Skip to content

Fix symbol publishing #24879

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 29, 2025
Merged

Fix symbol publishing #24879

merged 2 commits into from
May 29, 2025

Conversation

snnn
Copy link
Member

@snnn snnn commented May 27, 2025
edited
Loading

Description:

This pull request refactors the symbol publishing workflow that uses the internal REST API. It addresses a breaking change introduced by the Az.Accounts module update (v5.0.1+) where Get-AzAccessToken now returns a SecureString. Additionally, it improves the structure and robustness of the custom symbol publishing steps.

Problem:

  1. The pipeline recently stopped working due to an update in the Azure PowerShell Az.Accounts module. The Get-AzAccessToken cmdlet now returns a SecureString by default, which was incompatible with the previous script that expected a plain string token when setting a pipeline variable.
  2. The previous implementation used two separate tasks: one AzurePowerShell@5 task to generate the token and set it as a pipeline variable, and a subsequent pwsh task to consume this variable and make REST API calls. This separation required converting the SecureString to plain text before setting the pipeline variable.

Solution:

To address these issues and improve the pipeline's design:

  1. The "Generate an Azure Token" (AzurePowerShell@5) task and the "Publish Symbols using internal REST API" (pwsh) task have been combined into a single AzurePowerShell@5 task.
  2. Within this unified task:
    • Get-AzAccessToken is called, and its SecureString output is stored in a local PowerShell variable.
    • The SecureString token is converted to plain text only within the scope of this script and immediately before it's used in the Authorization header for Invoke-RestMethod calls.
    • The token is no longer passed between tasks via a pipeline variable, enhancing security by limiting the scope of the plain text token.

Key Changes:

  • Enhanced SecureString Management: The token remains a SecureString for most of its lifetime within the script, reducing exposure.
  • Improved Error Handling: try-catch blocks have been added around the token retrieval and Invoke-RestMethod calls for better error reporting and pipeline stability.
  • Robust Parameter Handling: Explicit conversion for boolean parameters (e.g., includePublicSymbolServer) to ensure correct PowerShell boolean types before JSON serialization.

@snnn snnn marked this pull request as ready for review May 28, 2025 00:31
@snnn snnn merged commit 49f5179 into main May 29, 2025
88 checks passed
@snnn snnn deleted the snnn/symbol branch May 29, 2025 21:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@prathikr prathikr prathikr approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@snnn @prathikr