Task: Move ACR deployment to deploy stage

[Onokaev]

Completed fix, but holding until tomorrow to test end to end.
Deployment is blocked because of docker pull rate limits

Successful run: https://microsoftgraph.visualstudio.com/Graph%20Developer%20Experiences/_build/results?buildId=184590&view=logs&j=94deceea-7f99-5fa2-dcf4-7ec60dc7cc5a&t=94deceea-7f99-5fa2-dcf4-7ec60dc7cc5a

[baywet]

Suggested change

environment: kiota-github-releases

We don't need this environment since we're not writing to github releases here

[baywet]

re-opening this since I saw that you added it back. Could you please provide some context?

[Onokaev]

The job fails without an environment variable. I'll create a relevant one on ADO.
I put it back to test it

[baywet]

we might not be allowed to checkout the repository in a deployment stage, have you tested this?

[Onokaev]

It actually works. Let me remove the checkout step

[Onokaev]

Also, why is this not allowed?

[baywet]

deployment phases are not allowed to use checkout steps per security policy. Effectively they don't want scripts that could lead to some kind of injection I suppose.
If we revert to a regular job (not a deployment one) it'd be allowed though.
I have no doubt that it can work, but I'm fairly confident it'll trigger security items down the road.

[Onokaev]

Got it! Thanks

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[baywet]

have you considered this option instead of copying the whole repo which is effectively working around the security constraints?
https://stackoverflow.com/questions/66468815/how-to-publish-docker-image-as-an-artifact-in-azure-devops