232 lines
7.6 KiB
YAML
232 lines
7.6 KiB
YAML
parameters:
|
|
buildName: ''
|
|
uploadDisplayName: 'Upload'
|
|
parentJob: ''
|
|
|
|
jobs:
|
|
- job: build_${{ parameters.buildName }}
|
|
displayName: Build ${{ parameters.buildName }}
|
|
condition: succeeded()
|
|
pool:
|
|
vmImage: ubuntu-16.04
|
|
dependsOn: ${{ parameters.parentJob }}
|
|
variables:
|
|
- name: runCodesignValidationInjection
|
|
value: false
|
|
- name: build
|
|
value: ${{ parameters.buildName }}
|
|
- name: NugetSecurityAnalysisWarningLevel
|
|
value: none
|
|
- group: ESRP
|
|
|
|
steps:
|
|
- checkout: self
|
|
clean: true
|
|
|
|
- checkout: ComplianceRepo
|
|
clean: true
|
|
|
|
- template: SetVersionVariables.yml
|
|
parameters:
|
|
ReleaseTagVar: $(ReleaseTagVar)
|
|
|
|
- powershell: |
|
|
Write-Verbose -Verbose "$(build)"
|
|
|
|
if ('$(build)' -in 'alpine', 'fxdependent' -and '$(ReleaseTagVar)' -match '6.0.*')
|
|
{
|
|
$vstsCommandString = "vso[task.setvariable variable=SkipBuild]true"
|
|
}
|
|
else
|
|
{
|
|
$vstsCommandString = "vso[task.setvariable variable=SkipBuild]false"
|
|
}
|
|
displayName: 'Skip Alpine or fxdependent for PS v6.0.*'
|
|
|
|
- template: insert-nuget-config-azfeed.yml
|
|
parameters:
|
|
repoRoot: $(REPOROOT)
|
|
|
|
- powershell: |
|
|
import-module "$env:REPOROOT/build.psm1"
|
|
Sync-PSTags -AddRemoteIfMissing
|
|
displayName: SyncTags
|
|
condition: and(succeeded(), ne(variables['SkipBuild'], 'true'))
|
|
|
|
- powershell: |
|
|
$env:AzDevOpsFeedPAT2 = '$(AzDevOpsFeedPAT2)'
|
|
& "$env:REPOROOT/tools/releaseBuild/vstsbuild.ps1" -ReleaseTag $(ReleaseTagVar) -Name '$(build)'
|
|
$env:AzDevOpsFeedPAT2 = $null
|
|
|
|
displayName: 'Build and package'
|
|
condition: and(succeeded(), ne(variables['SkipBuild'], 'true'))
|
|
|
|
- job: upload_${{ parameters.buildName }}
|
|
displayName: ${{ parameters.uploadDisplayName }} ${{ parameters.buildName }}
|
|
dependsOn: build_${{ parameters.buildName }}
|
|
condition: succeeded()
|
|
pool:
|
|
vmImage: windows-latest
|
|
variables:
|
|
- name: buildName
|
|
value: ${{ parameters.buildName }}
|
|
- group: ESRP
|
|
- name: runCodesignValidationInjection
|
|
value: false
|
|
- name: NugetSecurityAnalysisWarningLevel
|
|
value: none
|
|
|
|
steps:
|
|
- checkout: self
|
|
clean: true
|
|
|
|
- checkout: ComplianceRepo
|
|
clean: true
|
|
|
|
- template: shouldSign.yml
|
|
|
|
- template: SetVersionVariables.yml
|
|
parameters:
|
|
ReleaseTagVar: $(ReleaseTagVar)
|
|
|
|
- task: DownloadBuildArtifacts@0
|
|
displayName: 'Download Deb Artifacts'
|
|
inputs:
|
|
downloadType: specific
|
|
itemPattern: '**/*.deb'
|
|
downloadPath: '$(System.ArtifactsDirectory)\finished'
|
|
condition: and(eq(variables['buildName'], 'DEB'), succeeded())
|
|
|
|
- task: DownloadBuildArtifacts@0
|
|
displayName: 'Download tar.gz Artifacts copy'
|
|
inputs:
|
|
downloadType: specific
|
|
itemPattern: '**/*.tar.gz'
|
|
downloadPath: '$(System.ArtifactsDirectory)\finished'
|
|
|
|
- powershell: |
|
|
Write-Host 'We handle the min-size package only when uploading for deb build.'
|
|
Write-Host '- For deb build, the min-size package is moved to a separate folder "finished\minSize",'
|
|
Write-Host ' so that the min-size package can be uploaded to a different Az Blob container.'
|
|
Write-Host '- For other builds, the min-size package is removed after being downloaded, so that it'
|
|
Write-Host ' does not get accidentally uploaded to the wrong Az Blob container.'
|
|
|
|
$minSizePkg = '$(System.ArtifactsDirectory)\finished\release\*-gc.tar.gz'
|
|
if (Test-Path -Path $minSizePkg)
|
|
{
|
|
if ('$(buildName)' -eq 'DEB')
|
|
{
|
|
$minSizeDir = '$(System.ArtifactsDirectory)\finished\minSize'
|
|
New-Item -Path $minSizeDir -Type Directory -Force > $null
|
|
Move-Item -Path $minSizePkg -Destination $minSizeDir
|
|
|
|
Write-Host "`nCapture the min-size package moved to the target folder."
|
|
Get-ChildItem -Path $minSizeDir
|
|
}
|
|
else
|
|
{
|
|
Write-Host '$(buildName): Remove the min-size package.'
|
|
Remove-Item -Path $minSizePkg -Force
|
|
}
|
|
}
|
|
else
|
|
{
|
|
Write-Host 'min-size package not found, so skip this step.'
|
|
}
|
|
displayName: 'Move minSize package to separate folder'
|
|
|
|
- task: DownloadBuildArtifacts@0
|
|
displayName: 'Download rpm Artifacts copy'
|
|
inputs:
|
|
downloadType: specific
|
|
itemPattern: '**/*.rpm'
|
|
downloadPath: '$(System.ArtifactsDirectory)\rpm'
|
|
condition: and(eq(variables['buildName'], 'RPM'), succeeded())
|
|
|
|
- template: EsrpScan.yml@ComplianceRepo
|
|
parameters:
|
|
scanPath: $(System.ArtifactsDirectory)
|
|
pattern: |
|
|
**\*.rpm
|
|
**\*.deb
|
|
**\*.tar.gz
|
|
|
|
- ${{ if eq(variables['buildName'], 'RPM') }}:
|
|
- template: EsrpSign.yml@ComplianceRepo
|
|
parameters:
|
|
buildOutputPath: $(System.ArtifactsDirectory)\rpm
|
|
signOutputPath: $(Build.StagingDirectory)\signedPackages
|
|
certificateId: "CP-450779-Pgp"
|
|
pattern: |
|
|
**\*.rpm
|
|
useMinimatch: true
|
|
shouldSign: $(SHOULD_SIGN)
|
|
|
|
# requires windows
|
|
- task: AzureFileCopy@4
|
|
displayName: 'Upload to Azure - DEB and tar.gz'
|
|
inputs:
|
|
SourcePath: '$(System.ArtifactsDirectory)\finished\release\*'
|
|
azureSubscription: '$(AzureFileCopySubscription)'
|
|
Destination: AzureBlob
|
|
storage: '$(StorageAccount)'
|
|
ContainerName: '$(AzureVersion)'
|
|
|
|
- template: upload-final-results.yml
|
|
parameters:
|
|
artifactPath: $(System.ArtifactsDirectory)\finished\release
|
|
|
|
# requires windows
|
|
- task: AzureFileCopy@4
|
|
displayName: 'Upload to Azure - min-size package for Guest Config'
|
|
inputs:
|
|
SourcePath: '$(System.ArtifactsDirectory)\finished\minSize\*'
|
|
azureSubscription: '$(AzureFileCopySubscription)'
|
|
Destination: AzureBlob
|
|
storage: '$(StorageAccount)'
|
|
ContainerName: '$(AzureVersion)-gc'
|
|
condition: and(eq(variables['buildName'], 'DEB'), succeeded())
|
|
|
|
- template: upload-final-results.yml
|
|
parameters:
|
|
artifactPath: $(System.ArtifactsDirectory)\finished\minSize
|
|
condition: and(eq(variables['buildName'], 'DEB'), succeeded())
|
|
|
|
# requires windows
|
|
- task: AzureFileCopy@4
|
|
displayName: 'Upload to Azure - RPM - Unsigned'
|
|
inputs:
|
|
SourcePath: '$(System.ArtifactsDirectory)\rpm\release\*'
|
|
azureSubscription: '$(AzureFileCopySubscription)'
|
|
Destination: AzureBlob
|
|
storage: '$(StorageAccount)'
|
|
ContainerName: '$(AzureVersion)'
|
|
condition: and(and(succeeded(), ne(variables['SHOULD_SIGN'], 'true')),eq(variables['buildName'], 'RPM'))
|
|
|
|
# requires windows
|
|
- task: AzureFileCopy@4
|
|
displayName: 'Upload to Azure - RPM - Signed'
|
|
inputs:
|
|
SourcePath: '$(Build.StagingDirectory)\signedPackages\release\*'
|
|
azureSubscription: '$(AzureFileCopySubscription)'
|
|
Destination: AzureBlob
|
|
storage: '$(StorageAccount)'
|
|
ContainerName: '$(AzureVersion)'
|
|
condition: and(and(succeeded(), eq(variables['SHOULD_SIGN'], 'true')),eq(variables['buildName'], 'RPM'))
|
|
|
|
- template: upload-final-results.yml
|
|
parameters:
|
|
artifactPath: $(System.ArtifactsDirectory)\rpm\release
|
|
condition: and(and(succeeded(), ne(variables['SHOULD_SIGN'], 'true')),eq(variables['buildName'], 'RPM'))
|
|
|
|
- template: upload-final-results.yml
|
|
parameters:
|
|
artifactPath: '$(Build.StagingDirectory)\signedPackages\release'
|
|
condition: and(and(succeeded(), eq(variables['SHOULD_SIGN'], 'true')),eq(variables['buildName'], 'RPM'))
|
|
|
|
- task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
|
|
displayName: 'Component Detection'
|
|
inputs:
|
|
sourceScanPath: '$(Build.SourcesDirectory)'
|
|
snapshotForceEnabled: true
|