Feedback

2025-12-08 17:20:11 -08:00 · 2025-12-08 17:20:11 -08:00 · e5a4c64c36
commit e5a4c64c36
parent 1dc056f265
2 changed files with 10 additions and 11 deletions
--- a/eng/common/pipelines/templates/steps/create-apireview.yml
+++ b/eng/common/pipelines/templates/steps/create-apireview.yml
@ -26,9 +26,6 @@ parameters:
  - name: PackageInfoFiles
    type: object
    default: []
-  - name: AzureServiceConnection
-    type: string
-    default: 'APIView prod deployment'

 steps:
  # Automatic API review is generated for a package when pipeline runs irrespective of how pipeline gets triggered.
@ -42,7 +39,7 @@ steps:

    - task: AzureCLI@2
      inputs:
-        azureSubscription: ${{ parameters.AzureServiceConnection }}
+        azureSubscription: 'APIView prod deployment'
        scriptType: pscore
        scriptLocation: scriptPath
        scriptPath: ${{ parameters.SourceRootPath }}/eng/common/scripts/Create-APIReview.ps1
--- a/eng/common/scripts/Create-APIReview.ps1
+++ b/eng/common/scripts/Create-APIReview.ps1
@ -23,17 +23,19 @@ Set-StrictMode -Version 3
 . (Join-Path $PSScriptRoot Helpers ApiView-Helpers.ps1)

 # Get Bearer token for APIView authentication
+# In Azure DevOps, this uses the service connection's Managed Identity/Service Principal
 function Get-ApiViewBearerToken()
 {
-    $audience = "api://apiview"
    try {
-        $tokenResponse = az account get-access-token --resource $audience --output json 2>$null | ConvertFrom-Json
-        if ($tokenResponse -and $tokenResponse.accessToken) {
-            return $tokenResponse.accessToken
+        $tokenResponse = az account get-access-token --resource "api://apiview" --output json 2>&1
+        if ($LASTEXITCODE -ne 0) {
+            Write-Error "Failed to acquire access token: $tokenResponse"
+            return $null
        }
-        return $null
+        return ($tokenResponse | ConvertFrom-Json).accessToken
    }
    catch {
+        Write-Error "Failed to acquire access token: $($_.Exception.Message)"
        return $null
    }
 }
@ -99,7 +101,7 @@ function Upload-SourceArtifact($filePath, $apiLabel, $releaseStatus, $packageVer
    $bearerToken = Get-ApiViewBearerToken
    if (-not $bearerToken) {
        Write-Error "Failed to acquire Bearer token for APIView authentication."
-        return 401
+        return [System.Net.HttpStatusCode]::Unauthorized
    }
    
    $headers = @{
@ -150,7 +152,7 @@ function Upload-ReviewTokenFile($packageName, $apiLabel, $releaseStatus, $review
    $bearerToken = Get-ApiViewBearerToken
    if (-not $bearerToken) {
        Write-Error "Failed to acquire Bearer token for APIView authentication."
-        return 401
+        return [System.Net.HttpStatusCode]::Unauthorized
    }
    
    $headers = @{