303 lines
10 KiB
YAML
303 lines
10 KiB
YAML
parameters:
|
|
buildName: ''
|
|
uploadDisplayName: 'Upload'
|
|
parentJob: ''
|
|
|
|
jobs:
|
|
- job: build_${{ parameters.buildName }}
|
|
displayName: Build ${{ parameters.buildName }}
|
|
condition: succeeded()
|
|
pool:
|
|
name: PowerShell1ES
|
|
demands:
|
|
- ImageOverride -equals MMSUbuntu20.04
|
|
dependsOn: ${{ parameters.parentJob }}
|
|
variables:
|
|
- name: runCodesignValidationInjection
|
|
value: false
|
|
- name: build
|
|
value: ${{ parameters.buildName }}
|
|
- name: NugetSecurityAnalysisWarningLevel
|
|
value: none
|
|
- group: ESRP
|
|
|
|
steps:
|
|
- checkout: self
|
|
clean: true
|
|
|
|
- checkout: ComplianceRepo
|
|
clean: true
|
|
|
|
- template: SetVersionVariables.yml
|
|
parameters:
|
|
ReleaseTagVar: $(ReleaseTagVar)
|
|
|
|
- pwsh: |
|
|
# create folder
|
|
sudo mkdir /PowerShell
|
|
|
|
# make the current user the owner
|
|
sudo chown $env:USER /PowerShell
|
|
displayName: 'Create /PowerShell'
|
|
|
|
- template: cloneToOfficialPath.yml
|
|
|
|
- template: insert-nuget-config-azfeed.yml
|
|
parameters:
|
|
repoRoot: $(PowerShellRoot)
|
|
|
|
- powershell: |
|
|
import-module "$env:POWERSHELLROOT/build.psm1"
|
|
Sync-PSTags -AddRemoteIfMissing
|
|
displayName: SyncTags
|
|
condition: and(succeeded(), ne(variables['SkipBuild'], 'true'))
|
|
workingDirectory: $(PowerShellRoot)
|
|
|
|
- powershell: |
|
|
Import-Module "$env:POWERSHELLROOT/build.psm1"
|
|
|
|
Start-PSBootstrap -Package
|
|
displayName: 'Bootstrap'
|
|
condition: and(succeeded(), ne(variables['SkipBuild'], 'true'))
|
|
workingDirectory: $(PowerShellRoot)
|
|
|
|
- powershell: |
|
|
|
|
Import-Module "$env:POWERSHELLROOT/build.psm1"
|
|
Import-Module "$env:POWERSHELLROOT/tools/packaging"
|
|
|
|
Invoke-AzDevOpsLinuxPackageBuild -ReleaseTag '$(ReleaseTagVar)' -BuildType '$(build)'
|
|
displayName: 'Build'
|
|
condition: and(succeeded(), ne(variables['SkipBuild'], 'true'))
|
|
workingDirectory: $(PowerShellRoot)
|
|
|
|
- template: Sbom.yml@ComplianceRepo
|
|
parameters:
|
|
BuildDropPath: '$(System.ArtifactsDirectory)/pwshLinuxBuild'
|
|
Build_Repository_Uri: $(Github_Build_Repository_Uri)
|
|
displayName: ${{ parameters.buildName }} SBOM
|
|
|
|
- ${{ if eq(variables.build,'deb') }} :
|
|
- template: Sbom.yml@ComplianceRepo
|
|
parameters:
|
|
BuildDropPath: '$(System.ArtifactsDirectory)/pwshLinuxBuildMinSize'
|
|
Build_Repository_Uri: $(Github_Build_Repository_Uri)
|
|
displayName: MinSize SBOM
|
|
|
|
- ${{ if eq(variables.build,'deb') }} :
|
|
- template: Sbom.yml@ComplianceRepo
|
|
parameters:
|
|
BuildDropPath: '$(System.ArtifactsDirectory)/pwshLinuxBuildArm32'
|
|
Build_Repository_Uri: $(Github_Build_Repository_Uri)
|
|
displayName: Arm32 SBOM
|
|
|
|
- ${{ if eq(variables.build,'deb') }} :
|
|
- template: Sbom.yml@ComplianceRepo
|
|
parameters:
|
|
BuildDropPath: '$(System.ArtifactsDirectory)/pwshLinuxBuildArm64'
|
|
Build_Repository_Uri: $(Github_Build_Repository_Uri)
|
|
displayName: Arm64 SBOM
|
|
|
|
- powershell: |
|
|
Import-Module "$env:POWERSHELLROOT/build.psm1"
|
|
Import-Module "$env:POWERSHELLROOT/tools/packaging"
|
|
|
|
$metadata = Get-Content "$env:POWERSHELLROOT/tools/metadata.json" -Raw | ConvertFrom-Json
|
|
$LTS = $metadata.LTSRelease
|
|
Write-Verbose -Verbose -Message "LTS is set to: $LTS"
|
|
|
|
Invoke-AzDevOpsLinuxPackageCreation -ReleaseTag '$(ReleaseTagVar)' -BuildType '$(build)'
|
|
|
|
if ($LTS) {
|
|
Write-Verbose -Verbose "Packaging LTS"
|
|
Invoke-AzDevOpsLinuxPackageCreation -LTS -ReleaseTag '$(ReleaseTagVar)' -BuildType '$(build)'
|
|
}
|
|
displayName: 'Package'
|
|
condition: and(succeeded(), ne(variables['SkipBuild'], 'true'))
|
|
workingDirectory: $(PowerShellRoot)
|
|
|
|
- powershell: |
|
|
$linuxPackages = Get-ChildItem "$env:POWERSHELLROOT/powershell*" -Include *.deb,*.rpm,*.tar.gz
|
|
|
|
$bucket = 'release'
|
|
foreach ($linuxPackage in $linuxPackages)
|
|
{
|
|
$filePath = $linuxPackage.FullName
|
|
Write-Verbose "Publishing $filePath to $bucket" -Verbose
|
|
Write-Host "##vso[artifact.upload containerfolder=$bucket;artifactname=$bucket]$filePath"
|
|
}
|
|
displayName: Publish artifacts
|
|
condition: and(succeeded(), ne(variables['SkipBuild'], 'true'))
|
|
workingDirectory: $(PowerShellRoot)
|
|
|
|
- job: upload_${{ parameters.buildName }}
|
|
displayName: ${{ parameters.uploadDisplayName }} ${{ parameters.buildName }}
|
|
dependsOn: build_${{ parameters.buildName }}
|
|
condition: succeeded()
|
|
pool:
|
|
name: PowerShell1ES
|
|
demands:
|
|
- ImageOverride -equals MMS2019
|
|
variables:
|
|
- name: buildName
|
|
value: ${{ parameters.buildName }}
|
|
- group: ESRP
|
|
- name: runCodesignValidationInjection
|
|
value: false
|
|
- name: NugetSecurityAnalysisWarningLevel
|
|
value: none
|
|
|
|
steps:
|
|
- checkout: self
|
|
clean: true
|
|
|
|
- checkout: ComplianceRepo
|
|
clean: true
|
|
|
|
- template: SetVersionVariables.yml
|
|
parameters:
|
|
ReleaseTagVar: $(ReleaseTagVar)
|
|
- template: shouldSign.yml
|
|
|
|
- task: DownloadBuildArtifacts@0
|
|
displayName: 'Download Deb Artifacts'
|
|
inputs:
|
|
downloadType: specific
|
|
itemPattern: '**/*.deb'
|
|
downloadPath: '$(System.ArtifactsDirectory)\finished'
|
|
condition: and(eq(variables['buildName'], 'DEB'), succeeded())
|
|
|
|
- task: DownloadBuildArtifacts@0
|
|
displayName: 'Download tar.gz Artifacts copy'
|
|
inputs:
|
|
downloadType: specific
|
|
itemPattern: '**/*.tar.gz'
|
|
downloadPath: '$(System.ArtifactsDirectory)\finished'
|
|
|
|
- powershell: |
|
|
Write-Host 'We handle the min-size package only when uploading for deb build.'
|
|
Write-Host '- For deb build, the min-size package is moved to a separate folder "finished\minSize",'
|
|
Write-Host ' so that the min-size package can be uploaded to a different Az Blob container.'
|
|
Write-Host '- For other builds, the min-size package is removed after being downloaded, so that it'
|
|
Write-Host ' does not get accidentally uploaded to the wrong Az Blob container.'
|
|
|
|
$minSizePkg = '$(System.ArtifactsDirectory)\finished\release\*-gc.tar.gz'
|
|
if (Test-Path -Path $minSizePkg)
|
|
{
|
|
if ('$(buildName)' -eq 'DEB')
|
|
{
|
|
$minSizeDir = '$(System.ArtifactsDirectory)\finished\minSize'
|
|
New-Item -Path $minSizeDir -Type Directory -Force > $null
|
|
Move-Item -Path $minSizePkg -Destination $minSizeDir
|
|
|
|
Write-Host "`nCapture the min-size package moved to the target folder."
|
|
Get-ChildItem -Path $minSizeDir
|
|
}
|
|
else
|
|
{
|
|
Write-Host '$(buildName): Remove the min-size package.'
|
|
Remove-Item -Path $minSizePkg -Force
|
|
}
|
|
}
|
|
else
|
|
{
|
|
Write-Host 'min-size package not found, so skip this step.'
|
|
}
|
|
displayName: 'Move minSize package to separate folder'
|
|
|
|
- task: DownloadBuildArtifacts@0
|
|
displayName: 'Download rpm Artifacts copy'
|
|
inputs:
|
|
downloadType: specific
|
|
itemPattern: '**/*.rpm'
|
|
downloadPath: '$(System.ArtifactsDirectory)\rpm'
|
|
condition: and(eq(variables['buildName'], 'RPM'), succeeded())
|
|
|
|
- template: EsrpScan.yml@ComplianceRepo
|
|
parameters:
|
|
scanPath: $(System.ArtifactsDirectory)
|
|
pattern: |
|
|
**\*.rpm
|
|
**\*.deb
|
|
**\*.tar.gz
|
|
|
|
- ${{ if eq(variables['buildName'], 'RPM') }}:
|
|
- template: EsrpSign.yml@ComplianceRepo
|
|
parameters:
|
|
buildOutputPath: $(System.ArtifactsDirectory)\rpm
|
|
signOutputPath: $(Build.StagingDirectory)\signedPackages
|
|
certificateId: "CP-450779-Pgp"
|
|
pattern: |
|
|
**\*.rpm
|
|
useMinimatch: true
|
|
shouldSign: $(SHOULD_SIGN)
|
|
displayName: Sign RPM
|
|
|
|
# requires windows
|
|
- task: AzureFileCopy@4
|
|
displayName: 'Upload to Azure - DEB and tar.gz'
|
|
inputs:
|
|
SourcePath: '$(System.ArtifactsDirectory)\finished\release\*'
|
|
azureSubscription: '$(AzureFileCopySubscription)'
|
|
Destination: AzureBlob
|
|
storage: '$(StorageAccount)'
|
|
ContainerName: '$(AzureVersion)'
|
|
|
|
- template: upload-final-results.yml
|
|
parameters:
|
|
artifactPath: $(System.ArtifactsDirectory)\finished\release
|
|
|
|
# requires windows
|
|
- task: AzureFileCopy@4
|
|
displayName: 'Upload to Azure - min-size package for Guest Config'
|
|
inputs:
|
|
SourcePath: '$(System.ArtifactsDirectory)\finished\minSize\*'
|
|
azureSubscription: '$(AzureFileCopySubscription)'
|
|
Destination: AzureBlob
|
|
storage: '$(StorageAccount)'
|
|
ContainerName: '$(AzureVersion)-gc'
|
|
condition: and(eq(variables['buildName'], 'DEB'), succeeded())
|
|
|
|
- template: upload-final-results.yml
|
|
parameters:
|
|
artifactPath: $(System.ArtifactsDirectory)\finished\minSize
|
|
condition: and(eq(variables['buildName'], 'DEB'), succeeded())
|
|
|
|
# requires windows
|
|
- task: AzureFileCopy@4
|
|
displayName: 'Upload to Azure - RPM - Unsigned'
|
|
inputs:
|
|
SourcePath: '$(System.ArtifactsDirectory)\rpm\release\*'
|
|
azureSubscription: '$(AzureFileCopySubscription)'
|
|
Destination: AzureBlob
|
|
storage: '$(StorageAccount)'
|
|
ContainerName: '$(AzureVersion)'
|
|
condition: and(and(succeeded(), ne(variables['SHOULD_SIGN'], 'true')),eq(variables['buildName'], 'RPM'))
|
|
|
|
# requires windows
|
|
- task: AzureFileCopy@4
|
|
displayName: 'Upload to Azure - RPM - Signed'
|
|
inputs:
|
|
SourcePath: '$(Build.StagingDirectory)\signedPackages\release\*'
|
|
azureSubscription: '$(AzureFileCopySubscription)'
|
|
Destination: AzureBlob
|
|
storage: '$(StorageAccount)'
|
|
ContainerName: '$(AzureVersion)'
|
|
condition: and(and(succeeded(), eq(variables['SHOULD_SIGN'], 'true')),eq(variables['buildName'], 'RPM'))
|
|
|
|
- template: upload-final-results.yml
|
|
parameters:
|
|
artifactPath: $(System.ArtifactsDirectory)\rpm\release
|
|
condition: and(and(succeeded(), ne(variables['SHOULD_SIGN'], 'true')),eq(variables['buildName'], 'RPM'))
|
|
|
|
- template: upload-final-results.yml
|
|
parameters:
|
|
artifactPath: '$(Build.StagingDirectory)\signedPackages\release'
|
|
condition: and(and(succeeded(), eq(variables['SHOULD_SIGN'], 'true')),eq(variables['buildName'], 'RPM'))
|
|
|
|
- task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
|
|
displayName: 'Component Detection'
|
|
inputs:
|
|
sourceScanPath: '$(Build.SourcesDirectory)'
|
|
snapshotForceEnabled: true
|