Sync eng/common directory with azure-sdk-tools for PR 2596 (#3267)

- Fix bug in Add-ReleaseLease helper script - Enable better local logging for handling token - Enable strict mode to help catch issues like this in the future
2022-01-21 15:19:23 -08:00 · 2022-01-21 15:19:23 -08:00 · 118e598e3e
commit 118e598e3e
parent 88f234d976
3 changed files with 20 additions and 16 deletions
--- a/eng/common/pipelines/templates/steps/retain-run.yml
+++ b/eng/common/pipelines/templates/steps/retain-run.yml
@ -1,6 +1,6 @@
 parameters:
  - name: DaysValid
-    default: 365
+    default: 731
    type: number

 steps:
@ -16,7 +16,6 @@ steps:
        -Project $(System.TeamProject)
        -DefinitionId $(System.DefinitionId)
        -RunId $(Build.BuildId)
-        -OwnerId Pipeline
-        -DaysValid ${{parameters.DaysValid}}
+        -DaysValid ${{ parameters.DaysValid }}
        -AccessToken $env:SYSTEM_ACCESSTOKEN
        -Debug
--- a/eng/common/scripts/Add-RetentionLease.ps1
+++ b/eng/common/scripts/Add-RetentionLease.ps1
@ -12,28 +12,33 @@ param(
  [Parameter(Mandatory = $true)]
  [int]$RunId,

-  [Parameter(Mandatory = $true)]
-  [string]$OwnerId,
-
  [Parameter(Mandatory = $true)]
  [int]$DaysValid,

-  [Parameter(Mandatory = $true)]
-  [string]$AccessToken
+  [Parameter(Mandatory = $false)]
+  [string]$OwnerId = "azure-sdk-pipeline-automation",
+
+  [Parameter(Mandatory = $false)]
+  [string]$AccessToken = $env:DEVOPS_PAT
 )

+Set-StrictMode -Version 3
+
+. (Join-Path $PSScriptRoot common.ps1)
+
 $unencodedAuthToken = "nobody:$AccessToken"
 $unencodedAuthTokenBytes = [System.Text.Encoding]::UTF8.GetBytes($unencodedAuthToken)
 $encodedAuthToken = [System.Convert]::ToBase64String($unencodedAuthTokenBytes)

-# We are doing this here so that there is zero chance that this token is emitted in Azure Pipelines
-# build logs. Azure Pipelines will see this text and register the secret as a value it should *** out
-# before being transmitted to the server (and shown in logs). It means if the value is accidentally
-# leaked anywhere else that it won't be visible. The downside is that when the script is executed
-# on a local development box, it will be visible.
-Write-Host "##vso[task.setvariable variable=_throwawayencodedaccesstoken;issecret=true;]$($encodedAuthToken)"
+if ($isDevOpsRun) {
+  # We are doing this here so that there is zero chance that this token is emitted in Azure Pipelines
+  # build logs. Azure Pipelines will see this text and register the secret as a value it should *** out
+  # before being transmitted to the server (and shown in logs). It means if the value is accidentally
+  # leaked anywhere else that it won't be visible. The downside is that when the script is executed
+  # on a local development box, it will be visible.
+  Write-Host "##vso[task.setvariable variable=_throwawayencodedaccesstoken;issecret=true;]$($encodedAuthToken)"
+}

-. (Join-Path $PSScriptRoot common.ps1)

 LogDebug "Checking for existing leases on run: $RunId"
 $existingLeases = Get-RetentionLeases -Organization $Organization -Project $Project -DefinitionId $DefinitionId -RunId $RunId -OwnerId $OwnerId -Base64EncodedAuthToken $encodedAuthToken
--- a/eng/common/scripts/Invoke-DevOpsAPI.ps1
+++ b/eng/common/scripts/Invoke-DevOpsAPI.ps1
@ -137,7 +137,7 @@ function Add-RetentionLease {
    $RunId,
    $OwnerId,
    $DaysValid,
-    $Base64AuthToken
+    $Base64EncodedAuthToken
  )

  $parameter = @{}