From 7df9c902a7be0dd5cc9a33dbe44191786a449a96 Mon Sep 17 00:00:00 2001 From: Saad Najmi Date: Fri, 24 Apr 2026 12:21:14 -0700 Subject: [PATCH] fix: Publish stage always skipped due to condition evaluation issues Two issues in the Publish stage condition: 1. not(${{ parameters.skipNpmPublish }}) mixes compile-time template expansion with runtime expression evaluation. The YAML boolean expands to 'False'/'True' (capital), which are non-empty strings (always truthy in runtime), so not() always returns false. Fix: use ne() string comparison instead. 2. stageDependencies.Build.BuildAndPack.outputs['check.hasTarballs'] does not resolve correctly under 1ES Pipeline Templates, because templateContext.outputs restructures the job and breaks the output variable reference path. Fix: remove the cross-stage variable dependency and verify tarballs exist inside the Publish job after downloading the artifact. --- .ado/azure-pipelines.publish.yml | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/.ado/azure-pipelines.publish.yml b/.ado/azure-pipelines.publish.yml index b1eedd3765..2917ec1f6e 100644 --- a/.ado/azure-pipelines.publish.yml +++ b/.ado/azure-pipelines.publish.yml @@ -79,18 +79,12 @@ extends: - script: | ls -la $(System.DefaultWorkingDirectory)/_packed/ - if ls $(System.DefaultWorkingDirectory)/_packed/*.tgz > /dev/null 2>&1; then - echo "##vso[task.setvariable variable=hasTarballs;isOutput=true]true" - else - echo "##vso[task.setvariable variable=hasTarballs;isOutput=true]false" - fi - name: check displayName: 'List packed tarballs' - stage: Publish displayName: Publish to NPM dependsOn: Build - condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main'), ne('${{ parameters.skipNpmPublish }}', 'true'), eq(stageDependencies.Build.BuildAndPack.outputs['check.hasTarballs'], 'true')) + condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main'), ne('${{ parameters.skipNpmPublish }}', 'true')) jobs: - job: PublishPackages displayName: Publish NPM Packages @@ -113,11 +107,18 @@ extends: - script: | echo "Downloaded tarballs:" ls -la $(System.DefaultWorkingDirectory)/_packed/ - displayName: 'List downloaded tarballs' + if ls $(System.DefaultWorkingDirectory)/_packed/*.tgz > /dev/null 2>&1; then + echo "##vso[task.setvariable variable=hasTarballs]true" + else + echo "No tarballs found — nothing to publish." + echo "##vso[task.setvariable variable=hasTarballs]false" + fi + displayName: 'Check downloaded tarballs' - script: | yarn displayName: 'yarn install' + condition: eq(variables['hasTarballs'], 'true') - script: | yarn config set npmPublishAccess public @@ -125,12 +126,14 @@ extends: yarn config set npmAuthToken $(npmAuth) npm config set //registry.npmjs.org/:_authToken $(npmAuth) displayName: 'Configure npm publishing auth' + condition: eq(variables['hasTarballs'], 'true') - script: | # https://github.com/changesets/changesets/issues/432 # We can't use `changeset publish` because it doesn't support workspaces, so we have to publish each package individually yarn lage publish --verbose --grouped --reporter azureDevops displayName: 'Publish NPM Packages' + condition: eq(variables['hasTarballs'], 'true') - script: | yarn config unset npmPublishAccess