parameters: buildName: '' uploadDisplayName: 'Upload' parentJob: '' jobs: - job: build_${{ parameters.buildName }} displayName: Build ${{ parameters.buildName }} condition: succeeded() pool: vmImage: ubuntu-16.04 dependsOn: ${{ parameters.parentJob }} variables: - name: runCodesignValidationInjection value: false - name: build value: ${{ parameters.buildName }} - name: NugetSecurityAnalysisWarningLevel value: none - group: ESRP steps: - checkout: self clean: true - checkout: ComplianceRepo clean: true - template: SetVersionVariables.yml parameters: ReleaseTagVar: $(ReleaseTagVar) - powershell: | Write-Verbose -Verbose "$(build)" if ('$(build)' -in 'alpine', 'fxdependent' -and '$(ReleaseTagVar)' -match '6.0.*') { $vstsCommandString = "vso[task.setvariable variable=SkipBuild]true" } else { $vstsCommandString = "vso[task.setvariable variable=SkipBuild]false" } displayName: 'Skip Alpine or fxdependent for PS v6.0.*' - template: insert-nuget-config-azfeed.yml parameters: repoRoot: $(REPOROOT) - powershell: | import-module "$env:REPOROOT/build.psm1" Sync-PSTags -AddRemoteIfMissing displayName: SyncTags condition: and(succeeded(), ne(variables['SkipBuild'], 'true')) - powershell: | $env:AzDevOpsFeedPAT2 = '$(AzDevOpsFeedPAT2)' & "$env:REPOROOT/tools/releaseBuild/vstsbuild.ps1" -ReleaseTag $(ReleaseTagVar) -Name '$(build)' $env:AzDevOpsFeedPAT2 = $null displayName: 'Build and package' condition: and(succeeded(), ne(variables['SkipBuild'], 'true')) - job: upload_${{ parameters.buildName }} displayName: ${{ parameters.uploadDisplayName }} ${{ parameters.buildName }} dependsOn: build_${{ parameters.buildName }} condition: succeeded() pool: vmImage: windows-latest variables: - name: buildName value: ${{ parameters.buildName }} - group: ESRP - name: runCodesignValidationInjection value: false - name: NugetSecurityAnalysisWarningLevel value: none steps: - checkout: self clean: true - checkout: ComplianceRepo clean: true - template: SetVersionVariables.yml parameters: ReleaseTagVar: $(ReleaseTagVar) - template: shouldSign.yml - task: DownloadBuildArtifacts@0 displayName: 'Download Deb Artifacts' inputs: downloadType: specific itemPattern: '**/*.deb' downloadPath: '$(System.ArtifactsDirectory)\finished' condition: and(eq(variables['buildName'], 'DEB'), succeeded()) - task: DownloadBuildArtifacts@0 displayName: 'Download tar.gz Artifacts copy' inputs: downloadType: specific itemPattern: '**/*.tar.gz' downloadPath: '$(System.ArtifactsDirectory)\finished' - powershell: | Write-Host 'We handle the min-size package only when uploading for deb build.' Write-Host '- For deb build, the min-size package is moved to a separate folder "finished\minSize",' Write-Host ' so that the min-size package can be uploaded to a different Az Blob container.' Write-Host '- For other builds, the min-size package is removed after being downloaded, so that it' Write-Host ' does not get accidentally uploaded to the wrong Az Blob container.' $minSizePkg = '$(System.ArtifactsDirectory)\finished\release\*-gc.tar.gz' if (Test-Path -Path $minSizePkg) { if ('$(buildName)' -eq 'DEB') { $minSizeDir = '$(System.ArtifactsDirectory)\finished\minSize' New-Item -Path $minSizeDir -Type Directory -Force > $null Move-Item -Path $minSizePkg -Destination $minSizeDir Write-Host "`nCapture the min-size package moved to the target folder." Get-ChildItem -Path $minSizeDir } else { Write-Host '$(buildName): Remove the min-size package.' Remove-Item -Path $minSizePkg -Force } } else { Write-Host 'min-size package not found, so skip this step.' } displayName: 'Move minSize package to separate folder' - task: DownloadBuildArtifacts@0 displayName: 'Download rpm Artifacts copy' inputs: downloadType: specific itemPattern: '**/*.rpm' downloadPath: '$(System.ArtifactsDirectory)\rpm' condition: and(eq(variables['buildName'], 'RPM'), succeeded()) - template: EsrpScan.yml@ComplianceRepo parameters: scanPath: $(System.ArtifactsDirectory) pattern: | **\*.rpm **\*.deb **\*.tar.gz - ${{ if eq(variables['buildName'], 'RPM') }}: - template: EsrpSign.yml@ComplianceRepo parameters: buildOutputPath: $(System.ArtifactsDirectory)\rpm signOutputPath: $(Build.StagingDirectory)\signedPackages certificateId: "CP-450779-Pgp" pattern: | **\*.rpm useMinimatch: true shouldSign: $(SHOULD_SIGN) displayName: Sign RPM # requires windows - task: AzureFileCopy@4 displayName: 'Upload to Azure - DEB and tar.gz' inputs: SourcePath: '$(System.ArtifactsDirectory)\finished\release\*' azureSubscription: '$(AzureFileCopySubscription)' Destination: AzureBlob storage: '$(StorageAccount)' ContainerName: '$(AzureVersion)' - template: upload-final-results.yml parameters: artifactPath: $(System.ArtifactsDirectory)\finished\release # requires windows - task: AzureFileCopy@4 displayName: 'Upload to Azure - min-size package for Guest Config' inputs: SourcePath: '$(System.ArtifactsDirectory)\finished\minSize\*' azureSubscription: '$(AzureFileCopySubscription)' Destination: AzureBlob storage: '$(StorageAccount)' ContainerName: '$(AzureVersion)-gc' condition: and(eq(variables['buildName'], 'DEB'), succeeded()) - template: upload-final-results.yml parameters: artifactPath: $(System.ArtifactsDirectory)\finished\minSize condition: and(eq(variables['buildName'], 'DEB'), succeeded()) # requires windows - task: AzureFileCopy@4 displayName: 'Upload to Azure - RPM - Unsigned' inputs: SourcePath: '$(System.ArtifactsDirectory)\rpm\release\*' azureSubscription: '$(AzureFileCopySubscription)' Destination: AzureBlob storage: '$(StorageAccount)' ContainerName: '$(AzureVersion)' condition: and(and(succeeded(), ne(variables['SHOULD_SIGN'], 'true')),eq(variables['buildName'], 'RPM')) # requires windows - task: AzureFileCopy@4 displayName: 'Upload to Azure - RPM - Signed' inputs: SourcePath: '$(Build.StagingDirectory)\signedPackages\release\*' azureSubscription: '$(AzureFileCopySubscription)' Destination: AzureBlob storage: '$(StorageAccount)' ContainerName: '$(AzureVersion)' condition: and(and(succeeded(), eq(variables['SHOULD_SIGN'], 'true')),eq(variables['buildName'], 'RPM')) - template: upload-final-results.yml parameters: artifactPath: $(System.ArtifactsDirectory)\rpm\release condition: and(and(succeeded(), ne(variables['SHOULD_SIGN'], 'true')),eq(variables['buildName'], 'RPM')) - template: upload-final-results.yml parameters: artifactPath: '$(Build.StagingDirectory)\signedPackages\release' condition: and(and(succeeded(), eq(variables['SHOULD_SIGN'], 'true')),eq(variables['buildName'], 'RPM')) - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0 displayName: 'Component Detection' inputs: sourceScanPath: '$(Build.SourcesDirectory)' snapshotForceEnabled: true