From aabb1a20aebf5cae0cdc2131a0d4d4fc93ce65a1 Mon Sep 17 00:00:00 2001
From: Juan Carlos Guzman Islas <juguzman@microsoft.com>
Date: Fri, 21 Jun 2024 10:37:53 -0700
Subject: [PATCH 1/7] Add disabled NI task on pipeline builds

---
 .azuredevops/pipelines/official.yml              |  3 +++
 .azuredevops/pipelines/pr-ci.yml                 | 16 ++++++++++++++++
 .../pipelines/templates/network-isolation.yml    | 11 +++++++++++
 .azuredevops/pipelines/templates/variables.yml   |  3 ++-
 4 files changed, 32 insertions(+), 1 deletion(-)
 create mode 100644 .azuredevops/pipelines/templates/network-isolation.yml

diff --git a/.azuredevops/pipelines/official.yml b/.azuredevops/pipelines/official.yml
index d7802ee..1260fd0 100644
--- a/.azuredevops/pipelines/official.yml
+++ b/.azuredevops/pipelines/official.yml
@@ -64,6 +64,9 @@ extends:
             targetPath: $(ArtifactsDirectory)
             artifactName: artifacts
         steps:
+        - template: templates\network-isolation.yml
+          parameters:
+            NetworkIsolationMode: $(NetworkIsolationMode)
         - task: PowerShell@2
           displayName: 'Update SignType, Build Number, and Add Build Tag for tagged commits'
           condition: and(succeeded(), startsWith(variables['Build.SourceBranch'], 'refs/tags/v'))
diff --git a/.azuredevops/pipelines/pr-ci.yml b/.azuredevops/pipelines/pr-ci.yml
index 057654d..0c9093a 100644
--- a/.azuredevops/pipelines/pr-ci.yml
+++ b/.azuredevops/pipelines/pr-ci.yml
@@ -33,6 +33,10 @@ jobs:
 - job: Build
   displayName: Build and Test
   steps:
+  - template: templates\network-isolation.yml
+    parameters:
+      NetworkIsolationMode: $(NetworkIsolationMode)
+
   - checkout: self
     # Fetch all history for versioning
     fetchDepth: 0
@@ -73,6 +77,10 @@ jobs:
     VsInstallDir: $(Build.ArtifactStagingDirectory)\vs
     MSBuildPath: $(VsInstallDir)\MSBuild\Current\Bin\amd64\MSBuild.exe
   steps:
+  - template: templates\network-isolation.yml
+    parameters:
+      NetworkIsolationMode: $(NetworkIsolationMode)
+
   - download: current
     displayName: 'Download Build Artifacts'
     artifact: artifacts
@@ -126,6 +134,10 @@ jobs:
     VsInstallDir: $(Build.ArtifactStagingDirectory)\vs
     MSBuildPath: $(VsInstallDir)\MSBuild\Current\Bin\amd64\MSBuild.exe
   steps:
+  - template: templates\network-isolation.yml
+    parameters:
+      NetworkIsolationMode: $(NetworkIsolationMode)
+
   - download: current
     displayName: 'Download Build Artifacts'
     artifact: artifacts
@@ -178,6 +190,10 @@ jobs:
   variables:
     MSBuildPath: $(Build.SourcesDirectory)\msbuild\artifacts\bin\bootstrap\net472\MSBuild\Current\Bin\amd64\MSBuild.exe
   steps:
+  - template: templates\network-isolation.yml
+    parameters:
+      NetworkIsolationMode: $(NetworkIsolationMode)
+
   - download: current
     displayName: 'Download Build Artifacts'
     artifact: artifacts
diff --git a/.azuredevops/pipelines/templates/network-isolation.yml b/.azuredevops/pipelines/templates/network-isolation.yml
new file mode 100644
index 0000000..bad7d8a
--- /dev/null
+++ b/.azuredevops/pipelines/templates/network-isolation.yml
@@ -0,0 +1,11 @@
+parameters:
+- name: NetworkIsolationMode
+  type: string
+  default: Disabled
+
+steps:
+- task: tse-cloudbuild.1es-networkisolation-tasks-test.1D5CFFFE-4332-4DE5-8457-7657C0B89BB9.1ESNetworkIsolation@1
+  displayName: Apply FW
+  condition: ne(variables['NetworkIsolationMode'], 'Disabled')
+  inputs:
+    networkIsolationMode: $(NetworkIsolationMode)
\ No newline at end of file
diff --git a/.azuredevops/pipelines/templates/variables.yml b/.azuredevops/pipelines/templates/variables.yml
index fd8e4a8..7f55ea3 100644
--- a/.azuredevops/pipelines/templates/variables.yml
+++ b/.azuredevops/pipelines/templates/variables.yml
@@ -5,4 +5,5 @@ variables:
   ArtifactsDirectory: $(Build.ArtifactStagingDirectory)\artifacts
   # https://github.com/microsoft/azure-pipelines-agent/pull/4077
   VSO_DEDUP_REDIRECT_TIMEOUT_IN_SEC: 5
-  EnablePipelineCache: true
\ No newline at end of file
+  EnablePipelineCache: true
+  NetworkIsolationMode: Disabled
\ No newline at end of file

From e0bb6e17a26a3bcae09e9bce149b424fba495db0 Mon Sep 17 00:00:00 2001
From: Juan Carlos Guzman Islas <juguzman@microsoft.com>
Date: Fri, 21 Jun 2024 10:51:25 -0700
Subject: [PATCH 2/7] Use pred version of task

---
 .azuredevops/pipelines/templates/network-isolation.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.azuredevops/pipelines/templates/network-isolation.yml b/.azuredevops/pipelines/templates/network-isolation.yml
index bad7d8a..4549efb 100644
--- a/.azuredevops/pipelines/templates/network-isolation.yml
+++ b/.azuredevops/pipelines/templates/network-isolation.yml
@@ -4,7 +4,7 @@ parameters:
   default: Disabled
 
 steps:
-- task: tse-cloudbuild.1es-networkisolation-tasks-test.1D5CFFFE-4332-4DE5-8457-7657C0B89BB9.1ESNetworkIsolation@1
+- task: tse-cloudbuild.1es-networkisolation-tasks.661EE24A-9364-4A3B-A725-3CBEB6F35E4B.1ESNetworkIsolation@1
   displayName: Apply FW
   condition: ne(variables['NetworkIsolationMode'], 'Disabled')
   inputs:

From 6dc09cf93b06010989a1ec6fa093a0656e947779 Mon Sep 17 00:00:00 2001
From: Juan Carlos Guzman Islas <juguzman@microsoft.com>
Date: Fri, 21 Jun 2024 11:55:29 -0700
Subject: [PATCH 3/7] Rename task to Network Isolation

---
 .azuredevops/pipelines/templates/network-isolation.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.azuredevops/pipelines/templates/network-isolation.yml b/.azuredevops/pipelines/templates/network-isolation.yml
index 4549efb..b109d37 100644
--- a/.azuredevops/pipelines/templates/network-isolation.yml
+++ b/.azuredevops/pipelines/templates/network-isolation.yml
@@ -5,7 +5,7 @@ parameters:
 
 steps:
 - task: tse-cloudbuild.1es-networkisolation-tasks.661EE24A-9364-4A3B-A725-3CBEB6F35E4B.1ESNetworkIsolation@1
-  displayName: Apply FW
+  displayName: Network Isolation
   condition: ne(variables['NetworkIsolationMode'], 'Disabled')
   inputs:
     networkIsolationMode: $(NetworkIsolationMode)
\ No newline at end of file

From 102535b4ef3fd15b6e63666f7ad7bf43da209267 Mon Sep 17 00:00:00 2001
From: Juan Carlos Guzman Islas <juguzman@microsoft.com>
Date: Fri, 21 Jun 2024 13:59:59 -0700
Subject: [PATCH 4/7] NIMode variable -> parameter

---
 .azuredevops/pipelines/official.yml            | 4 ++++
 .azuredevops/pipelines/pr-ci.yml               | 5 +++++
 .azuredevops/pipelines/templates/variables.yml | 3 +--
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/.azuredevops/pipelines/official.yml b/.azuredevops/pipelines/official.yml
index 1260fd0..7620fba 100644
--- a/.azuredevops/pipelines/official.yml
+++ b/.azuredevops/pipelines/official.yml
@@ -4,6 +4,10 @@ resources:
     type: git
     name: 1ESPipelineTemplates/MicroBuildTemplate
     ref: refs/tags/release
+parameters:
+- name: NetworkIsolationMode
+  type: string
+  default: Disabled
 variables:
 - template: /.azuredevops/pipelines/templates/variables.yml@self
 - name: SignType
diff --git a/.azuredevops/pipelines/pr-ci.yml b/.azuredevops/pipelines/pr-ci.yml
index 0c9093a..e7db1f4 100644
--- a/.azuredevops/pipelines/pr-ci.yml
+++ b/.azuredevops/pipelines/pr-ci.yml
@@ -1,6 +1,11 @@
 variables:
 - template: templates\variables.yml
 
+parameters:
+- name: NetworkIsolationMode
+  type: string
+  default: Disabled
+
 schedules:
 - cron: '0 0 * * *'
   displayName: Daily midnight build
diff --git a/.azuredevops/pipelines/templates/variables.yml b/.azuredevops/pipelines/templates/variables.yml
index 7f55ea3..fd8e4a8 100644
--- a/.azuredevops/pipelines/templates/variables.yml
+++ b/.azuredevops/pipelines/templates/variables.yml
@@ -5,5 +5,4 @@ variables:
   ArtifactsDirectory: $(Build.ArtifactStagingDirectory)\artifacts
   # https://github.com/microsoft/azure-pipelines-agent/pull/4077
   VSO_DEDUP_REDIRECT_TIMEOUT_IN_SEC: 5
-  EnablePipelineCache: true
-  NetworkIsolationMode: Disabled
\ No newline at end of file
+  EnablePipelineCache: true
\ No newline at end of file

From 999d2633e22f4cbb9f92a480444e9fb467630b9d Mon Sep 17 00:00:00 2001
From: Juan Carlos Guzman Islas <juguzman@microsoft.com>
Date: Fri, 21 Jun 2024 14:05:54 -0700
Subject: [PATCH 5/7] Correct parameter usage

---
 .azuredevops/pipelines/official.yml |  7 ++++++-
 .azuredevops/pipelines/pr-ci.yml    | 13 +++++++++----
 2 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/.azuredevops/pipelines/official.yml b/.azuredevops/pipelines/official.yml
index 7620fba..7c3ae73 100644
--- a/.azuredevops/pipelines/official.yml
+++ b/.azuredevops/pipelines/official.yml
@@ -6,8 +6,13 @@ resources:
     ref: refs/tags/release
 parameters:
 - name: NetworkIsolationMode
+  displayName: 'Network Isolation Mode'
   type: string
   default: Disabled
+  values:
+  - Disabled
+  - Audit
+  - Enforce
 variables:
 - template: /.azuredevops/pipelines/templates/variables.yml@self
 - name: SignType
@@ -70,7 +75,7 @@ extends:
         steps:
         - template: templates\network-isolation.yml
           parameters:
-            NetworkIsolationMode: $(NetworkIsolationMode)
+            NetworkIsolationMode: ${{ parameters.NetworkIsolationMode }}
         - task: PowerShell@2
           displayName: 'Update SignType, Build Number, and Add Build Tag for tagged commits'
           condition: and(succeeded(), startsWith(variables['Build.SourceBranch'], 'refs/tags/v'))
diff --git a/.azuredevops/pipelines/pr-ci.yml b/.azuredevops/pipelines/pr-ci.yml
index e7db1f4..1f3e0b7 100644
--- a/.azuredevops/pipelines/pr-ci.yml
+++ b/.azuredevops/pipelines/pr-ci.yml
@@ -3,8 +3,13 @@ variables:
 
 parameters:
 - name: NetworkIsolationMode
+  displayName: 'Network Isolation Mode'
   type: string
   default: Disabled
+  values:
+  - Disabled
+  - Audit
+  - Enforce
 
 schedules:
 - cron: '0 0 * * *'
@@ -40,7 +45,7 @@ jobs:
   steps:
   - template: templates\network-isolation.yml
     parameters:
-      NetworkIsolationMode: $(NetworkIsolationMode)
+      NetworkIsolationMode: ${{ parameters.NetworkIsolationMode }}
 
   - checkout: self
     # Fetch all history for versioning
@@ -84,7 +89,7 @@ jobs:
   steps:
   - template: templates\network-isolation.yml
     parameters:
-      NetworkIsolationMode: $(NetworkIsolationMode)
+      NetworkIsolationMode: ${{ parameters.NetworkIsolationMode }}
 
   - download: current
     displayName: 'Download Build Artifacts'
@@ -141,7 +146,7 @@ jobs:
   steps:
   - template: templates\network-isolation.yml
     parameters:
-      NetworkIsolationMode: $(NetworkIsolationMode)
+      NetworkIsolationMode: ${{ parameters.NetworkIsolationMode }}
 
   - download: current
     displayName: 'Download Build Artifacts'
@@ -197,7 +202,7 @@ jobs:
   steps:
   - template: templates\network-isolation.yml
     parameters:
-      NetworkIsolationMode: $(NetworkIsolationMode)
+      NetworkIsolationMode: ${{ parameters.NetworkIsolationMode }}
 
   - download: current
     displayName: 'Download Build Artifacts'

From 110e38472543d0bf6b4835f2b4a55d73fcae75cd Mon Sep 17 00:00:00 2001
From: Juan Carlos Guzman Islas <juguzman@microsoft.com>
Date: Fri, 21 Jun 2024 14:20:57 -0700
Subject: [PATCH 6/7] Reference parameters better again.

---
 .azuredevops/pipelines/templates/network-isolation.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.azuredevops/pipelines/templates/network-isolation.yml b/.azuredevops/pipelines/templates/network-isolation.yml
index b109d37..c2d7ed0 100644
--- a/.azuredevops/pipelines/templates/network-isolation.yml
+++ b/.azuredevops/pipelines/templates/network-isolation.yml
@@ -6,6 +6,6 @@ parameters:
 steps:
 - task: tse-cloudbuild.1es-networkisolation-tasks.661EE24A-9364-4A3B-A725-3CBEB6F35E4B.1ESNetworkIsolation@1
   displayName: Network Isolation
-  condition: ne(variables['NetworkIsolationMode'], 'Disabled')
+  condition: ne(${{ parameters.NetworkIsolationMode }}, 'Disabled')
   inputs:
-    networkIsolationMode: $(NetworkIsolationMode)
\ No newline at end of file
+    networkIsolationMode: ${{ parameters.NetworkIsolationMode }}
\ No newline at end of file

From 38a57eb1ac28e5b627d7d633a985df7104d3ec5b Mon Sep 17 00:00:00 2001
From: Juan Carlos Guzman Islas <juguzman@microsoft.com>
Date: Fri, 21 Jun 2024 14:34:24 -0700
Subject: [PATCH 7/7] Wrap parameter in quotes

---
 .azuredevops/pipelines/templates/network-isolation.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.azuredevops/pipelines/templates/network-isolation.yml b/.azuredevops/pipelines/templates/network-isolation.yml
index c2d7ed0..16139f7 100644
--- a/.azuredevops/pipelines/templates/network-isolation.yml
+++ b/.azuredevops/pipelines/templates/network-isolation.yml
@@ -6,6 +6,6 @@ parameters:
 steps:
 - task: tse-cloudbuild.1es-networkisolation-tasks.661EE24A-9364-4A3B-A725-3CBEB6F35E4B.1ESNetworkIsolation@1
   displayName: Network Isolation
-  condition: ne(${{ parameters.NetworkIsolationMode }}, 'Disabled')
+  condition: ne('${{ parameters.NetworkIsolationMode }}', 'Disabled')
   inputs:
     networkIsolationMode: ${{ parameters.NetworkIsolationMode }}
\ No newline at end of file