From 5b5765a80e7e76cf2d5a8f140903dd1c5d31236a Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 15 Dec 2025 15:26:51 +0000 Subject: [PATCH 1/6] Initial plan From 0df1d18534c5456e4cc4f8f19b7fd4144f56f850 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 15 Dec 2025 15:35:28 +0000 Subject: [PATCH 2/6] Add ACTIONS_ID_TOKEN_REQUEST_URL bypass to auth-ado.sh Co-authored-by: markphip <933108+markphip@users.noreply.github.com> --- src/artifacts-helper/scripts/auth-ado.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/artifacts-helper/scripts/auth-ado.sh b/src/artifacts-helper/scripts/auth-ado.sh index db54205..9ffc878 100644 --- a/src/artifacts-helper/scripts/auth-ado.sh +++ b/src/artifacts-helper/scripts/auth-ado.sh @@ -1,5 +1,12 @@ #!/bin/bash +# If ACTIONS_ID_TOKEN_REQUEST_URL is set, we're in a GitHub Actions environment +# Skip Azure DevOps authentication and just execute the real command +if [ -n "${ACTIONS_ID_TOKEN_REQUEST_URL}" ]; then + echo "::step::GitHub Actions environment detected, skipping Azure DevOps authentication" + return 0 +fi + echo "::step::Waiting for AzDO Authentication Helper..." # Wait up to 3 minutes for the ado-auth-helper to be installed From 434e7c21e7972a752abb21f24579b3153734d233 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 15 Dec 2025 15:48:10 +0000 Subject: [PATCH 3/6] Update all shims to bypass Azure DevOps setup when ACTIONS_ID_TOKEN_REQUEST_URL is set Co-authored-by: markphip <933108+markphip@users.noreply.github.com> --- src/artifacts-helper/scripts/dotnet | 9 +++++++++ src/artifacts-helper/scripts/npm | 9 +++++++++ src/artifacts-helper/scripts/npx | 9 +++++++++ src/artifacts-helper/scripts/nuget | 9 +++++++++ src/artifacts-helper/scripts/pnpm | 9 +++++++++ src/artifacts-helper/scripts/pnpx | 9 +++++++++ src/artifacts-helper/scripts/rush | 9 +++++++++ src/artifacts-helper/scripts/rush-pnpm | 9 +++++++++ src/artifacts-helper/scripts/yarn | 9 +++++++++ 9 files changed, 81 insertions(+) diff --git a/src/artifacts-helper/scripts/dotnet b/src/artifacts-helper/scripts/dotnet index 7b765e1..4468c56 100755 --- a/src/artifacts-helper/scripts/dotnet +++ b/src/artifacts-helper/scripts/dotnet @@ -1,4 +1,13 @@ #!/bin/bash + +# If ACTIONS_ID_TOKEN_REQUEST_URL is set, we're in GitHub Actions - skip Azure DevOps setup +if [ -n "${ACTIONS_ID_TOKEN_REQUEST_URL}" ]; then + source "$(dirname $0)"/resolve-shim.sh + DOTNET_EXE="$(resolve_shim)" + ${DOTNET_EXE} "$@" + exit $? +fi + source "$(dirname $0)"/auth-ado.sh source "$(dirname $0)"/resolve-shim.sh diff --git a/src/artifacts-helper/scripts/npm b/src/artifacts-helper/scripts/npm index deef49f..802ea6b 100755 --- a/src/artifacts-helper/scripts/npm +++ b/src/artifacts-helper/scripts/npm @@ -1,4 +1,13 @@ #!/bin/bash + +# If ACTIONS_ID_TOKEN_REQUEST_URL is set, we're in GitHub Actions - skip Azure DevOps setup +if [ -n "${ACTIONS_ID_TOKEN_REQUEST_URL}" ]; then + source "$(dirname $0)"/resolve-shim.sh + NPM_EXE="$(resolve_shim)" + ${NPM_EXE} "$@" + exit $? +fi + source "$(dirname $0)"/auth-ado.sh source "$(dirname $0)"/resolve-shim.sh diff --git a/src/artifacts-helper/scripts/npx b/src/artifacts-helper/scripts/npx index 1879135..2c40b28 100755 --- a/src/artifacts-helper/scripts/npx +++ b/src/artifacts-helper/scripts/npx @@ -1,4 +1,13 @@ #!/bin/bash + +# If ACTIONS_ID_TOKEN_REQUEST_URL is set, we're in GitHub Actions - skip Azure DevOps setup +if [ -n "${ACTIONS_ID_TOKEN_REQUEST_URL}" ]; then + source "$(dirname $0)"/resolve-shim.sh + NPX_EXE="$(resolve_shim)" + ${NPX_EXE} "$@" + exit $? +fi + source "$(dirname $0)"/auth-ado.sh source "$(dirname $0)"/resolve-shim.sh diff --git a/src/artifacts-helper/scripts/nuget b/src/artifacts-helper/scripts/nuget index 756c918..329c668 100755 --- a/src/artifacts-helper/scripts/nuget +++ b/src/artifacts-helper/scripts/nuget @@ -1,4 +1,13 @@ #!/bin/bash + +# If ACTIONS_ID_TOKEN_REQUEST_URL is set, we're in GitHub Actions - skip Azure DevOps setup +if [ -n "${ACTIONS_ID_TOKEN_REQUEST_URL}" ]; then + source "$(dirname $0)"/resolve-shim.sh + NUGET_EXE="$(resolve_shim)" + ${NUGET_EXE} "$@" + exit $? +fi + source "$(dirname $0)"/auth-ado.sh source "$(dirname $0)"/resolve-shim.sh diff --git a/src/artifacts-helper/scripts/pnpm b/src/artifacts-helper/scripts/pnpm index 7cf2e95..2756432 100755 --- a/src/artifacts-helper/scripts/pnpm +++ b/src/artifacts-helper/scripts/pnpm @@ -1,4 +1,13 @@ #!/bin/bash + +# If ACTIONS_ID_TOKEN_REQUEST_URL is set, we're in GitHub Actions - skip Azure DevOps setup +if [ -n "${ACTIONS_ID_TOKEN_REQUEST_URL}" ]; then + source "$(dirname $0)"/resolve-shim.sh + PNPM_EXE="$(resolve_shim)" + ${PNPM_EXE} "$@" + exit $? +fi + source "$(dirname $0)"/auth-ado.sh source "$(dirname $0)"/resolve-shim.sh diff --git a/src/artifacts-helper/scripts/pnpx b/src/artifacts-helper/scripts/pnpx index 5f865e0..c604757 100755 --- a/src/artifacts-helper/scripts/pnpx +++ b/src/artifacts-helper/scripts/pnpx @@ -1,4 +1,13 @@ #!/bin/bash + +# If ACTIONS_ID_TOKEN_REQUEST_URL is set, we're in GitHub Actions - skip Azure DevOps setup +if [ -n "${ACTIONS_ID_TOKEN_REQUEST_URL}" ]; then + source "$(dirname $0)"/resolve-shim.sh + PNPX_EXE="$(resolve_shim)" + ${PNPX_EXE} "$@" + exit $? +fi + source "$(dirname $0)"/auth-ado.sh source "$(dirname $0)"/resolve-shim.sh diff --git a/src/artifacts-helper/scripts/rush b/src/artifacts-helper/scripts/rush index f1c262b..ffc6fd3 100755 --- a/src/artifacts-helper/scripts/rush +++ b/src/artifacts-helper/scripts/rush @@ -1,4 +1,13 @@ #!/bin/bash + +# If ACTIONS_ID_TOKEN_REQUEST_URL is set, we're in GitHub Actions - skip Azure DevOps setup +if [ -n "${ACTIONS_ID_TOKEN_REQUEST_URL}" ]; then + source "$(dirname $0)"/resolve-shim.sh + RUSH_EXE="$(resolve_shim)" + ${RUSH_EXE} "$@" + exit $? +fi + source "$(dirname $0)"/auth-ado.sh source "$(dirname $0)"/resolve-shim.sh diff --git a/src/artifacts-helper/scripts/rush-pnpm b/src/artifacts-helper/scripts/rush-pnpm index 8370d83..468c55e 100755 --- a/src/artifacts-helper/scripts/rush-pnpm +++ b/src/artifacts-helper/scripts/rush-pnpm @@ -1,4 +1,13 @@ #!/bin/bash + +# If ACTIONS_ID_TOKEN_REQUEST_URL is set, we're in GitHub Actions - skip Azure DevOps setup +if [ -n "${ACTIONS_ID_TOKEN_REQUEST_URL}" ]; then + source "$(dirname $0)"/resolve-shim.sh + RUSH_PNPM_EXE="$(resolve_shim)" + ${RUSH_PNPM_EXE} "$@" + exit $? +fi + source "$(dirname $0)"/auth-ado.sh source "$(dirname $0)"/resolve-shim.sh diff --git a/src/artifacts-helper/scripts/yarn b/src/artifacts-helper/scripts/yarn index 5453431..64d8422 100755 --- a/src/artifacts-helper/scripts/yarn +++ b/src/artifacts-helper/scripts/yarn @@ -1,4 +1,13 @@ #!/bin/bash + +# If ACTIONS_ID_TOKEN_REQUEST_URL is set, we're in GitHub Actions - skip Azure DevOps setup +if [ -n "${ACTIONS_ID_TOKEN_REQUEST_URL}" ]; then + source "$(dirname $0)"/resolve-shim.sh + YARN_EXE="$(resolve_shim)" + ${YARN_EXE} "$@" + exit $? +fi + source "$(dirname $0)"/auth-ado.sh source "$(dirname $0)"/resolve-shim.sh From b5c85a36a0530719e3921d6b2a7c262cadd4b2f8 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 15 Dec 2025 15:50:48 +0000 Subject: [PATCH 4/6] Quote executable variables to prevent word splitting Co-authored-by: markphip <933108+markphip@users.noreply.github.com> --- src/artifacts-helper/scripts/dotnet | 2 +- src/artifacts-helper/scripts/npm | 2 +- src/artifacts-helper/scripts/npx | 2 +- src/artifacts-helper/scripts/nuget | 2 +- src/artifacts-helper/scripts/pnpm | 2 +- src/artifacts-helper/scripts/pnpx | 2 +- src/artifacts-helper/scripts/rush | 2 +- src/artifacts-helper/scripts/rush-pnpm | 2 +- src/artifacts-helper/scripts/yarn | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/artifacts-helper/scripts/dotnet b/src/artifacts-helper/scripts/dotnet index 4468c56..854983c 100755 --- a/src/artifacts-helper/scripts/dotnet +++ b/src/artifacts-helper/scripts/dotnet @@ -4,7 +4,7 @@ if [ -n "${ACTIONS_ID_TOKEN_REQUEST_URL}" ]; then source "$(dirname $0)"/resolve-shim.sh DOTNET_EXE="$(resolve_shim)" - ${DOTNET_EXE} "$@" + "${DOTNET_EXE}" "$@" exit $? fi diff --git a/src/artifacts-helper/scripts/npm b/src/artifacts-helper/scripts/npm index 802ea6b..68f914a 100755 --- a/src/artifacts-helper/scripts/npm +++ b/src/artifacts-helper/scripts/npm @@ -4,7 +4,7 @@ if [ -n "${ACTIONS_ID_TOKEN_REQUEST_URL}" ]; then source "$(dirname $0)"/resolve-shim.sh NPM_EXE="$(resolve_shim)" - ${NPM_EXE} "$@" + "${NPM_EXE}" "$@" exit $? fi diff --git a/src/artifacts-helper/scripts/npx b/src/artifacts-helper/scripts/npx index 2c40b28..87c98da 100755 --- a/src/artifacts-helper/scripts/npx +++ b/src/artifacts-helper/scripts/npx @@ -4,7 +4,7 @@ if [ -n "${ACTIONS_ID_TOKEN_REQUEST_URL}" ]; then source "$(dirname $0)"/resolve-shim.sh NPX_EXE="$(resolve_shim)" - ${NPX_EXE} "$@" + "${NPX_EXE}" "$@" exit $? fi diff --git a/src/artifacts-helper/scripts/nuget b/src/artifacts-helper/scripts/nuget index 329c668..58d7c06 100755 --- a/src/artifacts-helper/scripts/nuget +++ b/src/artifacts-helper/scripts/nuget @@ -4,7 +4,7 @@ if [ -n "${ACTIONS_ID_TOKEN_REQUEST_URL}" ]; then source "$(dirname $0)"/resolve-shim.sh NUGET_EXE="$(resolve_shim)" - ${NUGET_EXE} "$@" + "${NUGET_EXE}" "$@" exit $? fi diff --git a/src/artifacts-helper/scripts/pnpm b/src/artifacts-helper/scripts/pnpm index 2756432..fda9f8b 100755 --- a/src/artifacts-helper/scripts/pnpm +++ b/src/artifacts-helper/scripts/pnpm @@ -4,7 +4,7 @@ if [ -n "${ACTIONS_ID_TOKEN_REQUEST_URL}" ]; then source "$(dirname $0)"/resolve-shim.sh PNPM_EXE="$(resolve_shim)" - ${PNPM_EXE} "$@" + "${PNPM_EXE}" "$@" exit $? fi diff --git a/src/artifacts-helper/scripts/pnpx b/src/artifacts-helper/scripts/pnpx index c604757..f778b7a 100755 --- a/src/artifacts-helper/scripts/pnpx +++ b/src/artifacts-helper/scripts/pnpx @@ -4,7 +4,7 @@ if [ -n "${ACTIONS_ID_TOKEN_REQUEST_URL}" ]; then source "$(dirname $0)"/resolve-shim.sh PNPX_EXE="$(resolve_shim)" - ${PNPX_EXE} "$@" + "${PNPX_EXE}" "$@" exit $? fi diff --git a/src/artifacts-helper/scripts/rush b/src/artifacts-helper/scripts/rush index ffc6fd3..d849432 100755 --- a/src/artifacts-helper/scripts/rush +++ b/src/artifacts-helper/scripts/rush @@ -4,7 +4,7 @@ if [ -n "${ACTIONS_ID_TOKEN_REQUEST_URL}" ]; then source "$(dirname $0)"/resolve-shim.sh RUSH_EXE="$(resolve_shim)" - ${RUSH_EXE} "$@" + "${RUSH_EXE}" "$@" exit $? fi diff --git a/src/artifacts-helper/scripts/rush-pnpm b/src/artifacts-helper/scripts/rush-pnpm index 468c55e..28cefcd 100755 --- a/src/artifacts-helper/scripts/rush-pnpm +++ b/src/artifacts-helper/scripts/rush-pnpm @@ -4,7 +4,7 @@ if [ -n "${ACTIONS_ID_TOKEN_REQUEST_URL}" ]; then source "$(dirname $0)"/resolve-shim.sh RUSH_PNPM_EXE="$(resolve_shim)" - ${RUSH_PNPM_EXE} "$@" + "${RUSH_PNPM_EXE}" "$@" exit $? fi diff --git a/src/artifacts-helper/scripts/yarn b/src/artifacts-helper/scripts/yarn index 64d8422..e043030 100755 --- a/src/artifacts-helper/scripts/yarn +++ b/src/artifacts-helper/scripts/yarn @@ -4,7 +4,7 @@ if [ -n "${ACTIONS_ID_TOKEN_REQUEST_URL}" ]; then source "$(dirname $0)"/resolve-shim.sh YARN_EXE="$(resolve_shim)" - ${YARN_EXE} "$@" + "${YARN_EXE}" "$@" exit $? fi From 75afc857d6ee8732b7c566bd3f55d22129d67c57 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 15 Dec 2025 15:53:45 +0000 Subject: [PATCH 5/6] Bump version to 3.0.1 and document GitHub Actions bypass behavior Co-authored-by: markphip <933108+markphip@users.noreply.github.com> --- src/artifacts-helper/NOTES.md | 10 ++++++++++ src/artifacts-helper/devcontainer-feature.json | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/src/artifacts-helper/NOTES.md b/src/artifacts-helper/NOTES.md index 2dfd1e1..2caa46e 100644 --- a/src/artifacts-helper/NOTES.md +++ b/src/artifacts-helper/NOTES.md @@ -2,6 +2,16 @@ This installs [Azure Artifacts Credential Provider](https://github.com/microsoft and optionally configures shims which shadow `dotnet`, `nuget`, `npm`, `yarn`, `rush`, and `pnpm`. These dynamically sets an authentication token for pulling artifacts from a feed before running the command. +## GitHub Actions / Codespaces Prebuild Support + +**Version 3.0.1+**: The shim scripts now detect when running in a GitHub Actions environment (during Codespaces prebuild) by checking for the `ACTIONS_ID_TOKEN_REQUEST_URL` environment variable. When this variable is set, the shims bypass all Azure DevOps authentication setup and execute the real commands directly. This prevents: + +- Unnecessary 3-minute wait for authentication helper +- Installation of credential providers that aren't needed +- Setting Azure DevOps-specific environment variables + +This ensures package restore operations work seamlessly during Codespaces prebuild without interference from the Azure Artifacts authentication mechanisms. + For `npm`, `yarn`, `rush`, and `pnpm` this requires that your `~/.npmrc` file is configured to use the ${ARTIFACTS_ACCESSTOKEN} environment variable for the `authToken`. A helper script has been added that you can use to write your `~/.npmrc` file during your setup process, though there are many ways you could accomplish this. To use the script, run it like diff --git a/src/artifacts-helper/devcontainer-feature.json b/src/artifacts-helper/devcontainer-feature.json index e805008..db0e108 100644 --- a/src/artifacts-helper/devcontainer-feature.json +++ b/src/artifacts-helper/devcontainer-feature.json @@ -1,7 +1,7 @@ { "name": "Azure Artifacts Credential Helper", "id": "artifacts-helper", - "version": "3.0.0", + "version": "3.0.1", "description": "Configures Codespace to authenticate with Azure Artifact feeds", "options": { "nugetURIPrefixes": { From 68b07fc16ae82d7ca4713f2a419f049a399c500c Mon Sep 17 00:00:00 2001 From: Mark Phippard Date: Mon, 15 Dec 2025 10:59:20 -0500 Subject: [PATCH 6/6] Refactor GitHub Actions prebuild support documentation Reorganize GitHub Actions prebuild support section for clarity and update details on shim scripts behavior. --- src/artifacts-helper/NOTES.md | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/src/artifacts-helper/NOTES.md b/src/artifacts-helper/NOTES.md index 2caa46e..b440541 100644 --- a/src/artifacts-helper/NOTES.md +++ b/src/artifacts-helper/NOTES.md @@ -2,16 +2,6 @@ This installs [Azure Artifacts Credential Provider](https://github.com/microsoft and optionally configures shims which shadow `dotnet`, `nuget`, `npm`, `yarn`, `rush`, and `pnpm`. These dynamically sets an authentication token for pulling artifacts from a feed before running the command. -## GitHub Actions / Codespaces Prebuild Support - -**Version 3.0.1+**: The shim scripts now detect when running in a GitHub Actions environment (during Codespaces prebuild) by checking for the `ACTIONS_ID_TOKEN_REQUEST_URL` environment variable. When this variable is set, the shims bypass all Azure DevOps authentication setup and execute the real commands directly. This prevents: - -- Unnecessary 3-minute wait for authentication helper -- Installation of credential providers that aren't needed -- Setting Azure DevOps-specific environment variables - -This ensures package restore operations work seamlessly during Codespaces prebuild without interference from the Azure Artifacts authentication mechanisms. - For `npm`, `yarn`, `rush`, and `pnpm` this requires that your `~/.npmrc` file is configured to use the ${ARTIFACTS_ACCESSTOKEN} environment variable for the `authToken`. A helper script has been added that you can use to write your `~/.npmrc` file during your setup process, though there are many ways you could accomplish this. To use the script, run it like @@ -48,6 +38,12 @@ pip install --index-url https://pkgs.dev.azure.com//_pa When the feed URL is an Azure Artifacts feed pip will use the keyring helper to provide the credentials needed to download the package. +## GitHub Actions / Codespaces Prebuild Support + +**Version 3.0.1+**: The shim scripts now detect when running in a GitHub Actions environment (during Codespaces prebuild) by checking for the `ACTIONS_ID_TOKEN_REQUEST_URL` environment variable. When this variable is set, the shims bypass all Azure DevOps authentication setup and execute the real commands directly. + +This ensures any custom scripting in place during Codespaces build process will work as expected. This feature can only be used at Codespaces runtime as it requires user interaction. + ## Authentication Helper Wait Behavior The shim scripts (e.g., `dotnet`, `npm`, `nuget`) now include a wait mechanism for the Azure DevOps authentication helper. When invoked, these scripts will: @@ -99,4 +95,4 @@ if the `targetFiles` option is provided, so you may want to include them in the # ~/.bashrc source /custom/path/to/auth-helper.sh -``` \ No newline at end of file +```