From d4679c2ccf9bf438f6e4d63380a0b0952c6f3ef9 Mon Sep 17 00:00:00 2001
From: Justin Anderson <jander-msft@users.noreply.github.com>
Date: Fri, 30 Aug 2024 18:58:28 -0700
Subject: [PATCH] Increase token expiration and retry until compatible token
 (#7239)

---
 .../steps/get-delegation-sas.yml              | 19 ++++++++++++-------
 eng/pipelines/jobs/test-binaries.yml          |  3 ++-
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/eng/common/core-templates/steps/get-delegation-sas.yml b/eng/common/core-templates/steps/get-delegation-sas.yml
index d2901470a7f..b82f0c56bff 100644
--- a/eng/common/core-templates/steps/get-delegation-sas.yml
+++ b/eng/common/core-templates/steps/get-delegation-sas.yml
@@ -28,15 +28,20 @@ steps:
     scriptType: 'pscore'
     scriptLocation: 'inlineScript'
     inlineScript: |
-      # Calculate the expiration of the SAS token and convert to UTC
-      $expiry = (Get-Date).AddHours(${{ parameters.expiryInHours }}).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ")
+      # Temporarily work around a helix issue where SAS tokens with / in them will cause incorrect downloads
+      # of correlation payloads. See https://github.com/dotnet/dnceng/issues/3484
+      $sas = ""
+      do {
+        # Calculate the expiration of the SAS token and convert to UTC
+        $expiry = (Get-Date).AddHours(${{ parameters.expiryInHours }}).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ")
 
-      $sas = az storage container generate-sas --account-name ${{ parameters.storageAccount }} --name ${{ parameters.container }} --permissions ${{ parameters.permissions }} --expiry $expiry --auth-mode login --as-user -o tsv
+        $sas = az storage container generate-sas --account-name ${{ parameters.storageAccount }} --name ${{ parameters.container }} --permissions ${{ parameters.permissions }} --expiry $expiry --auth-mode login --as-user -o tsv
 
-      if ($LASTEXITCODE -ne 0) {
-        Write-Error "Failed to generate SAS token."
-        exit 1
-      }
+        if ($LASTEXITCODE -ne 0) {
+          Write-Error "Failed to generate SAS token."
+          exit 1
+        }
+      } while($sas.IndexOf('/') -ne -1)
 
       if ('${{ parameters.base64Encode }}' -eq 'true') {
         $sas = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($sas))
diff --git a/eng/pipelines/jobs/test-binaries.yml b/eng/pipelines/jobs/test-binaries.yml
index 2c8c9159da3..0f961756b5e 100644
--- a/eng/pipelines/jobs/test-binaries.yml
+++ b/eng/pipelines/jobs/test-binaries.yml
@@ -118,10 +118,11 @@ jobs:
             displayName: Hydrate Node.js Installation Non-Linux
 
       # Populate dotnetbuilds-internal-container-read-token for Helix
-      - template: /eng/common/templates/steps/enable-internal-runtimes.yml
+      - template: /eng/common/templates-official/steps/enable-internal-runtimes.yml
         parameters:
           outputVariableName: 'dotnetbuilds-internal-container-read-token'
           base64Encode: false
+          expiryInHours: 2 # Match the job timeout; Helix can take a long time to process tests depending on queue depth
 
     - ${{ else }}:
       - ${{ if ne(parameters.osGroup, 'Windows') }}: