From acea901081ebc11b72d5715d3aedca26e0f5f27e Mon Sep 17 00:00:00 2001 From: Weidong Xu Date: Wed, 15 Apr 2026 10:17:39 +0800 Subject: [PATCH 1/3] use ESRP --- eng/pipelines/publish-typespec-java.yaml | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/eng/pipelines/publish-typespec-java.yaml b/eng/pipelines/publish-typespec-java.yaml index 960626036f..602174d4bc 100644 --- a/eng/pipelines/publish-typespec-java.yaml +++ b/eng/pipelines/publish-typespec-java.yaml @@ -63,11 +63,21 @@ extends: env: GH_TOKEN: $(azuresdk-github-pat) - - script: | - npm config set //registry.npmjs.org/:_authToken=$(azure-sdk-npm-token) - ls *.tgz | npm publish -0 --access public - npm config delete //registry.npmjs.org/:_authToken + - task: EsrpRelease@11 displayName: 'Publish TypeSpec Java to NPM' - workingDirectory: ./typespec-extension + inputs: + ConnectedServiceName: Azure SDK PME Managed Identity + ClientId: 5f81938c-2544-4f1f-9251-dd9de5b8a81b + DomainTenantId: 975f013f-7f24-47e8-a7d3-abc4752bf346 + UseManagedIdentity: true + KeyVaultName: kv-azuresdk-codesign + SignCertName: azure-sdk-esrp-release-certificate + Intent: PackageDistribution + ContentType: npm + FolderLocation: $(System.DefaultWorkingDirectory)/typespec-extension + Owners: ${{ coalesce(variables['Build.RequestedForEmail'], 'azuresdk@microsoft.com') }} + Approvers: ${{ coalesce(variables['Build.RequestedForEmail'], 'azuresdk@microsoft.com') }} + ServiceEndpointUrl: https://api.esrp.microsoft.com + MainPublisher: ESRPRELPACMANTEST - template: /eng/pipelines/steps/cleanup-maven-local-cache.yml From c0008665c8ad42ab634759c40a9ce925e955b97a Mon Sep 17 00:00:00 2001 From: Weidong Xu Date: Thu, 16 Apr 2026 11:49:56 +0800 Subject: [PATCH 2/3] first copy tgz to $(buildArtifactsPath)/packages --- eng/pipelines/publish-typespec-java.yaml | 26 ++++++++++++++++++- .../steps/create-authenticated-npmrc.yml | 24 +++++++++++++++++ 2 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 eng/pipelines/templates/steps/create-authenticated-npmrc.yml diff --git a/eng/pipelines/publish-typespec-java.yaml b/eng/pipelines/publish-typespec-java.yaml index 602174d4bc..2e758700e4 100644 --- a/eng/pipelines/publish-typespec-java.yaml +++ b/eng/pipelines/publish-typespec-java.yaml @@ -15,6 +15,8 @@ extends: variables: - template: /eng/pipelines/variables/globals.yml - template: /eng/pipelines/variables/image.yml + - name: buildArtifactsPath + value: $(Pipeline.Workspace)/build_artifacts pool: name: $(LINUXPOOL) @@ -63,6 +65,28 @@ extends: env: GH_TOKEN: $(azuresdk-github-pat) + - pwsh: | + New-Item -ItemType Directory -Path "$(buildArtifactsPath)/packages" -Force + Copy-Item -Path "./typespec-extension/*.tgz" -Destination "$(buildArtifactsPath)/packages" + displayName: 'Copy packages to artifacts staging directory' + + # Always publish to internal feed + - template: /eng/pipelines/templates/steps/create-authenticated-npmrc.yml + parameters: + npmrcPath: $(buildArtifactsPath)/packages/.npmrc + registryUrl: https://pkgs.dev.azure.com/azure-sdk/public/_packaging/azure-sdk-for-js/npm/registry/ + + # publish to devops feed + - pwsh: | + $packageFiles = Get-ChildItem -Path . -Filter '*.tgz' + foreach ($file in $packageFiles.Name) { + Write-Host "npm publish $file --verbose --access public" + npm publish $file --verbose --access public + } + displayName: Publish to DevOps feed + workingDirectory: $(buildArtifactsPath)/packages + + # publish to npmjs.org - task: EsrpRelease@11 displayName: 'Publish TypeSpec Java to NPM' inputs: @@ -74,7 +98,7 @@ extends: SignCertName: azure-sdk-esrp-release-certificate Intent: PackageDistribution ContentType: npm - FolderLocation: $(System.DefaultWorkingDirectory)/typespec-extension + FolderLocation: $(buildArtifactsPath)/packages Owners: ${{ coalesce(variables['Build.RequestedForEmail'], 'azuresdk@microsoft.com') }} Approvers: ${{ coalesce(variables['Build.RequestedForEmail'], 'azuresdk@microsoft.com') }} ServiceEndpointUrl: https://api.esrp.microsoft.com diff --git a/eng/pipelines/templates/steps/create-authenticated-npmrc.yml b/eng/pipelines/templates/steps/create-authenticated-npmrc.yml new file mode 100644 index 0000000000..7bae24976a --- /dev/null +++ b/eng/pipelines/templates/steps/create-authenticated-npmrc.yml @@ -0,0 +1,24 @@ +parameters: + - name: npmrcPath + type: string + - name: registryUrl + type: string + +steps: + - pwsh: | + Write-Host "Creating .npmrc file ${{ parameters.npmrcPath }} for registry ${{ parameters.registryUrl }}" + $parentFolder = Split-Path -Path '${{ parameters.npmrcPath }}' -Parent + + if (!(Test-Path $parentFolder)) { + Write-Host "Creating folder $parentFolder" + New-Item -Path $parentFolder -ItemType Directory | Out-Null + } + + $content = "registry=${{ parameters.registryUrl }}`n`n" + "always-auth=true" + $content | Out-File '${{ parameters.npmrcPath }}' + displayName: "Create .npmrc" + + - task: npmAuthenticate@0 + displayName: Authenticate .npmrc + inputs: + workingFile: ${{ parameters.npmrcPath }} From 43b683a8d9882e80d7254ff80ce31c9477cb3a69 Mon Sep 17 00:00:00 2001 From: Weidong Xu Date: Mon, 20 Apr 2026 09:59:09 +0800 Subject: [PATCH 3/3] Update publish-typespec-java.yaml --- eng/pipelines/publish-typespec-java.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eng/pipelines/publish-typespec-java.yaml b/eng/pipelines/publish-typespec-java.yaml index 2e758700e4..c0b12f10aa 100644 --- a/eng/pipelines/publish-typespec-java.yaml +++ b/eng/pipelines/publish-typespec-java.yaml @@ -70,7 +70,7 @@ extends: Copy-Item -Path "./typespec-extension/*.tgz" -Destination "$(buildArtifactsPath)/packages" displayName: 'Copy packages to artifacts staging directory' - # Always publish to internal feed + # create npmrc file with auth - template: /eng/pipelines/templates/steps/create-authenticated-npmrc.yml parameters: npmrcPath: $(buildArtifactsPath)/packages/.npmrc