From 80fc4b25fea01d2621b46ebcad1e44710197c92d Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 4 Feb 2026 19:57:22 +0000 Subject: [PATCH 1/4] Initial plan From b2b40c0f782357ba4aedae06e728213ddcf7fbbf Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 4 Feb 2026 19:59:59 +0000 Subject: [PATCH 2/4] Remove networkIsolationPolicy: Permissive from 1es-redirect.yml Co-authored-by: raych1 <20296335+raych1@users.noreply.github.com> --- eng/pipelines/templates/stages/1es-redirect.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/eng/pipelines/templates/stages/1es-redirect.yml b/eng/pipelines/templates/stages/1es-redirect.yml index e4c2c71342cd..95fa178f9fa2 100644 --- a/eng/pipelines/templates/stages/1es-redirect.yml +++ b/eng/pipelines/templates/stages/1es-redirect.yml @@ -40,9 +40,6 @@ extends: - 1ES.PT.Tag-refs/tags/canary settings: skipBuildTagsForGitHubPullRequests: true - # Set network isolation policy to Preferred to allow access to common public services like GitHub, NuGet, Maven Central, etc. - # https://eng.ms/docs/coreai/devdiv/one-engineering-system-1es/1es-build/cloudbuild/security/1espt-network-isolation#shared-policies-for-common-use-cases - networkIsolationPolicy: Permissive sdl: ${{ if and(eq(variables['Build.DefinitionName'], 'java - core'), eq(variables['Build.SourceBranchName'], 'main'), eq(variables['System.TeamProject'], 'internal')) }}: autobaseline: From 53b492d9bad61490bc199d04b22a652dd104edff Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 4 Feb 2026 20:17:46 +0000 Subject: [PATCH 3/4] Change networkIsolationPolicy from Permissive to Preferred Co-authored-by: raych1 <20296335+raych1@users.noreply.github.com> --- eng/pipelines/templates/stages/1es-redirect.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/eng/pipelines/templates/stages/1es-redirect.yml b/eng/pipelines/templates/stages/1es-redirect.yml index 95fa178f9fa2..c12bbcce3ac3 100644 --- a/eng/pipelines/templates/stages/1es-redirect.yml +++ b/eng/pipelines/templates/stages/1es-redirect.yml @@ -40,6 +40,9 @@ extends: - 1ES.PT.Tag-refs/tags/canary settings: skipBuildTagsForGitHubPullRequests: true + # Set network isolation policy to Preferred to allow access to common public services like GitHub, NuGet, Maven Central, etc. + # https://eng.ms/docs/coreai/devdiv/one-engineering-system-1es/1es-build/cloudbuild/security/1espt-network-isolation#shared-policies-for-common-use-cases + networkIsolationPolicy: Preferred sdl: ${{ if and(eq(variables['Build.DefinitionName'], 'java - core'), eq(variables['Build.SourceBranchName'], 'main'), eq(variables['System.TeamProject'], 'internal')) }}: autobaseline: From 7ea3b6278718731dfca836e0a842c8f4578a12b2 Mon Sep 17 00:00:00 2001 From: Ray Chen Date: Wed, 4 Feb 2026 12:42:12 -0800 Subject: [PATCH 4/4] Apply suggestion from @raych1 --- eng/pipelines/templates/stages/1es-redirect.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eng/pipelines/templates/stages/1es-redirect.yml b/eng/pipelines/templates/stages/1es-redirect.yml index c12bbcce3ac3..778e33e8128d 100644 --- a/eng/pipelines/templates/stages/1es-redirect.yml +++ b/eng/pipelines/templates/stages/1es-redirect.yml @@ -42,7 +42,7 @@ extends: skipBuildTagsForGitHubPullRequests: true # Set network isolation policy to Preferred to allow access to common public services like GitHub, NuGet, Maven Central, etc. # https://eng.ms/docs/coreai/devdiv/one-engineering-system-1es/1es-build/cloudbuild/security/1espt-network-isolation#shared-policies-for-common-use-cases - networkIsolationPolicy: Preferred + networkIsolationPolicy: CFSClean sdl: ${{ if and(eq(variables['Build.DefinitionName'], 'java - core'), eq(variables['Build.SourceBranchName'], 'main'), eq(variables['System.TeamProject'], 'internal')) }}: autobaseline: