Sync eng/common directory with azure-sdk-tools for PR 2596 (Azure#19997)

azure-sdk · web-flow · commit 691cb3866268 · 2022-01-21T15:18:20.000-08:00
- Fix bug in Add-ReleaseLease helper script
- Enable better local logging for handling token
- Enable strict mode to help catch issues like this in the future
diff --git a/eng/common/pipelines/templates/steps/retain-run.yml b/eng/common/pipelines/templates/steps/retain-run.yml
@@ -1,6 +1,6 @@
 parameters:
   - name: DaysValid
-    default: 365
+    default: 731
     type: number
 
 steps:
@@ -16,7 +16,6 @@ steps:
         -Project $(System.TeamProject)
         -DefinitionId $(System.DefinitionId)
         -RunId $(Build.BuildId)
-        -OwnerId Pipeline
-        -DaysValid ${{parameters.DaysValid}}
+        -DaysValid ${{ parameters.DaysValid }}
         -AccessToken $env:SYSTEM_ACCESSTOKEN
         -Debug
diff --git a/eng/common/scripts/Add-RetentionLease.ps1 b/eng/common/scripts/Add-RetentionLease.ps1
@@ -12,28 +12,33 @@ param(
   [Parameter(Mandatory = $true)]
   [int]$RunId,
 
-  [Parameter(Mandatory = $true)]
-  [string]$OwnerId,
-
   [Parameter(Mandatory = $true)]
   [int]$DaysValid,
 
-  [Parameter(Mandatory = $true)]
-  [string]$AccessToken
+  [Parameter(Mandatory = $false)]
+  [string]$OwnerId = "azure-sdk-pipeline-automation",
+
+  [Parameter(Mandatory = $false)]
+  [string]$AccessToken = $env:DEVOPS_PAT
 )
 
+Set-StrictMode -Version 3
+
+. (Join-Path $PSScriptRoot common.ps1)
+
 $unencodedAuthToken = "nobody:$AccessToken"
 $unencodedAuthTokenBytes = [System.Text.Encoding]::UTF8.GetBytes($unencodedAuthToken)
 $encodedAuthToken = [System.Convert]::ToBase64String($unencodedAuthTokenBytes)
 
-# We are doing this here so that there is zero chance that this token is emitted in Azure Pipelines
-# build logs. Azure Pipelines will see this text and register the secret as a value it should *** out
-# before being transmitted to the server (and shown in logs). It means if the value is accidentally
-# leaked anywhere else that it won't be visible. The downside is that when the script is executed
-# on a local development box, it will be visible.
-Write-Host "##vso[task.setvariable variable=_throwawayencodedaccesstoken;issecret=true;]$($encodedAuthToken)"
+if ($isDevOpsRun) {
+  # We are doing this here so that there is zero chance that this token is emitted in Azure Pipelines
+  # build logs. Azure Pipelines will see this text and register the secret as a value it should *** out
+  # before being transmitted to the server (and shown in logs). It means if the value is accidentally
+  # leaked anywhere else that it won't be visible. The downside is that when the script is executed
+  # on a local development box, it will be visible.
+  Write-Host "##vso[task.setvariable variable=_throwawayencodedaccesstoken;issecret=true;]$($encodedAuthToken)"
+}
 
-. (Join-Path $PSScriptRoot common.ps1)
 
 LogDebug "Checking for existing leases on run: $RunId"
 $existingLeases = Get-RetentionLeases -Organization $Organization -Project $Project -DefinitionId $DefinitionId -RunId $RunId -OwnerId $OwnerId -Base64EncodedAuthToken $encodedAuthToken
diff --git a/eng/common/scripts/Invoke-DevOpsAPI.ps1 b/eng/common/scripts/Invoke-DevOpsAPI.ps1
@@ -137,7 +137,7 @@ function Add-RetentionLease {
     $RunId,
     $OwnerId,
     $DaysValid,
-    $Base64AuthToken
+    $Base64EncodedAuthToken
   )
 
   $parameter = @{}

Original file line number	Diff line number	Diff line change
`@@ -137,7 +137,7 @@ function Add-RetentionLease {`
`137`	`137`	`$RunId,`
`138`	`138`	`$OwnerId,`
`139`	`139`	`$DaysValid,`
`140`		`- $Base64AuthToken`
	`140`	`+ $Base64EncodedAuthToken`
`141`	`141`	`)`
`142`	`142`
`143`	`143`	`$parameter = @{}`