Added Deploy Box Product Pathway to GitHub Release and NuGet Release Pipelines (#24583) (#24595)

Co-authored-by: Justin Chung <124807742+jshigetomi@users.noreply.github.com>
This commit is contained in:
Travis Plunk 2024-11-15 15:26:12 -08:00 committed by GitHub
parent 2800f895f5
commit 9aa6e06ce6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
8 changed files with 394 additions and 190 deletions

View File

@ -50,7 +50,7 @@ variables:
- name: ob_outputDirectory
value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT'
- name: WindowsContainerImage
value: 'onebranch.azurecr.io/windows/ltsc2019/vse2022:latest'
value: 'onebranch.azurecr.io/windows/ltsc2022/vse2022:latest'
- name: LinuxContainerImage
value: mcr.microsoft.com/onebranch/cbl-mariner/build:2.0
- name: ReleaseTagVar
@ -79,12 +79,12 @@ resources:
extends:
template: v2/OneBranch.Official.CrossPlat.yml@templates
parameters:
# using Monitor as copy blob is being blocked by the network
release:
category: NonAzure
featureFlags:
LinuxHostVersion:
Network: Monitor
WindowsHostVersion:
Network: Monitor
Version: 2022
Network: Netlock
cloudvault:
enabled: false
globalSdl:
@ -110,13 +110,23 @@ extends:
tsaOptionsFile: .config\tsaoptions.json
stages:
- stage: DownloadPackages
displayName: 'Download Packages'
dependsOn: []
jobs:
- template: /.pipelines/templates/release-download-packages.yml@self
- stage: msixbundle
displayName: 'Create MSIX Bundle'
dependsOn: []
variables:
ob_release_environment: Test
jobs:
- template: /.pipelines/templates/release-create-msix.yml@self
- stage: validateSdk
displayName: 'Validate SDK'
dependsOn: []
jobs:
- template: /.pipelines/templates/release-validate-sdk.yml@self
parameters:
@ -141,6 +151,7 @@ extends:
- stage: gbltool
displayName: 'Validate Global tools'
dependsOn: []
jobs:
- template: /.pipelines/templates/release-validate-globaltools.yml@self
parameters:
@ -158,6 +169,7 @@ extends:
- stage: fxdpackages
displayName: 'Validate FXD Packages'
dependsOn: []
jobs:
- template: /.pipelines/templates/release-validate-fxdpackages.yml@self
parameters:
@ -194,6 +206,7 @@ extends:
- stage: validatePackages
displayName: 'Validate Packages'
dependsOn: []
jobs:
- template: /.pipelines/templates/release-validate-packagenames.yml@self
@ -262,23 +275,50 @@ extends:
Update and merge the changelog for the release.
This step is required for creating GitHub draft release.
- stage: PublishGitHubRelease
displayName: Publish GitHub Release
dependsOn:
- DownloadPackages
- UpdateChangeLog
variables:
ob_release_environment: Production
jobs:
- template: /.pipelines/templates/release-githubtasks.yml@self
- stage: PushGitTagAndMakeDraftPublic
displayName: Push Git Tag and Make Draft Public
dependsOn: PublishGitHubRelease
jobs:
- template: /.pipelines/templates/approvalJob.yml@self
parameters:
displayName: Push Git Tag
jobName: PushGitTag
instructions: |
Push the git tag to upstream
- template: /.pipelines/templates/approvalJob.yml@self
parameters:
displayName: Make Draft Public
dependsOnJob: PushGitTag
jobName: DraftPublic
instructions: |
Make the GitHub Release Draft Public
- stage: BlobPublic
displayName: Make Blob Public
dependsOn: UpdateChangeLog
dependsOn:
- UpdateChangeLog
- PushGitTagAndMakeDraftPublic
jobs:
- template: /.pipelines/templates/release-MakeBlobPublic.yml@self
parameters:
SkipPSInfraInstallers: ${{ parameters.SkipPSInfraInstallers }}
- stage: PublishGitHubRelease
displayName: Publish GitHub Release
dependsOn: BlobPublic
jobs:
- template: /.pipelines/templates/release-githubtasks.yml@self
SkipPSInfraInstallers: ${{ parameters.SkipPSInfraInstallers }}
- stage: PublishNuGet
displayName: Publish NuGet
dependsOn: PublishGitHubRelease
dependsOn: PushGitTagAndMakeDraftPublic
variables:
ob_release_environment: Production
jobs:
- template: /.pipelines/templates/release-publish-nuget.yml@self
parameters:
@ -286,14 +326,14 @@ extends:
- stage: PublishPMC
displayName: Publish PMC
dependsOn: PublishGitHubRelease
dependsOn: PushGitTagAndMakeDraftPublic
jobs:
- template: /.pipelines/templates/release-publish-pmc.yml@self
parameters:
skipPublish: ${{ parameters.SkipPMCPublish }}
- stage: ReleaseDocker
dependsOn: PublishGitHubRelease
dependsOn: PushGitTagAndMakeDraftPublic
displayName: 'Docker Release'
jobs:
- template: /.pipelines/templates/approvalJob.yml@self
@ -312,7 +352,7 @@ extends:
Kickoff docker release
- stage: UpdateDotnetDocker
dependsOn: PublishGitHubRelease
dependsOn: PushGitTagAndMakeDraftPublic
displayName: Update DotNet SDK Docker images
jobs:
- template: /.pipelines/templates/approvalJob.yml@self
@ -327,7 +367,7 @@ extends:
4. create PR targeting nightly branch
- stage: UpdateWinGet
dependsOn: PublishGitHubRelease
dependsOn: PushGitTagAndMakeDraftPublic
displayName: Add manifest entry to winget
jobs:
- template: /.pipelines/templates/approvalJob.yml@self
@ -338,7 +378,7 @@ extends:
This is typically done by the community 1-2 days after the release.
- stage: PublishMsix
dependsOn: PublishGitHubRelease
dependsOn: PushGitTagAndMakeDraftPublic
displayName: Publish MSIX to store
jobs:
- template: /.pipelines/templates/approvalJob.yml@self
@ -349,7 +389,7 @@ extends:
Ask Steve to release MSIX bundle package to Store
- stage: PublishVPack
dependsOn: PublishGitHubRelease
dependsOn: PushGitTagAndMakeDraftPublic
displayName: Release vPack
jobs:
- template: /.pipelines/templates/approvalJob.yml@self
@ -367,20 +407,22 @@ extends:
# - template: templates/release-UpdateDepsJson.yml
- stage: UploadBuildInfoJson
dependsOn: PublishGitHubRelease
dependsOn: PushGitTagAndMakeDraftPublic
displayName: Upload BuildInfo.json
jobs:
- template: /.pipelines/templates/release-upload-buildinfo.yml@self
- stage: ReleaseSymbols
dependsOn: PublishGitHubRelease
dependsOn: PushGitTagAndMakeDraftPublic
displayName: Release Symbols
jobs:
- template: /.pipelines/templates/release-symbols.yml@self
- stage: ChangesToMaster
displayName: Ensure changes are in GH master
dependsOn: ['PublishNuGet', 'PublishPMC']
dependsOn:
- PublishNuGet
- PublishPMC
jobs:
- template: /.pipelines/templates/approvalJob.yml@self
parameters:
@ -391,7 +433,7 @@ extends:
- stage: ReleaseSnap
displayName: Release Snap
dependsOn: 'ChangesToMaster'
dependsOn: ChangesToMaster
jobs:
- template: /.pipelines/templates/approvalJob.yml@self
parameters:
@ -402,7 +444,7 @@ extends:
- stage: ReleaseToMU
displayName: Release to MU
dependsOn: ['PublishNuGet', 'PublishPMC', 'ChangesToMaster']
dependsOn: PushGitTagAndMakeDraftPublic # This only needs the blob to be available
jobs:
- template: /.pipelines/templates/approvalJob.yml@self
parameters:
@ -412,7 +454,10 @@ extends:
- stage: ReleaseClose
displayName: Finish Release
dependsOn: ['ReleaseToMU', 'ReleaseSymbols', 'ReleaseSnap']
dependsOn:
- ReleaseToMU
- ReleaseSymbols
- ReleaseSnap
jobs:
- template: /.pipelines/templates/approvalJob.yml@self
parameters:

View File

@ -0,0 +1,13 @@
steps:
- pwsh: |
Write-Verbose -Verbose "Deploy Box Product Pathway Does Not Support the `"checkout`" task"
if ($ENV:BUILD_REASON -eq 'PullRequest') {
throw 'We dont support PRs'
}
Write-Verbose -Verbose $ENV:BUILD_SOURCEBRANCH
$branchName = $ENV:BUILD_SOURCEBRANCH -replace '^refs/heads/'
Write-Verbose -Verbose "Branch Name: $branchName"
git clone --depth 1 --branch $branchName https://$(mscodehubCodeReadPat)@mscodehub.visualstudio.com/PowerShellCore/_git/PowerShell '$(Pipeline.Workspace)/PowerShell'
cd $(Pipeline.Workspace)/PowerShell
displayName: Checkout Powershell Repository

View File

@ -0,0 +1,122 @@
jobs:
- job: upload_packages
displayName: Upload packages
condition: succeeded()
pool:
type: windows
variables:
- template: ./variable/release-shared.yml@self
parameters:
REPOROOT: $(Build.SourcesDirectory)
SBOM: true
steps:
- pwsh: |
Get-ChildItem -Path env: | Out-String -width 9999 -Stream | write-Verbose -Verbose
displayName: Capture environment variables
- download: PSPackagesOfficial
artifact: drop_linux_package_deb
displayName: Download linux deb packages
- download: PSPackagesOfficial
artifact: drop_linux_package_fxdependent
displayName: Download linux fx packages
- download: PSPackagesOfficial
artifact: drop_linux_package_mariner_arm64
displayName: Download linux mariner packages
- download: PSPackagesOfficial
artifact: drop_linux_package_mariner_x64
displayName: Download linux mariner x64 packages
- download: PSPackagesOfficial
artifact: drop_linux_package_minSize
displayName: Download linux min packages
- download: PSPackagesOfficial
artifact: drop_linux_package_rpm
displayName: Download linux rpm packages
- download: PSPackagesOfficial
artifact: drop_linux_package_tar
displayName: Download linux tar packages
- download: PSPackagesOfficial
artifact: drop_linux_package_tar_alpine
displayName: Download linux tar alpine packages
- download: PSPackagesOfficial
artifact: drop_linux_package_tar_alpine_fxd
displayName: Download linux tar alpine fxd packages
- download: PSPackagesOfficial
artifact: drop_linux_package_tar_arm
displayName: Download linux tar arm packages
- download: PSPackagesOfficial
artifact: drop_linux_package_tar_arm64
displayName: Download linux tar arm 64 packages
- download: PSPackagesOfficial
artifact: drop_nupkg_build_nupkg
displayName: Download nupkg packages
- download: PSPackagesOfficial
artifact: drop_windows_package_package_win_arm64
displayName: Download windows arm64 packages
- download: PSPackagesOfficial
artifact: drop_windows_package_package_win_fxdependent
displayName: Download windows fxdependent packages
- download: PSPackagesOfficial
artifact: drop_windows_package_package_win_fxdependentWinDesktop
displayName: Download windows fxdependentWinDesktop packages
- download: PSPackagesOfficial
artifact: drop_windows_package_package_win_minsize
displayName: Download windows minsize packages
- download: PSPackagesOfficial
artifact: drop_windows_package_package_win_x64
displayName: Download windows x64 packages
- download: PSPackagesOfficial
artifact: drop_windows_package_package_win_x86
displayName: Download windows x86 packages
- download: PSPackagesOfficial
artifact: macos-pkgs
displayName: Download macos tar packages
- download: PSPackagesOfficial
artifact: drop_mac_package_sign_package_macos_arm64
displayName: Download macos arm packages
- download: PSPackagesOfficial
artifact: drop_mac_package_sign_package_macos_x64
displayName: Download macos x64 packages
- pwsh: |
Get-ChildItem '$(Pipeline.Workspace)/PSPackagesOfficial' -Recurse | Select-Object -ExpandProperty FullName
displayName: 'Capture downloads'
- pwsh: |
$PackagesPath = '$(Pipeline.Workspace)/PSPackagesOfficial'
Write-Verbose -Verbose "Copying Github Release files in $PackagesPath to use in Release Pipeline"
Write-Verbose -Verbose "Creating output directory for GitHub Release files: $(ob_outputDirectory)/GitHubPackages"
New-Item -Path $(ob_outputDirectory)/GitHubPackages -ItemType Directory -Force
Get-ChildItem -Path "$PackagesPath/*" -Recurse |
Where-Object { $_.Extension -notin '.msix', '.nupkg' } |
Where-Object { $_.Extension -in '.gz', '.pkg', '.msi', '.zip', '.deb', '.rpm', '.zip' } |
Copy-Item -Destination $(ob_outputDirectory)/GitHubPackages -Recurse -Verbose
Write-Verbose -Verbose "Creating output directory for NuGet packages: $(ob_outputDirectory)/NuGetPackages"
New-Item -Path $(ob_outputDirectory)/NuGetPackages -ItemType Directory -Force
Get-ChildItem -Path "$PackagesPath/*" -Recurse |
Where-Object { $_.Extension -eq '.nupkg' } |
Copy-Item -Destination $(ob_outputDirectory)/NuGetPackages -Recurse -Verbose
displayName: Copy downloads to Artifacts

View File

@ -3,162 +3,114 @@ jobs:
displayName: Create GitHub Release Draft
condition: succeeded()
pool:
type: windows
type: release
os: windows
templateContext:
inputs:
- input: pipelineArtifact
artifactName: drop_DownloadPackages_upload_packages
variables:
- name: runCodesignValidationInjection
value: false
- name: NugetSecurityAnalysisWarningLevel
value: none
- name: DOTNET_SKIP_FIRST_TIME_EXPERIENCE
value: 1
- group: 'mscodehub-code-read-akv'
- group: 'Azure Blob variable group'
- group: 'GitHubTokens'
- name: ob_outputDirectory
value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT'
- name: ob_sdl_codeSignValidation_enabled
value: false
- name: ob_sdl_binskim_enabled
value: false
- name: ob_sdl_tsa_configFile
value: $(Build.SourcesDirectory)\PowerShell\.config\tsaoptions.json
- name: ob_sdl_credscan_suppressionsFile
value: $(Build.SourcesDirectory)\PowerShell\.config\suppress.json
- template: ./variable/release-shared.yml@self
steps:
- checkout: self
clean: true
env:
ob_restore_phase: true # This ensures checkout is done at the beginning of the restore phase
- task: PowerShell@2
inputs:
targetType: inline
script: |
Get-ChildItem Env: | Out-String -Stream | write-Verbose -Verbose
displayName: 'Capture Environment Variables'
- template: release-install-pwsh.yml
- template: release-checkout-pwsh-repo.yml
- template: release-SetReleaseTagAndContainerName.yml
- pwsh: |
Get-ChildItem Env:
displayName: 'Capture Environment Variables'
- pwsh: |
# Uninstall Azure RM modules
$azRmModules = Get-Module -Name AzureRM* -ListAvailable
if ($azRmModules) {
$azRmModules | Remove-Module -Force
}
# Install Az.Storage module if not already installed
if (-not (Get-Module -Name Az.Storage -ListAvailable)) {
Install-Module -Name Az.Storage -Force -AllowClobber -Scope CurrentUser -Verbose
}
displayName: Install Az.Storage module
- task: AzurePowerShell@5
displayName: Download packages from Azure Storage
- task: PowerShell@2
inputs:
azureSubscription: az-blob-cicd-infra
scriptType: inlineScript
azurePowerShellVersion: LatestVersion
targetType: inline
pwsh: true
inline: |
$storageAccount = "$(StorageAccount)"
$containerName = "$(AzureVersion)"
$destinationPath = "$(System.ArtifactsDirectory)"
# Get storage account context
$storageContext = New-AzStorageContext -StorageAccountName $storageAccount
$blobList = Get-AzStorageBlob -Container $containerName -Context $storageContext
foreach ($blob in $blobList) {
$blobName = $blob.Name
$destinationFile = Join-Path -Path $destinationPath -ChildPath $blobName
Get-AzStorageBlobContent -Container $containerName -Blob $blobName -Destination $destinationFile -Context $storageContext -Force
Write-Output "Downloaded $blobName to $destinationFile"
}
$packagesPath = Get-ChildItem -Path $destinationPath\*.deb -Recurse -File | Select-Object -First 1 -ExpandProperty DirectoryName
Write-Host "sending -- vso[task.setvariable variable=PackagesRoot]$packagesPath"
Write-Host "##vso[task.setvariable variable=PackagesRoot]$packagesPath"
- pwsh: |
Get-ChildItem $(System.ArtifactsDirectory)\* -recurse | Select-Object -ExpandProperty FullName
displayName: Capture downloaded artifacts
- pwsh: |
git clone https://$(mscodehubCodeReadPat)@mscodehub.visualstudio.com/PowerShellCore/_git/Internal-PowerShellTeam-Tools '$(Pipeline.Workspace)/tools'
script: |
git clone --depth 1 https://$(mscodehubCodeReadPat)@mscodehub.visualstudio.com/PowerShellCore/_git/Internal-PowerShellTeam-Tools '$(Pipeline.Workspace)/tools'
displayName: Clone Internal-Tools repository
- pwsh: |
$Path = "$(System.ArtifactsDirectory)"
$OutputPath = Join-Path $Path 'hashes.sha256'
$srcPaths = @($Path)
$packages = Get-ChildItem -Path $srcPaths -Include * -Recurse -File
$checksums = $packages |
ForEach-Object {
Write-Verbose -Verbose "Generating checksum file for $($_.FullName)"
$packageName = $_.Name
$hash = (Get-FileHash -Path $_.FullName -Algorithm SHA256).Hash.ToLower()
# the '*' before the packagename signifies it is a binary
"$hash *$packageName"
}
$checksums | Out-File -FilePath $OutputPath -Force
$fileContent = Get-Content -Path $OutputPath -Raw | Out-String
Write-Verbose -Verbose -Message $fileContent
- task: PowerShell@2
inputs:
targetType: inline
pwsh: true
script: |
$Path = "$(Pipeline.Workspace)/GitHubPackages"
$OutputPath = Join-Path $Path 'hashes.sha256'
$packages = Get-ChildItem -Path $Path -Include * -Recurse -File
$checksums = $packages |
ForEach-Object {
Write-Verbose -Verbose "Generating checksum file for $($_.FullName)"
$packageName = $_.Name
$hash = (Get-FileHash -Path $_.FullName -Algorithm SHA256).Hash.ToLower()
# the '*' before the packagename signifies it is a binary
"$hash *$packageName"
}
$checksums | Out-File -FilePath $OutputPath -Force
$fileContent = Get-Content -Path $OutputPath -Raw | Out-String
Write-Verbose -Verbose -Message $fileContent
displayName: Add sha256 hashes
- pwsh: |
$releaseVersion = '$(ReleaseTag)' -replace '^v',''
$vstsCommandString = "vso[task.setvariable variable=ReleaseVersion]$releaseVersion"
Write-Host "sending " + $vstsCommandString
Write-Host "##$vstsCommandString"
- task: PowerShell@2
inputs:
targetType: inline
pwsh: true
script: |
$releaseVersion = '$(ReleaseTag)' -replace '^v',''
$vstsCommandString = "vso[task.setvariable variable=ReleaseVersion]$releaseVersion"
Write-Host "sending " + $vstsCommandString
Write-Host "##$vstsCommandString"
displayName: 'Set release version'
- pwsh: |
Import-module '$(Pipeline.Workspace)/tools/Scripts/GitHubRelease.psm1'
$releaseVersion = '$(ReleaseTag)' -replace '^v',''
$semanticVersion = [System.Management.Automation.SemanticVersion]$releaseVersion
- task: PowerShell@2
inputs:
targetType: inline
pwsh: true
script: |
Get-ChildItem $(Pipeline.Workspace) -recurse | Select-Object -ExpandProperty FullName
displayName: List all files in the workspace
$isPreview = $semanticVersion.PreReleaseLabel -ne $null
- task: PowerShell@2
inputs:
targetType: inline
pwsh: true
script: |
Import-module '$(Pipeline.Workspace)/tools/Scripts/GitHubRelease.psm1'
$releaseVersion = '$(ReleaseTag)' -replace '^v',''
$semanticVersion = [System.Management.Automation.SemanticVersion]$releaseVersion
$fileName = if ($isPreview) {
"preview.md"
}
else {
$semanticVersion.Major.ToString() + "." + $semanticVersion.Minor.ToString() + ".md"
}
$isPreview = $semanticVersion.PreReleaseLabel -ne $null
$filePath = "$env:BUILD_SOURCESDIRECTORY/PowerShell/CHANGELOG/$fileName"
Write-Verbose -Verbose "Selected Log file: $filePath"
$fileName = if ($isPreview) {
"preview.md"
}
else {
$semanticVersion.Major.ToString() + "." + $semanticVersion.Minor.ToString() + ".md"
}
if (-not (Test-Path $filePath)) {
throw "$filePath not found"
}
$filePath = "$(Pipeline.Workspace)/PowerShell/CHANGELOG/$fileName"
Write-Verbose -Verbose "Selected Log file: $filePath"
$changelog = Get-Content -Path $filePath
if (-not (Test-Path $filePath)) {
throw "$filePath not found"
}
$startPattern = "^## \[" + ([regex]::Escape($releaseVersion)) + "\]"
$endPattern = "^## \[{0}\.{1}\.{2}*" -f $semanticVersion.Major, $semanticVersion.Minor, $semanticVersion.Patch
$changelog = Get-Content -Path $filePath
$clContent = $changelog | ForEach-Object {
if ($_ -match $startPattern) { $outputLine = $true }
elseif ($_ -match $endPattern) { $outputLine = $false }
if ($outputLine) { $_}
} | Out-String
$startPattern = "^## \[" + ([regex]::Escape($releaseVersion)) + "\]"
$endPattern = "^## \[{0}\.{1}\.{2}*" -f $semanticVersion.Major, $semanticVersion.Minor, $semanticVersion.Patch
Write-Verbose -Verbose "Selected content: `n$clContent"
$clContent = $changelog | ForEach-Object {
if ($_ -match $startPattern) { $outputLine = $true }
elseif ($_ -match $endPattern) { $outputLine = $false }
if ($outputLine) { $_}
} | Out-String
Publish-ReleaseDraft -Tag '$(ReleaseTag)' -Name '$(ReleaseTag) Release of PowerShell' -Description $clContent -User PowerShell -Repository PowerShell -PackageFolder $(PackagesRoot) -Token $(GitHubReleasePat)
Write-Verbose -Verbose "Selected content: `n$clContent"
Publish-ReleaseDraft -Tag '$(ReleaseTag)' -Name '$(ReleaseTag) Release of PowerShell' -Description $clContent -User PowerShell -Repository PowerShell -PackageFolder "$(Pipeline.Workspace)/GitHubPackages" -Token $(GitHubReleasePat)
displayName: Publish Release Draft
- template: /.pipelines/templates/approvalJob.yml@self
parameters:
displayName: Push Git Tag
jobName: PushGitTag
dependsOnJob: GithubReleaseDraft
instructions: |
Push the git tag to upstream
- template: /.pipelines/templates/approvalJob.yml@self
parameters:
displayName: Make Draft Public
jobName: DraftPublic
dependsOnJob: PushGitTag
instructions: |
Make the GitHub Release Draft Public

View File

@ -0,0 +1,34 @@
steps:
- task: PowerShell@2
inputs:
targetType: inline
script: |
$localInstallerPath = Get-ChildItem -Path "$(Pipeline.Workspace)/GitHubPackages" -Filter '*win-x64.msi' | Select-Object -First 1 -ExpandProperty FullName
if (Test-Path -Path $localInstallerPath) {
Write-Verbose -Verbose "Installer found at $localInstallerPath"
} else {
throw "Installer not found"
}
Write-Verbose -Verbose "Installing PowerShell via msiexec"
Start-Process -FilePath msiexec -ArgumentList "/package $localInstallerPath /quiet REGISTER_MANIFEST=1" -Wait -NoNewWindow
$pwshPath = Get-ChildItem -Directory -Path 'C:\Program Files\PowerShell\7*' | Select-Object -First 1 -ExpandProperty FullName
if (Test-Path -Path $pwshPath) {
Write-Verbose -Verbose "PowerShell installed at $pwshPath"
Write-Verbose -Verbose "Adding pwsh to env:PATH"
Write-Host "##vso[task.prependpath]$pwshPath"
} else {
throw "PowerShell not installed"
}
displayName: Install pwsh 7
- task: PowerShell@2
inputs:
targetType: inline
pwsh: true
script: |
Write-Verbose -Verbose "Pwsh 7 Installed"
Write-Verbose -Verbose "env:Path: "
$env:PATH -split ';' | ForEach-Object {
Write-Verbose -Verbose $_
}
displayName: Check pwsh 7 installation

View File

@ -8,31 +8,20 @@ jobs:
displayName: Publish to NuGet
condition: succeeded()
pool:
type: windows
type: release
os: windows
templateContext:
inputs:
- input: pipelineArtifact
pipeline: PSPackagesOfficial
artifactName: drop_upload_upload_packages
variables:
- name: runCodesignValidationInjection
value: false
- name: NugetSecurityAnalysisWarningLevel
value: none
- name: DOTNET_SKIP_FIRST_TIME_EXPERIENCE
value: 1
- group: 'mscodehub-code-read-akv'
- name: ob_outputDirectory
value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT'
- name: ob_sdl_codeSignValidation_enabled
value: false
- name: ob_sdl_binskim_enabled
value: false
- name: ob_sdl_tsa_configFile
value: $(Build.SourcesDirectory)\PowerShell\.config\tsaoptions.json
- name: ob_sdl_credscan_suppressionsFile
value: $(Build.SourcesDirectory)\PowerShell\.config\suppress.json
- template: ./variable/release-shared.yml@self
steps:
- checkout: self
clean: true
env:
ob_restore_phase: true # This ensures checkout is done at the beginning of the restore phase
- template: release-install-pwsh.yml
- template: release-checkout-pwsh-repo.yml
- template: release-SetReleaseTagAndContainerName.yml
@ -40,23 +29,20 @@ jobs:
Get-ChildItem Env:
displayName: 'Capture Environment Variables'
- download: PSPackagesOfficial
artifact: drop_nupkg_build_nupkg
displayName: Download nuget packages
- pwsh: |
#Exclude all global tool packages. Their names start with 'PowerShell.'
$null = New-Item -ItemType Directory -Path "$(Pipeline.Workspace)/release"
Copy-Item "$ENV:PIPELINE_WORKSPACE/PSPackagesOfficial/drop_nupkg_build_nupkg/*.nupkg" -Destination "$(Pipeline.Workspace)/release" -Exclude "PowerShell.*.nupkg" -Force -Verbose
Copy-Item "$(Pipeline.Workspace)/NuGetPackages/*.nupkg" -Destination "$(Pipeline.Workspace)/release" -Exclude "PowerShell.*.nupkg" -Force -Verbose
$releaseVersion = '$(VERSION)'
$globalToolPath = "$ENV:PIPELINE_WORKSPACE/PSPackagesOfficial/drop_nupkg_build_nupkg/PowerShell.$releaseVersion.nupkg"
$globalToolPath = "$(Pipeline.Workspace)/NuGetPackages/PowerShell.$releaseVersion.nupkg"
if ($releaseVersion -notlike '*-*') {
# Copy the global tool package for stable releases
Copy-Item $globalToolPath -Destination "$(Pipeline.Workspace)/release"
}
Write-Verbose -Verbose "The .nupkgs below will be pushed:"
Get-ChildItem "$(Pipeline.Workspace)/release" -recurse
displayName: Download and capture nupkgs
condition: and(ne('${{ parameters.skipPublish }}', 'false'), succeeded())

View File

@ -5,6 +5,8 @@ jobs:
pool:
type: windows
variables:
- name: ob_sdl_sbom_enabled
value: false
- name: runCodesignValidationInjection
value: false
- name: NugetSecurityAnalysisWarningLevel
@ -233,6 +235,24 @@ jobs:
Get-ChildItem '$(Build.ArtifactStagingDirectory)/downloads' | Select-Object -ExpandProperty FullName
displayName: 'Capture downloads'
# - pwsh: |
# Write-Verbose -Verbose "Copying Github Release files in $(Build.ArtifactStagingDirectory)/downloads to use in Release Pipeline"
#
# Write-Verbose -Verbose "Creating output directory for GitHub Release files: $(ob_outputDirectory)/GitHubPackages"
# New-Item -Path $(ob_outputDirectory)/GitHubPackages -ItemType Directory -Force
# Get-ChildItem -Path "$(Build.ArtifactStagingDirectory)/downloads/*" -Recurse |
# Where-Object { $_.Extension -notin '.msix', '.nupkg' } |
# ForEach-Object { Write-Verbose -Verbose $_.FullName ; $_ } |
# Copy-Item -Destination $(ob_outputDirectory)/GitHubPackages -Recurse
#
# Write-Verbose -Verbose "Creating output directory for NuGet packages: $(ob_outputDirectory)/NuGetPackages"
# New-Item -Path $(ob_outputDirectory)/NuGetPackages -ItemType Directory -Force
# Get-ChildItem -Path "$(Build.ArtifactStagingDirectory)/downloads/*" -Recurse |
# Where-Object { $_.Extension -eq '.nupkg' } |
# ForEach-Object { Write-Verbose -Verbose $_.FullName ; $_ } |
# Copy-Item -Destination $(ob_outputDirectory)/NuGetPackages -Recurse
# displayName: Copy downloads to Artifacts
- pwsh: |
# Create output directory for packages which have been uploaded to blob storage
New-Item -Path $(Build.ArtifactStagingDirectory)/uploaded -ItemType Directory -Force

View File

@ -0,0 +1,32 @@
parameters:
- name: REPOROOT
type: string
default: $(Build.SourcesDirectory)\PowerShell
- name: SBOM
type: boolean
default: false
variables:
- name: ob_signing_setup_enabled
value: false
- name: ob_sdl_sbom_enabled
value: ${{ parameters.SBOM }}
- name: runCodesignValidationInjection
value: false
- name: DOTNET_SKIP_FIRST_TIME_EXPERIENCE
value: 1
- group: 'mscodehub-code-read-akv'
- group: 'Azure Blob variable group'
- group: 'GitHubTokens'
- name: ob_outputDirectory
value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT'
- name: ob_sdl_codeSignValidation_enabled
value: false
- name: ob_sdl_binskim_enabled
value: false
- name: ob_sdl_tsa_configFile
value: ${{ parameters.REPOROOT }}\.config\tsaoptions.json
- name: ob_sdl_credscan_suppressionsFile
value: ${{ parameters.REPOROOT }}\.config\suppress.json
- name: ob_sdl_codeql_compiled_enabled
value: false