From 3036e7e2f2b8cef167d58b49ef1454b8806fbfeb Mon Sep 17 00:00:00 2001 From: David Williams-Young Date: Thu, 21 May 2026 23:13:07 +0000 Subject: [PATCH 01/12] Remove Pyenv in favor of uv in CI/CD --- .pipelines/pip-scripts/build-pip-wheels.sh | 34 ++++++++++----------- .pipelines/pip-scripts/test-pip-wheels.sh | 35 ++++++++-------------- .pipelines/templates/build-pip-wheels.yml | 9 +++--- .pipelines/templates/test-pip-wheels.yml | 13 ++++---- 4 files changed, 38 insertions(+), 53 deletions(-) diff --git a/.pipelines/pip-scripts/build-pip-wheels.sh b/.pipelines/pip-scripts/build-pip-wheels.sh index babb3e72c..206dde4af 100644 --- a/.pipelines/pip-scripts/build-pip-wheels.sh +++ b/.pipelines/pip-scripts/build-pip-wheels.sh @@ -10,8 +10,7 @@ CMAKE_VERSION=${6:-3.28.3} HDF5_VERSION=${7:-1.13.0} BLIS_VERSION=${8:-2.0} LIBFLAME_VERSION=${9:-5.2.0} -PYENV_VERSION=${10:-2.6.31} -MAC_BUILD=${11:-OFF} +MAC_BUILD=${10:-OFF} export CFLAGS="-fPIC -Os" if [ "$MAC_BUILD" == "OFF" ]; then # Build/install Linux dependencies @@ -83,8 +82,6 @@ if [ "$MAC_BUILD" == "OFF" ]; then # Build/install Linux dependencies echo "Downloading and installing libflame..." bash .pipelines/install-scripts/install-libflame.sh /usr/local ${MARCH} ${LIBFLAME_VERSION} "${CFLAGS}" - - export PYENV_ROOT="/workspace/.pyenv" elif [ "$MAC_BUILD" == "ON" ]; then arch -arm64 brew update arch -arm64 brew upgrade @@ -99,7 +96,6 @@ elif [ "$MAC_BUILD" == "ON" ]; then pybind11 \ wget export CMAKE_PREFIX_PATH="/opt/homebrew" - export PYENV_ROOT="$PWD/.pyenv" fi echo "Downloading HDF5 $HDF5_VERSION..." @@ -114,20 +110,20 @@ echo "HDF5 $HDF5_VERSION downloaded and extracted successfully" echo "Installing HDF5..." bash .pipelines/install-scripts/install-hdf5.sh /usr/local ${BUILD_TYPE} ${PWD} "${CFLAGS}" ${MAC_BUILD} -# Install pyenv to use non-system python3 versions -# pyenv is used in place of a venv to prevent any collisions with the system Python -# when building with a non-system Python version. -echo "Installing pyenv ${PYENV_VERSION}..." -PYENV_CHECKSUM=7435b8c1481043e48c838ba40d5c8bc724c23d4c94e531adc283a7c121757ad4 -wget -q https://github.com/pyenv/pyenv/archive/refs/tags/v${PYENV_VERSION}.zip -O pyenv.zip -echo "${PYENV_CHECKSUM} pyenv.zip" | shasum -a 256 -c || exit 1 -unzip -q pyenv.zip -mv pyenv-${PYENV_VERSION} "$PYENV_ROOT" -rm pyenv.zip -"$PYENV_ROOT/bin/pyenv" install ${PYTHON_VERSION} -"$PYENV_ROOT/bin/pyenv" global ${PYTHON_VERSION} -export PATH="$PYENV_ROOT/versions/${PYTHON_VERSION}/bin:$PATH" -export PATH="$PYENV_ROOT/shims:$PATH" +# On Linux, install Python ${PYTHON_VERSION} inside the container via uv (standalone Python +# from python-build-standalone), to avoid relying on the container's system Python. +# On macOS, the requested Python is provided by the UsePythonVersion@0 ADO task in the +# pipeline template, which puts it on PATH for this script. +if [ "$MAC_BUILD" == "OFF" ]; then + echo "Installing uv..." + curl -LsSf https://astral.sh/uv/install.sh | sh + export PATH="$HOME/.local/bin:$PATH" + + echo "Installing Python ${PYTHON_VERSION} via uv..." + uv python install "${PYTHON_VERSION}" + PYTHON_BIN="$(uv python find "${PYTHON_VERSION}")" + export PATH="$(dirname "$PYTHON_BIN"):$PATH" +fi python3 --version diff --git a/.pipelines/pip-scripts/test-pip-wheels.sh b/.pipelines/pip-scripts/test-pip-wheels.sh index dd2488ff3..a9fc9c0f6 100644 --- a/.pipelines/pip-scripts/test-pip-wheels.sh +++ b/.pipelines/pip-scripts/test-pip-wheels.sh @@ -2,7 +2,6 @@ set -ex PYTHON_VERSION=${1:-3.11} MAC_BUILD=${2:-OFF} -PYENV_VERSION=${3:-2.6.31} export MAC_BUILD SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" @@ -15,10 +14,8 @@ else fi if [ "$MAC_BUILD" == "OFF" ] && [ -d "/workspace" ]; then - export PYENV_ROOT="/workspace/.pyenv" VENV_DIR="/workspace/test_wheel_env" else - export PYENV_ROOT="$REPO_ROOT/.pyenv" VENV_DIR="$REPO_ROOT/.test_wheel_env" fi @@ -65,27 +62,21 @@ elif [ "$MAC_BUILD" == "ON" ]; then wget fi -# Install pyenv to use non-system python3 versions -if [ ! -d "$PYENV_ROOT" ]; then - echo "Installing pyenv ${PYENV_VERSION}..." - PYENV_CHECKSUM=7435b8c1481043e48c838ba40d5c8bc724c23d4c94e531adc283a7c121757ad4 - wget -q https://github.com/pyenv/pyenv/archive/refs/tags/v${PYENV_VERSION}.zip -O pyenv.zip - echo "${PYENV_CHECKSUM} pyenv.zip" | shasum -a 256 -c || exit 1 - unzip -q pyenv.zip - mv pyenv-${PYENV_VERSION} "$PYENV_ROOT" - rm pyenv.zip - "$PYENV_ROOT/bin/pyenv" install ${PYTHON_VERSION} - "$PYENV_ROOT/bin/pyenv" global ${PYTHON_VERSION} - export PATH="$PYENV_ROOT/versions/${PYTHON_VERSION}/bin:$PATH" - export PATH="$PYENV_ROOT/shims:$PATH" +# On Linux, install Python ${PYTHON_VERSION} inside the container via uv (standalone Python +# from python-build-standalone), to avoid relying on the container's system Python. +# On macOS, the requested Python is provided by the UsePythonVersion@0 ADO task in the +# pipeline template, which puts it on PATH for this script. +if [ "$MAC_BUILD" == "OFF" ]; then + echo "Installing uv..." + curl -LsSf https://astral.sh/uv/install.sh | sh + export PATH="$HOME/.local/bin:$PATH" + + echo "Installing Python ${PYTHON_VERSION} via uv..." + uv python install "${PYTHON_VERSION}" + PYTHON_BIN="$(uv python find "${PYTHON_VERSION}")" + export PATH="$(dirname "$PYTHON_BIN"):$PATH" fi -# Install and activate the specific Python version -"$PYENV_ROOT/bin/pyenv" install $PYTHON_VERSION --skip-existing -"$PYENV_ROOT/bin/pyenv" global $PYTHON_VERSION -export PATH="$PYENV_ROOT/versions/$PYTHON_VERSION/bin:$PATH" -export PATH="$PYENV_ROOT/shims:$PATH" - python3 --version # Create a clean virtual environment for testing the wheel diff --git a/.pipelines/templates/build-pip-wheels.yml b/.pipelines/templates/build-pip-wheels.yml index d1ab7e536..ef8eb881a 100644 --- a/.pipelines/templates/build-pip-wheels.yml +++ b/.pipelines/templates/build-pip-wheels.yml @@ -35,9 +35,6 @@ parameters: - name: libflameVersion type: string default: 5.2.0 -- name: pyenvVersion - type: string - default: 2.6.31 - name: macBuild type: string default: OFF @@ -107,12 +104,15 @@ steps: ${{ parameters.hdf5Version }} \ ${{ parameters.blisVersion }} \ ${{ parameters.libflameVersion }} \ - ${{ parameters.pyenvVersion }} \ ${{ parameters.macBuild }} displayName: Build wheel (Linux) retryCountOnTaskFailure: 2 - ${{ if eq(parameters.macBuild, 'ON') }}: + - task: UsePythonVersion@0 + displayName: Use Python ${{ parameters.pythonVersion }} (macOS) + inputs: + versionSpec: '${{ parameters.pythonVersion }}' - script: | set -x echo "Running pip wheel build (native)..." @@ -126,6 +126,5 @@ steps: ${{ parameters.hdf5Version }} \ ${{ parameters.blisVersion }} \ ${{ parameters.libflameVersion }} \ - ${{ parameters.pyenvVersion }} \ ${{ parameters.macBuild }} displayName: Build wheel (macOS native) diff --git a/.pipelines/templates/test-pip-wheels.yml b/.pipelines/templates/test-pip-wheels.yml index 92f6dc387..8c633372c 100644 --- a/.pipelines/templates/test-pip-wheels.yml +++ b/.pipelines/templates/test-pip-wheels.yml @@ -14,9 +14,6 @@ parameters: - name: macBuild type: string default: OFF -- name: pyenvVersion - type: string - default: 2.6.31 steps: - ${{ if eq(parameters.macBuild, 'OFF') }}: @@ -30,15 +27,17 @@ steps: -w /workspace/qdk-chemistry/python \ ${{ parameters.dockerImage }} \ bash ../.pipelines/pip-scripts/test-pip-wheels.sh ${{ parameters.pythonVersion }} \ - ${{ parameters.macBuild }} \ - ${{ parameters.pyenvVersion }} + ${{ parameters.macBuild }} displayName: Test wheel (Docker) - ${{ if eq(parameters.macBuild, 'ON') }}: + - task: UsePythonVersion@0 + displayName: Use Python ${{ parameters.pythonVersion }} (macOS) + inputs: + versionSpec: '${{ parameters.pythonVersion }}' - script: | echo "Running wheel tests (native)..." cd ${{ parameters.agentBuildDirectory }}/qdk-chemistry/python bash ../.pipelines/pip-scripts/test-pip-wheels.sh ${{ parameters.pythonVersion }} \ - ${{ parameters.macBuild }} \ - ${{ parameters.pyenvVersion }} + ${{ parameters.macBuild }} displayName: Test wheel (native) From adf5de69510f23174118d6c61867f284784787e2 Mon Sep 17 00:00:00 2001 From: David Williams-Young Date: Fri, 22 May 2026 14:11:37 -0700 Subject: [PATCH 02/12] Replace uv with ms-ensureconda (Anaconda) in pip-wheels CI The Microsoft Engineering Hub Python guide identifies Anaconda via ms-ensureconda as the official, CFS-compliant Python distribution for Azure Pipelines / OneBranch CI builds; uv is not an approved provider. See https://eng.ms/docs/more/languages-at-microsoft/python/articles/anaconda/install Requires azure-feed://mseng/Anaconda@Published as an upstream on AzureQuantum/quantum-apps-dependencies (configured separately). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .pipelines/pip-scripts/build-pip-wheels.sh | 37 ++++++++++----- .pipelines/pip-scripts/test-pip-wheels.sh | 52 +++++++++++++++------- 2 files changed, 60 insertions(+), 29 deletions(-) diff --git a/.pipelines/pip-scripts/build-pip-wheels.sh b/.pipelines/pip-scripts/build-pip-wheels.sh index 206dde4af..b8e27703b 100644 --- a/.pipelines/pip-scripts/build-pip-wheels.sh +++ b/.pipelines/pip-scripts/build-pip-wheels.sh @@ -110,19 +110,32 @@ echo "HDF5 $HDF5_VERSION downloaded and extracted successfully" echo "Installing HDF5..." bash .pipelines/install-scripts/install-hdf5.sh /usr/local ${BUILD_TYPE} ${PWD} "${CFLAGS}" ${MAC_BUILD} -# On Linux, install Python ${PYTHON_VERSION} inside the container via uv (standalone Python -# from python-build-standalone), to avoid relying on the container's system Python. -# On macOS, the requested Python is provided by the UsePythonVersion@0 ADO task in the -# pipeline template, which puts it on PATH for this script. +# On Linux, install Python ${PYTHON_VERSION} inside the container via Anaconda's conda +# package manager, bootstrapped by Microsoft's CFS-compliant ms-ensureconda tool. +# Anaconda is the officially approved Python distribution for Microsoft CI builds +# (Azure Pipelines / OneBranch); see +# https://eng.ms/docs/more/languages-at-microsoft/python/articles/anaconda/install +# (section "Setting up Conda in CI builds"). +# +# Prereq: the AzureQuantum/quantum-apps-dependencies Azure Artifacts feed must have +# azure-feed://mseng/Anaconda@Published configured as an upstream so that the +# ms-ensureconda pip package resolves inside this container. PIP_INDEX_URL is +# forwarded into the container by the pipeline template after PipAuthenticate@1. +# +# On macOS, the requested Python is provided by the UsePythonVersion@0 ADO task in +# the pipeline template, which puts it on PATH for this script. if [ "$MAC_BUILD" == "OFF" ]; then - echo "Installing uv..." - curl -LsSf https://astral.sh/uv/install.sh | sh - export PATH="$HOME/.local/bin:$PATH" - - echo "Installing Python ${PYTHON_VERSION} via uv..." - uv python install "${PYTHON_VERSION}" - PYTHON_BIN="$(uv python find "${PYTHON_VERSION}")" - export PATH="$(dirname "$PYTHON_BIN"):$PATH" + echo "Installing ms-ensureconda and bootstrapping conda..." + python3 -m pip install --upgrade pip + python3 -m pip install ms-ensureconda + python3 -m ensureconda --envfile /tmp/ensureconda.env + set -a; . /tmp/ensureconda.env; set +a + # shellcheck disable=SC1090 + . "$CONDA_BASH_HOOK" + + echo "Creating conda environment with Python ${PYTHON_VERSION}..." + conda create --yes --quiet --name buildenv "python=${PYTHON_VERSION}" + conda activate buildenv fi python3 --version diff --git a/.pipelines/pip-scripts/test-pip-wheels.sh b/.pipelines/pip-scripts/test-pip-wheels.sh index a9fc9c0f6..c3f6228c2 100644 --- a/.pipelines/pip-scripts/test-pip-wheels.sh +++ b/.pipelines/pip-scripts/test-pip-wheels.sh @@ -62,27 +62,43 @@ elif [ "$MAC_BUILD" == "ON" ]; then wget fi -# On Linux, install Python ${PYTHON_VERSION} inside the container via uv (standalone Python -# from python-build-standalone), to avoid relying on the container's system Python. -# On macOS, the requested Python is provided by the UsePythonVersion@0 ADO task in the -# pipeline template, which puts it on PATH for this script. +# On Linux, install Python ${PYTHON_VERSION} inside the container via Anaconda's conda +# package manager, bootstrapped by Microsoft's CFS-compliant ms-ensureconda tool. +# Anaconda is the officially approved Python distribution for Microsoft CI builds +# (Azure Pipelines / OneBranch); see +# https://eng.ms/docs/more/languages-at-microsoft/python/articles/anaconda/install +# (section "Setting up Conda in CI builds"). +# +# Prereq: the AzureQuantum/quantum-apps-dependencies Azure Artifacts feed must have +# azure-feed://mseng/Anaconda@Published configured as an upstream so that the +# ms-ensureconda pip package resolves inside this container. PIP_INDEX_URL is +# forwarded into the container by the pipeline template after PipAuthenticate@1. +# +# On macOS, the requested Python is provided by the UsePythonVersion@0 ADO task in +# the pipeline template, which puts it on PATH for this script. if [ "$MAC_BUILD" == "OFF" ]; then - echo "Installing uv..." - curl -LsSf https://astral.sh/uv/install.sh | sh - export PATH="$HOME/.local/bin:$PATH" - - echo "Installing Python ${PYTHON_VERSION} via uv..." - uv python install "${PYTHON_VERSION}" - PYTHON_BIN="$(uv python find "${PYTHON_VERSION}")" - export PATH="$(dirname "$PYTHON_BIN"):$PATH" + echo "Installing ms-ensureconda and bootstrapping conda..." + python3 -m pip install --upgrade pip + python3 -m pip install ms-ensureconda + python3 -m ensureconda --envfile /tmp/ensureconda.env + set -a; . /tmp/ensureconda.env; set +a + # shellcheck disable=SC1090 + . "$CONDA_BASH_HOOK" + + echo "Creating fresh conda environment for wheel test with Python ${PYTHON_VERSION}..." + conda create --yes --quiet --name testenv "python=${PYTHON_VERSION}" + conda activate testenv fi python3 --version -# Create a clean virtual environment for testing the wheel -rm -rf "$VENV_DIR" -python3 -m venv "$VENV_DIR" -. "$VENV_DIR/bin/activate" +# On macOS we still use a venv for isolation; on Linux the conda env above already +# provides an isolated Python. +if [ "$MAC_BUILD" == "ON" ]; then + rm -rf "$VENV_DIR" + python3 -m venv "$VENV_DIR" + . "$VENV_DIR/bin/activate" +fi python3 -m pip install --upgrade pip @@ -109,4 +125,6 @@ export QSHARP_PYTHON_TELEMETRY=false echo '=== Running pytest suite ===' python3 -m pytest -v ./tests -deactivate +if [ "$MAC_BUILD" == "ON" ]; then + deactivate +fi From 57df54036a44ad14a21eb6c5a835ede4d910e7e3 Mon Sep 17 00:00:00 2001 From: David Williams-Young Date: Fri, 22 May 2026 14:28:03 -0700 Subject: [PATCH 03/12] Use ms-ensureconda on macOS too; drop UsePythonVersion@0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The previous uv commit (3036e7e2) removed the pyenv-based Python install on macOS and switched to UsePythonVersion@0. On the AcesShared arm64 agents that task fails because (a) its default architecture is x64, and (b) the toolcache only ships Python 3.12.10 and 3.13.13 — anything else falls back to a GitHub download that 1ES network isolation blocks (exit 134). Switch macOS to the same ms-ensureconda + conda flow used on Linux, giving one Microsoft-approved Python provider across both platforms. A throwaway venv is used to bootstrap ms-ensureconda so PEP 668 (externally-managed Homebrew / Ubuntu pythons) doesn't block the install. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .pipelines/pip-scripts/build-pip-wheels.sh | 48 +++++++++-------- .pipelines/pip-scripts/test-pip-wheels.sh | 60 ++++++++++------------ .pipelines/templates/build-pip-wheels.yml | 4 -- .pipelines/templates/test-pip-wheels.yml | 4 -- 4 files changed, 54 insertions(+), 62 deletions(-) diff --git a/.pipelines/pip-scripts/build-pip-wheels.sh b/.pipelines/pip-scripts/build-pip-wheels.sh index b8e27703b..20797e00d 100644 --- a/.pipelines/pip-scripts/build-pip-wheels.sh +++ b/.pipelines/pip-scripts/build-pip-wheels.sh @@ -94,8 +94,11 @@ elif [ "$MAC_BUILD" == "ON" ]; then ncurses \ ninja \ pybind11 \ + python \ wget export CMAKE_PREFIX_PATH="/opt/homebrew" + # Make sure Homebrew's python3 is preferred when bootstrapping ms-ensureconda. + export PATH="/opt/homebrew/bin:$PATH" fi echo "Downloading HDF5 $HDF5_VERSION..." @@ -110,33 +113,36 @@ echo "HDF5 $HDF5_VERSION downloaded and extracted successfully" echo "Installing HDF5..." bash .pipelines/install-scripts/install-hdf5.sh /usr/local ${BUILD_TYPE} ${PWD} "${CFLAGS}" ${MAC_BUILD} -# On Linux, install Python ${PYTHON_VERSION} inside the container via Anaconda's conda -# package manager, bootstrapped by Microsoft's CFS-compliant ms-ensureconda tool. -# Anaconda is the officially approved Python distribution for Microsoft CI builds +# Install Python ${PYTHON_VERSION} via Anaconda's conda package manager (bootstrapped by +# Microsoft's CFS-compliant ms-ensureconda tool) on both Linux (inside the build container) +# and macOS. Anaconda is the officially approved Python distribution for Microsoft CI builds # (Azure Pipelines / OneBranch); see # https://eng.ms/docs/more/languages-at-microsoft/python/articles/anaconda/install # (section "Setting up Conda in CI builds"). # # Prereq: the AzureQuantum/quantum-apps-dependencies Azure Artifacts feed must have # azure-feed://mseng/Anaconda@Published configured as an upstream so that the -# ms-ensureconda pip package resolves inside this container. PIP_INDEX_URL is -# forwarded into the container by the pipeline template after PipAuthenticate@1. -# -# On macOS, the requested Python is provided by the UsePythonVersion@0 ADO task in -# the pipeline template, which puts it on PATH for this script. -if [ "$MAC_BUILD" == "OFF" ]; then - echo "Installing ms-ensureconda and bootstrapping conda..." - python3 -m pip install --upgrade pip - python3 -m pip install ms-ensureconda - python3 -m ensureconda --envfile /tmp/ensureconda.env - set -a; . /tmp/ensureconda.env; set +a - # shellcheck disable=SC1090 - . "$CONDA_BASH_HOOK" - - echo "Creating conda environment with Python ${PYTHON_VERSION}..." - conda create --yes --quiet --name buildenv "python=${PYTHON_VERSION}" - conda activate buildenv -fi +# ms-ensureconda pip package resolves. PIP_INDEX_URL is set by PipAuthenticate@1 at job +# level; on Linux it's forwarded into the docker container via -e PIP_INDEX_URL. +echo "Installing ms-ensureconda and bootstrapping conda..." +# Use a throwaway venv so we don't fight PEP 668 (Homebrew Python on macOS is externally +# managed). Same flow works in the Linux container, where the apt-installed python3 is +# also externally managed on Ubuntu 24.04. +python3 -m venv /tmp/bootstrap-venv +# shellcheck disable=SC1091 +. /tmp/bootstrap-venv/bin/activate +python3 -m pip install --upgrade pip +python3 -m pip install ms-ensureconda +python3 -m ensureconda --envfile /tmp/ensureconda.env +deactivate + +set -a; . /tmp/ensureconda.env; set +a +# shellcheck disable=SC1090 +. "$CONDA_BASH_HOOK" + +echo "Creating conda environment with Python ${PYTHON_VERSION}..." +conda create --yes --quiet --name buildenv "python=${PYTHON_VERSION}" +conda activate buildenv python3 --version diff --git a/.pipelines/pip-scripts/test-pip-wheels.sh b/.pipelines/pip-scripts/test-pip-wheels.sh index c3f6228c2..1418d36e3 100644 --- a/.pipelines/pip-scripts/test-pip-wheels.sh +++ b/.pipelines/pip-scripts/test-pip-wheels.sh @@ -58,47 +58,45 @@ elif [ "$MAC_BUILD" == "ON" ]; then arch -arm64 brew install \ curl \ ncurses \ + python \ unzip \ wget + # Make sure Homebrew's python3 is preferred when bootstrapping ms-ensureconda. + export PATH="/opt/homebrew/bin:$PATH" fi -# On Linux, install Python ${PYTHON_VERSION} inside the container via Anaconda's conda -# package manager, bootstrapped by Microsoft's CFS-compliant ms-ensureconda tool. -# Anaconda is the officially approved Python distribution for Microsoft CI builds +# Install Python ${PYTHON_VERSION} via Anaconda's conda package manager (bootstrapped by +# Microsoft's CFS-compliant ms-ensureconda tool) on both Linux (inside the test container) +# and macOS. Anaconda is the officially approved Python distribution for Microsoft CI builds # (Azure Pipelines / OneBranch); see # https://eng.ms/docs/more/languages-at-microsoft/python/articles/anaconda/install # (section "Setting up Conda in CI builds"). # # Prereq: the AzureQuantum/quantum-apps-dependencies Azure Artifacts feed must have # azure-feed://mseng/Anaconda@Published configured as an upstream so that the -# ms-ensureconda pip package resolves inside this container. PIP_INDEX_URL is -# forwarded into the container by the pipeline template after PipAuthenticate@1. -# -# On macOS, the requested Python is provided by the UsePythonVersion@0 ADO task in -# the pipeline template, which puts it on PATH for this script. -if [ "$MAC_BUILD" == "OFF" ]; then - echo "Installing ms-ensureconda and bootstrapping conda..." - python3 -m pip install --upgrade pip - python3 -m pip install ms-ensureconda - python3 -m ensureconda --envfile /tmp/ensureconda.env - set -a; . /tmp/ensureconda.env; set +a - # shellcheck disable=SC1090 - . "$CONDA_BASH_HOOK" - - echo "Creating fresh conda environment for wheel test with Python ${PYTHON_VERSION}..." - conda create --yes --quiet --name testenv "python=${PYTHON_VERSION}" - conda activate testenv -fi +# ms-ensureconda pip package resolves. PIP_INDEX_URL is set by PipAuthenticate@1 at job +# level; on Linux it's forwarded into the docker container via -e PIP_INDEX_URL. +echo "Installing ms-ensureconda and bootstrapping conda..." +# Use a throwaway venv so we don't fight PEP 668 (Homebrew Python on macOS is externally +# managed). Same flow works in the Linux container, where the apt-installed python3 is +# also externally managed on Ubuntu 24.04. +python3 -m venv /tmp/bootstrap-venv +# shellcheck disable=SC1091 +. /tmp/bootstrap-venv/bin/activate +python3 -m pip install --upgrade pip +python3 -m pip install ms-ensureconda +python3 -m ensureconda --envfile /tmp/ensureconda.env +deactivate -python3 --version +set -a; . /tmp/ensureconda.env; set +a +# shellcheck disable=SC1090 +. "$CONDA_BASH_HOOK" -# On macOS we still use a venv for isolation; on Linux the conda env above already -# provides an isolated Python. -if [ "$MAC_BUILD" == "ON" ]; then - rm -rf "$VENV_DIR" - python3 -m venv "$VENV_DIR" - . "$VENV_DIR/bin/activate" -fi +echo "Creating fresh conda environment for wheel test with Python ${PYTHON_VERSION}..." +conda create --yes --quiet --name testenv "python=${PYTHON_VERSION}" +conda activate testenv + +python3 --version python3 -m pip install --upgrade pip @@ -124,7 +122,3 @@ export QSHARP_PYTHON_TELEMETRY=false # Run pytest suite echo '=== Running pytest suite ===' python3 -m pytest -v ./tests - -if [ "$MAC_BUILD" == "ON" ]; then - deactivate -fi diff --git a/.pipelines/templates/build-pip-wheels.yml b/.pipelines/templates/build-pip-wheels.yml index ef8eb881a..d0fafd1e7 100644 --- a/.pipelines/templates/build-pip-wheels.yml +++ b/.pipelines/templates/build-pip-wheels.yml @@ -109,10 +109,6 @@ steps: retryCountOnTaskFailure: 2 - ${{ if eq(parameters.macBuild, 'ON') }}: - - task: UsePythonVersion@0 - displayName: Use Python ${{ parameters.pythonVersion }} (macOS) - inputs: - versionSpec: '${{ parameters.pythonVersion }}' - script: | set -x echo "Running pip wheel build (native)..." diff --git a/.pipelines/templates/test-pip-wheels.yml b/.pipelines/templates/test-pip-wheels.yml index 8c633372c..e2d785bfa 100644 --- a/.pipelines/templates/test-pip-wheels.yml +++ b/.pipelines/templates/test-pip-wheels.yml @@ -31,10 +31,6 @@ steps: displayName: Test wheel (Docker) - ${{ if eq(parameters.macBuild, 'ON') }}: - - task: UsePythonVersion@0 - displayName: Use Python ${{ parameters.pythonVersion }} (macOS) - inputs: - versionSpec: '${{ parameters.pythonVersion }}' - script: | echo "Running wheel tests (native)..." cd ${{ parameters.agentBuildDirectory }}/qdk-chemistry/python From 0c62f5256952417d92e8ae57a535ce749d8fad42 Mon Sep 17 00:00:00 2001 From: David Williams-Young Date: Fri, 22 May 2026 15:08:58 -0700 Subject: [PATCH 04/12] Bootstrap conda with public ensureconda on macOS / Linux aarch64 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Microsoft's CFS-compliant `ms-ensureconda` only publishes wheels for `manylinux_2_7_x86_64` and `win_amd64` — see https://pkgs.dev.azure.com/ms-azurequantum/AzureQuantum/_packaging/quantum-apps-dependencies/pypi/simple/ms-ensureconda/ On macOS (any arch) and Linux aarch64 `pip install ms-ensureconda` aborts with 'No matching distribution found', breaking the macOS native build and the armv8-a linux Docker build. Until ms-ensureconda gets broader wheel coverage, fall back to the upstream public `ensureconda` package (pure-Python py3-none-any, identical `python -m ensureconda --envfile` CLI). It still flows through the quantum-apps-dependencies feed via its public PyPI upstream, so the dependency remains CFS-compliant. Picked by uname so Linux x86_64 keeps using ms-ensureconda. Documented loudly in both scripts with a TODO. Also add `python3-venv` to the apt install list in both scripts so the bootstrap venv (used to dodge PEP 668 on Homebrew Python / Ubuntu 24.04 apt Python) can actually be created inside the Ubuntu 24.04 container. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .pipelines/pip-scripts/build-pip-wheels.sh | 63 +++++++++++++++------ .pipelines/pip-scripts/test-pip-wheels.sh | 65 ++++++++++++++++------ 2 files changed, 96 insertions(+), 32 deletions(-) diff --git a/.pipelines/pip-scripts/build-pip-wheels.sh b/.pipelines/pip-scripts/build-pip-wheels.sh index 20797e00d..0ee007f9a 100644 --- a/.pipelines/pip-scripts/build-pip-wheels.sh +++ b/.pipelines/pip-scripts/build-pip-wheels.sh @@ -54,6 +54,7 @@ if [ "$MAC_BUILD" == "OFF" ]; then # Build/install Linux dependencies python3-dev \ python3-pip \ python3-pybind11 \ + python3-venv \ tk-dev \ unzip \ wget \ @@ -97,7 +98,7 @@ elif [ "$MAC_BUILD" == "ON" ]; then python \ wget export CMAKE_PREFIX_PATH="/opt/homebrew" - # Make sure Homebrew's python3 is preferred when bootstrapping ms-ensureconda. + # Make sure Homebrew's python3 is preferred when bootstrapping conda. export PATH="/opt/homebrew/bin:$PATH" fi @@ -113,26 +114,56 @@ echo "HDF5 $HDF5_VERSION downloaded and extracted successfully" echo "Installing HDF5..." bash .pipelines/install-scripts/install-hdf5.sh /usr/local ${BUILD_TYPE} ${PWD} "${CFLAGS}" ${MAC_BUILD} -# Install Python ${PYTHON_VERSION} via Anaconda's conda package manager (bootstrapped by -# Microsoft's CFS-compliant ms-ensureconda tool) on both Linux (inside the build container) -# and macOS. Anaconda is the officially approved Python distribution for Microsoft CI builds -# (Azure Pipelines / OneBranch); see -# https://eng.ms/docs/more/languages-at-microsoft/python/articles/anaconda/install -# (section "Setting up Conda in CI builds"). +# ============================================================================= +# Bootstrap Anaconda's `conda` for Python ${PYTHON_VERSION}. +# ============================================================================= # -# Prereq: the AzureQuantum/quantum-apps-dependencies Azure Artifacts feed must have -# azure-feed://mseng/Anaconda@Published configured as an upstream so that the -# ms-ensureconda pip package resolves. PIP_INDEX_URL is set by PipAuthenticate@1 at job -# level; on Linux it's forwarded into the docker container via -e PIP_INDEX_URL. -echo "Installing ms-ensureconda and bootstrapping conda..." -# Use a throwaway venv so we don't fight PEP 668 (Homebrew Python on macOS is externally -# managed). Same flow works in the Linux container, where the apt-installed python3 is -# also externally managed on Ubuntu 24.04. +# Anaconda is the officially approved Python distribution for Microsoft CI +# builds (Azure Pipelines / OneBranch); see +# https://eng.ms/docs/more/languages-at-microsoft/python/articles/anaconda/install +# (section "Setting up Conda in CI builds"). The MS-vetted bootstrapper is +# `ms-ensureconda`. +# +# !!! HEADS UP: ms-ensureconda has incomplete platform coverage. !!! +# !!! As of writing it only ships `manylinux_2_7_x86_64` and `win_amd64` !!! +# !!! wheels — there are NO wheels for macOS (any arch) or Linux aarch64. !!! +# !!! See: !!! +# !!! https://pkgs.dev.azure.com/ms-azurequantum/AzureQuantum/_packaging/quantum-apps-dependencies/pypi/simple/ms-ensureconda/ +# !!! On those platforms `pip install ms-ensureconda` aborts with !!! +# !!! "No matching distribution found". !!! +# !!! !!! +# !!! Until ms-ensureconda publishes broader wheel coverage we fall back to !!! +# !!! the upstream public `ensureconda` package (pure-Python `py3-none-any`,!!! +# !!! identical `python -m ensureconda --envfile` CLI). It is fetched from !!! +# !!! the same Azure Artifacts feed via its public PyPI upstream so it !!! +# !!! still flows through CFS. !!! +# !!! !!! +# !!! TODO: revert to ms-ensureconda on every platform once arm64 / macOS !!! +# !!! wheels are published. File via python@microsoft.com if needed. !!! +# +# Prereq: the AzureQuantum/quantum-apps-dependencies feed must have +# azure-feed://mseng/Anaconda@Published configured as an upstream so that +# ms-ensureconda resolves on Linux x86_64. PIP_INDEX_URL is set by +# PipAuthenticate@1 at job level; on Linux it's forwarded into the docker +# container via -e PIP_INDEX_URL. +case "$(uname -s):$(uname -m)" in + Linux:x86_64) + ENSURECONDA_PKG="ms-ensureconda" + ;; + *) + # macOS (arm64) and Linux aarch64 — see HEADS UP block above. + ENSURECONDA_PKG="ensureconda" + ;; +esac + +echo "Installing ${ENSURECONDA_PKG} (on $(uname -s):$(uname -m)) and bootstrapping conda..." +# Use a throwaway venv so we don't fight PEP 668 (Homebrew Python on macOS +# and apt Python on Ubuntu 24.04 are both externally managed). python3 -m venv /tmp/bootstrap-venv # shellcheck disable=SC1091 . /tmp/bootstrap-venv/bin/activate python3 -m pip install --upgrade pip -python3 -m pip install ms-ensureconda +python3 -m pip install "${ENSURECONDA_PKG}" python3 -m ensureconda --envfile /tmp/ensureconda.env deactivate diff --git a/.pipelines/pip-scripts/test-pip-wheels.sh b/.pipelines/pip-scripts/test-pip-wheels.sh index 1418d36e3..33dce718c 100644 --- a/.pipelines/pip-scripts/test-pip-wheels.sh +++ b/.pipelines/pip-scripts/test-pip-wheels.sh @@ -46,6 +46,9 @@ if [ "$MAC_BUILD" == "OFF" ]; then libxml2-dev \ libxmlsec1-dev \ make \ + python3 \ + python3-pip \ + python3-venv \ tk-dev \ unzip \ wget \ @@ -61,30 +64,60 @@ elif [ "$MAC_BUILD" == "ON" ]; then python \ unzip \ wget - # Make sure Homebrew's python3 is preferred when bootstrapping ms-ensureconda. + # Make sure Homebrew's python3 is preferred when bootstrapping conda. export PATH="/opt/homebrew/bin:$PATH" fi -# Install Python ${PYTHON_VERSION} via Anaconda's conda package manager (bootstrapped by -# Microsoft's CFS-compliant ms-ensureconda tool) on both Linux (inside the test container) -# and macOS. Anaconda is the officially approved Python distribution for Microsoft CI builds -# (Azure Pipelines / OneBranch); see -# https://eng.ms/docs/more/languages-at-microsoft/python/articles/anaconda/install -# (section "Setting up Conda in CI builds"). +# ============================================================================= +# Bootstrap Anaconda's `conda` for Python ${PYTHON_VERSION}. +# ============================================================================= # -# Prereq: the AzureQuantum/quantum-apps-dependencies Azure Artifacts feed must have -# azure-feed://mseng/Anaconda@Published configured as an upstream so that the -# ms-ensureconda pip package resolves. PIP_INDEX_URL is set by PipAuthenticate@1 at job -# level; on Linux it's forwarded into the docker container via -e PIP_INDEX_URL. -echo "Installing ms-ensureconda and bootstrapping conda..." -# Use a throwaway venv so we don't fight PEP 668 (Homebrew Python on macOS is externally -# managed). Same flow works in the Linux container, where the apt-installed python3 is -# also externally managed on Ubuntu 24.04. +# Anaconda is the officially approved Python distribution for Microsoft CI +# builds (Azure Pipelines / OneBranch); see +# https://eng.ms/docs/more/languages-at-microsoft/python/articles/anaconda/install +# (section "Setting up Conda in CI builds"). The MS-vetted bootstrapper is +# `ms-ensureconda`. +# +# !!! HEADS UP: ms-ensureconda has incomplete platform coverage. !!! +# !!! As of writing it only ships `manylinux_2_7_x86_64` and `win_amd64` !!! +# !!! wheels — there are NO wheels for macOS (any arch) or Linux aarch64. !!! +# !!! See: !!! +# !!! https://pkgs.dev.azure.com/ms-azurequantum/AzureQuantum/_packaging/quantum-apps-dependencies/pypi/simple/ms-ensureconda/ +# !!! On those platforms `pip install ms-ensureconda` aborts with !!! +# !!! "No matching distribution found". !!! +# !!! !!! +# !!! Until ms-ensureconda publishes broader wheel coverage we fall back to !!! +# !!! the upstream public `ensureconda` package (pure-Python `py3-none-any`,!!! +# !!! identical `python -m ensureconda --envfile` CLI). It is fetched from !!! +# !!! the same Azure Artifacts feed via its public PyPI upstream so it !!! +# !!! still flows through CFS. !!! +# !!! !!! +# !!! TODO: revert to ms-ensureconda on every platform once arm64 / macOS !!! +# !!! wheels are published. File via python@microsoft.com if needed. !!! +# +# Prereq: the AzureQuantum/quantum-apps-dependencies feed must have +# azure-feed://mseng/Anaconda@Published configured as an upstream so that +# ms-ensureconda resolves on Linux x86_64. PIP_INDEX_URL is set by +# PipAuthenticate@1 at job level; on Linux it's forwarded into the docker +# container via -e PIP_INDEX_URL. +case "$(uname -s):$(uname -m)" in + Linux:x86_64) + ENSURECONDA_PKG="ms-ensureconda" + ;; + *) + # macOS (arm64) and Linux aarch64 — see HEADS UP block above. + ENSURECONDA_PKG="ensureconda" + ;; +esac + +echo "Installing ${ENSURECONDA_PKG} (on $(uname -s):$(uname -m)) and bootstrapping conda..." +# Use a throwaway venv so we don't fight PEP 668 (Homebrew Python on macOS +# and apt Python on Ubuntu 24.04 are both externally managed). python3 -m venv /tmp/bootstrap-venv # shellcheck disable=SC1091 . /tmp/bootstrap-venv/bin/activate python3 -m pip install --upgrade pip -python3 -m pip install ms-ensureconda +python3 -m pip install "${ENSURECONDA_PKG}" python3 -m ensureconda --envfile /tmp/ensureconda.env deactivate From 63b2efd123e18f617caaa70d2a12f6284f5017b6 Mon Sep 17 00:00:00 2001 From: David Williams-Young Date: Fri, 22 May 2026 15:18:22 -0700 Subject: [PATCH 05/12] Fix ensureconda bootstrap (public has no --envfile) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The public `ensureconda` package does not support `--envfile` — that flag is an `ms-ensureconda` extension. Public ensureconda instead just prints the discovered/installed conda binary path on stdout. Split the conda hook wiring by which package was installed: - ms-ensureconda → still uses --envfile + CONDA_BASH_HOOK - ensureconda → captures CONDA_EXE = $(python -m ensureconda) then evals "$($CONDA_EXE shell.bash hook)" Without this the macOS arm64 build aborts immediately after pip-installing ensureconda with 'Error: No such option "--envfile"' (Bash exit code 2). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .pipelines/pip-scripts/build-pip-wheels.sh | 23 +++++++++++++++++----- .pipelines/pip-scripts/test-pip-wheels.sh | 23 +++++++++++++++++----- 2 files changed, 36 insertions(+), 10 deletions(-) diff --git a/.pipelines/pip-scripts/build-pip-wheels.sh b/.pipelines/pip-scripts/build-pip-wheels.sh index 0ee007f9a..f942bd2e3 100644 --- a/.pipelines/pip-scripts/build-pip-wheels.sh +++ b/.pipelines/pip-scripts/build-pip-wheels.sh @@ -164,12 +164,25 @@ python3 -m venv /tmp/bootstrap-venv . /tmp/bootstrap-venv/bin/activate python3 -m pip install --upgrade pip python3 -m pip install "${ENSURECONDA_PKG}" -python3 -m ensureconda --envfile /tmp/ensureconda.env -deactivate -set -a; . /tmp/ensureconda.env; set +a -# shellcheck disable=SC1090 -. "$CONDA_BASH_HOOK" +if [ "$ENSURECONDA_PKG" = "ms-ensureconda" ]; then + # ms-ensureconda's --envfile flag dumps CONDA_BASH_HOOK + friends to a + # dotenv file we then source to wire up conda for this shell. + python3 -m ensureconda --envfile /tmp/ensureconda.env + deactivate + set -a; . /tmp/ensureconda.env; set +a + # shellcheck disable=SC1090 + . "$CONDA_BASH_HOOK" +else + # Public ensureconda has no --envfile (it's an ms-ensureconda extension); + # it just prints the discovered / installed conda binary path on stdout. + # We wire up the bash hook ourselves. + CONDA_EXE=$(python3 -m ensureconda) + deactivate + export CONDA_EXE + # shellcheck disable=SC1090 + eval "$("$CONDA_EXE" shell.bash hook)" +fi echo "Creating conda environment with Python ${PYTHON_VERSION}..." conda create --yes --quiet --name buildenv "python=${PYTHON_VERSION}" diff --git a/.pipelines/pip-scripts/test-pip-wheels.sh b/.pipelines/pip-scripts/test-pip-wheels.sh index 33dce718c..8391a8e18 100644 --- a/.pipelines/pip-scripts/test-pip-wheels.sh +++ b/.pipelines/pip-scripts/test-pip-wheels.sh @@ -118,12 +118,25 @@ python3 -m venv /tmp/bootstrap-venv . /tmp/bootstrap-venv/bin/activate python3 -m pip install --upgrade pip python3 -m pip install "${ENSURECONDA_PKG}" -python3 -m ensureconda --envfile /tmp/ensureconda.env -deactivate -set -a; . /tmp/ensureconda.env; set +a -# shellcheck disable=SC1090 -. "$CONDA_BASH_HOOK" +if [ "$ENSURECONDA_PKG" = "ms-ensureconda" ]; then + # ms-ensureconda's --envfile flag dumps CONDA_BASH_HOOK + friends to a + # dotenv file we then source to wire up conda for this shell. + python3 -m ensureconda --envfile /tmp/ensureconda.env + deactivate + set -a; . /tmp/ensureconda.env; set +a + # shellcheck disable=SC1090 + . "$CONDA_BASH_HOOK" +else + # Public ensureconda has no --envfile (it's an ms-ensureconda extension); + # it just prints the discovered / installed conda binary path on stdout. + # We wire up the bash hook ourselves. + CONDA_EXE=$(python3 -m ensureconda) + deactivate + export CONDA_EXE + # shellcheck disable=SC1090 + eval "$("$CONDA_EXE" shell.bash hook)" +fi echo "Creating fresh conda environment for wheel test with Python ${PYTHON_VERSION}..." conda create --yes --quiet --name testenv "python=${PYTHON_VERSION}" From 18d3b05fc336373b238b215f079b980100bb2f2a Mon Sep 17 00:00:00 2001 From: David Williams-Young Date: Fri, 22 May 2026 15:29:04 -0700 Subject: [PATCH 06/12] Force ensureconda to install conda-standalone, not micromamba Public ensureconda's default is to install whatever is easiest; on the macOS arm64 agent it picked micromamba, whose CLI differs from conda: `micromamba shell hook --shell bash` vs. `conda shell.bash hook`. The script tried the conda syntax, micromamba bailed with 'The following arguments were not expected', the hook eval was empty, and the next `conda create` died with 'conda: command not found' (exit 127). Pass `--no-mamba --no-micromamba --conda --conda-exe` so ensureconda discovers or installs conda-standalone (the same conda CLI ms-ensureconda provisions), keeping a single shell-hook syntax across both bootstrappers. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .pipelines/pip-scripts/build-pip-wheels.sh | 6 ++++-- .pipelines/pip-scripts/test-pip-wheels.sh | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.pipelines/pip-scripts/build-pip-wheels.sh b/.pipelines/pip-scripts/build-pip-wheels.sh index f942bd2e3..ef1890b75 100644 --- a/.pipelines/pip-scripts/build-pip-wheels.sh +++ b/.pipelines/pip-scripts/build-pip-wheels.sh @@ -176,8 +176,10 @@ if [ "$ENSURECONDA_PKG" = "ms-ensureconda" ]; then else # Public ensureconda has no --envfile (it's an ms-ensureconda extension); # it just prints the discovered / installed conda binary path on stdout. - # We wire up the bash hook ourselves. - CONDA_EXE=$(python3 -m ensureconda) + # Force it to install conda-standalone (default would be micromamba, which + # uses a different CLI: `micromamba shell hook --shell bash` instead of + # `conda shell.bash hook`, plus mamba-specific `create`/`activate`). + CONDA_EXE=$(python3 -m ensureconda --no-mamba --no-micromamba --conda --conda-exe) deactivate export CONDA_EXE # shellcheck disable=SC1090 diff --git a/.pipelines/pip-scripts/test-pip-wheels.sh b/.pipelines/pip-scripts/test-pip-wheels.sh index 8391a8e18..be45f90bc 100644 --- a/.pipelines/pip-scripts/test-pip-wheels.sh +++ b/.pipelines/pip-scripts/test-pip-wheels.sh @@ -130,8 +130,10 @@ if [ "$ENSURECONDA_PKG" = "ms-ensureconda" ]; then else # Public ensureconda has no --envfile (it's an ms-ensureconda extension); # it just prints the discovered / installed conda binary path on stdout. - # We wire up the bash hook ourselves. - CONDA_EXE=$(python3 -m ensureconda) + # Force it to install conda-standalone (default would be micromamba, which + # uses a different CLI: `micromamba shell hook --shell bash` instead of + # `conda shell.bash hook`, plus mamba-specific `create`/`activate`). + CONDA_EXE=$(python3 -m ensureconda --no-mamba --no-micromamba --conda --conda-exe) deactivate export CONDA_EXE # shellcheck disable=SC1090 From a082c5e5e898303a4470a3fbd64b8eb383cbc908 Mon Sep 17 00:00:00 2001 From: David Williams-Young Date: Fri, 22 May 2026 15:46:46 -0700 Subject: [PATCH 07/12] Install pip in fresh conda envs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit conda-standalone (what ensureconda installs) does not include pip in fresh envs by default — only conda-forge's python package. This caused 'No module named pip' on macOS arm64 in build 159570 right after conda activate buildenv. Add 'pip' to the conda create command in both build and test scripts. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .pipelines/pip-scripts/build-pip-wheels.sh | 4 +++- .pipelines/pip-scripts/test-pip-wheels.sh | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.pipelines/pip-scripts/build-pip-wheels.sh b/.pipelines/pip-scripts/build-pip-wheels.sh index ef1890b75..8d6fd275c 100644 --- a/.pipelines/pip-scripts/build-pip-wheels.sh +++ b/.pipelines/pip-scripts/build-pip-wheels.sh @@ -187,7 +187,9 @@ else fi echo "Creating conda environment with Python ${PYTHON_VERSION}..." -conda create --yes --quiet --name buildenv "python=${PYTHON_VERSION}" +# Explicitly include `pip` — fresh conda envs created with conda-standalone do +# not include pip by default, which would break `python3 -m pip ...` below. +conda create --yes --quiet --name buildenv "python=${PYTHON_VERSION}" pip conda activate buildenv python3 --version diff --git a/.pipelines/pip-scripts/test-pip-wheels.sh b/.pipelines/pip-scripts/test-pip-wheels.sh index be45f90bc..43a836c21 100644 --- a/.pipelines/pip-scripts/test-pip-wheels.sh +++ b/.pipelines/pip-scripts/test-pip-wheels.sh @@ -141,7 +141,9 @@ else fi echo "Creating fresh conda environment for wheel test with Python ${PYTHON_VERSION}..." -conda create --yes --quiet --name testenv "python=${PYTHON_VERSION}" +# Explicitly include `pip` — fresh conda envs created with conda-standalone do +# not include pip by default, which would break `python3 -m pip ...` below. +conda create --yes --quiet --name testenv "python=${PYTHON_VERSION}" pip conda activate testenv python3 --version From 13504e360dc24e2adaf163db1bd6bd6ffe7df7e1 Mon Sep 17 00:00:00 2001 From: David Williams-Young Date: Fri, 22 May 2026 16:14:13 -0700 Subject: [PATCH 08/12] Make BLIS/libflame install scripts idempotent MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Self-hosted ADO agents preserve workspace state across builds and across retries within a single build. install-blis.sh and install-libflame.sh both do 'mv - ', which fails on retries because the destination dir already exists from a previous attempt — observed in build 159580 Linux x86 as 'mv: cannot overwrite blis/blis-2.0: Directory not empty'. Pre-clean the source directories before download so each attempt starts from a clean slate. (install-hdf5.sh already has an idempotency guard via the install-prefix existence check.) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .pipelines/install-scripts/install-blis.sh | 3 +++ .pipelines/install-scripts/install-libflame.sh | 3 +++ 2 files changed, 6 insertions(+) diff --git a/.pipelines/install-scripts/install-blis.sh b/.pipelines/install-scripts/install-blis.sh index 83d6e34c3..e9a4d1c42 100644 --- a/.pipelines/install-scripts/install-blis.sh +++ b/.pipelines/install-scripts/install-blis.sh @@ -8,6 +8,9 @@ CFLAGS=${4:-"-fPIC -O3"} # Download BLIS v2.0 echo "Downloading BLIS ${BLIS_VERSION}..." +# Clean up any leftover state from a previous (possibly failed) attempt on +# this self-hosted agent — the workspace persists across builds and retries. +rm -rf blis blis-${BLIS_VERSION} blis.zip export BLIS_CHECKSUM=40134f6570d5539609c6328252ad1530c010931bb96f4e249e08279fd978da7a wget -q https://github.com/flame/blis/archive/refs/tags/${BLIS_VERSION}.zip -O blis.zip echo "${BLIS_CHECKSUM} blis.zip" | shasum -a 256 -c || exit 1 diff --git a/.pipelines/install-scripts/install-libflame.sh b/.pipelines/install-scripts/install-libflame.sh index 7c5d27324..4792b3f5e 100644 --- a/.pipelines/install-scripts/install-libflame.sh +++ b/.pipelines/install-scripts/install-libflame.sh @@ -19,6 +19,9 @@ fi # Download libflame echo "Downloading libflame ${LIBFLAME_VERSION}..." +# Clean up any leftover state from a previous (possibly failed) attempt on +# this self-hosted agent — the workspace persists across builds and retries. +rm -rf libflame libflame-${LIBFLAME_VERSION} libflame.zip export LIBFLAME_CHECKSUM=e120f559758c21392448f45301918f45760f5ab59d246e4d144079c664d5b64b wget -q https://github.com/flame/libflame/archive/refs/tags/${LIBFLAME_VERSION}.zip -O libflame.zip echo "${LIBFLAME_CHECKSUM} libflame.zip" | shasum -a 256 -c || exit 1 From 777d4960c16f4e970419186b7141e8320b8c8775 Mon Sep 17 00:00:00 2001 From: David Williams-Young Date: Fri, 22 May 2026 16:33:57 -0700 Subject: [PATCH 09/12] Clean leftover HDF5 source before extract Build 159587 made it past BLIS/libflame (now idempotent) but failed on the HDF5 extract step with the same leftover-workspace symptom: 'mv: cannot overwrite hdf5/hdf5-1.13.0: Directory not empty'. The HDF5 download/extract logic is inline in build-pip-wheels.sh (not in install-hdf5.sh), so apply the same rm -rf pre-clean here too. (install-hdf5.sh still short-circuits when ${INSTALL_PREFIX}/hdf5 already exists, so we still avoid re-installing when the build artifact is cached.) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .pipelines/pip-scripts/build-pip-wheels.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.pipelines/pip-scripts/build-pip-wheels.sh b/.pipelines/pip-scripts/build-pip-wheels.sh index 8d6fd275c..b7976647f 100644 --- a/.pipelines/pip-scripts/build-pip-wheels.sh +++ b/.pipelines/pip-scripts/build-pip-wheels.sh @@ -103,6 +103,9 @@ elif [ "$MAC_BUILD" == "ON" ]; then fi echo "Downloading HDF5 $HDF5_VERSION..." +# Clean up any leftover state from a previous (possibly failed) attempt on +# this self-hosted agent — the workspace persists across builds and retries. +rm -rf hdf5 hdf5-${HDF5_VERSION} hdf5-${HDF5_VERSION}.tar.bz2 export HDF5_CHECKSUM=1826e198df8dac679f0d3dc703aba02af4c614fd6b7ec936cf4a55e6aa0646ec wget -q -nc --no-check-certificate https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.13/hdf5-${HDF5_VERSION}/src/hdf5-${HDF5_VERSION}.tar.bz2 echo "${HDF5_CHECKSUM} hdf5-${HDF5_VERSION}.tar.bz2" | shasum -a 256 -c || exit 1 From 385396d7690c98d6cd952a0dc6006bd00f8e75c3 Mon Sep 17 00:00:00 2001 From: David Williams-Young Date: Fri, 22 May 2026 17:07:23 -0700 Subject: [PATCH 10/12] Route conda through Azure Artifacts feed under CFSClean Build 159595 confirmed macOS native is working end-to-end, but the Linux x86 leg failed with: CondaHTTPError: HTTP 000 CONNECTION FAILED for url Root cause: 1ES Network Isolation (CFSClean) blocks public conda channels on Linux, including conda.anaconda.org and repo.anaconda.com. ms-ensureconda installs conda-standalone correctly, but the default channel configuration points at public anaconda.org endpoints. Fix: on the ms-ensureconda (Linux x86_64) path, create the conda env with --override-channels and a single explicit channel pointing at the project's Azure Artifacts Conda feed: https://pkgs.dev.azure.com/ms-azurequantum/AzureQuantum/_packaging/quantum-apps-dependencies/Conda/repo/ The feed already has azure-feed://mseng/Anaconda@Published configured as a Conda upstream (added previously when migrating to ms-ensureconda), so python and pip resolve through CFS. Authentication: the feed requires an Authorization header. We inline the pipeline's System.AccessToken into the URL as the basic-auth password (`https://token:@...`). ADO automatically masks $(System.AccessToken) in log output, so set -x trace is safe. Plumbing: - build-pip-wheels.yml / test-pip-wheels.yml: forward SYSTEM_ACCESSTOKEN into the docker container via -e SYSTEM_ACCESSTOKEN, and expose it to the script step via env: SYSTEM_ACCESSTOKEN: $(System.AccessToken). - build-pip-wheels.sh / test-pip-wheels.sh: on the ms-ensureconda path, assert SYSTEM_ACCESSTOKEN is set, build the token-bearing URL, and pass it to `conda create --override-channels --channel ...`. The public-ensureconda path (macOS, Linux aarch64) is unchanged. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .pipelines/pip-scripts/build-pip-wheels.sh | 19 ++++++++++++++++++- .pipelines/pip-scripts/test-pip-wheels.sh | 19 ++++++++++++++++++- .pipelines/templates/build-pip-wheels.yml | 3 +++ .pipelines/templates/test-pip-wheels.yml | 3 +++ 4 files changed, 42 insertions(+), 2 deletions(-) diff --git a/.pipelines/pip-scripts/build-pip-wheels.sh b/.pipelines/pip-scripts/build-pip-wheels.sh index b7976647f..33a975585 100644 --- a/.pipelines/pip-scripts/build-pip-wheels.sh +++ b/.pipelines/pip-scripts/build-pip-wheels.sh @@ -192,7 +192,24 @@ fi echo "Creating conda environment with Python ${PYTHON_VERSION}..." # Explicitly include `pip` — fresh conda envs created with conda-standalone do # not include pip by default, which would break `python3 -m pip ...` below. -conda create --yes --quiet --name buildenv "python=${PYTHON_VERSION}" pip +# +# On Linux x86_64 (ms-ensureconda path) we are running under 1ES network +# isolation (CFSClean): public conda channels (conda.anaconda.org, +# repo.anaconda.com) are blocked. Force conda to install everything from the +# Azure Artifacts feed's Conda channel (proxied through the +# azure-feed://mseng/Anaconda@Published upstream). The feed requires +# authentication — we inline the pipeline's System.AccessToken as the +# password component of the URL (ADO masks $(System.AccessToken) in logs). +if [ "$ENSURECONDA_PKG" = "ms-ensureconda" ]; then + : "${SYSTEM_ACCESSTOKEN:?SYSTEM_ACCESSTOKEN must be set when bootstrapping conda from the Azure Artifacts feed}" + { set +x; } 2>/dev/null + CONDA_CHANNEL_URL="https://token:${SYSTEM_ACCESSTOKEN}@pkgs.dev.azure.com/ms-azurequantum/AzureQuantum/_packaging/quantum-apps-dependencies/Conda/repo/" + set -x + conda create --override-channels --channel "${CONDA_CHANNEL_URL}" \ + --yes --quiet --name buildenv "python=${PYTHON_VERSION}" pip +else + conda create --yes --quiet --name buildenv "python=${PYTHON_VERSION}" pip +fi conda activate buildenv python3 --version diff --git a/.pipelines/pip-scripts/test-pip-wheels.sh b/.pipelines/pip-scripts/test-pip-wheels.sh index 43a836c21..a070ad3ac 100644 --- a/.pipelines/pip-scripts/test-pip-wheels.sh +++ b/.pipelines/pip-scripts/test-pip-wheels.sh @@ -143,7 +143,24 @@ fi echo "Creating fresh conda environment for wheel test with Python ${PYTHON_VERSION}..." # Explicitly include `pip` — fresh conda envs created with conda-standalone do # not include pip by default, which would break `python3 -m pip ...` below. -conda create --yes --quiet --name testenv "python=${PYTHON_VERSION}" pip +# +# On Linux x86_64 (ms-ensureconda path) we are running under 1ES network +# isolation (CFSClean): public conda channels (conda.anaconda.org, +# repo.anaconda.com) are blocked. Force conda to install everything from the +# Azure Artifacts feed's Conda channel (proxied through the +# azure-feed://mseng/Anaconda@Published upstream). The feed requires +# authentication — we inline the pipeline's System.AccessToken as the +# password component of the URL (ADO masks $(System.AccessToken) in logs). +if [ "$ENSURECONDA_PKG" = "ms-ensureconda" ]; then + : "${SYSTEM_ACCESSTOKEN:?SYSTEM_ACCESSTOKEN must be set when bootstrapping conda from the Azure Artifacts feed}" + { set +x; } 2>/dev/null + CONDA_CHANNEL_URL="https://token:${SYSTEM_ACCESSTOKEN}@pkgs.dev.azure.com/ms-azurequantum/AzureQuantum/_packaging/quantum-apps-dependencies/Conda/repo/" + set -x + conda create --override-channels --channel "${CONDA_CHANNEL_URL}" \ + --yes --quiet --name testenv "python=${PYTHON_VERSION}" pip +else + conda create --yes --quiet --name testenv "python=${PYTHON_VERSION}" pip +fi conda activate testenv python3 --version diff --git a/.pipelines/templates/build-pip-wheels.yml b/.pipelines/templates/build-pip-wheels.yml index d0fafd1e7..7b8de2355 100644 --- a/.pipelines/templates/build-pip-wheels.yml +++ b/.pipelines/templates/build-pip-wheels.yml @@ -92,6 +92,7 @@ steps: --platform ${{ parameters.imageTag }} \ -v ${{ parameters.agentBuildDirectory }}:/workspace:rshared \ -e PIP_INDEX_URL \ + -e SYSTEM_ACCESSTOKEN \ -e QDK_UARCH=${{ parameters.march }} \ -w /workspace/qdk-chemistry \ ${{ parameters.dockerImage }} \ @@ -107,6 +108,8 @@ steps: ${{ parameters.macBuild }} displayName: Build wheel (Linux) retryCountOnTaskFailure: 2 + env: + SYSTEM_ACCESSTOKEN: $(System.AccessToken) - ${{ if eq(parameters.macBuild, 'ON') }}: - script: | diff --git a/.pipelines/templates/test-pip-wheels.yml b/.pipelines/templates/test-pip-wheels.yml index e2d785bfa..236dab2c1 100644 --- a/.pipelines/templates/test-pip-wheels.yml +++ b/.pipelines/templates/test-pip-wheels.yml @@ -22,6 +22,7 @@ steps: docker run --rm \ --platform ${{ parameters.imageTag }} \ -e PIP_INDEX_URL \ + -e SYSTEM_ACCESSTOKEN \ -e QSHARP_PYTHON_TELEMETRY=false \ -v ${{ parameters.agentBuildDirectory }}:/workspace \ -w /workspace/qdk-chemistry/python \ @@ -29,6 +30,8 @@ steps: bash ../.pipelines/pip-scripts/test-pip-wheels.sh ${{ parameters.pythonVersion }} \ ${{ parameters.macBuild }} displayName: Test wheel (Docker) + env: + SYSTEM_ACCESSTOKEN: $(System.AccessToken) - ${{ if eq(parameters.macBuild, 'ON') }}: - script: | From 5f578ee62d6231534834b0bbdfe7fe3a59162ba8 Mon Sep 17 00:00:00 2001 From: David Williams-Young Date: Fri, 22 May 2026 17:38:50 -0700 Subject: [PATCH 11/12] Use azure_artifacts_conda_auth plugin instead of inline token URL MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Build 159614 failed in conda create with: azure_artifacts_conda_auth.py, line 11, in __call__ print("Not authorizing", url, "because %ARTIFACTS_CONDA_TOKEN% was missing") UnboundLocalError: cannot access local variable 'url' where it is not associated with a value Root cause: the conda install shipped by ms-ensureconda already has a pre-registered `azure_artifacts_conda_auth` plugin that intercepts every Azure Artifacts HTTPS request and injects auth by reading the $ARTIFACTS_CONDA_TOKEN environment variable. The plugin is wired in via the bundled `condarc.d/anaconda-auth.yml`. It runs unconditionally on prepare_request — even when we pass basic-auth creds inline in the URL — and it crashes with the UnboundLocalError above when ARTIFACTS_CONDA_TOKEN isn't set (a bug in the plugin's missing-token print path). Fix: don't inline the token in the URL at all. Just export ARTIFACTS_CONDA_TOKEN=$SYSTEM_ACCESSTOKEN and let the plugin do its job. The channel URL becomes plain `https://pkgs.dev.azure.com/.../Conda/repo/`. Cleaner anyway: - No token in the conda command line / process args / env's conda-meta history. - No reliance on ADO's automatic $(System.AccessToken) log masking to scrub set -x traces. - Uses the auth path the ms-ensureconda team designed. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .pipelines/pip-scripts/build-pip-wheels.sh | 15 +++++++++++---- .pipelines/pip-scripts/test-pip-wheels.sh | 15 +++++++++++---- 2 files changed, 22 insertions(+), 8 deletions(-) diff --git a/.pipelines/pip-scripts/build-pip-wheels.sh b/.pipelines/pip-scripts/build-pip-wheels.sh index 33a975585..7d2834718 100644 --- a/.pipelines/pip-scripts/build-pip-wheels.sh +++ b/.pipelines/pip-scripts/build-pip-wheels.sh @@ -197,14 +197,21 @@ echo "Creating conda environment with Python ${PYTHON_VERSION}..." # isolation (CFSClean): public conda channels (conda.anaconda.org, # repo.anaconda.com) are blocked. Force conda to install everything from the # Azure Artifacts feed's Conda channel (proxied through the -# azure-feed://mseng/Anaconda@Published upstream). The feed requires -# authentication — we inline the pipeline's System.AccessToken as the -# password component of the URL (ADO masks $(System.AccessToken) in logs). +# azure-feed://mseng/Anaconda@Published upstream). +# +# Auth: the conda install shipped by ms-ensureconda has a pre-registered +# azure_artifacts_conda_auth plugin that injects auth on every Azure +# Artifacts HTTPS request by reading $ARTIFACTS_CONDA_TOKEN. We just need to +# set that env var (to the pipeline's System.AccessToken). The plugin then +# handles auth; the channel URL itself must NOT inline the token (the plugin +# crashes with UnboundLocalError if the var is missing, even when basic-auth +# creds are present in the URL). if [ "$ENSURECONDA_PKG" = "ms-ensureconda" ]; then : "${SYSTEM_ACCESSTOKEN:?SYSTEM_ACCESSTOKEN must be set when bootstrapping conda from the Azure Artifacts feed}" { set +x; } 2>/dev/null - CONDA_CHANNEL_URL="https://token:${SYSTEM_ACCESSTOKEN}@pkgs.dev.azure.com/ms-azurequantum/AzureQuantum/_packaging/quantum-apps-dependencies/Conda/repo/" + export ARTIFACTS_CONDA_TOKEN="${SYSTEM_ACCESSTOKEN}" set -x + CONDA_CHANNEL_URL="https://pkgs.dev.azure.com/ms-azurequantum/AzureQuantum/_packaging/quantum-apps-dependencies/Conda/repo/" conda create --override-channels --channel "${CONDA_CHANNEL_URL}" \ --yes --quiet --name buildenv "python=${PYTHON_VERSION}" pip else diff --git a/.pipelines/pip-scripts/test-pip-wheels.sh b/.pipelines/pip-scripts/test-pip-wheels.sh index a070ad3ac..9bd0e6b27 100644 --- a/.pipelines/pip-scripts/test-pip-wheels.sh +++ b/.pipelines/pip-scripts/test-pip-wheels.sh @@ -148,14 +148,21 @@ echo "Creating fresh conda environment for wheel test with Python ${PYTHON_VERSI # isolation (CFSClean): public conda channels (conda.anaconda.org, # repo.anaconda.com) are blocked. Force conda to install everything from the # Azure Artifacts feed's Conda channel (proxied through the -# azure-feed://mseng/Anaconda@Published upstream). The feed requires -# authentication — we inline the pipeline's System.AccessToken as the -# password component of the URL (ADO masks $(System.AccessToken) in logs). +# azure-feed://mseng/Anaconda@Published upstream). +# +# Auth: the conda install shipped by ms-ensureconda has a pre-registered +# azure_artifacts_conda_auth plugin that injects auth on every Azure +# Artifacts HTTPS request by reading $ARTIFACTS_CONDA_TOKEN. We just need to +# set that env var (to the pipeline's System.AccessToken). The plugin then +# handles auth; the channel URL itself must NOT inline the token (the plugin +# crashes with UnboundLocalError if the var is missing, even when basic-auth +# creds are present in the URL). if [ "$ENSURECONDA_PKG" = "ms-ensureconda" ]; then : "${SYSTEM_ACCESSTOKEN:?SYSTEM_ACCESSTOKEN must be set when bootstrapping conda from the Azure Artifacts feed}" { set +x; } 2>/dev/null - CONDA_CHANNEL_URL="https://token:${SYSTEM_ACCESSTOKEN}@pkgs.dev.azure.com/ms-azurequantum/AzureQuantum/_packaging/quantum-apps-dependencies/Conda/repo/" + export ARTIFACTS_CONDA_TOKEN="${SYSTEM_ACCESSTOKEN}" set -x + CONDA_CHANNEL_URL="https://pkgs.dev.azure.com/ms-azurequantum/AzureQuantum/_packaging/quantum-apps-dependencies/Conda/repo/" conda create --override-channels --channel "${CONDA_CHANNEL_URL}" \ --yes --quiet --name testenv "python=${PYTHON_VERSION}" pip else From 4212fd7d4a30b07805c4b06edd5695c63f7715ef Mon Sep 17 00:00:00 2001 From: davidwillia Date: Fri, 22 May 2026 18:00:30 -0700 Subject: [PATCH 12/12] Use named channel subpaths on Azure Artifacts Conda feed MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The feed root `/Conda/repo/` itself is not a channel — it returns 404 for `/noarch/repodata.json`. The feed exposes its upstreams as named subpaths (`main`, `r`, `free`, `conda-forge`, `bioconda`, `msys2`, `microsoft`, `pkgs`, `anaconda`, `Anaconda`, `repo`) — verified by direct HTTPS probe. Use `main` (the Anaconda defaults channel that hosts python+pip) and `conda-forge` as a fallback in `conda create --override-channels` instead of the bare feed root URL. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .pipelines/pip-scripts/build-pip-wheels.sh | 12 ++++++++++-- .pipelines/pip-scripts/test-pip-wheels.sh | 12 ++++++++++-- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/.pipelines/pip-scripts/build-pip-wheels.sh b/.pipelines/pip-scripts/build-pip-wheels.sh index 7d2834718..e48e137ce 100644 --- a/.pipelines/pip-scripts/build-pip-wheels.sh +++ b/.pipelines/pip-scripts/build-pip-wheels.sh @@ -199,6 +199,12 @@ echo "Creating conda environment with Python ${PYTHON_VERSION}..." # Azure Artifacts feed's Conda channel (proxied through the # azure-feed://mseng/Anaconda@Published upstream). # +# The feed exposes its upstream conda channels as named subpaths under +# /Conda/repo// (the feed root /Conda/repo/ itself returns 404 — it +# is not a channel). We use `main` (the Anaconda defaults channel that hosts +# python+pip) and `conda-forge` as a fallback for any package that defaults +# wouldn't carry. +# # Auth: the conda install shipped by ms-ensureconda has a pre-registered # azure_artifacts_conda_auth plugin that injects auth on every Azure # Artifacts HTTPS request by reading $ARTIFACTS_CONDA_TOKEN. We just need to @@ -211,8 +217,10 @@ if [ "$ENSURECONDA_PKG" = "ms-ensureconda" ]; then { set +x; } 2>/dev/null export ARTIFACTS_CONDA_TOKEN="${SYSTEM_ACCESSTOKEN}" set -x - CONDA_CHANNEL_URL="https://pkgs.dev.azure.com/ms-azurequantum/AzureQuantum/_packaging/quantum-apps-dependencies/Conda/repo/" - conda create --override-channels --channel "${CONDA_CHANNEL_URL}" \ + CONDA_FEED_ROOT="https://pkgs.dev.azure.com/ms-azurequantum/AzureQuantum/_packaging/quantum-apps-dependencies/Conda/repo" + conda create --override-channels \ + --channel "${CONDA_FEED_ROOT}/main" \ + --channel "${CONDA_FEED_ROOT}/conda-forge" \ --yes --quiet --name buildenv "python=${PYTHON_VERSION}" pip else conda create --yes --quiet --name buildenv "python=${PYTHON_VERSION}" pip diff --git a/.pipelines/pip-scripts/test-pip-wheels.sh b/.pipelines/pip-scripts/test-pip-wheels.sh index 9bd0e6b27..a3a51009d 100644 --- a/.pipelines/pip-scripts/test-pip-wheels.sh +++ b/.pipelines/pip-scripts/test-pip-wheels.sh @@ -150,6 +150,12 @@ echo "Creating fresh conda environment for wheel test with Python ${PYTHON_VERSI # Azure Artifacts feed's Conda channel (proxied through the # azure-feed://mseng/Anaconda@Published upstream). # +# The feed exposes its upstream conda channels as named subpaths under +# /Conda/repo// (the feed root /Conda/repo/ itself returns 404 — it +# is not a channel). We use `main` (the Anaconda defaults channel that hosts +# python+pip) and `conda-forge` as a fallback for any package that defaults +# wouldn't carry. +# # Auth: the conda install shipped by ms-ensureconda has a pre-registered # azure_artifacts_conda_auth plugin that injects auth on every Azure # Artifacts HTTPS request by reading $ARTIFACTS_CONDA_TOKEN. We just need to @@ -162,8 +168,10 @@ if [ "$ENSURECONDA_PKG" = "ms-ensureconda" ]; then { set +x; } 2>/dev/null export ARTIFACTS_CONDA_TOKEN="${SYSTEM_ACCESSTOKEN}" set -x - CONDA_CHANNEL_URL="https://pkgs.dev.azure.com/ms-azurequantum/AzureQuantum/_packaging/quantum-apps-dependencies/Conda/repo/" - conda create --override-channels --channel "${CONDA_CHANNEL_URL}" \ + CONDA_FEED_ROOT="https://pkgs.dev.azure.com/ms-azurequantum/AzureQuantum/_packaging/quantum-apps-dependencies/Conda/repo" + conda create --override-channels \ + --channel "${CONDA_FEED_ROOT}/main" \ + --channel "${CONDA_FEED_ROOT}/conda-forge" \ --yes --quiet --name testenv "python=${PYTHON_VERSION}" pip else conda create --yes --quiet --name testenv "python=${PYTHON_VERSION}" pip