koszewscy/ado-sk-toolkit-extension
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added AI Generate Azure DevOps Task.

Browse Source
This commit is contained in:
Sławek Koszewski
2026-02-14 19:31:23 +01:00
commit d42e1bf8b8
13 changed files with 942 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
README.md Normal file
View File

@@ -0,0 +1,65 @@
# Azure DevOps Azure Federated Auth Task
Private Azure DevOps extension with a single task: `AzureFederatedAuth@1`.
The task requests an OIDC token for a selected AzureRM service connection and exports:
- `ARM_OIDC_TOKEN` (secret)
- `ARM_TENANT_ID`
- `ARM_CLIENT_ID`
- `GIT_ACCESS_TOKEN` (secret, optional)
## Requirements
- Linux agents (YAML pipelines)
- Job setting that exposes OAuth token (`System.AccessToken`)
- AzureRM service connection with workload identity federation
- Visual Studio Marketplace publisher account (required to publish/share this extension, even for private org-only usage)
## Build
```bash
./scripts/build.sh
```
This builds the TypeScript task and creates a `.vsix` extension package in `build/`.
## Publish privately
Publishing (CLI or Web UI) uses the same model:
- Upload extension version under a Visual Studio Marketplace publisher
- Share that published extension with your Azure DevOps organization(s)
There is no direct local `.vsix` install path to an org that bypasses the publisher model.
```bash
AZDO_PAT='<your-pat>' ./scripts/publish.sh <vsix-path> <publisher-id> <org1> <org2> <org3>
```
Example:
```bash
AZDO_PAT="$AZDO_PAT" ./scripts/publish.sh ./build/private.azuredevops-get-oidc-token-task-1.0.0.vsix private org-a org-b org-c
```
### Manual publish (Web UI)
You can publish the generated `.vsix` manually in the Visual Studio Marketplace publisher portal:
1. Build/package first (`./scripts/build.sh`) and note the `.vsix` path.
2. Open your publisher in Visual Studio Marketplace.
3. Upload the `.vsix` as a new extension version.
4. Share the published extension with the target Azure DevOps organization(s).
## YAML usage
```yaml
- task: AzureFederatedAuth@1
inputs:
serviceConnectionARM: 'my-arm-service-connection'
setGitAccessToken: true
```
See `examples/azure-pipelines-smoke.yml` for a full smoke validation pipeline.
When `setGitAccessToken: true`, the task exchanges the OIDC assertion against Entra ID and requests scope `499b84ac-1321-427f-aa17-267ca6975798/.default`, then sets `GIT_ACCESS_TOKEN`.