277 lines
11 KiB
YAML
277 lines
11 KiB
YAML
parameters:
|
|
- name: BuildConfiguration
|
|
default: release
|
|
- name: BuildPlatform
|
|
default: any cpu
|
|
- name: Architecture
|
|
default: x64
|
|
- name: parentJob
|
|
default: ''
|
|
|
|
jobs:
|
|
- job: sign_windows_${{ parameters.Architecture }}
|
|
displayName: Package Windows - ${{ parameters.Architecture }}
|
|
condition: succeeded()
|
|
dependsOn: ${{ parameters.parentJob }}
|
|
pool:
|
|
vmImage: windows-latest
|
|
variables:
|
|
- name: BuildConfiguration
|
|
value: ${{ parameters.BuildConfiguration }}
|
|
- name: BuildPlatform
|
|
value: ${{ parameters.BuildPlatform }}
|
|
- name: Architecture
|
|
value: ${{ parameters.Architecture }}
|
|
- name: DOTNET_SKIP_FIRST_TIME_EXPERIENCE
|
|
value: 1
|
|
- group: ESRP
|
|
|
|
steps:
|
|
|
|
- checkout: self
|
|
clean: true
|
|
|
|
- checkout: ComplianceRepo
|
|
clean: true
|
|
|
|
- template: shouldSign.yml
|
|
- template: SetVersionVariables.yml
|
|
parameters:
|
|
ReleaseTagVar: $(ReleaseTagVar)
|
|
|
|
- powershell: |
|
|
$pkgFilter = if ( '$(Architecture)' -eq 'arm' ) {
|
|
"arm32"
|
|
}
|
|
else {
|
|
'$(Architecture)'
|
|
}
|
|
|
|
$vstsCommandString = "vso[task.setvariable variable=PkgFilter]$pkgFilter"
|
|
Write-Host ("sending " + $vstsCommandString)
|
|
Write-Host "##$vstsCommandString"
|
|
displayName: Set packageName variable
|
|
|
|
- task: DownloadBuildArtifacts@0
|
|
inputs:
|
|
artifactName: 'results'
|
|
itemPattern: '**/*$(PkgFilter).zip'
|
|
downloadPath: '$(System.ArtifactsDirectory)\Symbols'
|
|
|
|
- template: cloneToOfficialPath.yml
|
|
|
|
- powershell: |
|
|
# cleanup previous install
|
|
if((Test-Path "${env:ProgramFiles(x86)}\WiX Toolset xcopy")) {
|
|
Remove-Item "${env:ProgramFiles(x86)}\WiX Toolset xcopy" -Recurse -Force
|
|
}
|
|
|
|
$toolsDir = New-Item -ItemType Directory -Path '$(Build.ArtifactStagingDirectory)\tools'
|
|
$wixUri = 'https://github.com/wixtoolset/wix3/releases/download/wix311rtm/wix311-binaries.zip'
|
|
Invoke-RestMethod -Uri $wixUri -OutFile '$(Build.ArtifactStagingDirectory)\tools\wix.zip'
|
|
|
|
Import-Module '$(PowerShellRoot)/tools/releaseBuild/Images/microsoft_powershell_windowsservercore/wix.psm1'
|
|
Install-WixZip -zipPath '$(Build.ArtifactStagingDirectory)\tools\wix.zip'
|
|
|
|
$msixUrl = '$(makeappUrl)'
|
|
Invoke-RestMethod -Uri $msixUrl -OutFile '\makeappx.zip'
|
|
Expand-Archive '\makeappx.zip' -destination '\' -Force
|
|
|
|
displayName: Install packaging tools
|
|
|
|
- powershell: |
|
|
$zipPath = Get-Item '$(System.ArtifactsDirectory)\Symbols\results\*$(PkgFilter).zip'
|
|
Write-Verbose -Verbose "Zip Path: $zipPath"
|
|
|
|
$expandedFolder = $zipPath.BaseName
|
|
Write-Host "sending.. vso[task.setvariable variable=SymbolsFolder]$expandedFolder"
|
|
Write-Host "##vso[task.setvariable variable=SymbolsFolder]$expandedFolder"
|
|
|
|
Expand-Archive -Path $zipPath -Destination "$(System.ArtifactsDirectory)\$expandedFolder" -Force
|
|
displayName: Expand symbols zip
|
|
|
|
- pwsh: |
|
|
$fullSymbolsFolder = "$(System.ArtifactsDirectory)\$($env:SYMBOLSFOLDER)"
|
|
|
|
$filesToSignDirectory = "$(System.ArtifactsDirectory)\toBeSigned"
|
|
$null = New-Item -ItemType Directory -Path $filesToSignDirectory -Force
|
|
|
|
$signedFilesDirectory = "$(System.ArtifactsDirectory)\signed"
|
|
$null = New-Item -ItemType Directory -Path $signedFilesDirectory -Force
|
|
|
|
$itemsToCopyWithRecurse = @(
|
|
"$($fullSymbolsFolder)\*.ps1"
|
|
"$($fullSymbolsFolder)\Microsoft.PowerShell*.dll"
|
|
)
|
|
|
|
$itemsToCopy = @{
|
|
"$($fullSymbolsFolder)\*.ps1" = ""
|
|
"$($fullSymbolsFolder)\Microsoft.Management.Infrastructure.CimCmdlets.dll" = ""
|
|
"$($fullSymbolsFolder)\Microsoft.WSMan.*.dll" = ""
|
|
"$($fullSymbolsFolder)\Modules\CimCmdlets\CimCmdlets.psd1" = "Modules\CimCmdlets"
|
|
"$($fullSymbolsFolder)\Modules\Microsoft.PowerShell.Diagnostics\Diagnostics.format.ps1xml" = "Modules\Microsoft.PowerShell.Diagnostics"
|
|
"$($fullSymbolsFolder)\Modules\Microsoft.PowerShell.Diagnostics\Event.format.ps1xml" = "Modules\Microsoft.PowerShell.Diagnostics"
|
|
"$($fullSymbolsFolder)\Modules\Microsoft.PowerShell.Diagnostics\GetEvent.types.ps1xml" = "Modules\Microsoft.PowerShell.Diagnostics"
|
|
"$($fullSymbolsFolder)\Modules\Microsoft.PowerShell.Diagnostics\Microsoft.PowerShell.Diagnostics.psd1" = "Modules\Microsoft.PowerShell.Diagnostics"
|
|
"$($fullSymbolsFolder)\Modules\Microsoft.PowerShell.Host\Microsoft.PowerShell.Host.psd1" = "Modules\Microsoft.PowerShell.Host"
|
|
"$($fullSymbolsFolder)\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Management.psd1" = "Modules\Microsoft.PowerShell.Management"
|
|
"$($fullSymbolsFolder)\Modules\Microsoft.PowerShell.Security\Microsoft.PowerShell.Security.psd1" = "Modules\Microsoft.PowerShell.Security"
|
|
"$($fullSymbolsFolder)\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psd1" = "Modules\Microsoft.PowerShell.Utility"
|
|
"$($fullSymbolsFolder)\Modules\Microsoft.WSMan.Management\Microsoft.WSMan.Management.psd1" = "Modules\Microsoft.WSMan.Management"
|
|
"$($fullSymbolsFolder)\Modules\Microsoft.WSMan.Management\WSMan.format.ps1xml" = "Modules\Microsoft.WSMan.Management"
|
|
"$($fullSymbolsFolder)\Modules\PSDiagnostics\PSDiagnostics.ps?1" = "Modules\PSDiagnostics"
|
|
"$($fullSymbolsFolder)\pwsh.dll" = ""
|
|
"$($fullSymbolsFolder)\System.Management.Automation.dll" = ""
|
|
}
|
|
|
|
$itemsToExclude = @{
|
|
# This package is retrieved from https://www.github.com/powershell/MarkdownRender
|
|
"$($fullSymbolsFolder)\Microsoft.PowerShell.MarkdownRender.dll"
|
|
}
|
|
|
|
if ("$env:Architecture" -notlike 'fxdependent*')
|
|
{
|
|
$itemsToCopy += @{"$($fullSymbolsFolder)\pwsh.exe" = ""}
|
|
}
|
|
|
|
Write-Verbose -verbose "recusively copying $($itemsToCopyWithRecurse | out-string) to $filesToSignDirectory"
|
|
Copy-Item -Path $itemsToCopyWithRecurse -Destination $filesToSignDirectory -Recurse -verbose -exclude $itemsToExclude
|
|
|
|
foreach($pattern in $itemsToCopy.Keys) {
|
|
$destinationFolder = Join-Path $filesToSignDirectory -ChildPath $itemsToCopy.$pattern
|
|
$null = New-Item -ItemType Directory -Path $destinationFolder -Force
|
|
Write-Verbose -verbose "copying $pattern to $destinationFolder"
|
|
Copy-Item -Path $pattern -Destination $destinationFolder -Recurse -verbose
|
|
}
|
|
displayName: 'Prepare files to be signed'
|
|
|
|
- template: EsrpSign.yml@ComplianceRepo
|
|
parameters:
|
|
buildOutputPath: $(System.ArtifactsDirectory)\toBeSigned
|
|
signOutputPath: $(System.ArtifactsDirectory)\signed
|
|
certificateId: "CP-230012"
|
|
pattern: |
|
|
**\*.dll
|
|
**\*.psd1
|
|
**\*.psm1
|
|
**\*.ps1xml
|
|
**\*.ps1
|
|
**\*.exe
|
|
useMinimatch: true
|
|
|
|
- pwsh: |
|
|
Import-Module $(PowerShellRoot)/build.psm1 -Force
|
|
Import-Module $(PowerShellRoot)/tools/packaging -Force
|
|
$signedFilesPath = '$(System.ArtifactsDirectory)\signed\'
|
|
$BuildPath = '$(System.ArtifactsDirectory)\$(SymbolsFolder)'
|
|
|
|
Update-PSSignedBuildFolder -BuildPath $BuildPath -SignedFilesPath $SignedFilesPath
|
|
$dlls = Get-ChildItem $BuildPath\*.dll -Recurse
|
|
$signatures = $dlls | Get-AuthenticodeSignature
|
|
$missingSignatures = $signatures | Where-Object { $_.status -eq 'notsigned'}| select-object -ExpandProperty Path
|
|
|
|
Write-Verbose -verbose "to be signed:`r`n $($missingSignatures | Out-String)"
|
|
|
|
$filesToSignDirectory = "$(System.ArtifactsDirectory)\thirdPartyToBeSigned"
|
|
$null = New-Item -ItemType Directory -Path $filesToSignDirectory -Force
|
|
|
|
$signedFilesDirectory = "$(System.ArtifactsDirectory)\thirdPartySigned"
|
|
$null = New-Item -ItemType Directory -Path $signedFilesDirectory -Force
|
|
|
|
$missingSignatures | ForEach-Object {
|
|
Copy-Item -Path $_ -Destination $filesToSignDirectory
|
|
}
|
|
|
|
displayName: Create ThirdParty Signing Folder
|
|
condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true'))
|
|
|
|
- template: EsrpSign.yml@ComplianceRepo
|
|
parameters:
|
|
buildOutputPath: $(System.ArtifactsDirectory)\thirdPartyToBeSigned
|
|
signOutputPath: $(System.ArtifactsDirectory)\thirdPartySigned
|
|
certificateId: "CP-231522"
|
|
pattern: |
|
|
**\*.dll
|
|
useMinimatch: true
|
|
|
|
- powershell: |
|
|
Get-ChildItem '$(System.ArtifactsDirectory)\thirdPartySigned\*'
|
|
displayName: Captrue ThirdParty Signed files
|
|
condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true'))
|
|
|
|
- powershell: |
|
|
Import-Module $(PowerShellRoot)/build.psm1 -Force
|
|
Import-Module $(PowerShellRoot)/tools/packaging -Force
|
|
$signedFilesPath = '$(System.ArtifactsDirectory)\thirdPartySigned'
|
|
$BuildPath = '$(System.ArtifactsDirectory)\$(SymbolsFolder)'
|
|
|
|
Update-PSSignedBuildFolder -BuildPath $BuildPath -SignedFilesPath $SignedFilesPath
|
|
displayName: Merge ThirdParty signed files with Build
|
|
condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true'))
|
|
|
|
- powershell: |
|
|
Import-Module $(PowerShellRoot)/build.psm1 -Force
|
|
Import-Module $(PowerShellRoot)/tools/packaging -Force
|
|
|
|
$destFolder = '$(System.ArtifactsDirectory)\signedZip'
|
|
$BuildPath = '$(System.ArtifactsDirectory)\$(SymbolsFolder)'
|
|
|
|
New-Item -ItemType Directory -Path $destFolder -Force
|
|
|
|
$BuildPackagePath = New-PSBuildZip -BuildPath $BuildPath -DestinationFolder $destFolder
|
|
|
|
Write-Verbose -Verbose "New-PSSignedBuildZip returned `$BuildPackagePath as: $BuildPackagePath"
|
|
Write-Host "##vso[artifact.upload containerfolder=results;artifactname=results]$BuildPackagePath"
|
|
|
|
$vstsCommandString = "vso[task.setvariable variable=BuildPackagePath]$BuildPackagePath"
|
|
Write-Host ("sending " + $vstsCommandString)
|
|
Write-Host "##$vstsCommandString"
|
|
displayName: Compress signed files
|
|
|
|
- powershell: |
|
|
$runtime = switch ($env:Architecture)
|
|
{
|
|
"x64" { "win7-x64" }
|
|
"x86" { "win7-x86" }
|
|
"arm" { "win-arm"}
|
|
"arm64" { "win-arm64" }
|
|
"fxdependent" { "fxdependent" }
|
|
"fxdependentWinDesktop" { "fxdependent-win-desktop" }
|
|
}
|
|
|
|
$signedPkg = "$(BuildPackagePath)"
|
|
|
|
Write-Verbose -Verbose -Message "signedPkg = $signedPkg"
|
|
|
|
$(PowerShellRoot)/tools/releaseBuild/Images/microsoft_powershell_windowsservercore/PowerShellPackage.ps1 -BuildZip $signedPkg -location '$(PowerShellRoot)' -destination '$(System.ArtifactsDirectory)\pkgSigned' -Runtime $runtime -ReleaseTag '$(ReleaseTagVar)'
|
|
displayName: 'Build Windows Universal - $(Architecture) Package'
|
|
|
|
- powershell: |
|
|
Get-ChildItem '$(System.ArtifactsDirectory)\pkgSigned' | ForEach-Object {
|
|
$packagePath = $_.FullName
|
|
Write-Host "Uploading $packagePath"
|
|
Write-Host "##vso[artifact.upload containerfolder=signed;artifactname=signed]$packagePath"
|
|
}
|
|
displayName: Upload packages
|
|
|
|
- task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
|
|
displayName: 'Component Detection'
|
|
inputs:
|
|
sourceScanPath: '$(Build.SourcesDirectory)'
|
|
snapshotForceEnabled: true
|
|
|
|
- powershell: |
|
|
if ((Test-Path "\PowerShell")) {
|
|
Remove-Item -Path "\PowerShell" -Force -Recurse -Verbose
|
|
}
|
|
else {
|
|
Write-Verbose -Verbose -Message "No cleanup required."
|
|
}
|
|
|
|
if((Test-Path "${env:ProgramFiles(x86)}\WiX Toolset xcopy")) {
|
|
Write-Verbose -Verbose "Cleaning up Wix tools"
|
|
Remove-Item "${env:ProgramFiles(x86)}\WiX Toolset xcopy" -Recurse -Force
|
|
}
|
|
displayName: Clean up local Clone
|
|
condition: always()
|