Migrate CI/CD from GitHub Actions to ADO; remove GH Actions workflow#895
Open
Migrate CI/CD from GitHub Actions to ADO; remove GH Actions workflow#895
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR finalizes the CI/CD migration from GitHub Actions to Azure DevOps (ADO) by expanding the ADO test matrix, adding an ADO benchmark stage, updating pipeline documentation, and deleting the legacy GitHub Actions CI/CD workflow.
Changes:
- Added Python 3.8 to the ADO CI matrix (now 3.8–3.14).
- Added a post-CI Benchmark stage to
azure-pipelines.ymlto run pytest-benchmark and publishbenchmark.json. - Updated
.Pipelines/CI-AND-RELEASE-PIPELINES.mdwith ADO pipeline hyperlinks and updated version coverage; removed.github/workflows/python-package.yml.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
azure-pipelines.yml |
Adds a Benchmark stage after CI, runs pytest-benchmark on Python 3.9, caches .perf.baseline, and publishes benchmark JSON. |
.Pipelines/template-pipeline-stages.yml |
Extends the CI matrix to include Python 3.8. |
.Pipelines/CI-AND-RELEASE-PIPELINES.md |
Documents the ADO pipelines with hyperlinks and updates stated Python coverage to include 3.8. |
.github/workflows/python-package.yml |
Deletes the legacy GitHub Actions CI/CD workflow. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…lishPipelineArtifact@1; add TSA config, PostBuildCleanup, job retries
…(matrix jobs don't support retries)
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…sLogs@3; fix Cache@2 key escaping
gladjohn
reviewed
Apr 7, 2026
… of .github/workflows/python-package.yml
The cryptography ceiling tests fail whenever a new major version of the cryptography package is released. These are maintenance-reminder tests and should not block unrelated PRs. Run them in a separate step with continueOnError: true so they appear as warnings rather than failures. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Update pipeline purpose, stage diagram, and stage table to include the Benchmark stage that runs on post-merge pushes to dev. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Add --benchmark-skip to CI pytest runs so benchmarks only run in the dedicated Benchmark stage, not on every PR across all Python versions - Explicitly install pytest in the Benchmark job instead of relying on transitive dependency from pytest-benchmark - Guard PublishPipelineArtifact with a file existence check so a missing benchmark.json does not mask the underlying failure Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR completes the migration of all CI/CD processes from GitHub Actions to ADO pipelines.
Changes
Cryptography version-gating tests moved to warning-only
Two repo-internal cryptography maintenance tests are now run in a separate pipeline step with
continueOnError: true, so they report as warnings rather than hard failures:test_ceiling_should_be_latest_cryptography_version_plus_threetest_should_be_run_with_latest_version_of_cryptographyThese tests fail whenever the
cryptographypackage releases a new major version, requiring asetup.cfgceiling bump. Since this is a routine maintenance task, it should not block unrelated PRs. The test results are still published to the Tests tab for visibility, and a dedicatedsetup.cfgbump PR can be submitted independently.Secrets cleanup (post-merge)
The following GitHub repository secrets are no longer referenced by any workflow and can be deleted after merge:
Required admin action (post-merge)
The MSAL-Python-SDL-CI check (ADO pipeline 769) is currently a required GitHub status check on the dev branch. Pipeline 769 has been disabled in ADO since SDL is now covered by the PreBuildCheck stage in pipeline 3064, but the GitHub branch protection rule still references it - causing PRs to block on 'Expected - Waiting for status to be reported'.
A repository admin must remove it after merge:
Once removed, pipeline 769 can remain permanently disabled.