From ff9c43fa6021b823e1ee6b8d43ec06d502f9b17f Mon Sep 17 00:00:00 2001 From: "Gavin Barron (from Dev Box)" Date: Tue, 24 Mar 2026 09:32:48 -0700 Subject: [PATCH] fix: use private npm feed in CI to bypass network isolation Add tools/Configure-PrivateNpmFeed.ps1 script that creates .npmrc files pointing to the Azure Artifacts PowerShell_V2_Build npm feed. Update install-tools.yml to run the script and authenticate via npmAuthenticate before installing autorest and rush. Two .npmrc files are configured at build time: - Repo root: for global npm install commands (autorest, rush CLI) - autorest.powershell/common/config/rush/.npmrc: for rush install The Rush .npmrc in the repo retains the public registry default so external contributors can still install from registry.npmjs.org. Fixes #3563 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .../common-templates/install-tools.yml | 20 +++++++++- tools/Configure-PrivateNpmFeed.ps1 | 37 +++++++++++++++++++ 2 files changed, 56 insertions(+), 1 deletion(-) create mode 100644 tools/Configure-PrivateNpmFeed.ps1 diff --git a/.azure-pipelines/common-templates/install-tools.yml b/.azure-pipelines/common-templates/install-tools.yml index 7c024fb21a..a4c9c40cc8 100644 --- a/.azure-pipelines/common-templates/install-tools.yml +++ b/.azure-pipelines/common-templates/install-tools.yml @@ -29,7 +29,25 @@ steps: displayName: Install NodeJs inputs: versionSpec: 18.x - + + - task: PowerShell@2 + displayName: Configure private npm feed + inputs: + targetType: filePath + pwsh: true + filePath: $(Build.SourcesDirectory)/tools/Configure-PrivateNpmFeed.ps1 + arguments: -SourcesDirectory "$(Build.SourcesDirectory)" + + - task: npmAuthenticate@0 + displayName: Authenticate to private npm feed + inputs: + workingFile: $(Build.SourcesDirectory)/.npmrc + + - task: npmAuthenticate@0 + displayName: Authenticate to private npm feed (Rush) + inputs: + workingFile: $(Build.SourcesDirectory)/autorest.powershell/common/config/rush/.npmrc + - task: Npm@1 displayName: Install AutoRest inputs: diff --git a/tools/Configure-PrivateNpmFeed.ps1 b/tools/Configure-PrivateNpmFeed.ps1 new file mode 100644 index 0000000000..e8d6f75ada --- /dev/null +++ b/tools/Configure-PrivateNpmFeed.ps1 @@ -0,0 +1,37 @@ +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. + +<# +.SYNOPSIS + Configures .npmrc files to use a private Azure Artifacts npm feed. + +.DESCRIPTION + Creates .npmrc files at the repository root and in the Rush config directory + to redirect npm and Rush package installations to a private feed. This is + used in CI pipelines where network isolation rules block the public npm registry. + +.PARAMETER SourcesDirectory + The root directory of the repository. Defaults to the current directory. + +.PARAMETER Registry + The private npm registry URL. +#> +param( + [Parameter()] + [string]$SourcesDirectory = (Get-Location).Path, + + [Parameter()] + [string]$Registry = "https://microsoftgraph.pkgs.visualstudio.com/0985d294-5762-4bc2-a565-161ef349ca3e/_packaging/PowerShell_V2_Build/npm/registry/" +) + +$npmrcContent = "registry=$Registry`nalways-auth=true" + +# Create .npmrc at repo root for global npm installs (autorest, rush) +$rootNpmrc = Join-Path $SourcesDirectory ".npmrc" +Set-Content -Path $rootNpmrc -Value $npmrcContent -NoNewline +Write-Host "Created $rootNpmrc" + +# Overwrite Rush .npmrc to use private feed for rush install +$rushNpmrc = Join-Path $SourcesDirectory "autorest.powershell/common/config/rush/.npmrc" +Set-Content -Path $rushNpmrc -Value $npmrcContent -NoNewline +Write-Host "Updated $rushNpmrc"