Update conditions for SBOM and publish jobs

[mswietlicki]

• Enabled conditional execution for the sbom stage to run when the source branch is master or starts with release/
• Updated the publish job's condition to support all release branches by replacing the hardcoded refs/heads/release/4 check with a prefix match against all refs/heads/release/ branches, while maintaining master and debug gating

[coderabbitai]

📝 Walkthrough

Walkthrough

Updated the Azure Pipelines configuration to conditionally trigger the sbom stage on master and release/* branches. Modified the publish job's condition to use prefix matching for all release branches instead of a hardcoded exact version match.

Changes

Cohort / File(s)	Summary
Pipeline Configuration azure-pipelines.yml	Added conditional execution for sbom stage to run on master or branches starting with refs/heads/release/. Updated publish job condition to use startsWith() prefix matching for release branches, replacing exact match to refs/heads/release/4.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

---

Caution

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

• Ignore

❌ Failed checks (1 error, 1 inconclusive)

Check name	Status	Explanation	Resolution
Jira Issue Key In Title	❌ Error	The PR title does not contain a Jira issue key in the format MPT-XXXX.	Update the PR title to include exactly one Jira issue key in the format MPT-XXXX, such as 'MPT-XXXX: Update conditions for SBOM and publish jobs'.
Test Coverage Required	❓ Inconclusive	Unable to access repository files to assess whether out-of-scope changes are present in this pull request.	Repository structure could not be examined to determine if modifications fall within expected scope.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Single Commit Required	✅ Passed	The pull request contains exactly one commit (755b94c 'Update conditions for SBOM and publish jobs') as confirmed by git rev-list count returning 1, meeting the requirement of keeping git history clean.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@azure-pipelines.yml`:
- Line 65: The branch-condition expressions currently check for
'refs/heads/master' which mismatches the pipeline trigger using 'main'; update
the condition expressions (the or(...) conditions that use
eq(variables['Build.SourceBranch'], 'refs/heads/master')) to use
'refs/heads/main' instead—do this for both occurrences of that condition (the
SBOM/publish gating expressions) so the pipeline runs on the default main
branch.
- Line 65: The sbom stage condition is missing Azure's succeeded() gating, so
add it to the condition for the sbom stage (the condition currently using
or(eq(variables['Build.SourceBranch'], 'refs/heads/master'),
startsWith(variables['Build.SourceBranch'], 'refs/heads/release/')) in
azure-pipelines.yml) — change the condition to require succeeded() AND the
existing branch check (e.g. wrap the existing or(...) inside an and(succeeded(),
...)) so the sbom stage only runs when dependencies succeeded and branch
matches.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: e14ed356-b29c-4a36-a304-eaaaece26350

📥 Commits

Reviewing files that changed from the base of the PR and between a1cf428 and 755b94c.

📒 Files selected for processing (1)

• azure-pipelines.yml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify branch refs used in triggers vs conditions
rg -n "trigger:|- main|Build.SourceBranch|refs/heads/master|refs/heads/main|refs/heads/release/" azure-pipelines.yml

Repository: softwareone-platform/swo-aws-extension

Length of output: 436

---

Update branch conditions from refs/heads/master to refs/heads/main.

The trigger targets main (Line 2), but the conditions at Lines 65 and 88 gate on refs/heads/master, preventing SBOM and publish from running on your default branch.

Proposed fix

     condition: or(eq(variables['Build.SourceBranch'], 'refs/heads/master'), startsWith(variables['Build.SourceBranch'], 'refs/heads/release/'))
+    condition: or(eq(variables['Build.SourceBranch'], 'refs/heads/main'), startsWith(variables['Build.SourceBranch'], 'refs/heads/release/'))

Also applies to: 88-88

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@azure-pipelines.yml` at line 65, The branch-condition expressions currently
check for 'refs/heads/master' which mismatches the pipeline trigger using
'main'; update the condition expressions (the or(...) conditions that use
eq(variables['Build.SourceBranch'], 'refs/heads/master')) to use
'refs/heads/main' instead—do this for both occurrences of that condition (the
SBOM/publish gating expressions) so the pipeline runs on the default main
branch.

---

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify whether stage/job conditions keep explicit success gating
rg -n "stage: sbom|stage: publish|job: publish|condition:" azure-pipelines.yml

Repository: softwareone-platform/swo-aws-extension

Length of output: 481

---

🏁 Script executed:

# Examine the sbom stage definition and surrounding context
sed -n '55,95p' azure-pipelines.yml

Repository: softwareone-platform/swo-aws-extension

Length of output: 1860

---

🏁 Script executed:

# Check if there are any dependencies or other stages that could fail before sbom
git ls-files azure-pipelines.yml && wc -l azure-pipelines.yml

Repository: softwareone-platform/swo-aws-extension

Length of output: 124

---

🏁 Script executed:

# Check git history or comments about the branch naming
rg -i "master|main" azure-pipelines.yml | head -20

Repository: softwareone-platform/swo-aws-extension

Length of output: 417

---

🏁 Script executed:

# Check if this is a consistent branch naming issue across the file
rg "refs/heads/master" azure-pipelines.yml

Repository: softwareone-platform/swo-aws-extension

Length of output: 410

---

Re-add succeeded() to avoid running SBOM after failed dependencies.

The sbom stage (line 65) declares explicit dependencies on prepare and build stages but uses a custom condition that lacks succeeded(). This replaces Azure's default success gating, allowing the stage to run even when dependencies fail. Since the stage accesses outputs from prior stages, it will fail attempting to reference missing data.

Proposed fix

-    condition: or(eq(variables['Build.SourceBranch'], 'refs/heads/master'), startsWith(variables['Build.SourceBranch'], 'refs/heads/release/'))
+    condition: and(
+      succeeded(),
+      or(
+        eq(variables['Build.SourceBranch'], 'refs/heads/main'),
+        startsWith(variables['Build.SourceBranch'], 'refs/heads/release/')
+      )
+    )

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	condition: or(eq(variables['Build.SourceBranch'], 'refs/heads/master'), startsWith(variables['Build.SourceBranch'], 'refs/heads/release/'))
	condition: and(
	succeeded(),
	or(
	eq(variables['Build.SourceBranch'], 'refs/heads/main'),
	startsWith(variables['Build.SourceBranch'], 'refs/heads/release/')
	)
	)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@azure-pipelines.yml` at line 65, The sbom stage condition is missing Azure's
succeeded() gating, so add it to the condition for the sbom stage (the condition
currently using or(eq(variables['Build.SourceBranch'], 'refs/heads/master'),
startsWith(variables['Build.SourceBranch'], 'refs/heads/release/')) in
azure-pipelines.yml) — change the condition to require succeeded() AND the
existing branch check (e.g. wrap the existing or(...) inside an and(succeeded(),
...)) so the sbom stage only runs when dependencies succeeded and branch
matches.

[d3rky]

@mswietlicki looks like code rabbit comments are valid and could you also link a jira issue in the scope of which one you doing this job

[coderabbitai]

Seems like the humans are having a chat. I'll hop back into my burrow for now. If you need me again, just tag @coderabbitai in a new comment, and I'll come hopping out!

[d3rky]

@mswietlicki looks like code rabbit comments are valid and could you also link a jira issue in the scope of which one you doing this job