Changelog verification

[anannya03]

What does this PR do?

Adds changelog verification so PRs must either include a changelog entry or carry the skip-changelog label.

This change updates the Build pipeline to authenticate to GitHub for PR repos, invokes a new Test-ChangelogEntry.ps1 validation step from Analyze-Code.ps1, and adds the new script that checks changed files for changelog entries and falls back to validating the PR label through the GitHub REST API.

GitHub issue number?

#2495

Pre-merge Checklist

• Required for All PRs
  • Read contribution guidelines
  • PR title clearly describes the change
  • Commit history is clean with descriptive messages (cleanup guide)
  • Added comprehensive tests for new/modified functionality
  • Created a changelog entry if the change falls among the following: new feature, bug fix, UI/UX update, breaking change, or updated dependencies. Follow the changelog entry guide
• For MCP tool changes:
  • One tool per PR: This PR adds or modifies only one MCP tool for faster review cycles
  • Updated servers/Azure.Mcp.Server/README.md and/or servers/Fabric.Mcp.Server/README.md documentation
  • Validate README.md changes running the script ./eng/scripts/Process-PackageReadMe.ps1. See Package README
  • For new or modified tool descriptions, ran ToolDescriptionEvaluator and obtained a score of 0.4 or more and a top 3 ranking for all related test prompts
  • For tools with new names, including new tools or renamed tools, update consolidated-tools.json
  • For renamed tools, follow the Tool Rename Checklist and tag the PR with the breaking-change label
  • For new tools associated with Azure services or publicly available tools/APIs/products, add URL to documentation in the PR description
• Extra steps for Azure MCP Server tool changes:
  • Updated command list in servers/Azure.Mcp.Server/docs/azmcp-commands.md
  • Ran ./eng/scripts/Update-AzCommandsMetadata.ps1 to update tool metadata in azmcp-commands.md (required for CI)
  • Updated test prompts in servers/Azure.Mcp.Server/docs/e2eTestPrompts.md
  • 👉 For Community (non-Microsoft team member) PRs:
    • Security review: Reviewed code for security vulnerabilities, malicious code, or suspicious activities before running tests (crypto mining, spam, data exfiltration, etc.)
    • Manual tests run: added comment /azp run mcp - pullrequest - live to run Live Test Pipeline

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Adds CI enforcement for changelog hygiene by requiring either a changelog entry in the PR diff or an explicit skip-changelog PR label, including GitHub authentication in PR pipelines to enable label checks.

Changes:

• Introduces Test-ChangelogEntry.ps1 to detect changelog entry files and/or validate skip-changelog via GitHub REST API.
• Hooks the new validation into Analyze-Code.ps1 and fails analysis when missing both entry and label.
• Updates the analyze pipeline job to authenticate to GitHub for PR repos.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 5 comments.

File	Description
eng/scripts/Test-ChangelogEntry.ps1	Adds the changelog/label validation script using git diff + GitHub API label lookup
eng/scripts/Analyze-Code.ps1	Executes changelog validation and turns failures into analysis errors
eng/pipelines/templates/jobs/analyze.yml	Adds GitHub login step for PR repos so label checks can authenticate

[jongio]

Two bugs that'll prevent this from working correctly:

1. parameters.Repository doesn't exist in analyze.yml - the condition on line 12 will always evaluate to false, so the GitHub login step never runs. common.yml calls this template without passing a Repository parameter.

2. Regex misses .yaml files in Test-ChangelogEntry.ps1 - the pattern only matches .yml but this repo has both .yml and .yaml changelog entries.

Also: 8 commits with debug messages ('trial 1', 'trial 2', etc.) - please squash before merge.

[jongio]

parameters.Repository isn't declared in this template and common.yml (line 79) calls it without passing one - so this always evaluates as endsWith('', '-pr') which is always false. The login step never runs.

Other templates in this repo use variables['Build.Repository.Name'] for this check (see create-apireview.yml:40, eng-common-workflow-enforcer.yml:38).

Suggested change

	- ${{ if endsWith(parameters.Repository, '-pr') }}:
	- ${{ if endsWith(variables['Build.Repository.Name'], '-pr') }}:

[jongio]

This only matches .yml but the repo has both .yml and .yaml files in changelog-entries/ directories (checked - there are 5 of each). You'll miss valid entries with the .yaml extension.

Suggested change

	$hasChangelog = $changedFiles | Where-Object { $_ -match 'changelog-entries/.*\.yml$' -or $_ -match 'CHANGELOG\.md'}
	$hasChangelog = $changedFiles | Where-Object { $_ -match 'changelog-entries/.*\.ya?ml$' -or $_ -match 'CHANGELOG\.md'}