Skip to content

ci: add GitHub PR validation pipeline trigger #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jiria merged 1 commit into from
Jun 4, 2026
Merged

ci: add GitHub PR validation pipeline trigger #5

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .config/CredScanSuppressions.json
View file
Open in desktop
Comment thread
aadhar-agarwal marked this conversation as resolved.
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{"tool":"CredScan","suppressions":[]}
79 changes: 79 additions & 0 deletions .pipelines/github-pr-validation.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
#################################################################################
# ACL GitHub PR Validation — Trigger #
# #
# Thin entry point for GitHub PR validation. This file lives in the GitHub #
# repo (microsoft/azure-container-linux) and: #
# 1. Triggers on PRs targeting aclmain #
# 2. Delegates the actual build/test to ACL-GitHub-PR.yml in the #
# acl-pipelines ADO repo #
# #
# Security: #
# - Fork PRs do NOT get secrets by default (ADO default behavior) #
# - Use "Require a team member's comment to run" in pipeline settings #
# to gate fork PR builds (standard ADO mechanism) #
#################################################################################

trigger: none

pr:
branches:
include:
- aclmain

resources:
repositories:
- repository: templates
type: git
name: OneBranch.Pipelines/GovernedTemplates
ref: refs/heads/main
- repository: acl_pipelines
type: git
name: ACL/acl-pipelines
ref: refs/heads/main
- repository: azure_container_linux
type: github
endpoint: github.com_acl
name: microsoft/azure-container-linux
ref: $(Build.SourceBranch)
- repository: mantle
type: github
endpoint: github.com_acl
name: microsoft/azure-container-linux-mantle
ref: refs/heads/aclmain

variables:
- template: pipelines/templates/variables/acl-defaults.yml@acl_pipelines
- name: pipelinesRoot
value: '$(Build.SourcesDirectory)/acl_pipelines'

extends:
template: v2/OneBranch.NonOfficial.CrossPlat.yml@templates
parameters:
git:
persistCredentials: false
lfs: false

globalSdl:
tsa:
enabled: false
credscan:
suppressionsFile: $(Build.SourcesDirectory)/.config/CredScanSuppressions.json
Comment thread
jiria marked this conversation as resolved.
policheck:
break: true
disableLegacyManifest: true

featureFlags:
runOnHost: true
EnableCDPxPAT: false
use1esentry: false
networkisolation:
enabled: false
golang:
internalModuleProxy:
enabled: false

stages:
- template: pipelines/ACL-GitHub-PR.yml@acl_pipelines
parameters:
aclRef: $(Build.SourceBranch)
mantleRef: 'aclmain'