Sign individual files in pkg (#13392)
Co-authored-by: Aditya Patwardhan <adityap@microsoft.com>
This commit is contained in:
parent
46efd38ef5
commit
a00741e6c7
|
@ -676,13 +676,14 @@ function Expand-PSSignedBuild
|
|||
# That zip file is used for compliance scan.
|
||||
Remove-Item -Path (Join-Path -Path $buildPath -ChildPath '*.zip') -Recurse
|
||||
|
||||
if ($SkipPwshExeCheck)
|
||||
{
|
||||
$windowsExecutablePath = (Join-Path $buildPath -ChildPath 'pwsh.dll')
|
||||
}
|
||||
else
|
||||
{
|
||||
$windowsExecutablePath = (Join-Path $buildPath -ChildPath 'pwsh.exe')
|
||||
if ($SkipPwshExeCheck) {
|
||||
$executablePath = (Join-Path $buildPath -ChildPath 'pwsh.dll')
|
||||
} else {
|
||||
if ($IsMacOS -or $IsLinux) {
|
||||
$executablePath = (Join-Path $buildPath -ChildPath 'pwsh')
|
||||
} else {
|
||||
$executablePath = (Join-Path $buildPath -ChildPath 'pwsh.exe')
|
||||
}
|
||||
}
|
||||
|
||||
Restore-PSModuleToBuild -PublishPath $buildPath
|
||||
|
@ -694,12 +695,9 @@ function Expand-PSSignedBuild
|
|||
|
||||
$options.PSModuleRestore = $true
|
||||
|
||||
if (Test-Path -Path $windowsExecutablePath)
|
||||
{
|
||||
$options.Output = $windowsExecutablePath
|
||||
}
|
||||
else
|
||||
{
|
||||
if (Test-Path -Path $executablePath) {
|
||||
$options.Output = $executablePath
|
||||
} else {
|
||||
throw 'Could not find pwsh'
|
||||
}
|
||||
|
||||
|
|
|
@ -19,147 +19,146 @@ resources:
|
|||
- repo: self
|
||||
clean: true
|
||||
|
||||
jobs:
|
||||
- template: templates/checkAzureContainer.yml
|
||||
stages:
|
||||
- stage: prep
|
||||
jobs:
|
||||
- template: templates/checkAzureContainer.yml
|
||||
|
||||
- template: templates/linux.yml
|
||||
parameters:
|
||||
buildName: deb
|
||||
parentJob: DeleteBlob
|
||||
- stage: macos
|
||||
dependsOn: ['prep']
|
||||
jobs:
|
||||
- template: templates/mac.yml
|
||||
|
||||
- template: templates/linux.yml
|
||||
parameters:
|
||||
buildName: rpm
|
||||
uploadDisplayName: Upload and Sign
|
||||
parentJob: DeleteBlob
|
||||
- template: templates/mac-file-signing.yml
|
||||
parameters:
|
||||
parentJob: build_macOS
|
||||
|
||||
- template: templates/linux.yml
|
||||
parameters:
|
||||
buildName: fxdependent
|
||||
parentJob: DeleteBlob
|
||||
- template: templates/mac-package-build.yml
|
||||
parameters:
|
||||
parentJob: MacFileSigningJob
|
||||
|
||||
- template: templates/linux.yml
|
||||
parameters:
|
||||
buildName: alpine
|
||||
parentJob: DeleteBlob
|
||||
- template: templates/mac-package-signing.yml
|
||||
parameters:
|
||||
parentJob: package_macOS
|
||||
|
||||
- template: templates/mac.yml
|
||||
parameters:
|
||||
parentJob: DeleteBlob
|
||||
- stage: linux
|
||||
dependsOn: ['prep']
|
||||
jobs:
|
||||
- template: templates/linux.yml
|
||||
parameters:
|
||||
buildName: deb
|
||||
|
||||
- template: templates/windows-hosted-build.yml
|
||||
parameters:
|
||||
Architecture: x64
|
||||
parentJob: DeleteBlob
|
||||
- template: templates/linux.yml
|
||||
parameters:
|
||||
buildName: rpm
|
||||
uploadDisplayName: Upload and Sign
|
||||
|
||||
- template: templates/windows-hosted-build.yml
|
||||
parameters:
|
||||
Architecture: x86
|
||||
parentJob: DeleteBlob
|
||||
- template: templates/linux.yml
|
||||
parameters:
|
||||
buildName: fxdependent
|
||||
parentJob: build_deb
|
||||
|
||||
- template: templates/windows-hosted-build.yml
|
||||
parameters:
|
||||
Architecture: arm
|
||||
parentJob: DeleteBlob
|
||||
- template: templates/linux.yml
|
||||
parameters:
|
||||
buildName: alpine
|
||||
|
||||
- template: templates/windows-hosted-build.yml
|
||||
parameters:
|
||||
Architecture: arm64
|
||||
parentJob: DeleteBlob
|
||||
- stage: windows
|
||||
dependsOn: ['prep']
|
||||
jobs:
|
||||
- template: templates/windows-hosted-build.yml
|
||||
parameters:
|
||||
Architecture: x64
|
||||
|
||||
- template: templates/windows-hosted-build.yml
|
||||
parameters:
|
||||
Architecture: fxdependent
|
||||
parentJob: DeleteBlob
|
||||
- template: templates/windows-hosted-build.yml
|
||||
parameters:
|
||||
Architecture: x86
|
||||
|
||||
- template: templates/windows-hosted-build.yml
|
||||
parameters:
|
||||
Architecture: fxdependentWinDesktop
|
||||
parentJob: DeleteBlob
|
||||
- template: templates/windows-hosted-build.yml
|
||||
parameters:
|
||||
Architecture: arm
|
||||
|
||||
- template: templates/windows-packaging.yml
|
||||
parameters:
|
||||
Architecture: x64
|
||||
parentJob: build_windows_x64
|
||||
- template: templates/windows-hosted-build.yml
|
||||
parameters:
|
||||
Architecture: arm64
|
||||
|
||||
- template: templates/windows-packaging.yml
|
||||
parameters:
|
||||
Architecture: x86
|
||||
parentJob: build_windows_x86
|
||||
- template: templates/windows-hosted-build.yml
|
||||
parameters:
|
||||
Architecture: fxdependent
|
||||
|
||||
- template: templates/windows-packaging.yml
|
||||
parameters:
|
||||
Architecture: arm
|
||||
parentJob: build_windows_arm
|
||||
- template: templates/windows-hosted-build.yml
|
||||
parameters:
|
||||
Architecture: fxdependentWinDesktop
|
||||
|
||||
- template: templates/windows-packaging.yml
|
||||
parameters:
|
||||
Architecture: arm64
|
||||
parentJob: build_windows_arm64
|
||||
- template: templates/windows-packaging.yml
|
||||
parameters:
|
||||
Architecture: x64
|
||||
parentJob: build_windows_x64
|
||||
|
||||
- template: templates/windows-packaging.yml
|
||||
parameters:
|
||||
Architecture: fxdependent
|
||||
parentJob: build_windows_fxdependent
|
||||
- template: templates/windows-packaging.yml
|
||||
parameters:
|
||||
Architecture: x86
|
||||
parentJob: build_windows_x86
|
||||
|
||||
- template: templates/windows-packaging.yml
|
||||
parameters:
|
||||
Architecture: fxdependentWinDesktop
|
||||
parentJob: build_windows_fxdependentWinDesktop
|
||||
- template: templates/windows-packaging.yml
|
||||
parameters:
|
||||
Architecture: arm
|
||||
parentJob: build_windows_arm
|
||||
|
||||
- template: templates/windows-package-signing.yml
|
||||
parameters:
|
||||
parentJobs:
|
||||
- sign_windows_x64
|
||||
- sign_windows_x86
|
||||
- sign_windows_arm
|
||||
- sign_windows_arm64
|
||||
- sign_windows_fxdependent
|
||||
- sign_windows_fxdependentWinDesktop
|
||||
- template: templates/windows-packaging.yml
|
||||
parameters:
|
||||
Architecture: arm64
|
||||
parentJob: build_windows_arm64
|
||||
|
||||
- template: templates/mac-package-signing.yml
|
||||
- template: templates/windows-packaging.yml
|
||||
parameters:
|
||||
Architecture: fxdependent
|
||||
parentJob: build_windows_fxdependent
|
||||
|
||||
- template: templates/compliance.yml
|
||||
parameters:
|
||||
parentJobs:
|
||||
- build_windows_x64
|
||||
- build_windows_x86
|
||||
- build_windows_fxdependent
|
||||
- build_windows_fxdependentWinDesktop
|
||||
- template: templates/windows-packaging.yml
|
||||
parameters:
|
||||
Architecture: fxdependentWinDesktop
|
||||
parentJob: build_windows_fxdependentWinDesktop
|
||||
|
||||
- template: templates/nuget.yml
|
||||
parameters:
|
||||
parentJobs:
|
||||
- WinPackageSigningJob
|
||||
- upload_deb
|
||||
- upload_rpm
|
||||
- upload_alpine
|
||||
- build_macOS
|
||||
- template: templates/windows-package-signing.yml
|
||||
parameters:
|
||||
parentJobs:
|
||||
- sign_windows_x64
|
||||
- sign_windows_x86
|
||||
- sign_windows_arm
|
||||
- sign_windows_arm64
|
||||
- sign_windows_fxdependent
|
||||
- sign_windows_fxdependentWinDesktop
|
||||
|
||||
- template: templates/json.yml
|
||||
parameters:
|
||||
parentJobs:
|
||||
- WinPackageSigningJob
|
||||
- upload_deb
|
||||
- upload_rpm
|
||||
- upload_alpine
|
||||
- MacPackageSigningJob
|
||||
- stage: compliance
|
||||
dependsOn: ['windows']
|
||||
jobs:
|
||||
- template: templates/compliance.yml
|
||||
|
||||
- template: templates/testartifacts.yml
|
||||
- stage: nuget_and_json
|
||||
dependsOn: ['windows','linux','macOS']
|
||||
jobs:
|
||||
- template: templates/nuget.yml
|
||||
|
||||
- job: release_json
|
||||
displayName: Create and Upload release.json
|
||||
pool:
|
||||
vmImage: 'windows-latest'
|
||||
steps:
|
||||
- template: templates/SetVersionVariables.yml
|
||||
parameters:
|
||||
ReleaseTagVar: $(ReleaseTagVar)
|
||||
- template: templates/json.yml
|
||||
|
||||
- powershell: |
|
||||
$metadata = Get-Content '$(Build.SourcesDirectory)/tools/metadata.json' -Raw | ConvertFrom-Json
|
||||
$LTS = $metadata.LTSRelease
|
||||
@{ ReleaseVersion = "$(Version)"; LTSRelease = $LTS } | ConvertTo-Json | Out-File "$(Build.StagingDirectory)\release.json"
|
||||
Get-Content "$(Build.StagingDirectory)\release.json"
|
||||
Write-Host "##vso[artifact.upload containerfolder=metadata;artifactname=metadata]$(Build.StagingDirectory)\release.json"
|
||||
displayName: Create and upload release.json file to build artifact
|
||||
- stage: test_and_release_artifacts
|
||||
dependsOn: ['prep']
|
||||
jobs:
|
||||
- template: templates/testartifacts.yml
|
||||
|
||||
- job: release_json
|
||||
displayName: Create and Upload release.json
|
||||
pool:
|
||||
vmImage: 'windows-latest'
|
||||
steps:
|
||||
- template: templates/SetVersionVariables.yml
|
||||
parameters:
|
||||
ReleaseTagVar: $(ReleaseTagVar)
|
||||
|
||||
- powershell: |
|
||||
$metadata = Get-Content '$(Build.SourcesDirectory)/tools/metadata.json' -Raw | ConvertFrom-Json
|
||||
$LTS = $metadata.LTSRelease
|
||||
@{ ReleaseVersion = "$(Version)"; LTSRelease = $LTS } | ConvertTo-Json | Out-File "$(Build.StagingDirectory)\release.json"
|
||||
Get-Content "$(Build.StagingDirectory)\release.json"
|
||||
Write-Host "##vso[artifact.upload containerfolder=metadata;artifactname=metadata]$(Build.StagingDirectory)\release.json"
|
||||
displayName: Create and upload release.json file to build artifact
|
||||
|
|
108
tools/releaseBuild/azureDevOps/templates/mac-file-signing.yml
Normal file
108
tools/releaseBuild/azureDevOps/templates/mac-file-signing.yml
Normal file
|
@ -0,0 +1,108 @@
|
|||
parameters:
|
||||
parentJob: ''
|
||||
|
||||
jobs:
|
||||
- job: MacFileSigningJob
|
||||
displayName: macOS File signing
|
||||
dependsOn: ${{ parameters.parentJob }}
|
||||
condition: succeeded()
|
||||
pool:
|
||||
name: Package ES Standard Build
|
||||
variables:
|
||||
BuildConfiguration: release
|
||||
BuildPlatform: any cpu
|
||||
|
||||
steps:
|
||||
|
||||
- template: shouldSign.yml
|
||||
|
||||
- template: SetVersionVariables.yml
|
||||
parameters:
|
||||
ReleaseTagVar: $(ReleaseTagVar)
|
||||
|
||||
- task: DownloadBuildArtifacts@0
|
||||
inputs:
|
||||
artifactName: 'macosBinResults'
|
||||
itemPattern: '**/*.zip'
|
||||
downloadPath: '$(System.ArtifactsDirectory)\Symbols'
|
||||
|
||||
- pwsh: |
|
||||
Get-ChildItem "$(System.ArtifactsDirectory)\*" -Recurse
|
||||
displayName: 'Capture Downloaded Artifacts'
|
||||
# Diagnostics is not critical it passes every time it runs
|
||||
continueOnError: true
|
||||
|
||||
- pwsh: |
|
||||
$zipPath = Get-Item '$(System.ArtifactsDirectory)\Symbols\macosBinResults\*symbol*.zip'
|
||||
Write-Verbose -Verbose "Zip Path: $zipPath"
|
||||
|
||||
$expandedFolder = $zipPath.BaseName
|
||||
Write-Host "sending.. vso[task.setvariable variable=SymbolsFolder]$expandedFolder"
|
||||
Write-Host "##vso[task.setvariable variable=SymbolsFolder]$expandedFolder"
|
||||
|
||||
Expand-Archive -Path $zipPath -Destination "$(System.ArtifactsDirectory)\$expandedFolder" -Force
|
||||
displayName: Expand symbols zip
|
||||
|
||||
- pwsh: |
|
||||
Get-ChildItem "$(System.ArtifactsDirectory)\*" -Recurse
|
||||
displayName: 'Capture artifacts dir Binaries'
|
||||
|
||||
- pwsh: |
|
||||
Get-ChildItem "$(System.ArtifactsDirectory)\$(SymbolsFolder)" -Recurse -Include pwsh, *.dylib
|
||||
displayName: 'Capture Expanded Binaries'
|
||||
# Diagnostics is not critical it passes every time it runs
|
||||
continueOnError: true
|
||||
|
||||
- pwsh: |
|
||||
$null = new-item -type directory -path "$(Build.StagingDirectory)\macos"
|
||||
$zipFile = "$(Build.StagingDirectory)\macos\powershell-files-$(Version)-osx-x64.zip"
|
||||
Get-ChildItem "$(System.ArtifactsDirectory)\$(SymbolsFolder)" -Recurse -Include pwsh, *.dylib |
|
||||
Compress-Archive -Destination $zipFile
|
||||
Write-Host $zipFile
|
||||
displayName: 'Compress macOS binary files'
|
||||
|
||||
- pwsh: |
|
||||
$pkgFiles = "$(Build.StagingDirectory)\macos\powershell-files-$(Version)-osx-x64.zip", "$(Build.StagingDirectory)\macos\powershell-lts-$(Version)-osx-x64.zip"
|
||||
tools/releaseBuild/generatePackgeSigning.ps1 -MacDeveloperFiles $pkgFiles -path "$(System.ArtifactsDirectory)\package.xml"
|
||||
displayName: 'Generate macOS binary Signing Xml'
|
||||
|
||||
- pwsh: |
|
||||
Get-Content "$(System.ArtifactsDirectory)\package.xml"
|
||||
displayName: 'Capture macOS signing xml'
|
||||
# Diagnostics is not critical it passes every time it runs
|
||||
continueOnError: true
|
||||
|
||||
- task: PkgESCodeSign@10
|
||||
displayName: 'CodeSign $(System.ArtifactsDirectory)\package.xml'
|
||||
env:
|
||||
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
|
||||
inputs:
|
||||
signConfigXml: '$(System.ArtifactsDirectory)\package.xml'
|
||||
outPathRoot: '$(Build.StagingDirectory)\signedMacOSPackages'
|
||||
binVersion: $(SigingVersion)
|
||||
binVersionOverride: $(SigningVersionOverride)
|
||||
condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true'))
|
||||
|
||||
- pwsh: |
|
||||
$destination = "$(System.ArtifactsDirectory)\azureMacOs"
|
||||
New-Item -Path $destination -Type Directory
|
||||
$zipPath = Get-ChildItem "$(Build.StagingDirectory)\signedMacOSPackages\powershell-*.zip" -Recurse | select-object -expandproperty fullname
|
||||
foreach ($z in $zipPath) { Expand-Archive -Path $z -DestinationPath $destination }
|
||||
displayName: 'Extract and copy macOS artifacts for upload'
|
||||
condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true'))
|
||||
|
||||
- template: upload-final-results.yml
|
||||
parameters:
|
||||
artifactPath: $(System.ArtifactsDirectory)\azureMacOs
|
||||
artifactFilter: "*"
|
||||
artifactName: signedMacOsBins
|
||||
condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true'))
|
||||
|
||||
- task: securedevelopmentteam.vss-secure-development-tools.build-task-antimalware.AntiMalware@3
|
||||
displayName: 'Run Defender Scan'
|
||||
|
||||
- task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
|
||||
displayName: 'Component Detection'
|
||||
inputs:
|
||||
sourceScanPath: '$(Build.SourcesDirectory)'
|
||||
snapshotForceEnabled: true
|
110
tools/releaseBuild/azureDevOps/templates/mac-package-build.yml
Normal file
110
tools/releaseBuild/azureDevOps/templates/mac-package-build.yml
Normal file
|
@ -0,0 +1,110 @@
|
|||
parameters:
|
||||
parentJob: ''
|
||||
jobName: 'package_macOS'
|
||||
|
||||
jobs:
|
||||
- job: ${{ parameters.jobName }}
|
||||
displayName: Package macOS
|
||||
dependsOn: ${{ parameters.parentJob }}
|
||||
condition: succeeded()
|
||||
pool: Hosted Mac Internal
|
||||
variables:
|
||||
# Turn off Homebrew analytics
|
||||
HOMEBREW_NO_ANALYTICS: 1
|
||||
runCodesignValidationInjection: false
|
||||
steps:
|
||||
- pwsh: |
|
||||
# create folder
|
||||
sudo mkdir /PowerShell
|
||||
|
||||
# make the current user the owner
|
||||
sudo chown $env:USER /PowerShell
|
||||
displayName: 'Create /PowerShell'
|
||||
|
||||
- pwsh: |
|
||||
Write-Host "##vso[task.setvariable variable=PowerShellRoot]/PowerShell"
|
||||
git clone $env:BUILD_REPOSITORY_LOCALPATH /PowerShell
|
||||
displayName: Clone PowerShell Repo to /PowerShell
|
||||
|
||||
- template: shouldSign.yml
|
||||
|
||||
#- task: <task type name>@<version>
|
||||
# inputs:
|
||||
# <task specific inputs>
|
||||
# displayName: '<display name of task>'
|
||||
- template: SetVersionVariables.yml
|
||||
parameters:
|
||||
ReleaseTagVar: $(ReleaseTagVar)
|
||||
|
||||
|
||||
- task: DownloadBuildArtifacts@0
|
||||
inputs:
|
||||
artifactName: 'macosBinResults'
|
||||
itemPattern: '**/*.zip'
|
||||
downloadPath: '$(System.ArtifactsDirectory)/Symbols'
|
||||
|
||||
- task: DownloadBuildArtifacts@0
|
||||
inputs:
|
||||
artifactName: 'signedMacOsBins'
|
||||
itemPattern: '**/*'
|
||||
downloadPath: '$(System.ArtifactsDirectory)/macOsBins'
|
||||
|
||||
- pwsh: |
|
||||
Get-ChildItem "$(System.ArtifactsDirectory)\*" -Recurse
|
||||
displayName: 'Capture Downloaded Artifacts'
|
||||
# Diagnostics is not critical it passes every time it runs
|
||||
continueOnError: true
|
||||
|
||||
- pwsh: |
|
||||
$zipPath = Get-Item '$(System.ArtifactsDirectory)\Symbols\macosBinResults\*symbol*.zip'
|
||||
Write-Verbose -Verbose "Zip Path: $zipPath"
|
||||
|
||||
$expandedFolder = $zipPath.BaseName
|
||||
Write-Host "sending.. vso[task.setvariable variable=SymbolsFolder]$expandedFolder"
|
||||
Write-Host "##vso[task.setvariable variable=SymbolsFolder]$expandedFolder"
|
||||
|
||||
Expand-Archive -Path $zipPath -Destination "$(System.ArtifactsDirectory)\$expandedFolder" -Force
|
||||
displayName: Expand symbols zip
|
||||
|
||||
- pwsh: |
|
||||
Import-Module $(PowerShellRoot)/build.psm1 -Force
|
||||
Import-Module $(PowerShellRoot)/tools/packaging -Force
|
||||
$signedFilesPath = '$(System.ArtifactsDirectory)/macOsBins/signedMacOsBins/'
|
||||
$BuildPath = '$(System.ArtifactsDirectory)\$(SymbolsFolder)'
|
||||
|
||||
Update-PSSignedBuildFolder -BuildPath $BuildPath -SignedFilesPath $SignedFilesPath
|
||||
displayName: Merge signed files with Build
|
||||
condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true'))
|
||||
|
||||
- pwsh: |
|
||||
Import-Module $(PowerShellRoot)/build.psm1 -Force
|
||||
Import-Module $(PowerShellRoot)/tools/packaging -Force
|
||||
|
||||
$destFolder = '$(System.ArtifactsDirectory)\signedZip'
|
||||
$BuildPath = '$(System.ArtifactsDirectory)\$(SymbolsFolder)'
|
||||
|
||||
$null = New-Item -ItemType Directory -Path $destFolder -Force
|
||||
|
||||
$BuildPackagePath = New-PSBuildZip -BuildPath $BuildPath -DestinationFolder $destFolder
|
||||
|
||||
Write-Verbose -Verbose "New-PSSignedBuildZip returned `$BuildPackagePath as: $BuildPackagePath"
|
||||
Write-Host "##vso[artifact.upload containerfolder=results;artifactname=results]$BuildPackagePath"
|
||||
|
||||
$vstsCommandString = "vso[task.setvariable variable=BuildPackagePath]$BuildPackagePath"
|
||||
Write-Host ("sending " + $vstsCommandString)
|
||||
Write-Host "##$vstsCommandString"
|
||||
displayName: Compress signed files
|
||||
|
||||
- pwsh: |
|
||||
tools/releaseBuild/macOS/PowerShellPackageVsts.ps1 -location $(PowerShellRoot) -BootStrap
|
||||
displayName: 'Bootstrap VM'
|
||||
|
||||
- pwsh: |
|
||||
$(Build.SourcesDirectory)/tools/releaseBuild/macOS/PowerShellPackageVsts.ps1 -ReleaseTag $(ReleaseTagVar) -Destination $(System.ArtifactsDirectory) -location $(PowerShellRoot) -ArtifactName macosPkgResults -BuildZip $(BuildPackagePath) -ExtraPackage "tar"
|
||||
displayName: 'Package'
|
||||
|
||||
- task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
|
||||
displayName: 'Component Detection'
|
||||
inputs:
|
||||
sourceScanPath: '$(Build.SourcesDirectory)'
|
||||
snapshotForceEnabled: true
|
|
@ -1,7 +1,10 @@
|
|||
parameters:
|
||||
parentJob: ''
|
||||
|
||||
jobs:
|
||||
- job: MacPackageSigningJob
|
||||
displayName: macOS Package signing
|
||||
dependsOn: build_macOS
|
||||
dependsOn: ${{ parameters.parentJob }}
|
||||
condition: succeeded()
|
||||
pool:
|
||||
name: Package ES Standard Build
|
||||
|
@ -18,26 +21,24 @@ jobs:
|
|||
ReleaseTagVar: $(ReleaseTagVar)
|
||||
|
||||
- task: DownloadBuildArtifacts@0
|
||||
displayName: 'Download artifacts'
|
||||
inputs:
|
||||
downloadType: specific
|
||||
itemPattern: |
|
||||
**/*.tar.gz
|
||||
**/*.pkg
|
||||
artifactName: 'macosPkgResults'
|
||||
itemPattern: '**/*'
|
||||
downloadPath: '$(System.ArtifactsDirectory)'
|
||||
|
||||
- powershell: |
|
||||
- pwsh: |
|
||||
dir "$(System.ArtifactsDirectory)\*" -Recurse
|
||||
displayName: 'Capture Downloaded Artifacts'
|
||||
# Diagnostics is not critical it passes every time it runs
|
||||
continueOnError: true
|
||||
|
||||
- powershell: |
|
||||
- pwsh: |
|
||||
$null = new-item -type directory -path "$(Build.StagingDirectory)\macos"
|
||||
$zipFile = "$(Build.StagingDirectory)\macos\powershell-$(Version)-osx-x64.zip"
|
||||
Compress-Archive -Path "$(System.ArtifactsDirectory)\results\powershell-$(Version)-osx-x64.pkg" -Destination $zipFile
|
||||
Compress-Archive -Path "$(System.ArtifactsDirectory)\macosPkgResults\powershell-$(Version)-osx-x64.pkg" -Destination $zipFile
|
||||
Write-Host $zipFile
|
||||
|
||||
$ltsPkgPath = "$(System.ArtifactsDirectory)\results\powershell-lts-$(Version)-osx-x64.pkg"
|
||||
$ltsPkgPath = "$(System.ArtifactsDirectory)\macosPkgResults\powershell-lts-$(Version)-osx-x64.pkg"
|
||||
|
||||
if(Test-Path $ltsPkgPath)
|
||||
{
|
||||
|
@ -47,12 +48,12 @@ jobs:
|
|||
}
|
||||
displayName: 'Compress macOS Package'
|
||||
|
||||
- powershell: |
|
||||
- pwsh: |
|
||||
$pkgFiles = "$(Build.StagingDirectory)\macos\powershell-$(Version)-osx-x64.zip", "$(Build.StagingDirectory)\macos\powershell-lts-$(Version)-osx-x64.zip"
|
||||
tools/releaseBuild/generatePackgeSigning.ps1 -MacDeveloperFiles $pkgFiles -path "$(System.ArtifactsDirectory)\package.xml"
|
||||
displayName: 'Generate macOS Package Signing Xml'
|
||||
|
||||
- powershell: |
|
||||
- pwsh: |
|
||||
Get-Content "$(System.ArtifactsDirectory)\package.xml"
|
||||
displayName: 'Capture macOS signing xml'
|
||||
# Diagnostics is not critical it passes every time it runs
|
||||
|
@ -71,10 +72,10 @@ jobs:
|
|||
|
||||
- template: upload-final-results.yml
|
||||
parameters:
|
||||
artifactPath: $(System.ArtifactsDirectory)\results
|
||||
artifactPath: $(System.ArtifactsDirectory)\macosPkgResults
|
||||
artifactFilter: "*.tar.gz"
|
||||
|
||||
- powershell: |
|
||||
- pwsh: |
|
||||
$destination = "$(System.ArtifactsDirectory)\azureMacOs"
|
||||
New-Item -Path $destination -Type Directory
|
||||
$zipPath = dir "$(Build.StagingDirectory)\signedMacOSPackages\powershell-*.zip" -Recurse | select-object -expandproperty fullname
|
||||
|
@ -90,7 +91,7 @@ jobs:
|
|||
artifactFilter: "*.pkg"
|
||||
condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true'))
|
||||
|
||||
- powershell: |
|
||||
- pwsh: |
|
||||
$null = new-item -type directory -path "$(Build.StagingDirectory)\macos-unsigned"
|
||||
Copy-Item -Path "$(System.ArtifactsDirectory)\results\powershell-$(Version)-osx-x64.pkg" -Destination "$(Build.StagingDirectory)\macos-unsigned"
|
||||
Copy-Item -Path "$(System.ArtifactsDirectory)\results\powershell-$(Version)-osx-x64.tar.gz" -Destination "$(Build.StagingDirectory)\macos-unsigned"
|
||||
|
|
|
@ -1,13 +1,11 @@
|
|||
parameters:
|
||||
jobName: 'build_macOS'
|
||||
parentJob: ''
|
||||
|
||||
jobs:
|
||||
- job: ${{ parameters.jobName }}
|
||||
displayName: Build macOS
|
||||
condition: succeeded()
|
||||
pool: Hosted Mac Internal
|
||||
dependsOn: ${{ parameters.parentJob }}
|
||||
variables:
|
||||
# Turn off Homebrew analytics
|
||||
HOMEBREW_NO_ANALYTICS: 1
|
||||
|
@ -21,7 +19,7 @@ jobs:
|
|||
parameters:
|
||||
ReleaseTagVar: $(ReleaseTagVar)
|
||||
|
||||
- powershell: |
|
||||
- pwsh: |
|
||||
# create folder
|
||||
sudo mkdir /PowerShell
|
||||
|
||||
|
@ -29,16 +27,16 @@ jobs:
|
|||
sudo chown $env:USER /PowerShell
|
||||
displayName: 'Create /PowerShell'
|
||||
|
||||
- powershell: |
|
||||
- pwsh: |
|
||||
Write-Host "##vso[task.setvariable variable=PowerShellRoot]/PowerShell"
|
||||
git clone $env:BUILD_REPOSITORY_LOCALPATH /PowerShell
|
||||
displayName: Clone PowerShell Repo to /PowerShell
|
||||
|
||||
- powershell: |
|
||||
- pwsh: |
|
||||
tools/releaseBuild/macOS/PowerShellPackageVsts.ps1 -location $(PowerShellRoot) -BootStrap
|
||||
displayName: 'Bootstrap VM'
|
||||
|
||||
- powershell: |
|
||||
- pwsh: |
|
||||
Import-Module $(Build.SourcesDirectory)/build.psm1 -Force
|
||||
New-NugetConfigFile -NugetFeedUrl $(AzDevOpsFeed) -UserName $(AzDevOpsFeedUserName) -ClearTextPAT $(AzDevOpsFeedPAT) -FeedName AzDevOpsFeed -Destination "$(PowerShellRoot)/src/Modules"
|
||||
|
||||
|
@ -48,11 +46,11 @@ jobs:
|
|||
}
|
||||
displayName: 'Add nuget.config for AzDevOps feed for PSGallery modules '
|
||||
|
||||
- powershell: |
|
||||
- pwsh: |
|
||||
$env:AZDEVOPSFEEDPAT = '$(AzDevOpsFeedPAT)'
|
||||
$(Build.SourcesDirectory)/tools/releaseBuild/macOS/PowerShellPackageVsts.ps1 -ReleaseTag $(ReleaseTagVar) -Destination $(System.ArtifactsDirectory) -ExtraPackage "tar" -location $(PowerShellRoot) -Build
|
||||
$(Build.SourcesDirectory)/tools/releaseBuild/macOS/PowerShellPackageVsts.ps1 -ReleaseTag $(ReleaseTagVar) -Destination $(System.ArtifactsDirectory) -Symbols -location $(PowerShellRoot) -Build -ArtifactName macosBinResults
|
||||
$env:AZDEVOPSFEEDPAT = $null
|
||||
displayName: 'Build and Package'
|
||||
displayName: 'Build'
|
||||
|
||||
- task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
|
||||
displayName: 'Component Detection'
|
||||
|
|
|
@ -2,13 +2,14 @@ parameters:
|
|||
artifactPath:
|
||||
artifactFilter: '*'
|
||||
condition: succeeded()
|
||||
artifactName: finalResults
|
||||
|
||||
steps:
|
||||
- powershell: |
|
||||
Get-ChildItem -Path '${{ parameters.artifactPath }}' -File -filter '${{ parameters.artifactFilter }}' -ErrorAction SilentlyContinue |
|
||||
Select-Object -ExpandProperty FullName |
|
||||
ForEach-Object {
|
||||
Write-Host "##vso[artifact.upload containerfolder=finalResults;artifactname=finalResults]$_"
|
||||
Write-Host "##vso[artifact.upload containerfolder=${{ parameters.artifactName }};artifactname=${{ parameters.artifactName }}]$_"
|
||||
}
|
||||
displayName: Upload Final Artifacts ${{ parameters.artifactFilter }} from ${{ parameters.artifactPath }}
|
||||
displayName: Upload ${{ parameters.artifactName }} Artifacts ${{ parameters.artifactFilter }} from ${{ parameters.artifactPath }}
|
||||
condition: ${{ parameters.condition }}
|
||||
|
|
|
@ -10,14 +10,20 @@ param (
|
|||
[string] $location = $env:BUILD_REPOSITORY_LOCALPATH,
|
||||
|
||||
# Destination location of the package on docker host
|
||||
[Parameter(Mandatory, ParameterSetName = 'packageSigned')]
|
||||
[Parameter(Mandatory, ParameterSetName = 'IncludeSymbols')]
|
||||
[Parameter(Mandatory, ParameterSetName = 'Build')]
|
||||
[string] $destination = '/mnt',
|
||||
|
||||
[Parameter(Mandatory, ParameterSetName = 'packageSigned')]
|
||||
[Parameter(Mandatory, ParameterSetName = 'IncludeSymbols')]
|
||||
[Parameter(Mandatory, ParameterSetName = 'Build')]
|
||||
[ValidatePattern("^v\d+\.\d+\.\d+(-\w+(\.\d+)?)?$")]
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[string]$ReleaseTag,
|
||||
|
||||
[Parameter(ParameterSetName = 'packageSigned')]
|
||||
[Parameter(ParameterSetName = 'IncludeSymbols')]
|
||||
[Parameter(ParameterSetName = 'Build')]
|
||||
[ValidateSet("zip", "tar")]
|
||||
[string[]]$ExtraPackage,
|
||||
|
@ -25,13 +31,23 @@ param (
|
|||
[Parameter(Mandatory, ParameterSetName = 'Bootstrap')]
|
||||
[switch] $BootStrap,
|
||||
|
||||
[Parameter(Mandatory, ParameterSetName = 'IncludeSymbols')]
|
||||
[Parameter(Mandatory, ParameterSetName = 'Build')]
|
||||
[switch] $Build
|
||||
[switch] $Build,
|
||||
|
||||
[Parameter(Mandatory, ParameterSetName = 'IncludeSymbols')]
|
||||
[switch] $Symbols,
|
||||
|
||||
[Parameter(Mandatory, ParameterSetName = 'packageSigned')]
|
||||
[ValidatePattern("-signed.zip$")]
|
||||
[string]$BuildZip,
|
||||
|
||||
[string]$ArtifactName = 'result'
|
||||
)
|
||||
|
||||
$repoRoot = $location
|
||||
|
||||
if ($Build.IsPresent) {
|
||||
if ($Build.IsPresent -or $PSCmdlet.ParameterSetName -eq 'packageSigned') {
|
||||
$releaseTagParam = @{ }
|
||||
if ($ReleaseTag) {
|
||||
$releaseTagParam = @{ 'ReleaseTag' = $ReleaseTag }
|
||||
|
@ -59,8 +75,11 @@ try {
|
|||
Start-PSBootstrap -Package
|
||||
}
|
||||
|
||||
if ($Build.IsPresent) {
|
||||
Start-PSBuild -Configuration 'Release' -Crossgen -PSModuleRestore @releaseTagParam
|
||||
if ($PSCmdlet.ParameterSetName -eq 'packageSigned') {
|
||||
Write-Verbose "Expanding signed build $BuildZip ..." -Verbose
|
||||
Expand-PSSignedBuild -BuildZip $BuildZip
|
||||
|
||||
Remove-Item -Path $BuildZip
|
||||
|
||||
Start-PSPackage @releaseTagParam
|
||||
switch ($ExtraPackage) {
|
||||
|
@ -74,18 +93,41 @@ try {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($Build.IsPresent) {
|
||||
if ($Symbols.IsPresent) {
|
||||
Start-PSBuild -Configuration 'Release' -Crossgen -NoPSModuleRestore @releaseTagParam
|
||||
$pspackageParams = @{}
|
||||
$pspackageParams['Type']='zip'
|
||||
$pspackageParams['IncludeSymbols']=$Symbols.IsPresent
|
||||
Write-Verbose "Starting powershell packaging(zip)..." -Verbose
|
||||
Start-PSPackage @pspackageParams @releaseTagParam
|
||||
} else {
|
||||
Start-PSBuild -Configuration 'Release' -Crossgen -PSModuleRestore @releaseTagParam
|
||||
Start-PSPackage @releaseTagParam
|
||||
switch ($ExtraPackage) {
|
||||
"tar" { Start-PSPackage -Type tar @releaseTagParam }
|
||||
}
|
||||
|
||||
if ($LTS) {
|
||||
Start-PSPackage @releaseTagParam -LTS
|
||||
switch ($ExtraPackage) {
|
||||
"tar" { Start-PSPackage -Type tar @releaseTagParam -LTS }
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
} finally {
|
||||
Pop-Location
|
||||
}
|
||||
|
||||
if ($Build.IsPresent) {
|
||||
$macPackages = Get-ChildItem "$repoRoot/powershell*" -Include *.pkg, *.tar.gz
|
||||
if ($Build.IsPresent -or $PSCmdlet.ParameterSetName -eq 'packageSigned') {
|
||||
$macPackages = Get-ChildItem "$repoRoot/powershell*" -Include *.pkg, *.tar.gz, *.zip
|
||||
foreach ($macPackage in $macPackages) {
|
||||
$filePath = $macPackage.FullName
|
||||
$name = Split-Path -Leaf -Path $filePath
|
||||
$extension = (Split-Path -Extension -Path $filePath).Replace('.', '')
|
||||
Write-Verbose "Copying $filePath to $destination" -Verbose
|
||||
Write-Host "##vso[artifact.upload containerfolder=results;artifactname=results]$filePath"
|
||||
Write-Host "##vso[artifact.upload containerfolder=$ArtifactName;artifactname=$ArtifactName]$filePath"
|
||||
Write-Host "##vso[task.setvariable variable=Package-$extension]$filePath"
|
||||
Copy-Item -Path $filePath -Destination $destination -Force
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue