Enable extension CI builds — daily + PR#7497
Open
rajeshkamal5050 wants to merge 8 commits intomainfrom
Open
Conversation
rajeshkamal5050
force-pushed
the
ext-daily-builds
branch
from
baccf05 to
3929c5d
Compare
rajeshkamal5050
requested review from
JeffreyCA,
danieljurek,
hemarina,
jongio,
tg-msft,
vhvb1989,
wbreza and
weikanglim
as code owners
Contributor
There was a problem hiding this comment.
Pull request overview
Adds an internal CI path for producing “rolling” unsigned extension builds from main, publishing them to stable *-dev GitHub release tags, and providing a dev registry JSON that points azd’s extension installer at those artifacts.
Changes:
- Adds a
publish-extension-dev.ymlstage that packages CI-built extension binaries and publishes them to a{SanitizedExtensionId}-devGitHub prerelease. - Wires the dev publish stage into the extension release pipeline template for internal CI runs (
IndividualCI/BatchedCI). - Introduces
cli/azd/extensions/registry-dev.jsonas a static registry pointing at the dev release download URLs.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| eng/pipelines/templates/stages/release-azd-extension.yml | Conditionally includes the new dev publish stage for internal CI builds. |
| eng/pipelines/templates/stages/publish-extension-dev.yml | New stage to delete/recreate a *-dev GitHub prerelease and upload packaged artifacts. |
| cli/azd/extensions/registry-dev.json | New dev registry pointing to *-dev release artifacts for 8 extensions. |
rajeshkamal5050
force-pushed
the
ext-daily-builds
branch
from
3929c5d to
dbc0e49
Compare
rajeshkamal5050
requested review from
therealjohn,
trangevi and
trrwilson
as code owners
rajeshkamal5050
force-pushed
the
ext-daily-builds
branch
from
dbc0e49 to
5be88af
Compare
rajeshkamal5050
force-pushed
the
ext-daily-builds
branch
5 times, most recently
from
8e87775 to
2d132f5
Compare
rajeshkamal5050
requested review from
achauhan-scc,
kingernupur,
rabollin and
saanikaguptamicrosoft
as code owners
jongio
reviewed
Apr 9, 2026
Member
jongio
left a comment
jongio
left a comment
There was a problem hiding this comment.
Issues to address:
- cli/azd/extensions/azure.ai.agents/extension.yaml - version field still says 0.1.20-preview but version.txt was bumped to 0.1.21-preview. All other extensions were synced in both files.
- eng/scripts/Update-ExtensionDailyRegistry.ps1:155 - raw string replacement of ${USAGE} into the JSON template doesn't JSON-escape the value. Current extension.yaml files are fine, but if any usage field ever contains a double-quote or backslash, the generated JSON breaks silently. ConvertFrom-Json catches it downstream, but the error won't point at the cause.
Per-extension registry approach is solid - cleanly avoids the concurrent blob mutation problem.
wbreza
approved these changes
Apr 9, 2026
Contributor
wbreza
left a comment
wbreza
left a comment
There was a problem hiding this comment.
Code Re-Review — PR #7497
Enable dev extension builds on CI by @rajeshkamal5050
Re-review after force-push
Changes since my Apr 7 review (b3e211d) are in commit fe4304a:
- Regex → powershell-yaml for proper YAML parsing (addresses my prior finding)
- Registry format wrapped in
{ extensions: [...] }for azd compatibility - CreateGitHubRelease default flipped to false (safe default)
- Idempotency guard for version script pipeline retries
- Null checks + file-exists guards throughout
- Template moved to eng/templates/ with split copy steps
Prior Review: All ✅ Resolved
| # | Priority | Finding | Status |
|---|---|---|---|
| 1 | High | Regex YAML parsing fragility | ✅ Replaced with powershell-yaml |
| 2 | High | Per-extension registry entries (race condition fix) | ✅ Already resolved |
| 3 | Medium | Version override in build/cross-build jobs | ✅ Resolved |
| 4 | Medium | _manifest removal | ✅ Unconditional |
| 5 | Low | Usage validation | ✅ Added |
✅ What Looks Good
- powershell-yaml replaces fragile regex parsing — proper YAML handling
- Per-extension registry entries elegantly eliminate concurrent blob mutation
- SHA256 checksums from signed artifacts ensure supply chain integrity
- Safe defaults: CreateGitHubRelease=false, explicit true in release caller
- Idempotency guard prevents duplicate version suffixes on retries
- Daily publish stage correctly scoped to CI builds (IndividualCI/BatchedCI) — PR builds skip it
Overall Assessment: Re-approve — all findings addressed, no new issues. Pending @danieljurek's E2E validation.
Review performed with GitHub Copilot CLI
Mirrors the core CLI daily build pattern. On CI builds (push to main),
sign and upload extension binaries to Azure Storage.
- publish-extension-daily.yml — new stage, depends on Sign, uploads to
{ext-id}/daily (latest) and {ext-id}/daily/archive/{version} (history)
- publish-extension.yml — add CreateGitHubRelease param (default true)
so daily can skip GitHub Release and just upload to storage
- release-azd-extension.yml — wire daily publish for CI builds
- update-daily-registry.yml — download existing registry-daily.json from
storage, merge in the current extension entry with checksums and
storage URLs, upload back. Self-maintaining across extension builds.
Closes #7317
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Pipeline changes:
- publish-extension-daily.yml — daily stage, depends on Sign, uploads
to {ext-id}/daily and {ext-id}/daily/archive/{version}
- publish-extension.yml — add CreateGitHubRelease param so daily can
skip GitHub Release and just upload to storage
- release-azd-extension.yml — wire daily publish for CI builds
- update-extension-daily-registry.yml — calls Update-ExtensionDailyRegistry.ps1
to merge extension entry into registry-daily.json on storage
- extension-registry-daily-template.json — JSON template with placeholders
Version bumps:
- Bump all extension version.txt and extension.yaml so daily builds
are ahead of the last released versions
Closes #7317
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Mirrors core CLI pattern: appends -daily.<BuildId> for CI builds, -pr.<BuildId> for PR builds, skips for Manual (release) builds. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Trim version.txt on read (Set-ExtensionVersionVariable, Set-ExtensionVersionInBuild) - Validate empty version.txt in Set-ExtensionVersionInBuild - Make BuildReason/BuildId mandatory params - Wrap Get-FileHash in try/catch - Validate required YAML fields (namespace, displayName, description) after parsing - Log parsed extension metadata for pipeline diagnostics - Fix upload error handling (don't set ErrorActionPreference=Continue before upload) - Guard CreateGitHubRelease against empty TagPrefix/TagVersion Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
… fix, usage validation
- Add set-extension-version-cd.yml to build and cross-build jobs so
binaries get the daily version suffix (not just release artifacts)
- Switch from shared registry-daily.json to per-extension entries
(daily-registry-entries/{id}.json) to avoid race condition when
multiple extension pipelines run concurrently
- Make _manifest removal unconditional before conditional blocks
- Add usage to required fields validation in registry script
- Document YAML regex parsing limitation in code comment
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…andling
- Replace regex YAML parsing with powershell-yaml for proper parsing
- Wrap JSON output in { extensions: [...] } registry format for azd compatibility
- Move template to eng/templates/, copy scripts into release-metadata artifact
- Flip CreateGitHubRelease default to false, explicit true in release caller
- Add idempotency guard in version script for pipeline retries
- Add placeholder validation, null checks, and file-exists guards
- Split copy steps for clearer error attribution in CI
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Add publish-extension-pr.yml stage for PR builds - Add update-extension-pr-registry.yml step for per-extension PR registry - Wire PR publish into release-azd-extension.yml pipeline - Add PR number validation guard for empty/unexpanded values - Add unsigned binary warning to PR comment - Add ConvertTo-JsonSafeString for JSON-safe template replacements - Bump azure.ai.agents version to 0.1.22-preview Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
rajeshkamal5050
force-pushed
the
ext-daily-builds
branch
from
86a6faa to
49986ec
Compare
rajeshkamal5050
changed the title
Contributor
Author
|
@danieljurek all 9 extension pipelines should be on the internal ADO project right? currently only azure.ai.models and azure.appservice are internal, the rest run on public and skip sign + publish stages. these did not get PublishForPR:
|
jongio
previously requested changes
Apr 11, 2026
Member
jongio
left a comment
jongio
left a comment
There was a problem hiding this comment.
3 TODO debug shortcuts need to be reverted before merge - they disable cross-compile validation for all extensions and skip tests for the demo extension.
danieljurek
reviewed
Apr 13, 2026
danieljurek
reviewed
Apr 13, 2026
danieljurek
reviewed
Apr 13, 2026
danieljurek
reviewed
Apr 13, 2026
danieljurek
reviewed
Apr 13, 2026
danieljurek
previously requested changes
Apr 13, 2026
Member
danieljurek
left a comment
danieljurek
left a comment
There was a problem hiding this comment.
A few things to change:
- Revert TODOs
- Do NOT upload engsys scripts to artifacts and try to run them in a release. Instead, produce the artifact during
GenerateReleaseArtifactsand then download that artifact and publish it with inline powershell that invokes azcopy. We want to know what was published at any pipeline run (even if it's a JSON file) and producing that file at runtime instead of storing it as an artifact makes it difficult to obtain this knowledge.
rajeshkamal5050
force-pushed
the
ext-daily-builds
branch
from
0c7bc3a to
49986ec
Compare
- Script only produces JSON, no longer uploads via azcopy - Publish stages use checkout:self to run script from trusted repo source - Removed executable scripts from release-metadata artifact - Deleted update-extension-daily-registry.yml and update-extension-pr-registry.yml step templates - Use absolute Pipeline.Workspace paths for artifact references - Added retry with backoff on azcopy upload steps Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
rajeshkamal5050
dismissed
danieljurek’s stale review
All feedback addressed: scripts removed from artifacts, checkout:self in publish stages, script only produces JSON, separate upload steps with retry. All threads resolved.
rajeshkamal5050
dismissed
jongio’s stale review
All feedback addressed: test commits reverted, scripts removed from artifacts, all threads resolved.
Collaborator
Collaborator
azd Extension Install Instructions —
|
| Platform | Download |
|---|---|
| Linux x86_64 | https://azuresdkartifacts.z5.web.core.windows.net/azd/extensions/azure-appservice/pr/7497/azure-appservice-linux-amd64.tar.gz |
| Linux ARM64 | https://azuresdkartifacts.z5.web.core.windows.net/azd/extensions/azure-appservice/pr/7497/azure-appservice-linux-arm64.tar.gz |
| macOS x86_64 | https://azuresdkartifacts.z5.web.core.windows.net/azd/extensions/azure-appservice/pr/7497/azure-appservice-darwin-amd64.zip |
| macOS ARM64 | https://azuresdkartifacts.z5.web.core.windows.net/azd/extensions/azure-appservice/pr/7497/azure-appservice-darwin-arm64.zip |
| Windows x86_64 | https://azuresdkartifacts.z5.web.core.windows.net/azd/extensions/azure-appservice/pr/7497/azure-appservice-windows-amd64.zip |
| Windows ARM64 | https://azuresdkartifacts.z5.web.core.windows.net/azd/extensions/azure-appservice/pr/7497/azure-appservice-windows-arm64.zip |
jongio
approved these changes
Apr 13, 2026
Member
jongio
left a comment
jongio
left a comment
There was a problem hiding this comment.
All issues from my two previous reviews are addressed. Per-extension registry entries cleanly solve the concurrent mutation problem. Version override is now wired into all three job types. The idempotency guard, powershell-yaml parsing, JSON escaping, and placeholder validation are solid additions.
Verified all 9 extensions have matching version.txt and extension.yaml, TODOs reverted, template relocated to eng/templates/ per Daniel's feedback. CI is green. Ship it.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Daily and PR extension builds to Azure Storage, mirrors core CLI build pattern.
On CI push to main — extensions get signed and uploaded to storage with per-extension registry entries.
On PR builds — same thing but scoped to the PR number, with install instructions posted as a PR comment.
Changes
publish-extension-daily.yml— daily publish stage, depends on Sign, uploads to storagepublish-extension-pr.yml— PR publish stage, uploads to PR-scoped storage, posts install commentpublish-extension.yml—CreateGitHubReleaseparam so daily/PR can skip itrelease-azd-extension.yml— wired daily + PR publish for CI and PR buildsSet-ExtensionVersionInBuild.ps1— appends-daily.or-pr.suffix per build reasonUpdate-ExtensionDailyRegistry.ps1+ JSON template — generates per-extension registry entries with checksumsupdate-extension-pr-registry.yml— uploads PR-scoped registry entryPer-extension registry
Each extension uploads its own entry. No shared blob, no race condition when multiple extensions build concurrently.
How to use — daily builds
Daily registry entries at:
Install a daily build:
How to use — PR builds
PR builds post a comment on the PR with install instructions. Registry entries at:
Install a PR build:
Closes #7317