From 7b87338560a561ec443f698865da9ed8ae40fdc0 Mon Sep 17 00:00:00 2001 From: Juan Sebastian Hoyos Ayala Date: Fri, 7 Nov 2025 01:19:18 -0800 Subject: [PATCH 1/3] Fix and enforce CFS violations --- eng/pipelines/prepare-release.yml | 4 +--- eng/pipelines/templateInternal.yml | 2 ++ 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/eng/pipelines/prepare-release.yml b/eng/pipelines/prepare-release.yml index e5f2ce1194..0b547a4690 100644 --- a/eng/pipelines/prepare-release.yml +++ b/eng/pipelines/prepare-release.yml @@ -33,13 +33,11 @@ stages: condition: succeeded() variables: - ${{ if and(eq(parameters.isOfficialBuild, true), or(startsWith(variables['Build.SourceBranch'], 'refs/heads/release/'), startsWith(variables['Build.SourceBranch'], 'refs/heads/internal/release/'))) }}: - - group: DotNet-Diagnostics-Storage - group: Release-Pipeline steps: - ${{ if or(eq(parameters.isOfficialBuild, false), eq(variables['Build.SourceBranch'], 'refs/heads/main')) }}: - - script: '$(Build.Repository.LocalPath)\dotnet.cmd build $(Build.Repository.LocalPath)\eng\release\DiagnosticsReleaseTool\DiagnosticsReleaseTool.csproj -c Release /bl' - workingDirectory: '$(System.ArtifactsDirectory)' + - script: '$(Build.Repository.LocalPath)\dotnet.cmd build $(Build.Repository.LocalPath)\eng\release\DiagnosticsReleaseTool\DiagnosticsReleaseTool.csproj -c Release' displayName: 'Build Manifest generation and asset publishing tool' - ${{ elseif and(eq(parameters.isOfficialBuild, true), or(startsWith(variables['Build.SourceBranch'], 'refs/heads/release/'), startsWith(variables['Build.SourceBranch'], 'refs/heads/internal/release/'))) }}: - task: UseDotNet@2 diff --git a/eng/pipelines/templateInternal.yml b/eng/pipelines/templateInternal.yml index af64305fd9..6a8a413ace 100644 --- a/eng/pipelines/templateInternal.yml +++ b/eng/pipelines/templateInternal.yml @@ -30,6 +30,8 @@ extends: tsa: enabled: true featureFlags: + networkisolation: + policy: Permissive,CFSClean autoBaseline: true containers: From 7ce121692d5bf6761abcdb167a5de84eedbc32d6 Mon Sep 17 00:00:00 2001 From: Juan Hoyos <19413848+hoyosjs@users.noreply.github.com> Date: Fri, 7 Nov 2025 13:07:13 -0800 Subject: [PATCH 2/3] Update network isolation policy --- eng/pipelines/templateInternal.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/eng/pipelines/templateInternal.yml b/eng/pipelines/templateInternal.yml index 6a8a413ace..1cb31f4a97 100644 --- a/eng/pipelines/templateInternal.yml +++ b/eng/pipelines/templateInternal.yml @@ -29,9 +29,9 @@ extends: enabled: true tsa: enabled: true + settings: + networkIsolationPolicy: Permissive,CFSClean,CFSClean2 featureFlags: - networkisolation: - policy: Permissive,CFSClean autoBaseline: true containers: From 7c98420422996d133d41a26b40d62124851405d9 Mon Sep 17 00:00:00 2001 From: Juan Hoyos <19413848+hoyosjs@users.noreply.github.com> Date: Fri, 7 Nov 2025 13:22:52 -0800 Subject: [PATCH 3/3] Removed CFSClean2 from network isolation policy --- eng/pipelines/templateInternal.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/eng/pipelines/templateInternal.yml b/eng/pipelines/templateInternal.yml index 1cb31f4a97..2f2c05b298 100644 --- a/eng/pipelines/templateInternal.yml +++ b/eng/pipelines/templateInternal.yml @@ -30,7 +30,8 @@ extends: tsa: enabled: true settings: - networkIsolationPolicy: Permissive,CFSClean,CFSClean2 + # Do not add CFSClean2 yet - microbuild needs some endpoints behind it. + networkIsolationPolicy: Permissive,CFSClean featureFlags: autoBaseline: true