diff --git a/pipelines/azure-smoke-tests.yml b/pipelines/azure-smoke-tests.yml index a79a65002..376eb7826 100644 --- a/pipelines/azure-smoke-tests.yml +++ b/pipelines/azure-smoke-tests.yml @@ -31,9 +31,15 @@ # principal must hold the 'Key Vault Secrets User' RBAC role on the # 'build-pipeline-kv' vault (the vault uses RBAC authorization, not access # policies). Authorize the pipeline to use the connection on first run. -# * Pipeline variables (define in the pipeline UI or a linked variable group): -# - REGISTRY npm registry URL used by include-prepare-repo.yml to -# restore dependencies (internal Azure Artifacts feed). +# +# Dependency restore uses the PUBLIC npm registry (registry.npmjs.org), the same +# as the GitHub Actions build lanes (build_ts / build_package_shell) and local +# dev. This keeps the package source consistent across all CI and avoids failures +# where a freshly-published transitive version (e.g. from a Dependabot lockfile +# bump) is not yet present in an internal Azure Artifacts feed. The smoke tests +# only need the WIF service connection for Azure OpenAI secrets, which is +# independent of the npm registry — so no internal feed (or REGISTRY variable) is +# required here. trigger: branches: @@ -86,13 +92,13 @@ jobs: pool: vmImage: $(image) steps: - # Checkout + internal npm registry auth + Node + pnpm install - # (--frozen-lockfile --strict-peer-dependencies). + # Checkout + Node + pnpm install (--frozen-lockfile --strict-peer-dependencies). + # No 'registry' is passed, so install uses the default public npm registry — + # matching the GitHub Actions lanes and local dev. - template: include-prepare-repo.yml parameters: buildDirectory: $(buildDirectory) nodeVersion: $(nodeVersion) - registry: $(REGISTRY) # keytar links against libsecret at runtime on Linux; install before any # TypeAgent process (CLI / shell) loads the native module. diff --git a/pipelines/include-prepare-repo.yml b/pipelines/include-prepare-repo.yml index 0120c4bb8..4401ac5d7 100644 --- a/pipelines/include-prepare-repo.yml +++ b/pipelines/include-prepare-repo.yml @@ -6,8 +6,13 @@ parameters: type: string - name: nodeVersion type: string + # Optional npm registry. When set (e.g. an internal Azure Artifacts feed URL), + # an .npmrc is written and authenticated so pnpm restores from that feed. When + # omitted (empty), the build uses the default public npm registry + # (registry.npmjs.org) with no auth — matching the GitHub Actions lanes. - name: registry type: string + default: "" # Set false to skip pnpm-store caching. Useful for manual/scheduled pipelines # where the Windows post-job cache save can exceed its timeout and fail the job. - name: enableCache @@ -19,16 +24,20 @@ steps: displayName: "Checkout TypeAgent Repository" path: typeagent - - bash: | - echo "registry=${{ parameters.registry }}" > .npmrc - cat .npmrc - displayName: Set npm registry - workingDirectory: ${{ parameters.buildDirectory }} + # Only configure and authenticate a custom registry when one is supplied. + # When 'registry' is empty, these steps are skipped and pnpm uses the default + # public npm registry (no .npmrc, no auth) — same as the GitHub Actions lanes. + - ${{ if ne(parameters.registry, '') }}: + - bash: | + echo "registry=${{ parameters.registry }}" > .npmrc + cat .npmrc + displayName: Set npm registry + workingDirectory: ${{ parameters.buildDirectory }} - - task: npmAuthenticate@0 - displayName: Authenticate to npm registry - inputs: - workingFile: ${{ parameters.buildDirectory }}/.npmrc + - task: npmAuthenticate@0 + displayName: Authenticate to npm registry + inputs: + workingFile: ${{ parameters.buildDirectory }}/.npmrc - task: UseNode@1 displayName: Setup Node.js v${{ parameters.nodeVersion }}