Authenticate source code archival requests

microsoft · Jun 24, 2024 · d1ea132 · d1ea132
1 parent 3efca79
commit d1ea132
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 4 deletions.
diff --git a/azure-pipelines/Archive-SourceCode.ps1 b/azure-pipelines/Archive-SourceCode.ps1
@@ -35,7 +35,7 @@
 .PARAMETER SourceCodeArchivalUri
  The URI to POST the source code archival request to.
  This value will typically come automatically by a variable group associated with your pipeline.
- You can also look it up at https://dpsrequestforms.azurewebsites.net/#/help -> SCA Request Help -> SCA API Help -> Description
+ You can also look it up at https://dpsopsrequestforms.azurewebsites.net/#/help -> SCA Request Help -> SCA API Help -> Description
 #>
 [CmdletBinding(SupportsShouldProcess = $true, PositionalBinding = $false)]
 param (
@@ -76,7 +76,9 @@ param (
  [Parameter()]
  [string]$ServerPath = '',
  [Parameter()]
- [Uri]$SourceCodeArchivalUri = $env:SOURCECODEARCHIVALURI
+ [Uri]$SourceCodeArchivalUri = $env:SOURCECODEARCHIVALURI,
+ [Parameter(Mandatory = $true)]
+ [string]$AccessToken
 )
 
 function Invoke-Git() {
@@ -199,9 +201,13 @@ if ($PSCmdlet.ShouldProcess('source archival request', 'post')) {
  exit 1
  }
 
+ $headers = @{
+ 'Authorization' = "Bearer $AccessToken"
+ }
+
  [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
 
- $Response = Invoke-WebRequest -Uri $SourceCodeArchivalUri -Method POST -Body $RequestJson -ContentType "application/json" -UseBasicParsing -SkipHttpErrorCheck
+ $Response = Invoke-WebRequest -Uri $SourceCodeArchivalUri -Method POST -Headers $headers -Body $RequestJson -ContentType "application/json" -UseBasicParsing -SkipHttpErrorCheck
  Write-Host "Status Code : " -NoNewline
  if ($Response.StatusCode -eq 200) {
  Write-Host $Response.StatusCode -ForegroundColor Green

diff --git a/azure-pipelines/archive-sourcecode.yml b/azure-pipelines/archive-sourcecode.yml
@@ -63,7 +63,16 @@ extends:
  - powershell: azure-pipelines/variables/_pipelines.ps1
  failOnStderr: true
  displayName: ⚙ Set pipeline variables based on source
- - powershell: >
+ - task: AzureCLI@2
+ displayName: 🔏 Authenticate with WIF service connection
+ inputs:
+ azureSubscription: VS Core Source Code Archival
+ scriptType: pscore
+ scriptLocation: inlineScript
+ inlineScript: |
+ $accessToken = az account get-access-token --query accessToken --resource api:https://177cf50a-4bf5-4481-8b7e-f32900dfc8e6 -o tsv
+ Write-Host "##vso[task.setvariable variable=scaToken;issecret=true]$accessToken"
+ - pwsh: >
  $TeamAlias = '$(TeamEmail)'.Substring(0, '$(TeamEmail)'.IndexOf('@'))
 
  azure-pipelines/Archive-SourceCode.ps1
@@ -73,6 +82,7 @@ extends:
  -ProductName '$(SymbolsFeatureName)'
  -ProductLanguage English
  -Notes '${{ parameters.notes }}'
+ -AccessToken '$(scaToken)'
  -Verbose
  -WhatIf:$${{ parameters.whatif }}
  displayName: 🗃️ Submit archival request