Follow-ups of using CFS for powershell module installation in Azure/azure-sdk-tools#15215
Problem
Several repo-specific test scripts directly call Install-Module to install Pester from the public PSGallery, bypassing the centralized PSModule-Helpers.ps1 helper.
The shared eng/common/scripts/Helpers/PSModule-Helpers.ps1 has been updated to route all module installs through the internal Azure Artifacts feed (https://pkgs.dev.azure.com/azure-sdk/public/_packaging/azure-sdk-tools/nuget/v2) instead of the public PSGallery. This change improves reliability and security by avoiding dependency on external package sources in CI pipelines. The eng/common changes (Verify-Resource-Ref.ps1 and run-pester-tests.yml) are already addressed in a separate PR.
However, the following repo-specific test scripts still call Install-Module directly and will continue installing from the public PSGallery:
Files that need changes
| File |
Line |
Current Code |
eng/scripts/tests/patchhelpers.tests.ps1 |
18 |
Install-Module Pester -Force -MinimumVersion 5.3.3 |
eng/scripts/tests/bomhelpers.tests.ps1 |
15 |
Install-Module Pester -Force -MinimumVersion 5.3.3 |
eng/scripts/tests/Automation-Sdk-UpdateMetadata.tests.ps1 |
15 |
Install-Module Pester -Force -MinimumVersion 5.3.3 |
eng/scripts/tests/Automation-Sdk-UpdateChangelog.tests.ps1 |
15 |
Install-Module Pester -Force -MinimumVersion 5.3.3 |
Suggested Fix
-
Dot-source PSModule-Helpers.ps1 at the top of each test script (if not already done):
. "$PSScriptRoot/../../common/scripts/Helpers/PSModule-Helpers.ps1"
(adjust relative path as needed for each file's location)
-
Replace direct Install-Module calls with the helper function:
Install-ModuleIfNotInstalled "Pester" "5.3.3" | Import-Module
Why This Matters
- Reliability: The internal feed is more reliable for CI than the public PSGallery, which can have intermittent availability issues.
- Security: Using an internal feed reduces supply-chain risk from public package repositories.
- Consistency: All module installs should go through the same centralized helper to ensure uniform behavior across pipelines.
Follow-ups of using CFS for powershell module installation in Azure/azure-sdk-tools#15215
Problem
Several repo-specific test scripts directly call
Install-Moduleto install Pester from the public PSGallery, bypassing the centralizedPSModule-Helpers.ps1helper.The shared
eng/common/scripts/Helpers/PSModule-Helpers.ps1has been updated to route all module installs through the internal Azure Artifacts feed (https://pkgs.dev.azure.com/azure-sdk/public/_packaging/azure-sdk-tools/nuget/v2) instead of the public PSGallery. This change improves reliability and security by avoiding dependency on external package sources in CI pipelines. Theeng/commonchanges (Verify-Resource-Ref.ps1andrun-pester-tests.yml) are already addressed in a separate PR.However, the following repo-specific test scripts still call
Install-Moduledirectly and will continue installing from the public PSGallery:Files that need changes
eng/scripts/tests/patchhelpers.tests.ps1Install-Module Pester -Force -MinimumVersion 5.3.3eng/scripts/tests/bomhelpers.tests.ps1Install-Module Pester -Force -MinimumVersion 5.3.3eng/scripts/tests/Automation-Sdk-UpdateMetadata.tests.ps1Install-Module Pester -Force -MinimumVersion 5.3.3eng/scripts/tests/Automation-Sdk-UpdateChangelog.tests.ps1Install-Module Pester -Force -MinimumVersion 5.3.3Suggested Fix
Dot-source
PSModule-Helpers.ps1at the top of each test script (if not already done):(adjust relative path as needed for each file's location)
Replace direct
Install-Modulecalls with the helper function:Why This Matters