From b574d584ea6510418cffc4afb27b3e4916a330b6 Mon Sep 17 00:00:00 2001
From: Andrew Wang <wardengnaw@gmail.com>
Date: Fri, 16 Jan 2026 17:59:06 -0800
Subject: [PATCH] Disable SBOM for non-folder publish and other warnings

This PR disables SBOM for non-folder publishes because the build will
get a warning saying: "BuildDropPath '<FILE PATH>' must be a directory,
not a file"

Disabling SBOM checks where we know we are only publishing a file.

Changing ExpirationInDays to be 5475
---
 eng/pipelines/steps/BuildSolution.yml                     | 2 ++
 eng/pipelines/steps/CopyAndPublishSymbols.yml             | 2 +-
 eng/pipelines/steps/PublishOpenDebugAD7.yml               | 1 +
 eng/pipelines/steps/PublishVSPackages.yml                 | 1 +
 eng/pipelines/tasks/1ES/PublishPipelineArtifact.yml       | 2 ++
 eng/pipelines/templates/VSCode-codesign-osx.template.yml  | 1 +
 eng/pipelines/templates/VSCode-esrp-sign-osx.template.yml | 1 +
 7 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/eng/pipelines/steps/BuildSolution.yml b/eng/pipelines/steps/BuildSolution.yml
index 4e6c39263..a5d1e80da 100644
--- a/eng/pipelines/steps/BuildSolution.yml
+++ b/eng/pipelines/steps/BuildSolution.yml
@@ -39,6 +39,7 @@ steps:
     artifactName: '${{ parameters.Configuration }}_binlog'
     condition: ne(variables['System.Debug'], '')
     OneESPT: ${{ parameters.OneESPT }}
+    sbomEnabled: false # Disable SBOM for binlogs
 
 - template: ../tasks/1ES/PublishPipelineArtifact.yml
   parameters:
@@ -47,4 +48,5 @@ steps:
     artifactName: '${{ parameters.Configuration }}_debug_bin'
     condition: ne(variables['System.Debug'], '')
     OneESPT: ${{ parameters.OneESPT }}
+    sbomEnabled: false # Disable SBOM for binaries for System.Debug runs
 ...
\ No newline at end of file
diff --git a/eng/pipelines/steps/CopyAndPublishSymbols.yml b/eng/pipelines/steps/CopyAndPublishSymbols.yml
index 1ae0b04f9..4cef3ad3d 100644
--- a/eng/pipelines/steps/CopyAndPublishSymbols.yml
+++ b/eng/pipelines/steps/CopyAndPublishSymbols.yml
@@ -23,7 +23,7 @@ steps:
     SymbolsAgentPath: '$(Build.ArtifactStagingDirectory)\Symbols\'
     ExcludeAgentFolders: '$(Build.ArtifactStagingDirectory)\Symbols\Debug;$(Build.ArtifactStagingDirectory)\Symbols\Lab.Debug'
     ${{ if parameters.OneESPT }}:
-      ExpirationInDays: 3650 # Expire in 10 years for release builds
+      ExpirationInDays: 5475 # Expire in 10 years for release builds
     ${{ else }}:
       ExpirationInDays: 1 # Expire in 1 day if used for testing
   env:
diff --git a/eng/pipelines/steps/PublishOpenDebugAD7.yml b/eng/pipelines/steps/PublishOpenDebugAD7.yml
index 4e1d42c67..a598d3a4f 100644
--- a/eng/pipelines/steps/PublishOpenDebugAD7.yml
+++ b/eng/pipelines/steps/PublishOpenDebugAD7.yml
@@ -59,3 +59,4 @@ steps:
       targetPath: '$(Build.StagingDirectory)\zips\${{ parameters.RuntimeID }}.zip'
       artifactName: '${{ parameters.RuntimeID }}_zip'
       OneESPT: true
+      sbomEnabled: false # Disable SBOM for zipped files
diff --git a/eng/pipelines/steps/PublishVSPackages.yml b/eng/pipelines/steps/PublishVSPackages.yml
index 2308737b5..9b34248ac 100644
--- a/eng/pipelines/steps/PublishVSPackages.yml
+++ b/eng/pipelines/steps/PublishVSPackages.yml
@@ -18,6 +18,7 @@ steps:
     targetPath: '$(Build.SourcesDirectory)\obj\Lab.Release\NugetPackageVersion.txt'
     artifactName: 'PackageVersion'
     OneESPT: true
+    sbomEnabled: false # Disable SBOM for version file
 
 - task: CopyFiles@2
   inputs:
diff --git a/eng/pipelines/tasks/1ES/PublishPipelineArtifact.yml b/eng/pipelines/tasks/1ES/PublishPipelineArtifact.yml
index 065c933ea..8453e7d86 100644
--- a/eng/pipelines/tasks/1ES/PublishPipelineArtifact.yml
+++ b/eng/pipelines/tasks/1ES/PublishPipelineArtifact.yml
@@ -5,6 +5,7 @@ parameters:
   artifactName: 'drop'
   condition: 'succeeded()'
   OneESPT: false # Indicates that this is running under the 1ES Pipeline Template
+  sbomEnabled: true
 
 steps:
 - ${{ if eq(parameters['OneESPT'], true) }}:
@@ -13,6 +14,7 @@ steps:
     inputs:
       targetPath: ${{ parameters.targetPath }}
       artifactName: '${{ parameters.artifactName }}'
+      sbomEnabled: ${{ parameters.sbomEnabled }}
     condition: ${{ parameters.condition }}
 - ${{ else }}:
   - template: ../PublishPipelineArtifact.yml
diff --git a/eng/pipelines/templates/VSCode-codesign-osx.template.yml b/eng/pipelines/templates/VSCode-codesign-osx.template.yml
index 6ef2efc4d..e9d62f05f 100644
--- a/eng/pipelines/templates/VSCode-codesign-osx.template.yml
+++ b/eng/pipelines/templates/VSCode-codesign-osx.template.yml
@@ -28,4 +28,5 @@ steps:
       targetPath: '$(Pipeline.Workspace)/${{ rid }}.zip'
       artifactName: 'unsigned_${{ rid }}_zip'
       OneESPT: true
+      sbomEnabled: false # Disable SBOM for zipped files
 ...
diff --git a/eng/pipelines/templates/VSCode-esrp-sign-osx.template.yml b/eng/pipelines/templates/VSCode-esrp-sign-osx.template.yml
index 9c55df586..aa31872c1 100644
--- a/eng/pipelines/templates/VSCode-esrp-sign-osx.template.yml
+++ b/eng/pipelines/templates/VSCode-esrp-sign-osx.template.yml
@@ -25,4 +25,5 @@ steps:
       targetPath: '$(Pipeline.Workspace)\Artifacts\${{ rid }}.zip'
       artifactName: '${{ rid }}_zip'
       OneESPT: true
+      sbomEnabled: false # Disable SBOM for zipped files
 ...
\ No newline at end of file