Divide build-pack-publish job into separate jobs #6593
Description
Package
None
Is your feature request related to a problem?
Currently the Build, pack, and publish to MyGet workflow is split into the following jobs:
- automation
- build-pack-publish
- post-build (needs 1 and 2)
Step 2 could be broken down into additional jobs to improve reliability. For example, if the MyGet token expired, all the NuGet packages would need to be re-compiled to re-publish the NuGet packages after the secret is updated. With separate jobs, only the publish step would need to be re-run after such a fix.
Instead the workflow could be structured into additional phases with distinct tasks:
- automation
- build-pack
- validate (needs 2)
- publish (needs 3)
- post-build (needs 1, 2 and 4)
This compartmentalises the build into a logical sequence of jobs where the distinct parts can be resumed. This also allows any secrets (e.g. if we added Authenticode for #1302) to be scoped to just the jobs that need them, which is more secure as the checked out code isn't present during validation or publishing.
This would be similar to what we do in Polly's CI. The code is built, packaged and tested, then validated, then "special" builds proceed further through the workflow to be signed, validated again, then published.
What is the expected behavior?
Validation and publishing are separated from build & pack.
Which alternative solutions or features have you considered?
None.
Additional context
No response
Tip
React with 👍 to help prioritize this issue. Please use comments to provide useful context, avoiding +1 or me too, to help us triage it. Learn more here.