189 lines
7.3 KiB
YAML
189 lines
7.3 KiB
YAML
parameters:
|
|
parentJobs: []
|
|
|
|
jobs:
|
|
- job: build_nuget
|
|
dependsOn:
|
|
${{ parameters.parentJobs }}
|
|
displayName: Build NuGet packages
|
|
condition: succeeded()
|
|
pool: PowerShell
|
|
|
|
timeoutInMinutes: 90
|
|
|
|
variables:
|
|
GenAPIToolPath: '$(System.ArtifactsDirectory)/GenAPI'
|
|
PackagePath: '$(System.ArtifactsDirectory)/UnifiedPackagePath'
|
|
winFxdPath: '$(System.ArtifactsDirectory)/winFxd'
|
|
winFxdWinDesktopPath: '$(System.ArtifactsDirectory)/winFxdWinDesktop'
|
|
linuxFxdPath: '$(System.ArtifactsDirectory)/linuxFxd'
|
|
|
|
steps:
|
|
|
|
- powershell: |
|
|
$content = Get-Content "$(Build.SourcesDirectory)/global.json" -Raw | ConvertFrom-Json
|
|
$vstsCommandString = "vso[task.setvariable variable=SDKVersion]$($content.sdk.version)"
|
|
Write-Host "sending " + $vstsCommandString
|
|
Write-Host "##$vstsCommandString"
|
|
displayName: 'Find SDK version from global.json'
|
|
|
|
- task: DotNetCoreInstaller@0
|
|
displayName: 'Use .NET Core SDK from global.json'
|
|
inputs:
|
|
version: '$(SDKVersion)'
|
|
|
|
- task: DownloadBuildArtifacts@0
|
|
displayName: 'Download PowerShell build artifacts'
|
|
inputs:
|
|
buildType: current
|
|
downloadType: single
|
|
artifactName: finalResults
|
|
downloadPath: '$(System.ArtifactsDirectory)'
|
|
|
|
- powershell: 'Get-ChildItem $(System.ArtifactsDirectory) -recurse'
|
|
displayName: 'Capture downloaded artifacts'
|
|
|
|
- powershell: |
|
|
$packagePath = (Join-Path $(System.ArtifactsDirectory) packages)
|
|
New-Item $packagePath -ItemType Directory -Force > $null
|
|
$packages = Get-ChildItem $(System.ArtifactsDirectory) -Include *.zip, *.tar.gz -Recurse
|
|
$packages | ForEach-Object { Copy-Item $_.FullName -Destination $packagePath -Verbose }
|
|
Get-ChildItem $packagePath -Recurse
|
|
displayName: 'Conflate packages to same folder'
|
|
|
|
- task: ExtractFiles@1
|
|
displayName: 'Extract files win-fxdependent'
|
|
inputs:
|
|
archiveFilePatterns: '$(System.ArtifactsDirectory)/packages/PowerShell-*-win-fxdependent.zip'
|
|
destinationFolder: '$(winFxdPath)'
|
|
|
|
- task: ExtractFiles@1
|
|
displayName: 'Extract files win-fxdependentWinDesktop'
|
|
inputs:
|
|
archiveFilePatterns: '$(System.ArtifactsDirectory)/packages/PowerShell-*-win-fxdependentWinDesktop.zip'
|
|
destinationFolder: '$(winFxdWinDesktopPath)'
|
|
|
|
- task: ExtractFiles@1
|
|
displayName: 'Extract files linux-fxdependent'
|
|
inputs:
|
|
archiveFilePatterns: '$(System.ArtifactsDirectory)/packages/powershell-*-linux-x64-fxdependent.tar.gz'
|
|
destinationFolder: '$(linuxFxdPath)'
|
|
|
|
- task: PkgESInstallNuGetToolsPackage@10
|
|
displayName: 'Install package Microsoft.DotNet.BuildTools.GenAPI'
|
|
inputs:
|
|
packageName: Microsoft.DotNet.BuildTools.GenAPI
|
|
packageVersion: '1.0.0-beta-00081'
|
|
packageSources: 'https://nuget.org/api/v2'
|
|
installRoot: '$(GenAPIToolPath)'
|
|
|
|
- template: shouldSign.yml
|
|
|
|
- template: SetVersionVariables.yml
|
|
parameters:
|
|
ReleaseTagVar: $(ReleaseTagVar)
|
|
|
|
- task: NuGetToolInstaller@0
|
|
displayName: 'Install NuGet 4.9.3'
|
|
inputs:
|
|
versionSpec: 4.9.3
|
|
|
|
- powershell: |
|
|
Import-Module $env:BUILD_SOURCESDIRECTORY\build.psm1
|
|
Import-Module $env:BUILD_SOURCESDIRECTORY\tools\packaging
|
|
New-ILNugetPackage -PackagePath "$(PackagePath)" -PackageVersion "$(Version)" -WinFxdBinPath '$(winFxdPath)' -LinuxFxdBinPath '$(linuxFxdPath)' -GenAPIToolPath "$(GenAPIToolPath)"
|
|
displayName: 'Create Nuget Package Folders'
|
|
|
|
- powershell: |
|
|
Get-ChildItem $(linuxFxdPath)
|
|
Get-ChildItem $(winFxdPath)
|
|
Get-ChildItem $(winFxdWinDesktopPath)
|
|
displayName: Capture fxd folders
|
|
|
|
- powershell: |
|
|
Import-Module $env:BUILD_SOURCESDIRECTORY\build.psm1
|
|
Import-Module $env:BUILD_SOURCESDIRECTORY\tools\packaging
|
|
|
|
# Create unified package first
|
|
New-GlobalToolNupkg -UnifiedPackage -LinuxBinPath "$(linuxFxdPath)" -WindowsBinPath "$(winFxdPath)" -WindowsDesktopBinPath "$(winFxdWinDesktopPath)" -PackageVersion "$(Version)" -DestinationPath "$(PackagePath)\globaltool"
|
|
|
|
# Create packages for dotnet sdk
|
|
New-GlobalToolNupkg -LinuxBinPath "$(linuxFxdPath)" -WindowsBinPath "$(winFxdPath)" -WindowsDesktopBinPath "$(winFxdWinDesktopPath)" -PackageVersion "$(Version)" -DestinationPath "$(PackagePath)\globaltool"
|
|
displayName: 'Create Global tool packages'
|
|
|
|
- powershell: |
|
|
Get-ChildItem "$(PackagePath)" -Recurse
|
|
displayName: Capture generated packages
|
|
|
|
- powershell: |
|
|
$packages = Get-ChildItem "$(PackagePath)\*.nupkg", "$(PackagePath)\globaltool\*.nupkg" | Select-Object -ExpandProperty FullName
|
|
|
|
if($packages.Count -lt 1)
|
|
{
|
|
throw "No packages created"
|
|
}
|
|
|
|
$(Build.SourcesDirectory)\tools\releaseBuild\generatePackgeSigning.ps1 -Path $(PackagePath)\NugetSigning.xml -NuPkgFiles $packages
|
|
displayName: Create signing file
|
|
|
|
- task: PkgESCodeSign@10
|
|
displayName: 'CodeSign Nuget Packages'
|
|
env:
|
|
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
|
|
inputs:
|
|
signConfigXml: '$(PackagePath)\NugetSigning.xml'
|
|
inPathRoot: '$(PackagePath)'
|
|
outPathRoot: '$(System.ArtifactsDirectory)\signed'
|
|
binVersion: $(SigingVersion)
|
|
binVersionOverride: $(SigningVersionOverride)
|
|
|
|
- powershell: |
|
|
Import-Module $(Build.SourcesDirectory)\build.psm1 -Force
|
|
Get-ChildItem -Recurse "$(System.ArtifactsDirectory)\signed\*.nupkg" -Verbose | ForEach-Object { Start-NativeExecution -sb { nuget.exe verify -All $_.FullName } }
|
|
displayName: Verify all packages are signed
|
|
|
|
- task: securedevelopmentteam.vss-secure-development-tools.build-task-antimalware.AntiMalware@3
|
|
displayName: 'Run MpCmdRun.exe'
|
|
inputs:
|
|
FileDirPath: '$(PackagePath)'
|
|
TreatStaleSignatureAs: Warning
|
|
|
|
- task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2
|
|
displayName: 'Publish Security Analysis Logs'
|
|
|
|
- template: upload-final-results.yml
|
|
parameters:
|
|
artifactPath: '$(System.ArtifactsDirectory)\signed'
|
|
|
|
- powershell: |
|
|
$null = New-Item -Path "$(System.ArtifactsDirectory)\signed\globaltool" -ItemType Directory
|
|
Move-Item -Path "$(System.ArtifactsDirectory)\signed\PowerShell.*" -Destination "$(System.ArtifactsDirectory)\signed\globaltool" -Force
|
|
Get-ChildItem "$(System.ArtifactsDirectory)\signed\globaltool" -Recurse
|
|
displayName: Move global tool packages to subfolder and capture
|
|
|
|
- task: AzureFileCopy@1
|
|
displayName: 'Upload NuGet packages to Azure'
|
|
inputs:
|
|
SourcePath: '$(System.ArtifactsDirectory)\signed\'
|
|
azureSubscription: '$(AzureFileCopySubscription)'
|
|
Destination: AzureBlob
|
|
storage: '$(StorageAccount)'
|
|
ContainerName: '$(AzureVersion)-nuget'
|
|
condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true'))
|
|
|
|
- task: AzureFileCopy@1
|
|
displayName: 'Upload global tool packages to Azure'
|
|
inputs:
|
|
sourcePath: '$(System.ArtifactsDirectory)\signed\globaltool'
|
|
azureSubscription: '$(GlobalToolSubscription)'
|
|
Destination: AzureBlob
|
|
storage: '$(GlobalToolStorageAccount)'
|
|
ContainerName: 'tool'
|
|
blobPrefix: '$(Version)'
|
|
condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true'))
|
|
|
|
- task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
|
|
displayName: 'Component Detection'
|
|
inputs:
|
|
sourceScanPath: '$(PackagePath)'
|