name: $(BuildDefinitionName)_$(date:yyMM).$(date:dd)$(rev:rrr) trigger: none parameters: # parameters are shown up in ADO UI in a build queue time - name: 'createVPack' displayName: 'Create and Submit VPack' type: boolean default: true - name: 'debug' displayName: 'Enable debug output' type: boolean default: false - name: 'architecture' type: string displayName: 'Select the vpack architecture:' values: - x64 - x86 - arm64 default: x64 - name: 'VPackPublishOverride' type: string displayName: 'VPack Publish Override Version (can leave blank):' default: ' ' - name: 'ReleaseTagVar' type: string displayName: 'Release Tag Var:' default: 'fromBranch' variables: - name: CDP_DEFINITION_BUILD_COUNT value: $[counter('', 0)] - name: system.debug value: ${{ parameters.debug }} - name: BuildSolution value: $(Build.SourcesDirectory)\dirs.proj - name: BuildConfiguration value: Release - name: WindowsContainerImage value: 'onebranch.azurecr.io/windows/ltsc2019/vse2022:latest' - name: Codeql.Enabled value: false # pipeline is not building artifacts; it repackages existing artifacts into a vpack - name: DOTNET_CLI_TELEMETRY_OPTOUT value: 1 - name: POWERSHELL_TELEMETRY_OPTOUT value: 1 - name: nugetMultiFeedWarnLevel value: none - name: ReleaseTagVar value: ${{ parameters.ReleaseTagVar }} - group: Azure Blob variable group - group: certificate_logical_to_actual # used within signing task resources: repositories: - repository: templates type: git name: OneBranch.Pipelines/GovernedTemplates ref: refs/heads/main pipelines: - pipeline: PSPackagesOfficial source: 'PowerShell-Packages-Official' trigger: branches: include: - master - releases/* extends: template: v2/Microsoft.Official.yml@templates parameters: platform: name: 'windows_undocked' # windows undocked cloudvault: enabled: false globalSdl: useCustomPolicy: true # for signing code disableLegacyManifest: true # disabled Armory as we dont have any ARM templates to scan. It fails on some sample ARM templates. armory: enabled: false sbom: enabled: true compiled: enabled: false credscan: enabled: true scanFolder: $(Build.SourcesDirectory) suppressionsFile: $(Build.SourcesDirectory)\.config\suppress.json binskim: enabled: false # APIScan requires a non-Ready-To-Run build apiscan: enabled: false asyncSDL: enabled: false tsaOptionsFile: .config/tsaoptions.json stages: - stage: main jobs: - job: main pool: type: windows variables: ob_outputDirectory: '$(BUILD.SOURCESDIRECTORY)\out' ob_createvpack_enabled: ${{ parameters.createVPack }} ob_createvpack_packagename: 'PowerShell.${{ parameters.architecture }}' ob_createvpack_description: PowerShell ${{ parameters.architecture }} $(version) ob_createvpack_owneralias: tplunk ob_createvpack_versionAs: string ob_createvpack_version: '$(version)' ob_createvpack_propsFile: true ob_createvpack_verbose: true steps: - template: tools/releaseBuild/azureDevOps/templates/SetVersionVariables.yml@self parameters: ReleaseTagVar: $(ReleaseTagVar) CreateJson: yes UseJson: no - pwsh: | if($env:RELEASETAGVAR -match '-') { throw "Don't release a preview build without coordinating with Windows Engineering Build Tools Team" } displayName: Stop any preview release - task: UseDotNet@2 displayName: 'Use .NET Core sdk' inputs: packageType: sdk version: 3.1.x installationPath: $(Agent.ToolsDirectory)/dotnet - pwsh: | $packageArtifactName = 'drop_windows_package_package_${{ parameters.architecture }}' $vstsCommandString = "vso[task.setvariable variable=PackageArtifactName]$packageArtifactName" Write-Host "sending " + $vstsCommandString Write-Host "##$vstsCommandString" displayName: 'Set package artifact name' - download: PSPackagesOfficial artifact: $(PackageArtifactName) displayName: Download package - pwsh: 'Get-ChildItem $(System.ArtifactsDirectory)\* -recurse | Select-Object -ExpandProperty Name' displayName: 'Capture Artifact Listing' - pwsh: | $message = @() Get-ChildItem $(System.ArtifactsDirectory)\* -recurse -include *.zip, *.msi | ForEach-Object { if($_.Name -notmatch 'PowerShell-\d+\.\d+\.\d+\-([a-z]*.\d+\-)?win\-(fxdependent|x64|arm64|x86|fxdependentWinDesktop)\.(msi|zip){1}') { $messageInstance = "$($_.Name) is not a valid package name" $message += $messageInstance Write-Warning $messageInstance } } if($message.count -gt 0){throw ($message | out-string)} displayName: 'Validate Zip and MSI Package Names' - pwsh: | Get-ChildItem $(System.ArtifactsDirectory)\* -recurse -include *.zip, *.msi | ForEach-Object { if($_.Name -match 'PowerShell-\d+\.\d+\.\d+\-([a-z]*.\d+\-)?win\-(${{ parameters.architecture }})\.(zip){1}') { Expand-Archive -Path $_.FullName -DestinationPath $(ob_outputDirectory) } } displayName: 'Extract Zip to ob_outputDirectory' - pwsh: | Write-Verbose "VPack Version: $(ob_createvpack_version)" -Verbose Get-ChildItem -Path $(ob_outputDirectory)\* -Recurse Get-Content $(ob_outputdirectory)\preview.json -ErrorAction SilentlyContinue | Write-Host displayName: Debug Output Directory and Version condition: succeededOrFailed() - pwsh: | Write-Host "Using VPackPublishOverride variable" $vpackVersion = '${{ parameters.VPackPublishOverride }}' $vstsCommandString = "vso[task.setvariable variable=ob_createvpack_version]$vpackVersion" Write-Host "sending " + $vstsCommandString Write-Host "##$vstsCommandString" condition: ne('${{ parameters.VPackPublishOverride }}', ' ') displayName: 'Set ob_createvpack_version with VPackPublishOverride' - pwsh: | Get-ChildItem -Path env: | Out-String -width 9999 -Stream | write-Verbose -Verbose displayName: Capture Environment condition: succeededOrFailed() - pwsh: | Write-Verbose "VPack Version: $(ob_createvpack_version)" -Verbose Get-ChildItem -Path $(ob_outputDirectory)\* -Recurse displayName: Debug Output Directory and Version condition: succeededOrFailed() - task: onebranch.pipeline.signing@1 displayName: 'Onebranch Signing' inputs: command: 'sign' signing_environment: 'azure-ado' cp_code: $(windows_build_tools_cert_id) files_to_sign: '**/*.exe;**/*.dll;**/*.ps1;**/*.psm1' search_root: $(ob_outputDirectory)