2024-06-07 01:02:35 +08:00
|
|
|
name: $(BuildDefinitionName)_$(date:yyMM).$(date:dd)$(rev:rrr)
|
|
|
|
|
|
|
|
|
|
trigger: none
|
|
|
|
|
|
|
|
|
|
parameters: # parameters are shown up in ADO UI in a build queue time
|
|
|
|
|
- name: 'createVPack'
|
|
|
|
|
displayName: 'Create and Submit VPack'
|
|
|
|
|
type: boolean
|
2024-08-21 06:43:20 +08:00
|
|
|
default: true
|
2024-06-07 01:02:35 +08:00
|
|
|
- name: 'debug'
|
|
|
|
|
displayName: 'Enable debug output'
|
|
|
|
|
type: boolean
|
|
|
|
|
default: false
|
|
|
|
|
- name: 'architecture'
|
|
|
|
|
type: string
|
|
|
|
|
displayName: 'Select the vpack architecture:'
|
|
|
|
|
values:
|
|
|
|
|
- x64
|
|
|
|
|
- x86
|
|
|
|
|
- arm64
|
|
|
|
|
default: x64
|
|
|
|
|
- name: 'VPackPublishOverride'
|
|
|
|
|
type: string
|
|
|
|
|
displayName: 'VPack Publish Override Version (can leave blank):'
|
2024-06-11 05:22:55 +08:00
|
|
|
default: ' '
|
2024-06-07 01:02:35 +08:00
|
|
|
- name: 'ReleaseTagVar'
|
|
|
|
|
type: string
|
|
|
|
|
displayName: 'Release Tag Var:'
|
|
|
|
|
default: 'fromBranch'
|
|
|
|
|
|
|
|
|
|
variables:
|
|
|
|
|
- name: CDP_DEFINITION_BUILD_COUNT
|
|
|
|
|
value: $[counter('', 0)]
|
|
|
|
|
- name: system.debug
|
|
|
|
|
value: ${{ parameters.debug }}
|
|
|
|
|
- name: BuildSolution
|
|
|
|
|
value: $(Build.SourcesDirectory)\dirs.proj
|
|
|
|
|
- name: BuildConfiguration
|
|
|
|
|
value: Release
|
|
|
|
|
- name: WindowsContainerImage
|
2024-06-11 05:22:55 +08:00
|
|
|
value: 'onebranch.azurecr.io/windows/ltsc2019/vse2022:latest'
|
2024-06-07 01:02:35 +08:00
|
|
|
- name: Codeql.Enabled
|
2024-06-11 05:22:55 +08:00
|
|
|
value: false # pipeline is not building artifacts; it repackages existing artifacts into a vpack
|
2024-06-07 01:02:35 +08:00
|
|
|
- name: DOTNET_CLI_TELEMETRY_OPTOUT
|
|
|
|
|
value: 1
|
|
|
|
|
- name: POWERSHELL_TELEMETRY_OPTOUT
|
|
|
|
|
value: 1
|
|
|
|
|
- name: nugetMultiFeedWarnLevel
|
|
|
|
|
value: none
|
|
|
|
|
- name: ReleaseTagVar
|
|
|
|
|
value: ${{ parameters.ReleaseTagVar }}
|
|
|
|
|
- group: Azure Blob variable group
|
|
|
|
|
- group: certificate_logical_to_actual # used within signing task
|
|
|
|
|
|
|
|
|
|
resources:
|
2024-06-11 05:22:55 +08:00
|
|
|
repositories:
|
2024-06-07 01:02:35 +08:00
|
|
|
- repository: templates
|
|
|
|
|
type: git
|
|
|
|
|
name: OneBranch.Pipelines/GovernedTemplates
|
|
|
|
|
ref: refs/heads/main
|
|
|
|
|
|
|
|
|
|
extends:
|
|
|
|
|
template: v2/Microsoft.Official.yml@templates
|
|
|
|
|
parameters:
|
|
|
|
|
platform:
|
|
|
|
|
name: 'windows_undocked' # windows undocked
|
2024-06-11 05:22:55 +08:00
|
|
|
|
2024-06-07 01:02:35 +08:00
|
|
|
cloudvault:
|
|
|
|
|
enabled: false
|
2024-06-11 05:22:55 +08:00
|
|
|
|
2024-06-07 01:02:35 +08:00
|
|
|
globalSdl:
|
|
|
|
|
useCustomPolicy: true # for signing code
|
|
|
|
|
disableLegacyManifest: true
|
|
|
|
|
# disabled Armory as we dont have any ARM templates to scan. It fails on some sample ARM templates.
|
|
|
|
|
armory:
|
|
|
|
|
enabled: false
|
|
|
|
|
sbom:
|
|
|
|
|
enabled: true
|
|
|
|
|
compiled:
|
|
|
|
|
enabled: false
|
|
|
|
|
credscan:
|
|
|
|
|
enabled: true
|
|
|
|
|
scanFolder: $(Build.SourcesDirectory)
|
|
|
|
|
suppressionsFile: $(Build.SourcesDirectory)\.config\suppress.json
|
2024-10-04 06:29:33 +08:00
|
|
|
binskim:
|
|
|
|
|
enabled: false
|
|
|
|
|
# APIScan requires a non-Ready-To-Run build
|
|
|
|
|
apiscan:
|
|
|
|
|
enabled: false
|
|
|
|
|
asyncSDL:
|
|
|
|
|
enabled: false
|
|
|
|
|
tsaOptionsFile: .config/tsaoptions.json
|
2024-06-07 01:02:35 +08:00
|
|
|
stages:
|
|
|
|
|
- stage: main
|
|
|
|
|
jobs:
|
|
|
|
|
- job: main
|
|
|
|
|
pool:
|
2024-06-11 05:22:55 +08:00
|
|
|
type: windows
|
|
|
|
|
|
2024-06-07 01:02:35 +08:00
|
|
|
variables:
|
2024-06-11 05:22:55 +08:00
|
|
|
ob_outputDirectory: '$(BUILD.SOURCESDIRECTORY)\out'
|
2024-06-07 01:02:35 +08:00
|
|
|
ob_createvpack_enabled: ${{ parameters.createVPack }}
|
|
|
|
|
ob_createvpack_packagename: 'PowerShell.${{ parameters.architecture }}'
|
|
|
|
|
ob_createvpack_description: PowerShell ${{ parameters.architecture }} $(version)
|
|
|
|
|
ob_createvpack_owneralias: tplunk
|
|
|
|
|
ob_createvpack_versionAs: string
|
|
|
|
|
ob_createvpack_version: '$(version)'
|
|
|
|
|
ob_createvpack_propsFile: true
|
|
|
|
|
ob_createvpack_verbose: true
|
|
|
|
|
|
|
|
|
|
steps:
|
|
|
|
|
- template: tools/releaseBuild/azureDevOps/templates/SetVersionVariables.yml@self
|
|
|
|
|
parameters:
|
|
|
|
|
ReleaseTagVar: $(ReleaseTagVar)
|
|
|
|
|
CreateJson: yes
|
|
|
|
|
UseJson: no
|
2024-06-11 05:22:55 +08:00
|
|
|
|
2024-06-07 01:02:35 +08:00
|
|
|
- pwsh: |
|
|
|
|
|
if($env:RELEASETAGVAR -match '-') {
|
|
|
|
|
throw "Don't release a preview build without coordinating with Windows Engineering Build Tools Team"
|
|
|
|
|
}
|
|
|
|
|
displayName: Stop any preview release
|
|
|
|
|
|
|
|
|
|
- task: UseDotNet@2
|
|
|
|
|
displayName: 'Use .NET Core sdk'
|
|
|
|
|
inputs:
|
|
|
|
|
packageType: sdk
|
|
|
|
|
version: 3.1.x
|
|
|
|
|
installationPath: $(Agent.ToolsDirectory)/dotnet
|
|
|
|
|
|
|
|
|
|
- pwsh: |
|
|
|
|
|
Import-module '$(BUILD.SOURCESDIRECTORY)/build.psm1'
|
|
|
|
|
Install-AzCopy
|
|
|
|
|
displayName: Install AzCopy
|
|
|
|
|
retryCountOnTaskFailure: 2
|
|
|
|
|
|
|
|
|
|
- pwsh: |
|
|
|
|
|
Import-module '$(BUILD.SOURCESDIRECTORY)/build.psm1'
|
|
|
|
|
$azcopy = Find-AzCopy
|
|
|
|
|
Write-Verbose -Verbose "Found AzCopy: $azcopy"
|
|
|
|
|
Write-Host "running: $azcopy cp https://$(StorageAccount).blob.core.windows.net/$(AzureVersion)/PowerShell-$(Version)-win-${{ parameters.architecture }}.zip $(System.ArtifactsDirectory)"
|
|
|
|
|
& $azcopy cp https://$(StorageAccount).blob.core.windows.net/$(AzureVersion)/PowerShell-$(Version)-win-${{ parameters.architecture }}.zip $(System.ArtifactsDirectory)
|
|
|
|
|
displayName: 'Download Azure Artifacts'
|
|
|
|
|
retryCountOnTaskFailure: 2
|
|
|
|
|
env:
|
|
|
|
|
AZCOPY_AUTO_LOGIN_TYPE: MSI
|
|
|
|
|
|
|
|
|
|
- pwsh: 'Get-ChildItem $(System.ArtifactsDirectory)\* -recurse | Select-Object -ExpandProperty Name'
|
|
|
|
|
displayName: 'Capture Artifact Listing'
|
|
|
|
|
|
|
|
|
|
- pwsh: |
|
|
|
|
|
$message = @()
|
|
|
|
|
Get-ChildItem $(System.ArtifactsDirectory)\* -recurse -include *.zip, *.msi | ForEach-Object {
|
|
|
|
|
if($_.Name -notmatch 'PowerShell-\d+\.\d+\.\d+\-([a-z]*.\d+\-)?win\-(fxdependent|x64|arm64|x86|fxdependentWinDesktop)\.(msi|zip){1}')
|
|
|
|
|
{
|
|
|
|
|
$messageInstance = "$($_.Name) is not a valid package name"
|
|
|
|
|
$message += $messageInstance
|
|
|
|
|
Write-Warning $messageInstance
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if($message.count -gt 0){throw ($message | out-string)}
|
|
|
|
|
displayName: 'Validate Zip and MSI Package Names'
|
|
|
|
|
|
|
|
|
|
- pwsh: |
|
|
|
|
|
Get-ChildItem $(System.ArtifactsDirectory)\* -recurse -include *.zip, *.msi | ForEach-Object {
|
|
|
|
|
if($_.Name -match 'PowerShell-\d+\.\d+\.\d+\-([a-z]*.\d+\-)?win\-(${{ parameters.architecture }})\.(zip){1}')
|
|
|
|
|
{
|
|
|
|
|
Expand-Archive -Path $_.FullName -DestinationPath $(ob_outputDirectory)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
displayName: 'Extract Zip to ob_outputDirectory'
|
|
|
|
|
|
|
|
|
|
- pwsh: |
|
|
|
|
|
Write-Verbose "VPack Version: $(ob_createvpack_version)" -Verbose
|
|
|
|
|
Get-ChildItem -Path $(ob_outputDirectory)\* -Recurse
|
2024-06-11 05:22:55 +08:00
|
|
|
Get-Content $(ob_outputdirectory)\preview.json -ErrorAction SilentlyContinue | Write-Host
|
2024-06-07 01:02:35 +08:00
|
|
|
displayName: Debug Output Directory and Version
|
|
|
|
|
condition: succeededOrFailed()
|
|
|
|
|
|
|
|
|
|
- pwsh: |
|
|
|
|
|
Write-Host "Using VPackPublishOverride variable"
|
2024-06-11 05:22:55 +08:00
|
|
|
$vpackVersion = '${{ parameters.VPackPublishOverride }}'
|
2024-06-07 01:02:35 +08:00
|
|
|
$vstsCommandString = "vso[task.setvariable variable=ob_createvpack_version]$vpackVersion"
|
|
|
|
|
Write-Host "sending " + $vstsCommandString
|
|
|
|
|
Write-Host "##$vstsCommandString"
|
2024-06-11 05:22:55 +08:00
|
|
|
condition: ne('${{ parameters.VPackPublishOverride }}', ' ')
|
2024-06-07 01:02:35 +08:00
|
|
|
displayName: 'Set ob_createvpack_version with VPackPublishOverride'
|
|
|
|
|
|
|
|
|
|
- pwsh: |
|
2024-09-06 05:49:23 +08:00
|
|
|
Get-ChildItem -Path env: | Out-String -width 9999 -Stream | write-Verbose -Verbose
|
2024-06-07 01:02:35 +08:00
|
|
|
displayName: Capture Environment
|
|
|
|
|
condition: succeededOrFailed()
|
|
|
|
|
|
|
|
|
|
- pwsh: |
|
|
|
|
|
Write-Verbose "VPack Version: $(ob_createvpack_version)" -Verbose
|
|
|
|
|
Get-ChildItem -Path $(ob_outputDirectory)\* -Recurse
|
|
|
|
|
displayName: Debug Output Directory and Version
|
|
|
|
|
condition: succeededOrFailed()
|
|
|
|
|
|
|
|
|
|
- task: onebranch.pipeline.signing@1
|
|
|
|
|
displayName: 'Onebranch Signing'
|
|
|
|
|
inputs:
|
|
|
|
|
command: 'sign'
|
|
|
|
|
signing_environment: 'azure-ado'
|
|
|
|
|
cp_code: $(windows_build_tools_cert_id)
|
|
|
|
|
files_to_sign: '**/*.exe;**/*.dll;**/*.ps1;**/*.psm1'
|
|
|
|
|
search_root: $(ob_outputDirectory)
|
