PowerShell/.pipelines/PowerShell-vPack-Official.yml

212 lines
7.4 KiB
YAML
Raw Permalink Normal View History

2024-06-07 01:02:35 +08:00
name: $(BuildDefinitionName)_$(date:yyMM).$(date:dd)$(rev:rrr)
trigger: none
parameters: # parameters are shown up in ADO UI in a build queue time
- name: 'createVPack'
displayName: 'Create and Submit VPack'
type: boolean
default: true
2024-06-07 01:02:35 +08:00
- name: 'debug'
displayName: 'Enable debug output'
type: boolean
default: false
- name: 'architecture'
type: string
displayName: 'Select the vpack architecture:'
values:
- x64
- x86
- arm64
default: x64
- name: 'VPackPublishOverride'
type: string
displayName: 'VPack Publish Override Version (can leave blank):'
default: ' '
2024-06-07 01:02:35 +08:00
- name: 'ReleaseTagVar'
type: string
displayName: 'Release Tag Var:'
default: 'fromBranch'
variables:
- name: CDP_DEFINITION_BUILD_COUNT
value: $[counter('', 0)]
- name: system.debug
value: ${{ parameters.debug }}
- name: BuildSolution
value: $(Build.SourcesDirectory)\dirs.proj
- name: BuildConfiguration
value: Release
- name: WindowsContainerImage
value: 'onebranch.azurecr.io/windows/ltsc2019/vse2022:latest'
2024-06-07 01:02:35 +08:00
- name: Codeql.Enabled
value: false # pipeline is not building artifacts; it repackages existing artifacts into a vpack
2024-06-07 01:02:35 +08:00
- name: DOTNET_CLI_TELEMETRY_OPTOUT
value: 1
- name: POWERSHELL_TELEMETRY_OPTOUT
value: 1
- name: nugetMultiFeedWarnLevel
value: none
- name: ReleaseTagVar
value: ${{ parameters.ReleaseTagVar }}
- group: Azure Blob variable group
- group: certificate_logical_to_actual # used within signing task
resources:
repositories:
2024-06-07 01:02:35 +08:00
- repository: templates
type: git
name: OneBranch.Pipelines/GovernedTemplates
ref: refs/heads/main
pipelines:
- pipeline: PSPackagesOfficial
source: 'PowerShell-Packages-Official'
trigger:
branches:
include:
- master
- releases/*
2024-06-07 01:02:35 +08:00
extends:
template: v2/Microsoft.Official.yml@templates
parameters:
platform:
name: 'windows_undocked' # windows undocked
2024-06-07 01:02:35 +08:00
cloudvault:
enabled: false
2024-06-07 01:02:35 +08:00
globalSdl:
useCustomPolicy: true # for signing code
disableLegacyManifest: true
# disabled Armory as we dont have any ARM templates to scan. It fails on some sample ARM templates.
armory:
enabled: false
sbom:
enabled: true
compiled:
enabled: false
credscan:
enabled: true
scanFolder: $(Build.SourcesDirectory)
suppressionsFile: $(Build.SourcesDirectory)\.config\suppress.json
binskim:
enabled: false
# APIScan requires a non-Ready-To-Run build
apiscan:
enabled: false
asyncSDL:
enabled: false
tsaOptionsFile: .config/tsaoptions.json
2024-06-07 01:02:35 +08:00
stages:
- stage: main
jobs:
- job: main
pool:
type: windows
2024-06-07 01:02:35 +08:00
variables:
ob_outputDirectory: '$(BUILD.SOURCESDIRECTORY)\out'
2024-06-07 01:02:35 +08:00
ob_createvpack_enabled: ${{ parameters.createVPack }}
ob_createvpack_packagename: 'PowerShell.${{ parameters.architecture }}'
ob_createvpack_description: PowerShell ${{ parameters.architecture }} $(version)
ob_createvpack_owneralias: tplunk
ob_createvpack_versionAs: string
ob_createvpack_version: '$(version)'
ob_createvpack_propsFile: true
ob_createvpack_verbose: true
steps:
- template: tools/releaseBuild/azureDevOps/templates/SetVersionVariables.yml@self
parameters:
ReleaseTagVar: $(ReleaseTagVar)
CreateJson: yes
UseJson: no
2024-06-07 01:02:35 +08:00
- pwsh: |
if($env:RELEASETAGVAR -match '-') {
throw "Don't release a preview build without coordinating with Windows Engineering Build Tools Team"
}
displayName: Stop any preview release
- task: UseDotNet@2
displayName: 'Use .NET Core sdk'
inputs:
packageType: sdk
version: 3.1.x
installationPath: $(Agent.ToolsDirectory)/dotnet
- pwsh: |
$packageArtifactName = 'drop_windows_package_package_${{ parameters.architecture }}'
$vstsCommandString = "vso[task.setvariable variable=PackageArtifactName]$packageArtifactName"
Write-Host "sending " + $vstsCommandString
Write-Host "##$vstsCommandString"
displayName: 'Set package artifact name'
- download: PSPackagesOfficial
artifact: $(PackageArtifactName)
displayName: Download package
2024-06-07 01:02:35 +08:00
- pwsh: 'Get-ChildItem $(System.ArtifactsDirectory)\* -recurse | Select-Object -ExpandProperty Name'
displayName: 'Capture Artifact Listing'
- pwsh: |
$message = @()
Get-ChildItem $(System.ArtifactsDirectory)\* -recurse -include *.zip, *.msi | ForEach-Object {
if($_.Name -notmatch 'PowerShell-\d+\.\d+\.\d+\-([a-z]*.\d+\-)?win\-(fxdependent|x64|arm64|x86|fxdependentWinDesktop)\.(msi|zip){1}')
{
$messageInstance = "$($_.Name) is not a valid package name"
$message += $messageInstance
Write-Warning $messageInstance
}
}
if($message.count -gt 0){throw ($message | out-string)}
displayName: 'Validate Zip and MSI Package Names'
- pwsh: |
Get-ChildItem $(System.ArtifactsDirectory)\* -recurse -include *.zip, *.msi | ForEach-Object {
if($_.Name -match 'PowerShell-\d+\.\d+\.\d+\-([a-z]*.\d+\-)?win\-(${{ parameters.architecture }})\.(zip){1}')
{
Expand-Archive -Path $_.FullName -DestinationPath $(ob_outputDirectory)
}
}
displayName: 'Extract Zip to ob_outputDirectory'
- pwsh: |
Write-Verbose "VPack Version: $(ob_createvpack_version)" -Verbose
Get-ChildItem -Path $(ob_outputDirectory)\* -Recurse
Get-Content $(ob_outputdirectory)\preview.json -ErrorAction SilentlyContinue | Write-Host
2024-06-07 01:02:35 +08:00
displayName: Debug Output Directory and Version
condition: succeededOrFailed()
- pwsh: |
Write-Host "Using VPackPublishOverride variable"
$vpackVersion = '${{ parameters.VPackPublishOverride }}'
2024-06-07 01:02:35 +08:00
$vstsCommandString = "vso[task.setvariable variable=ob_createvpack_version]$vpackVersion"
Write-Host "sending " + $vstsCommandString
Write-Host "##$vstsCommandString"
condition: ne('${{ parameters.VPackPublishOverride }}', ' ')
2024-06-07 01:02:35 +08:00
displayName: 'Set ob_createvpack_version with VPackPublishOverride'
- pwsh: |
Get-ChildItem -Path env: | Out-String -width 9999 -Stream | write-Verbose -Verbose
2024-06-07 01:02:35 +08:00
displayName: Capture Environment
condition: succeededOrFailed()
- pwsh: |
Write-Verbose "VPack Version: $(ob_createvpack_version)" -Verbose
Get-ChildItem -Path $(ob_outputDirectory)\* -Recurse
displayName: Debug Output Directory and Version
condition: succeededOrFailed()
- task: onebranch.pipeline.signing@1
displayName: 'Onebranch Signing'
inputs:
command: 'sign'
signing_environment: 'azure-ado'
cp_code: $(windows_build_tools_cert_id)
files_to_sign: '**/*.exe;**/*.dll;**/*.ps1;**/*.psm1'
search_root: $(ob_outputDirectory)