(System.DefaultWorkingDirectory)\.config\tsaoptions.json'
           ob_outputDirectory: '$(Build.ArtifactStagingDirectory)'
           signSrcPath: '$(System.DefaultWorkingDirectory)\out'
-          AzToken: $[ dependencies.SetPackageVersion.outputs['AzToken'] ]
           ob_sdl_sbom_enabled: true
           ob_signing_setup_enabled: true
           ob_sdl_codeql_compiled_enabled: true
@@ -150,7 +136,6 @@ extends:
             buildName: aarch64-pc-windows-msvc
             signSrcPath: '$(signSrcPath)'
             PackageRoot: '$(PackageRoot)'
-            aztoken: '$(AzToken)'
             rustSDK: '$(Rust.SDK)'
 
       - job: CreateMsixBundle
@@ -167,7 +152,6 @@ extends:
           ob_sdl_sbom_enabled: false
           ob_signing_setup_enabled: false
           ob_sdl_codeql_compiled_enabled: false
-          ob_restore_phase: true
         pool:
           type: windows
         steps:
@@ -302,7 +286,6 @@ extends:
         variables:
           LinuxContainerImage: 'onebranch.azurecr.io/linux/ubuntu-2204:latest'
           PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ]
-          AzToken: $[ dependencies.SetPackageVersion.outputs['AzToken'] ]
           ob_outputDirectory: '$(Build.ArtifactStagingDirectory)'
           ob_linuxSymbolsPublishing_enabled: true
           ob_linuxSymbolsPublishing_symbolsFolder: '$(System.DefaultWorkingDirectory)/DSC/bin'
@@ -317,14 +300,13 @@ extends:
             toolchainFeed: $(Rust.SDK)
             additionalTargets: x86_64-unknown-linux-musl
           displayName: Install Rust
-          env:
-            ob_restore_phase: true
+        - task: CargoAuthenticate@0
+          inputs:
+            configFile: '.cargo/config.toml'
+          displayName: Authenticate with Azure Artifacts
         - pwsh: |
             apt update
             apt -y install musl-tools rpm dpkg build-essential protobuf-compiler
-            $header = "Bearer $(AzToken)"
-            $env:CARGO_REGISTRIES_POWERSHELL_TOKEN = $header
-            $env:CARGO_REGISTRIES_POWERSHELL_CREDENTIAL_PROVIDER = 'cargo:token'
             ./build.ps1 -Release -Architecture x86_64-unknown-linux-musl
             ./packaging.ps1 -PackageType tgz -Architecture x86_64-unknown-linux-musl -Release
             ./packaging.ps1 -PackageType rpm -Architecture x86_64-unknown-linux-musl -Release
@@ -340,7 +322,6 @@ extends:
         variables:
           LinuxContainerImage: 'onebranch.azurecr.io/linux/ubuntu-2204-arm64:latest'
           PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ]
-          AzToken: $[ dependencies.SetPackageVersion.outputs['AzToken'] ]
           ob_outputDirectory: '$(Build.ArtifactStagingDirectory)'
           ob_linuxSymbolsPublishing_enabled: true
           ob_linuxSymbolsPublishing_symbolsFolder: '$(System.DefaultWorkingDirectory)/DSC/bin'
@@ -356,16 +337,10 @@ extends:
             toolchainFeed: $(Rust.SDK)
             additionalTargets: aarch64-unknown-linux-musl
           displayName: Install Rust
-          env:
-            ob_restore_phase: true
-        - task: AzureCLI@2
-          displayName: Azure CLI
+        - task: CargoAuthenticate@0
           inputs:
-            azureSubscription: PowerShell-CICD-Feed-Access
-            scriptType: pscore
-            scriptLocation: inlineScript
-            inlineScript: |
-              az account show
+            configFile: '.cargo/config.toml'
+          displayName: Authenticate with Azure Artifacts
         - pwsh: |
             $env:CC_aarch64_unknown_linux_musl='clang'
             $env:AR_aarch64_unknown_linux_musl='llvm-ar'
@@ -386,9 +361,6 @@ extends:
             if ((openssl version -d) -match 'OPENSSLDIR: "(?<dir>.*?)"') {
               $env:OPENSSL_LIB_DIR = $matches['dir']
             }
-            $header = "Bearer $(AzToken)"
-            $env:CARGO_REGISTRIES_POWERSHELL_TOKEN = $header
-            $env:CARGO_REGISTRIES_POWERSHELL_CREDENTIAL_PROVIDER = 'cargo:token'
             ./build.ps1 -Release -Architecture aarch64-unknown-linux-musl
             ./packaging.ps1 -PackageType tgz -Architecture aarch64-unknown-linux-musl -Release
             ./packaging.ps1 -PackageType rpm -Architecture aarch64-unknown-linux-musl -Release
@@ -403,7 +375,6 @@ extends:
         dependsOn: SetPackageVersion
         variables:
           PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ]
-          AzToken: $[ dependencies.SetPackageVersion.outputs['AzToken'] ]
           ob_outputDirectory: '$(Build.ArtifactStagingDirectory)'
         displayName: BuildMac
         pool:
@@ -424,20 +395,11 @@ extends:
             toolchainFeed: $(Rust.SDK)
             additionalTargets: $(buildName)
           displayName: Install Rust
-          env:
-            ob_restore_phase: true
-        - task: AzureCLI@2
-          displayName: Azure CLI
+        - task: CargoAuthenticate@0
           inputs:
-            azureSubscription: PowerShell-CICD-Feed-Access
-            scriptType: pscore
-            scriptLocation: inlineScript
-            inlineScript: |
-              az account show
+            configFile: '.cargo/config.toml'
+          displayName: Authenticate with Azure Artifacts
         - pwsh: |
-            $header = "Bearer $(AzToken)"
-            $env:CARGO_REGISTRIES_POWERSHELL_TOKEN = $header
-            $env:CARGO_REGISTRIES_POWERSHELL_CREDENTIAL_PROVIDER = 'cargo:token'
             Write-Verbose -Verbose "Building for $(buildName)"
             ./build.ps1 -Release -Architecture $(buildName)
             ./packaging.ps1 -PackageType tgz -Architecture $(buildName) -Release

.pipelines/DSC-Windows.yml

@@ -8,40 +8,31 @@ parameters:
   - name: BuildConfiguration
     type: string
     default: Release
-  - name: aztoken
-    type: string
   - name: RustSDK
     type: string
 
 steps:
 - checkout: self
-  env:
-    ob_restore_phase: true
 - task: CodeQL3000Init@0 # Add CodeQL Init task right before your 'Build' step.
   inputs:
     Enabled: true
     AnalyzeInPipeline: true
     Language: rust
-  env:
-    ob_restore_phase: true
 - pwsh: |
     $tmpdir = "$(Agent.TempDirectory)"
     Write-Host "##vso[task.setvariable variable=CARGO_TARGET_DIR;]$tmpdir"
   displayName: 🛠️ Workaround for the LoadLibrary ACCESS_VIOLATION OneBranch issue
-  env:
-    ob_restore_phase: true
 - task: RustInstaller@1
   inputs:
     rustVersion: ms-prod-1.93
     toolchainFeed: ${{ parameters.RustSDK }}
     additionalTargets: ${{ parameters.buildName }}
   displayName: Install Rust
-  env:
-    ob_restore_phase: true
+- task: CargoAuthenticate@0
+  inputs:
+    configFile: '.cargo/config.toml'
+  displayName: Authenticate with Azure Artifacts
 - pwsh: |
-    $header = "Bearer ${{ parameters.aztoken }}"
-    $env:CARGO_REGISTRIES_POWERSHELL_TOKEN = $header
-    $env:CARGO_REGISTRIES_POWERSHELL_CREDENTIAL_PROVIDER = 'cargo:token'
     Set-Location "$(Build.SourcesDirectory)/DSC"
     $LLVMBIN = "$($env:PROGRAMFILES)\Microsoft Visual Studio\2022\Enterprise\VC\Tools\Llvm\bin"
     if (!(Test-Path $LLVMBIN)) {
@@ -52,13 +43,9 @@ steps:
     Write-Verbose -Verbose "Building for ${{ parameters.buildName }}"
     ./build.ps1 -Release -Architecture ${{ parameters.buildName }} -SkipLinkCheck -Verbose
   displayName: 'Build ${{ parameters.buildName }}'
-  env:
-    ob_restore_phase: true
   condition: succeeded()
 - task: CodeQL3000Finalize@0 # Add CodeQL Finalize task right after your 'Build' step.
   condition: always()
-  env:
-    ob_restore_phase: true
 - pwsh: |
     $null = New-Item -ItemType Directory -Path "${{ parameters.PackageRoot }}" -ErrorAction Ignore
     $null = New-Item -ItemType Directory -Path "${{ parameters.PackageRoot }}/out" -ErrorAction Ignore
@@ -72,8 +59,6 @@ steps:
     write-host 'Binaries in ${{ parameters.signSrcPath }}'
     dir -r "${{ parameters.signSrcPath }}"
   displayName: Copy built binaries
-  env:
-    ob_restore_phase: true
   condition: succeeded()
 - task: onebranch.pipeline.signing@1
   displayName: Sign 1st party files