From 5e680c0372d569beab68e8a224e1731b7ea447db Mon Sep 17 00:00:00 2001
From: Andrew Wang <wardengnaw@gmail.com>
Date: Wed, 28 Jan 2026 13:33:55 -0800
Subject: [PATCH 1/2] Refactor DebuggerTesting pipeline for 1ES Compliance

---
 eng/pipelines/DebuggerTesting-release.yml     | 43 ++++++++++++++++---
 .../DebuggerTesting-release.template.yml      | 18 ++++++--
 2 files changed, 50 insertions(+), 11 deletions(-)

diff --git a/eng/pipelines/DebuggerTesting-release.yml b/eng/pipelines/DebuggerTesting-release.yml
index a0f5bd99e..cf1b61cea 100644
--- a/eng/pipelines/DebuggerTesting-release.yml
+++ b/eng/pipelines/DebuggerTesting-release.yml
@@ -1,14 +1,43 @@
 ---
 name: $(Date:yyyMMdd).$(Rev:r)
+
 variables:
-- name: SignType
-  value: test
 - name: TeamName
   value: MDDDebugger
-jobs:
-- template: ./jobs/VSEngSS-MicroBuild2022-1ES.job.yml
+
+resources:
+  repositories:
+  - repository: MicroBuildTemplate
+    type: git
+    name: 1ESPipelineTemplates/MicroBuildTemplate
+    ref: refs/tags/release
+
+extends:
+  template: azure-pipelines/MicroBuild.1ES.Official.yml@MicroBuildTemplate
   parameters:
-    DisplayName: DebuggerTesting
-    JobTemplate:
-    - template: ../templates/DebuggerTesting-release.template.yml
+    pool:
+      name: VSEngSS-MicroBuild2022-1ES
+      os: windows
+    sdl:
+      sourceAnalysisPool:
+        name: VSEngSS-MicroBuild2022-1ES
+        os: windows 
+    stages:
+    - stage: DebuggerTesting
+      jobs:
+      - job: 
+        displayName: Windows
+        timeoutInMinutes: 180
+        cancelTimeoutInMinutes: 1
+        templateContext:
+          mb:
+            signing:
+              enabled: true
+              signType: real
+              signWithProd: true
+              zipSources: false
+            localization:
+              enabled: true
+        steps:
+        - template: /eng/pipelines/templates/DebuggerTesting-release.template.yml@self
 ...
\ No newline at end of file
diff --git a/eng/pipelines/templates/DebuggerTesting-release.template.yml b/eng/pipelines/templates/DebuggerTesting-release.template.yml
index 927d7a00f..183223bde 100644
--- a/eng/pipelines/templates/DebuggerTesting-release.template.yml
+++ b/eng/pipelines/templates/DebuggerTesting-release.template.yml
@@ -6,8 +6,6 @@ steps:
 
 - template: ../tasks/NuGetToolInstaller.yml
 
-- template: ../tasks/MicroBuildSigningPlugin.yml
-
 - template: ../tasks/NuGetCommand.yml
   parameters:
     Command: 'restore'
@@ -21,7 +19,7 @@ steps:
     configuration: 'Release'
     msbuildArguments: /p:NuGetPath=$(NuGetExeToolPath) /p:NuGetPrerelease=false
     env: { 
-        "SIGN_TYPE": "$(SignType)" 
+        "SIGN_TYPE": "real" 
     } 
 
 - template: ../tasks/SignVerify.yml
@@ -31,12 +29,24 @@ steps:
 - template: ../steps/CopyAndPublishSymbols.yml
   parameters:
     SourceFolder: '$(Build.SourcesDirectory)\bin\DebugAdapterProtocolTests\Release\drop'
+    OneESPT: true
 
-- template: ../tasks/PublishPipelineArtifact.yml
+- template: ../tasks/1ES/PublishPipelineArtifact.yml
   parameters:
     displayName: 'Publish Nupkgs'
     path: '$(Build.SourcesDirectory)\bin\DebugAdapterProtocolTests\Release\drop'
     artifactName: 'nupkgs'
+    OneESPT: true
+
+- powershell: |
+    $contentType = 'application/json';
+    $headers = @{ Authorization = 'Bearer $(System.AccessToken)' };
+    $rawRequest = @{ daysValid = 365 * 2; definitionId = $(resources.pipeline.CI.pipelineID); ownerId = 'User:$(Build.RequestedForId)'; protectPipeline = $false; runId = $(resources.pipeline.CI.runId) };
+    $request = ConvertTo-Json @($rawRequest);
+    Write-Host $request
+    $uri = "$(System.CollectionUri)$(System.TeamProject)/_apis/build/retention/leases?api-version=6.0-preview.1";
+    Invoke-RestMethod -uri $uri -method POST -Headers $headers -ContentType $contentType -Body $request;
+  displayName: Retain build
 
 - template: ../tasks/MicroBuildCleanup.yml
 ...
\ No newline at end of file

From a7745b5fd7ae0dd2e192b2072d9988eb53338c19 Mon Sep 17 00:00:00 2001
From: Andrew Wang <wardengnaw@gmail.com>
Date: Wed, 28 Jan 2026 14:11:40 -0800
Subject: [PATCH 2/2] Add comment

---
 eng/pipelines/templates/DebuggerTesting-release.template.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/eng/pipelines/templates/DebuggerTesting-release.template.yml b/eng/pipelines/templates/DebuggerTesting-release.template.yml
index 183223bde..be7e750c8 100644
--- a/eng/pipelines/templates/DebuggerTesting-release.template.yml
+++ b/eng/pipelines/templates/DebuggerTesting-release.template.yml
@@ -38,6 +38,7 @@ steps:
     artifactName: 'nupkgs'
     OneESPT: true
 
+# Retain the pipeline run for 2 years so we can compare future builds against it
 - powershell: |
     $contentType = 'application/json';
     $headers = @{ Authorization = 'Bearer $(System.AccessToken)' };