Add support to publish packages to 1ES repository.#1430
Conversation
conniey
requested review from
g2vinay,
sandeep-sen,
tmeschter and
weshaggard
There was a problem hiding this comment.
Pull request overview
This PR adds support for publishing npm packages to a 1ES (One Engineering System) internal repository alongside the existing public Azure SDK repository. The changes enable dual-publishing to both public and internal feeds during the CI/CD pipeline execution.
Key changes:
- Enhanced the publish-to-dev-feed.yml template to support custom authentication endpoints and configurable access levels
- Added new publish steps in release and integration jobs to publish to the 1ES repository
- Modified the npmrc authentication step to accept custom service connection endpoints
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| eng/pipelines/templates/steps/publish-to-dev-feed.yml | Added CustomEndpoint and Access parameters; refactored npm publish command to conditionally include access and tag flags |
| eng/pipelines/templates/jobs/npm/release-npm.yml | Added new template invocation to publish packages to 1ES repository with custom endpoint |
| eng/pipelines/templates/jobs/integration.yml | Added new template invocation to publish packages to 1ES repository with empty access parameter |
| eng/common/pipelines/templates/steps/create-authenticated-npmrc.yml | Added customEndpoint parameter to support custom Azure DevOps service connections for authentication |
| parameters: | ||
| PathToArtifacts: $(Pipeline.Workspace)/packages_npm | ||
| Registry: https://pkgs.dev.azure.com/1es-mcp/1es-mcp/_packaging/1es-mcp-registry/npm/registry/ | ||
| CustomEndpoint: 'Azure SDK MCP Server Connection' |
There was a problem hiding this comment.
The Access parameter is set to an empty string ('') here, but in the publish-to-dev-feed.yml template, the default value for Access is 'public'. This means that when Access is explicitly set to an empty string, the condition if (![string]::IsNullOrEmpty($access)) on line 44 of publish-to-dev-feed.yml will evaluate to false (since an empty string is considered "empty"), and no --access flag will be added to the npm publish command.
However, this appears to be intentional behavior - setting Access to '' is likely meant to omit the --access flag entirely for the 1ES repository. Consider adding a comment to clarify this intentional behavior, or if this is unintentional, remove the Access parameter override to use the default 'public' value.
| CustomEndpoint: 'Azure SDK MCP Server Connection' | |
| CustomEndpoint: 'Azure SDK MCP Server Connection' | |
| # Intentionally set Access to empty string for the 1ES MCP registry so that | |
| # publish-to-dev-feed.yml does not pass an --access flag to `npm publish`. | |
| # The template's default is 'public', but that behavior is not desired here. |
| parameters: | ||
| npmrcPath: ${{parameters.PathToArtifacts}}/.npmrc | ||
| registryUrl: ${{parameters.Registry}} | ||
| customEndpoint: ${{parameters.CustomEndpoint}} |
There was a problem hiding this comment.
The parameter name uses inconsistent casing: 'CustomEndpoint' (PascalCase) is used in the parameter definition on line 8, but 'customEndpoint' (camelCase) is used when passing it to the npmAuthenticate task on line 32. While YAML template parameters in Azure Pipelines are case-insensitive, this inconsistency reduces code clarity and maintainability. Consider standardizing on one casing convention throughout the codebase.
conniey
force-pushed
the
conniey/add-1es-publishing
branch
3 times, most recently
from
daa30ea to
b193bb0
Compare
conniey
force-pushed
the
conniey/add-1es-publishing
branch
from
b193bb0 to
1cff609
Compare
github-project-automation
Bot
moved this from Untriaged
to In Progress
in Azure MCP Server
* Adding parameter for customEndpoint * Adding to integration step. * Try updating parameter * Update Connection Name * Add parameter for additional logging * Fix path. * Fix tag for release and urls * update to dev/pre tags for dev builds. * Update name to ServiceConnection * Publish to 1ES first. * Update display name
What does this PR do?
Adds support to publish public packages to 1ES repository for internal consumption. Depends on Azure/azure-sdk-tools#13221 to be merged.
GitHub issue number?
Pre-merge Checklist
servers/Azure.Mcp.Server/CHANGELOG.mdand/orservers/Fabric.Mcp.Server/CHANGELOG.mdfor product changes (features, bug fixes, UI/UX, updated dependencies)servers/Azure.Mcp.Server/README.mdand/orservers/Fabric.Mcp.Server/README.mddocumentationeng/scripts/Process-PackageReadMe.ps1. See Package README/servers/Azure.Mcp.Server/docs/azmcp-commands.mdand/or/docs/fabric-commands.md.\eng\scripts\Update-AzCommandsMetadata.ps1to update tool metadata in azmcp-commands.md (required for CI)ToolDescriptionEvaluatorand obtained a score of0.4or more and a top 3 ranking for all related test promptsconsolidated-tools.json/servers/Azure.Mcp.Server/docs/e2eTestPrompts.mdcrypto mining, spam, data exfiltration, etc.)/azp run mcp - pullrequest - liveto run Live Test Pipeline