Smoke tests: install dependencies from public npm instead of the internal feed#2563
Open
TalZaccai wants to merge 1 commit into
Open
Smoke tests: install dependencies from public npm instead of the internal feed#2563TalZaccai wants to merge 1 commit into
TalZaccai wants to merge 1 commit into
Conversation
The ADO smoke pipeline restored dependencies from the org's internal Azure Artifacts feed, while the GitHub Actions build lanes and local dev use public npm. That split caused smoke tests to fail (ERR_PNPM_FETCH_404) whenever a Dependabot lockfile bump introduced a freshly-published transitive version not yet present in the internal feed, even though the GitHub builds passed. Make 'registry' optional in include-prepare-repo.yml: when omitted, the .npmrc and npmAuthenticate steps are skipped and pnpm uses the default public npm registry. The smoke pipeline now omits 'registry' so it installs from public npm, consistent with the other CI lanes. The smoke tests only need the WIF service connection for Azure OpenAI secrets, which is independent of the npm registry. The 4 build/publish pipelines still pass $(REGISTRY) and are unaffected. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Aligns the Azure DevOps smoke-test pipeline’s dependency restore behavior with GitHub Actions and local development by using the public npm registry by default, avoiding failures caused by lag in internal Azure Artifacts feed mirroring.
Changes:
- Makes
registryoptional ininclude-prepare-repo.yml, and only writes/authenticates.npmrcwhen a custom registry is provided. - Updates
azure-smoke-tests.ymlto omit theregistryparameter so smoke installs resolve from the default public npm registry.
Show a summary per file
| File | Description |
|---|---|
| pipelines/include-prepare-repo.yml | Adds optional registry parameter default and guards .npmrc + npmAuthenticate behind a non-empty registry check. |
| pipelines/azure-smoke-tests.yml | Stops passing registry and updates comments to reflect public npm restore behavior for smoke tests. |
Review details
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 2/2 changed files
- Comments generated: 0
- Review effort level: Low
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
The ADO smoke-test pipeline added in the recent WIF migration (#2549, #2551)
restores dependencies from the org's internal Azure Artifacts feed, while the
GitHub Actions build lanes (
build_ts,build_package_shell) and local dev usethe public npm registry. That difference opens a gap between the two build
environments: a PR can be green on the GitHub builds but red on smoke whenever a
freshly-published transitive version isn't yet present in the internal feed —
e.g. a Dependabot lockfile bump fails with
ERR_PNPM_FETCH_404(qs@6.15.3in#2556), even though every GitHub check passes.
This PR closes that gap on the smoke side by resolving packages from public npm —
the same source the rest of CI and local dev already use.
We intentionally fix this here rather than wiring internal-feed authentication
into GitHub Actions. The original intent of the last two WIF PRs was secretless
Azure auth (Key Vault / Azure OpenAI), not npm package sourcing — the
internal feed only came along incidentally via the shared
include-prepare-repo.ymltemplate. Aligning smoke on public npm keeps packageresolution consistent across all CI without adding any new npm-registry auth work
on the GitHub side.
Changes
pipelines/include-prepare-repo.yml— makeregistryoptional. The.npmrc+npmAuthenticatesteps now run only when a registry is supplied.This is backward-compatible: the build/publish pipelines still pass
$(REGISTRY)and are unaffected.pipelines/azure-smoke-tests.yml— omitregistry, so the smoke jobinstalls from public npm, matching the GitHub Actions lanes.
Not changed
OpenAI secrets, which is independent of the npm registry.