From 704ee90d5cd2909ebc98a8d624359eed5d1b1cbc Mon Sep 17 00:00:00 2001 From: Travis Plunk Date: Wed, 28 Aug 2019 09:44:02 -0700 Subject: [PATCH] Update the combined package build to release the daily builds (#10449) --- .vsts-ci/install-ps.yml | 56 ++++++++++++-- .vsts-ci/templates/install-ps-phase.yml | 8 +- tools/install-powershell.ps1 | 71 ++++++++++++----- tools/packaging/packaging.psm1 | 6 ++ .../releaseBuild/azureDevOps/releaseBuild.yml | 9 +++ .../templates/SetVersionVariables.yml | 8 +- .../azureDevOps/templates/json.yml | 45 +++++++++++ .../azureDevOps/templates/linux.yml | 16 ++-- .../templates/mac-package-signing.yml | 28 +++++-- .../azureDevOps/templates/nuget.yml | 6 +- .../azureDevOps/templates/shouldSign.yml | 17 +++++ .../azureDevOps/templates/upload.yml | 6 +- .../azureDevOps/templates/windows-build.yml | 15 ++-- .../templates/windows-package-signing.yml | 9 ++- tools/releaseBuild/setReleaseTag.ps1 | 76 ++++++++++++++++++- 15 files changed, 314 insertions(+), 62 deletions(-) create mode 100644 tools/releaseBuild/azureDevOps/templates/json.yml create mode 100644 tools/releaseBuild/azureDevOps/templates/shouldSign.yml diff --git a/.vsts-ci/install-ps.yml b/.vsts-ci/install-ps.yml index 9b8a1e2307..72f4255116 100644 --- a/.vsts-ci/install-ps.yml +++ b/.vsts-ci/install-ps.yml @@ -46,7 +46,7 @@ phases: parameters: scriptName: sudo ./tools/install-powershell.sh jobName: InstallPowerShellUbuntu - pool: Hosted Ubuntu 1604 + pool: ubuntu-latest verification: | if ([Version]"$($PSVersionTable.PSVersion.Major).$($PSVersionTable.PSVersion.Minor).$($PSVersionTable.PSVersion.Patch)" -lt [version]"6.2.0") { @@ -57,7 +57,7 @@ phases: parameters: scriptName: sudo ./tools/install-powershell.sh jobName: InstallPowerShellAmazonLinux - pool: Hosted Ubuntu 1604 + pool: ubuntu-latest container: pshorg/powershellcommunity-test-deps:amazonlinux-2.0 verification: | if ([Version]"$($PSVersionTable.PSVersion.Major).$($PSVersionTable.PSVersion.Minor).$($PSVersionTable.PSVersion.Patch)" -lt [version]"6.2.0") @@ -69,7 +69,7 @@ phases: parameters: scriptName: sudo ./tools/installpsh-amazonlinux.sh jobName: InstallPSHAmazonLinux - pool: Hosted Ubuntu 1604 + pool: ubuntu-latest container: pshorg/powershellcommunity-test-deps:amazonlinux-2.0 verification: | if ([Version]"$($PSVersionTable.PSVersion.Major).$($PSVersionTable.PSVersion.Minor).$($PSVersionTable.PSVersion.Patch)" -lt [version]"6.2.0") @@ -83,14 +83,14 @@ phases: parameters: scriptName: ./tools/install-powershell.sh jobName: InstallPowerShellCentOS - pool: Hosted Ubuntu 1604 + pool: ubuntu-latest container: mcr.microsoft.com/powershell/test-deps:centos-7 - + - template: templates/install-ps-phase.yml parameters: scriptName: ./tools/install-powershell.sh jobName: InstallPowerShellDebian9 - pool: Hosted Ubuntu 1604 + pool: ubuntu-latest container: mcr.microsoft.com/powershell/test-deps:debian-9 @@ -103,7 +103,7 @@ phases: parameters: scriptName: ./tools/install-powershell.sh jobName: InstallPowerShellMacOS - pool: Hosted macOS + pool: macOS-latest verification: | if ([Version]"$($PSVersionTable.PSVersion.Major).$($PSVersionTable.PSVersion.Minor).$($PSVersionTable.PSVersion.Patch)" -lt [version]"6.2.0") { @@ -115,4 +115,44 @@ phases: parameters: scriptName: pwsh -c ./tools/install-powershell.ps1 -AddToPath jobName: InstallPowerShellPS1Ubuntu - pool: Hosted Ubuntu 1604 + pool: ubuntu-latest + +- template: templates/install-ps-phase.yml + parameters: + scriptName: pwsh -c ./tools/install-powershell.ps1 -AddToPath -Daily + jobName: InstallPowerShellPS1UbuntuDaily + pool: ubuntu-latest + verification: | + Write-Verbose $PSVersionTable.PSVersion -verbose + if ([Version]"$($PSVersionTable.PSVersion.Major).$($PSVersionTable.PSVersion.Minor).$($PSVersionTable.PSVersion.Patch)" -lt [version]"7.0.0") + { + throw "powershell was not upgraded: $($PSVersionTable.PSVersion)" + } + +- template: templates/install-ps-phase.yml + parameters: + scriptName: pwsh -c ./tools/install-powershell.ps1 -AddToPath -Daily + jobName: InstallPowerShellMacOSDaily + pool: macOS-latest + verification: | + Write-Verbose $PSVersionTable.PSVersion -verbose + if ([Version]"$($PSVersionTable.PSVersion.Major).$($PSVersionTable.PSVersion.Minor).$($PSVersionTable.PSVersion.Patch)" -lt [version]"7.0.0") + { + throw "powershell was not upgraded: $($PSVersionTable.PSVersion)" + } + +- template: templates/install-ps-phase.yml + parameters: + scriptName: | + pwsh -c ./tools/install-powershell.ps1 -AddToPath -Daily + jobName: InstallPowerShellWindowsDaily + pool: windows-latest + verification: | + $newVersion = &$env:LOCALAPPDATA\Microsoft\powershell-daily\pwsh -v + $newVersion -match '^PowerShell ((\d*\.\d*\.\d*)(-\w*(\.\d*)?)?){1}' + $versionOnly = $Matches[2] + Write-verbose "$newVersion; versionOnly: $versionOnly" -verbose + if ([Version]$versionOnly -lt [version]"7.0.0") + { + throw "powershell was not upgraded: $newVersion" + } diff --git a/.vsts-ci/templates/install-ps-phase.yml b/.vsts-ci/templates/install-ps-phase.yml index f864be7a49..62b7553f83 100644 --- a/.vsts-ci/templates/install-ps-phase.yml +++ b/.vsts-ci/templates/install-ps-phase.yml @@ -1,5 +1,5 @@ parameters: - pool: 'Hosted Ubuntu 1604' + pool: 'ubuntu-latest' jobName: 'none' scriptName: '' container: '' @@ -16,12 +16,12 @@ jobs: container: ${{ parameters.container }} pool: - name: ${{ parameters.pool }} + vmImage: ${{ parameters.pool }} displayName: ${{ parameters.jobName }} steps: - - powershell: | + - pwsh: | Get-ChildItem -Path env: displayName: Capture environment condition: succeededOrFailed() @@ -37,6 +37,6 @@ jobs: continueOnError: ${{ parameters.continueOnError }} - ${{ if ne(parameters.verification, '') }}: - - powershell: ${{ parameters.verification }} + - pwsh: ${{ parameters.verification }} displayName: Verification continueOnError: ${{ parameters.continueOnError }} diff --git a/tools/install-powershell.ps1 b/tools/install-powershell.ps1 index bc833815e8..a09fffd67c 100644 --- a/tools/install-powershell.ps1 +++ b/tools/install-powershell.ps1 @@ -236,7 +236,7 @@ if (-not $IsWinEnv) { } } $tempDir = Join-Path ([System.IO.Path]::GetTempPath()) ([System.IO.Path]::GetRandomFileName()) -New-Item -ItemType Directory -Path $tempDir -Force -ErrorAction SilentlyContinue +$null = New-Item -ItemType Directory -Path $tempDir -Force -ErrorAction SilentlyContinue try { # Setting Tls to 12 to prevent the Invoke-WebRequest : The request was # aborted: Could not create SSL/TLS secure channel. error. @@ -244,34 +244,63 @@ try { [Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12 if ($Daily) { - if (-not (Get-Module -Name PackageManagement -ListAvailable)) { - throw "PackageManagement module is required to install daily PowerShell." + $metadata = Invoke-RestMethod https://pscoretestdata.blob.core.windows.net/buildinfo/daily.json + $release = $metadata.ReleaseTag -replace '^v' + $blobName = $metadata.BlobName + + if ($IsWinEnv) { + if ($UseMSI) { + $packageName = "PowerShell-${release}-win-${architecture}.msi" + } else { + $packageName = "PowerShell-${release}-win-${architecture}.zip" + } + } elseif ($IsLinuxEnv) { + $packageName = "powershell-${release}-linux-${architecture}.tar.gz" + } elseif ($IsMacOSEnv) { + $packageName = "powershell-${release}-osx-${architecture}.tar.gz" } if ($architecture -ne "x64") { throw "The OS architecture is '$architecture'. However, we currently only support daily package for x64." } - ## Register source if not yet - if (-not (Get-PackageSource -Name powershell-core-daily -ErrorAction SilentlyContinue)) { - $packageSource = "https://powershell.myget.org/F/powershell-core-daily" - Write-Verbose "Register powershell-core-daily package source '$packageSource' with PackageManagement" -Verbose - Register-PackageSource -Name powershell-core-daily -Location $packageSource -ProviderName nuget -Trusted -ErrorAction SilentlyContinue + + $downloadURL = "https://pscoretestdata.blob.core.windows.net/${blobName}/${packageName}" + Write-Verbose "About to download package from '$downloadURL'" -Verbose + + $packagePath = Join-Path -Path $tempDir -ChildPath $packageName + if (!$PSVersionTable.ContainsKey('PSEdition') -or $PSVersionTable.PSEdition -eq "Desktop") { + # On Windows PowerShell, progress can make the download significantly slower + $oldProgressPreference = $ProgressPreference + $ProgressPreference = "SilentlyContinue" } + try { + Invoke-WebRequest -Uri $downloadURL -OutFile $packagePath + } finally { + if (!$PSVersionTable.ContainsKey('PSEdition') -or $PSVersionTable.PSEdition -eq "Desktop") { + $ProgressPreference = $oldProgressPreference + } + } + + $contentPath = Join-Path -Path $tempDir -ChildPath "new" + + $null = New-Item -ItemType Directory -Path $contentPath -ErrorAction SilentlyContinue if ($IsWinEnv) { - $packageName = "powershell-win-x64-win7-x64" - } elseif ($IsLinuxEnv) { - $packageName = "powershell-linux-x64" - } elseif ($IsMacOSEnv) { - $packageName = "powershell-osx-x64" + if ($UseMSI -and $Quiet) { + Write-Verbose "Performing quiet install" + $process = Start-Process msiexec -ArgumentList "/i", $packagePath, "/quiet" -Wait -PassThru + if ($process.exitcode -ne 0) { + throw "Quiet install failed, please rerun install without -Quiet switch or ensure you have administrator rights" + } + } elseif ($UseMSI) { + Start-Process $packagePath -Wait + } else { + Expand-ArchiveInternal -Path $packagePath -DestinationPath $contentPath + } + } else { + tar zxf $packagePath -C $contentPath } - - $package = Find-Package -Source powershell-core-daily -AllowPrereleaseVersions -Name $packageName - Write-Verbose "Daily package found. Name: $packageName; Version: $($package.Version)" -Verbose - - Install-Package -InputObject $package -Destination $tempDir -ExcludeVersion -ErrorAction SilentlyContinue - $contentPath = [System.IO.Path]::Combine($tempDir, $packageName, "content") } else { $metadata = Invoke-RestMethod https://raw.githubusercontent.com/PowerShell/PowerShell/master/tools/metadata.json if ($Preview) { @@ -312,7 +341,7 @@ try { $contentPath = Join-Path -Path $tempDir -ChildPath "new" - New-Item -ItemType Directory -Path $contentPath -ErrorAction SilentlyContinue + $null = New-Item -ItemType Directory -Path $contentPath -ErrorAction SilentlyContinue if ($IsWinEnv) { if ($UseMSI -and $Quiet) { Write-Verbose "Performing quiet install" @@ -350,7 +379,7 @@ try { if (-not (Test-Path "~/.rcedit/rcedit-x64.exe")) { Write-Verbose "Install RCEdit for modifying exe resources" -Verbose $rceditUrl = "https://github.com/electron/rcedit/releases/download/v1.0.0/rcedit-x64.exe" - New-Item -Path "~/.rcedit" -Type Directory -Force -ErrorAction SilentlyContinue + $null = New-Item -Path "~/.rcedit" -Type Directory -Force -ErrorAction SilentlyContinue Invoke-WebRequest -OutFile "~/.rcedit/rcedit-x64.exe" -Uri $rceditUrl } diff --git a/tools/packaging/packaging.psm1 b/tools/packaging/packaging.psm1 index 0376e4f210..f574fa2ce9 100644 --- a/tools/packaging/packaging.psm1 +++ b/tools/packaging/packaging.psm1 @@ -3129,6 +3129,12 @@ function Get-PackageVersionAsMajorMinorBuildRevision if ($packageBuildTokens) { + if($packageBuildTokens.length -gt 4) + { + # MSIX will fail if it is more characters + $packageBuildTokens = $packageBuildTokens.Substring(0,4) + } + $packageVersion = $packageVersion + '.' + $packageBuildTokens } else diff --git a/tools/releaseBuild/azureDevOps/releaseBuild.yml b/tools/releaseBuild/azureDevOps/releaseBuild.yml index 9ea0a6894b..c18b19bd10 100644 --- a/tools/releaseBuild/azureDevOps/releaseBuild.yml +++ b/tools/releaseBuild/azureDevOps/releaseBuild.yml @@ -95,6 +95,15 @@ jobs: - upload_alpine - build_macOS +- template: templates/json.yml + parameters: + parentJobs: + - WinPackageSigningJob + - upload_deb + - upload_rpm + - upload_alpine + - MacPackageSigningJob + - template: templates/testartifacts.yml - job: release_json diff --git a/tools/releaseBuild/azureDevOps/templates/SetVersionVariables.yml b/tools/releaseBuild/azureDevOps/templates/SetVersionVariables.yml index 32b7c9ea9c..ec688f8a91 100644 --- a/tools/releaseBuild/azureDevOps/templates/SetVersionVariables.yml +++ b/tools/releaseBuild/azureDevOps/templates/SetVersionVariables.yml @@ -1,18 +1,20 @@ parameters: ReleaseTagVar: v6.2.0 ReleaseTagVarName: ReleaseTagVar + CreateJson: 'no' steps: - powershell: | - $releaseTag = tools/releaseBuild/setReleaseTag.ps1 -ReleaseTag ${{ parameters.ReleaseTagVar }} -Variable "${{ parameters.ReleaseTagVarName }}" + $createJson = ("${{ parameters.ReleaseTagVarName }}" -ne "no") + $releaseTag = tools/releaseBuild/setReleaseTag.ps1 -ReleaseTag ${{ parameters.ReleaseTagVar }} -Variable "${{ parameters.ReleaseTagVarName }}" -CreateJson:$createJson $version = $releaseTag.Substring(1) $vstsCommandString = "vso[task.setvariable variable=Version]$version" - Write-Host "sending " + $vstsCommandString + Write-Host ("sending " + $vstsCommandString) Write-Host "##$vstsCommandString" $azureVersion = $releaseTag.ToLowerInvariant() -replace '\.', '-' $vstsCommandString = "vso[task.setvariable variable=AzureVersion]$azureVersion" - Write-Host "sending " + $vstsCommandString + Write-Host ("sending " + $vstsCommandString) Write-Host "##$vstsCommandString" displayName: 'Set ${{ parameters.ReleaseTagVarName }} and other version Variables' diff --git a/tools/releaseBuild/azureDevOps/templates/json.yml b/tools/releaseBuild/azureDevOps/templates/json.yml new file mode 100644 index 0000000000..ac0853ddb0 --- /dev/null +++ b/tools/releaseBuild/azureDevOps/templates/json.yml @@ -0,0 +1,45 @@ +parameters: + parentJobs: [] + +jobs: +- job: json + displayName: Create Json for Blob + dependsOn: + ${{ parameters.parentJobs }} + condition: succeeded() + pool: + vmImage: windows-latest + + steps: + #- task: @ + # inputs: + # + # displayName: '' + - template: SetVersionVariables.yml + parameters: + ReleaseTagVar: $(ReleaseTagVar) + CreateJson: yes + + - task: AzureFileCopy@1 + displayName: 'upload signed msi to Azure - ${{ parameters.architecture }}' + inputs: + SourcePath: '$(BuildInfoPath)' + azureSubscription: '$(AzureFileCopySubscription)' + Destination: AzureBlob + storage: '$(StorageAccount)' + ContainerName: 'BuildInfo' + condition: and(succeeded(), eq(variables['IS_DAILY'], 'true')) + + - task: AzureCLI@1 + displayName: 'Make blob public' + inputs: + azureSubscription: '$(AzureFileCopySubscription)' + scriptLocation: inlineScript + inlineScript: 'az storage container set-permission --account-name $(StorageAccount) --name $(azureVersion) --public-access blob' + condition: and(succeeded(), eq(variables['IS_DAILY'], 'true')) + + - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0 + displayName: 'Component Detection' + inputs: + sourceScanPath: '$(Build.SourcesDirectory)' + snapshotForceEnabled: true diff --git a/tools/releaseBuild/azureDevOps/templates/linux.yml b/tools/releaseBuild/azureDevOps/templates/linux.yml index 0bb2c3a8e5..f46a1f3037 100644 --- a/tools/releaseBuild/azureDevOps/templates/linux.yml +++ b/tools/releaseBuild/azureDevOps/templates/linux.yml @@ -51,6 +51,8 @@ jobs: buildName: ${{ parameters.buildName }} steps: + - template: shouldSign.yml + - template: SetVersionVariables.yml parameters: ReleaseTagVar: $(ReleaseTagVar) @@ -86,12 +88,12 @@ jobs: Get-ChildItem -Path '$(System.ArtifactsDirectory)\rpm\*.rpm' -recurse | ForEach-Object { $authenticodefiles += $_.FullName} tools/releaseBuild/generatePackgeSigning.ps1 -LinuxFiles $authenticodeFiles -path "$(System.ArtifactsDirectory)\package.xml" displayName: 'Generate RPM Signing Xml' - condition: and(and(succeeded(), eq(variables['Build.Reason'], 'Manual')),eq(variables['buildName'], 'RPM')) + condition: and(and(succeeded(), eq(variables['SHOULD_SIGN'], 'true')),eq(variables['buildName'], 'RPM')) - powershell: | Get-Content "$(System.ArtifactsDirectory)\package.xml" displayName: 'Capture RPM signing xml' - condition: and(and(succeeded(), eq(variables['Build.Reason'], 'Manual')),eq(variables['buildName'], 'RPM')) + condition: and(and(succeeded(), eq(variables['SHOULD_SIGN'], 'true')),eq(variables['buildName'], 'RPM')) - task: PkgESCodeSign@10 displayName: 'CodeSign RPM $(System.ArtifactsDirectory)\package.xml' @@ -102,7 +104,7 @@ jobs: outPathRoot: '$(Build.StagingDirectory)\signedPackages' binVersion: $(SigingVersion) binVersionOverride: $(SigningVersionOverride) - condition: and(and(succeeded(), eq(variables['Build.Reason'], 'Manual')),eq(variables['buildName'], 'RPM')) + condition: and(and(succeeded(), eq(variables['SHOULD_SIGN'], 'true')),eq(variables['buildName'], 'RPM')) - task: AzureFileCopy@1 displayName: 'Upload to Azure - DEB and tar.gz' @@ -125,7 +127,7 @@ jobs: Destination: AzureBlob storage: '$(StorageAccount)' ContainerName: '$(AzureVersion)' - condition: and(and(succeeded(), ne(variables['Build.Reason'], 'Manual')),eq(variables['buildName'], 'RPM')) + condition: and(and(succeeded(), ne(variables['SHOULD_SIGN'], 'true')),eq(variables['buildName'], 'RPM')) - task: AzureFileCopy@1 displayName: 'Upload to Azure - RPM - Signed' @@ -135,17 +137,17 @@ jobs: Destination: AzureBlob storage: '$(StorageAccount)' ContainerName: '$(AzureVersion)' - condition: and(and(succeeded(), eq(variables['Build.Reason'], 'Manual')),eq(variables['buildName'], 'RPM')) + condition: and(and(succeeded(), eq(variables['SHOULD_SIGN'], 'true')),eq(variables['buildName'], 'RPM')) - template: upload-final-results.yml parameters: artifactPath: $(System.ArtifactsDirectory)\rpm\release - condition: and(and(succeeded(), ne(variables['Build.Reason'], 'Manual')),eq(variables['buildName'], 'RPM')) + condition: and(and(succeeded(), ne(variables['SHOULD_SIGN'], 'true')),eq(variables['buildName'], 'RPM')) - template: upload-final-results.yml parameters: artifactPath: '$(Build.StagingDirectory)\signedPackages' - condition: and(and(succeeded(), eq(variables['Build.Reason'], 'Manual')),eq(variables['buildName'], 'RPM')) + condition: and(and(succeeded(), eq(variables['SHOULD_SIGN'], 'true')),eq(variables['buildName'], 'RPM')) - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0 displayName: 'Component Detection' diff --git a/tools/releaseBuild/azureDevOps/templates/mac-package-signing.yml b/tools/releaseBuild/azureDevOps/templates/mac-package-signing.yml index c82dbd8d1e..79674ff94e 100644 --- a/tools/releaseBuild/azureDevOps/templates/mac-package-signing.yml +++ b/tools/releaseBuild/azureDevOps/templates/mac-package-signing.yml @@ -11,6 +11,8 @@ jobs: steps: + - template: shouldSign.yml + - template: SetVersionVariables.yml parameters: ReleaseTagVar: $(ReleaseTagVar) @@ -55,7 +57,7 @@ jobs: outPathRoot: '$(Build.StagingDirectory)\signedMacOSPackages' binVersion: $(SigingVersion) binVersionOverride: $(SigningVersionOverride) - condition: and(succeeded(), eq(variables['Build.Reason'], 'Manual')) + condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true')) - template: upload-final-results.yml parameters: @@ -70,24 +72,40 @@ jobs: $targzPath = dir "$(System.ArtifactsDirectory)\*.tar.gz" -Recurse | select-object -expandproperty fullname Copy-Item -Path $targzPath -Destination $destination displayName: 'Extract and copy macOS artifacts for upload' - condition: and(succeeded(), eq(variables['Build.Reason'], 'Manual')) + condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true')) - template: upload-final-results.yml parameters: artifactPath: $(System.ArtifactsDirectory)\azureMacOs artifactFilter: "*.pkg" - condition: and(succeeded(), eq(variables['Build.Reason'], 'Manual')) + condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true')) + - powershell: | + $null = new-item -type directory -path "$(Build.StagingDirectory)\macos-unsigned" + Copy-Item -Path "$(System.ArtifactsDirectory)\results\powershell-$(Version)-osx-x64.pkg" -Destination "$(Build.StagingDirectory)\macos-unsigned" + Copy-Item -Path "$(System.ArtifactsDirectory)\results\powershell-$(Version)-osx-x64.tar.gz" -Destination "$(Build.StagingDirectory)\macos-unsigned" + displayName: 'Create unsigned folder to upload' + condition: and(succeeded(), ne(variables['SHOULD_SIGN'], 'true')) - task: AzureFileCopy@1 - displayName: 'AzureBlob File Copy' + displayName: 'AzureBlob File Copy - unsigned' + inputs: + SourcePath: '$(Build.StagingDirectory)\macos-unsigned' + azureSubscription: '$(AzureFileCopySubscription)' + Destination: AzureBlob + storage: '$(StorageAccount)' + ContainerName: '$(AzureVersion)' + condition: and(succeeded(), ne(variables['SHOULD_SIGN'], 'true')) + + - task: AzureFileCopy@1 + displayName: 'AzureBlob File Copy - signed' inputs: SourcePath: '$(System.ArtifactsDirectory)\azureMacOs' azureSubscription: '$(AzureFileCopySubscription)' Destination: AzureBlob storage: '$(StorageAccount)' ContainerName: '$(AzureVersion)' - condition: and(succeeded(), eq(variables['Build.Reason'], 'Manual')) + condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true')) - task: securedevelopmentteam.vss-secure-development-tools.build-task-antimalware.AntiMalware@3 displayName: 'Run Defender Scan' diff --git a/tools/releaseBuild/azureDevOps/templates/nuget.yml b/tools/releaseBuild/azureDevOps/templates/nuget.yml index 2f253b51f0..397d29e61c 100644 --- a/tools/releaseBuild/azureDevOps/templates/nuget.yml +++ b/tools/releaseBuild/azureDevOps/templates/nuget.yml @@ -77,6 +77,8 @@ jobs: packageSources: 'https://nuget.org/api/v2' installRoot: '$(GenAPIToolPath)' + - template: shouldSign.yml + - template: SetVersionVariables.yml parameters: ReleaseTagVar: $(ReleaseTagVar) @@ -167,7 +169,7 @@ jobs: Destination: AzureBlob storage: '$(StorageAccount)' ContainerName: '$(AzureVersion)-nuget' - condition: and(succeeded(), eq(variables['Build.Reason'], 'Manual')) + condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true')) - task: AzureFileCopy@1 displayName: 'Upload global tool packages to Azure' @@ -178,7 +180,7 @@ jobs: storage: '$(GlobalToolStorageAccount)' ContainerName: 'tool' blobPrefix: '$(Version)' - condition: and(succeeded(), eq(variables['Build.Reason'], 'Manual')) + condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true')) - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0 displayName: 'Component Detection' diff --git a/tools/releaseBuild/azureDevOps/templates/shouldSign.yml b/tools/releaseBuild/azureDevOps/templates/shouldSign.yml new file mode 100644 index 0000000000..affc523be6 --- /dev/null +++ b/tools/releaseBuild/azureDevOps/templates/shouldSign.yml @@ -0,0 +1,17 @@ +steps: +- powershell: | + $shouldSign = $true + if($env:BUILD_REASON -ne 'Manual') + { + $shouldSign = $false + } + + if($env:SKIP_SIGNING -eq 'Yes') + { + $shouldSign = $false + } + + $vstsCommandString = "vso[task.setvariable variable=SHOULD_SIGN]$($shouldSign.ToString().ToLowerInvariant())" + Write-Host "sending " + $vstsCommandString + Write-Host "##$vstsCommandString" + displayName: 'Set SHOULD_SIGN Variable' diff --git a/tools/releaseBuild/azureDevOps/templates/upload.yml b/tools/releaseBuild/azureDevOps/templates/upload.yml index 2d965c434a..1e4dc08633 100644 --- a/tools/releaseBuild/azureDevOps/templates/upload.yml +++ b/tools/releaseBuild/azureDevOps/templates/upload.yml @@ -19,7 +19,7 @@ steps: Destination: AzureBlob storage: '$(StorageAccount)' ContainerName: '$(AzureVersion)' - condition: and(succeeded(), eq('${{ parameters.msi }}', 'yes'), eq(variables['Build.Reason'], 'Manual')) + condition: and(succeeded(), eq('${{ parameters.msi }}', 'yes')) - template: upload-final-results.yml parameters: @@ -34,7 +34,7 @@ steps: Destination: AzureBlob storage: '$(StorageAccount)' ContainerName: '$(AzureVersion)' - condition: and(succeeded(), eq(variables['Build.Reason'], 'Manual')) + condition: succeeded() - template: upload-final-results.yml parameters: @@ -50,4 +50,4 @@ steps: Destination: AzureBlob storage: '$(StorageAccount)' ContainerName: '$(AzureVersion)' - condition: and(succeeded(), eq('${{ parameters.msix }}', 'yes'), eq(variables['Build.Reason'], 'Manual')) + condition: and(succeeded(), eq('${{ parameters.msix }}', 'yes')) diff --git a/tools/releaseBuild/azureDevOps/templates/windows-build.yml b/tools/releaseBuild/azureDevOps/templates/windows-build.yml index b38494a505..f0c77272c8 100644 --- a/tools/releaseBuild/azureDevOps/templates/windows-build.yml +++ b/tools/releaseBuild/azureDevOps/templates/windows-build.yml @@ -20,6 +20,11 @@ jobs: clean: true persistCredentials: true + - template: shouldSign.yml + - template: SetVersionVariables.yml + parameters: + ReleaseTagVar: $(ReleaseTagVar) + - task: PkgESSetupBuild@10 displayName: 'Initialize build' env: @@ -31,11 +36,7 @@ jobs: disableWorkspace: true disableBuildTools: true disableNugetPack: true - condition: and(succeeded(), eq(variables['Build.Reason'], 'Manual')) - - - template: SetVersionVariables.yml - parameters: - ReleaseTagVar: $(ReleaseTagVar) + condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true')) - template: insert-nuget-config-azfeed.yml @@ -107,12 +108,12 @@ jobs: outPathRoot: '$(Symbols)\signed' binVersion: $(SigingVersion) binVersionOverride: $(SigningVersionOverride) - condition: and(succeeded(), eq(variables['Build.Reason'], 'Manual')) + condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true')) - powershell: | New-Item -ItemType Directory -Path $(Symbols)\signed -Force displayName: 'Create empty signed folder' - condition: and(succeeded(), ne(variables['Build.Reason'], 'Manual')) + condition: and(succeeded(), ne(variables['SHOULD_SIGN'], 'true')) - powershell: | tools/releaseBuild/vstsbuild.ps1 -ReleaseTag $(ReleaseTagVar) -Name win-$(Architecture)-package -BuildPath $(Symbols) -SignedFilesPath $(Symbols)\signed diff --git a/tools/releaseBuild/azureDevOps/templates/windows-package-signing.yml b/tools/releaseBuild/azureDevOps/templates/windows-package-signing.yml index 349a29e378..c7492bc300 100644 --- a/tools/releaseBuild/azureDevOps/templates/windows-package-signing.yml +++ b/tools/releaseBuild/azureDevOps/templates/windows-package-signing.yml @@ -15,6 +15,7 @@ jobs: steps: + - template: shouldSign.yml - template: SetVersionVariables.yml parameters: ReleaseTagVar: $(ReleaseTagVar) @@ -57,7 +58,13 @@ jobs: outPathRoot: '$(Build.StagingDirectory)\signedPackages' binVersion: $(SigingVersion) binVersionOverride: $(SigningVersionOverride) - condition: and(succeeded(), eq(variables['Build.Reason'], 'Manual')) + condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true')) + + - powershell: | + new-item -itemtype Directory -path '$(Build.StagingDirectory)\signedPackages' + Get-ChildItem "$(System.ArtifactsDirectory)\signed\PowerShell-$(Version)-win-*.msi*" | copy-item -Destination '$(Build.StagingDirectory)\signedPackages' + displayName: 'Fake Signing' + condition: and(succeeded(), ne(variables['SHOULD_SIGN'], 'true')) - template: upload.yml parameters: diff --git a/tools/releaseBuild/setReleaseTag.ps1 b/tools/releaseBuild/setReleaseTag.ps1 index 64b6331bf6..c48c91f89a 100644 --- a/tools/releaseBuild/setReleaseTag.ps1 +++ b/tools/releaseBuild/setReleaseTag.ps1 @@ -6,9 +6,46 @@ param( [string]$Branch=$env:BUILD_SOURCEBRANCH, [Parameter(HelpMessage='The variable name to put the new release tagin.')] - [string]$Variable='ReleaseTag' + [string]$Variable='ReleaseTag', + + [switch]$CreateJson ) +function New-BuildInfoJson { + param( + [parameter(Mandatory = $true)] + [string] + $ReleaseTag, + [switch] $IsDaily + ) + + $blobName = $ReleaseTag -replace '\.', '-' + + $isPreview = $ReleaseTag -like '*-*' + + $filename = 'stable.json' + if($isPreview) + { + $filename = 'preview.json' + } + if($IsDaily.IsPresent) + { + $filename = 'daily.json' + } + + @{ + ReleaseTag = $ReleaseTag + BlobName = $blobName + } | ConvertTo-Json | Out-File -Encoding ascii -Force -FilePath $filename + + $resolvedPath = (Resolve-Path -Path $filename).ProviderPath + $vstsCommandString = "vso[task.setvariable variable=BuildInfoPath]$resolvedPath" + Write-Verbose -Message "$vstsCommandString" -Verbose + Write-Host -Object "##$vstsCommandString" + + Write-Host "##vso[artifact.upload containerfolder=BuildInfoJson;artifactname=BuildInfoJson]$resolvedPath" +} + # Script to set the release tag based on the branch name if it is not set or it is "fromBranch" # the branch name is expected to be release- or # VSTS passes it as 'refs/heads/release-v6.0.2' @@ -18,6 +55,7 @@ $branchOnly = $branchOnly -replace '[_\-]' if($ReleaseTag -eq 'fromBranch' -or !$ReleaseTag) { + $isDaily = $false # Branch is named release- if($Branch -match '^.*(release[-/])') { @@ -26,6 +64,33 @@ if($ReleaseTag -eq 'fromBranch' -or !$ReleaseTag) $vstsCommandString = "vso[task.setvariable variable=$Variable]$releaseTag" Write-Verbose -Message "setting $Variable to $releaseTag" -Verbose Write-Host -Object "##$vstsCommandString" + + if ($CreateJson.IsPresent) + { + New-BuildInfoJson -ReleaseTag $releaseTag + } + } + if($Branch -eq 'master' -or $Branch -like '*dailytest*') + { + $isDaily = $true + Write-verbose "daily build" -verbose + $metaDataJsonPath = Join-Path $PSScriptRoot -ChildPath '..\metadata.json' + $metadata = Get-content $metaDataJsonPath | ConvertFrom-Json + $versionPart = $metadata.PreviewReleaseTag + if($versionPart -match '-.*$') + { + $versionPart = $versionPart -replace '-.*$' + } + + $releaseTag = "$versionPart-daily.$((get-date).ToString('yyyyMMdd'))" + $vstsCommandString = "vso[task.setvariable variable=$Variable]$releaseTag" + Write-Verbose -Message "setting $Variable to $releaseTag" -Verbose + Write-Host -Object "##$vstsCommandString" + + if ($CreateJson.IsPresent) + { + New-BuildInfoJson -ReleaseTag $releaseTag -IsDaily + } } else { @@ -44,7 +109,16 @@ if($ReleaseTag -eq 'fromBranch' -or !$ReleaseTag) $vstsCommandString = "vso[task.setvariable variable=$Variable]$releaseTag" Write-Verbose -Message "setting $Variable to $releaseTag" -Verbose Write-Host -Object "##$vstsCommandString" + + if ($CreateJson.IsPresent) + { + New-BuildInfoJson -ReleaseTag $releaseTag + } } } +$vstsCommandString = "vso[task.setvariable variable=IS_DAILY]$($isDaily.ToString().ToLowerInvariant())" +Write-Verbose -Message "$vstsCommandString" -Verbose +Write-Host -Object "##$vstsCommandString" + Write-Output $releaseTag