175 lines
5.4 KiB
YAML
175 lines
5.4 KiB
YAML
parameters:
|
|
buildName: ''
|
|
uploadDisplayName: 'Upload'
|
|
parentJob: ''
|
|
|
|
jobs:
|
|
- job: build_${{ parameters.buildName }}
|
|
displayName: Build ${{ parameters.buildName }}
|
|
condition: succeeded()
|
|
pool:
|
|
vmImage: ubuntu-16.04
|
|
dependsOn: ${{ parameters.parentJob }}
|
|
variables:
|
|
- name: runCodesignValidationInjection
|
|
value: false
|
|
- name: build
|
|
value: ${{ parameters.buildName }}
|
|
- group: ESRP
|
|
|
|
steps:
|
|
- checkout: self
|
|
clean: true
|
|
|
|
- template: SetVersionVariables.yml
|
|
parameters:
|
|
ReleaseTagVar: $(ReleaseTagVar)
|
|
|
|
- powershell: |
|
|
Write-Verbose -Verbose "$(build)"
|
|
|
|
if ('$(build)' -in 'alpine', 'fxdependent' -and '$(ReleaseTagVar)' -match '6.0.*')
|
|
{
|
|
$vstsCommandString = "vso[task.setvariable variable=SkipBuild]true"
|
|
}
|
|
else
|
|
{
|
|
$vstsCommandString = "vso[task.setvariable variable=SkipBuild]false"
|
|
}
|
|
displayName: 'Skip Alpine or fxdependent for PS v6.0.*'
|
|
|
|
- template: insert-nuget-config-azfeed.yml
|
|
|
|
|
|
- powershell: |
|
|
import-module "$env:REPOROOT/build.psm1"
|
|
Sync-PSTags -AddRemoteIfMissing
|
|
displayName: SyncTags
|
|
condition: and(succeeded(), ne(variables['SkipBuild'], 'true'))
|
|
|
|
- powershell: |
|
|
& "$env:REPOROOT/tools/releaseBuild/vstsbuild.ps1" -ReleaseTag $(ReleaseTagVar) -Name '$(build)'
|
|
|
|
displayName: 'Build and package'
|
|
condition: and(succeeded(), ne(variables['SkipBuild'], 'true'))
|
|
|
|
- job: upload_${{ parameters.buildName }}
|
|
displayName: ${{ parameters.uploadDisplayName }} ${{ parameters.buildName }}
|
|
dependsOn: build_${{ parameters.buildName }}
|
|
condition: succeeded()
|
|
pool:
|
|
vmImage: windows-latest
|
|
variables:
|
|
- name: buildName
|
|
value: ${{ parameters.buildName }}
|
|
- group: ESRP
|
|
|
|
steps:
|
|
- checkout: self
|
|
clean: true
|
|
|
|
- checkout: ComplianceRepo
|
|
clean: true
|
|
|
|
- template: shouldSign.yml
|
|
|
|
- template: SetVersionVariables.yml
|
|
parameters:
|
|
ReleaseTagVar: $(ReleaseTagVar)
|
|
|
|
- task: DownloadBuildArtifacts@0
|
|
displayName: 'Download Deb Artifacts'
|
|
inputs:
|
|
downloadType: specific
|
|
itemPattern: '**/*.deb'
|
|
downloadPath: '$(System.ArtifactsDirectory)\finished'
|
|
condition: and(eq(variables['buildName'], 'DEB'),succeeded())
|
|
|
|
- task: DownloadBuildArtifacts@0
|
|
displayName: 'Download tar.gz Artifacts copy'
|
|
inputs:
|
|
downloadType: specific
|
|
itemPattern: '**/*.tar.gz'
|
|
downloadPath: '$(System.ArtifactsDirectory)\finished'
|
|
|
|
- task: DownloadBuildArtifacts@0
|
|
displayName: 'Download rpm Artifacts copy'
|
|
inputs:
|
|
downloadType: specific
|
|
itemPattern: '**/*.rpm'
|
|
downloadPath: '$(System.ArtifactsDirectory)\rpm'
|
|
condition: and(eq(variables['buildName'], 'RPM'),succeeded())
|
|
|
|
- task: SFP.build-tasks.custom-build-task-2.EsrpMalwareScanning@1
|
|
displayName: 'Malware Scanning'
|
|
inputs:
|
|
ConnectedServiceName: pwshEsrpScanning
|
|
FolderPath: $(System.ArtifactsDirectory)
|
|
Pattern: |
|
|
**\*.rpm
|
|
**\*.deb
|
|
**\*.tar.gz
|
|
UseMinimatch: true
|
|
SessionTimeout: 30
|
|
|
|
- ${{ if eq(variables['buildName'], 'RPM') }}:
|
|
- template: EsrpSign.yml@ComplianceRepo
|
|
parameters:
|
|
buildOutputPath: $(System.ArtifactsDirectory)\rpm
|
|
signOutputPath: $(Build.StagingDirectory)\signedPackages
|
|
certificateId: "CP-450779-Pgp"
|
|
pattern: |
|
|
**\*.rpm
|
|
useMinimatch: true
|
|
|
|
# requires windows
|
|
- task: AzureFileCopy@4
|
|
displayName: 'Upload to Azure - DEB and tar.gz'
|
|
inputs:
|
|
SourcePath: '$(System.ArtifactsDirectory)\finished\release\*'
|
|
azureSubscription: '$(AzureFileCopySubscription)'
|
|
Destination: AzureBlob
|
|
storage: '$(StorageAccount)'
|
|
ContainerName: '$(AzureVersion)'
|
|
|
|
- template: upload-final-results.yml
|
|
parameters:
|
|
artifactPath: $(System.ArtifactsDirectory)\finished\release
|
|
|
|
# requires windows
|
|
- task: AzureFileCopy@4
|
|
displayName: 'Upload to Azure - RPM - Unsigned'
|
|
inputs:
|
|
SourcePath: '$(System.ArtifactsDirectory)\rpm\release\*'
|
|
azureSubscription: '$(AzureFileCopySubscription)'
|
|
Destination: AzureBlob
|
|
storage: '$(StorageAccount)'
|
|
ContainerName: '$(AzureVersion)'
|
|
condition: and(and(succeeded(), ne(variables['SHOULD_SIGN'], 'true')),eq(variables['buildName'], 'RPM'))
|
|
|
|
# requires windows
|
|
- task: AzureFileCopy@4
|
|
displayName: 'Upload to Azure - RPM - Signed'
|
|
inputs:
|
|
SourcePath: '$(Build.StagingDirectory)\signedPackages\*'
|
|
azureSubscription: '$(AzureFileCopySubscription)'
|
|
Destination: AzureBlob
|
|
storage: '$(StorageAccount)'
|
|
ContainerName: '$(AzureVersion)'
|
|
condition: and(and(succeeded(), eq(variables['SHOULD_SIGN'], 'true')),eq(variables['buildName'], 'RPM'))
|
|
|
|
- template: upload-final-results.yml
|
|
parameters:
|
|
artifactPath: $(System.ArtifactsDirectory)\rpm\release
|
|
condition: and(and(succeeded(), ne(variables['SHOULD_SIGN'], 'true')),eq(variables['buildName'], 'RPM'))
|
|
|
|
- template: upload-final-results.yml
|
|
parameters:
|
|
artifactPath: '$(Build.StagingDirectory)\signedPackages'
|
|
condition: and(and(succeeded(), eq(variables['SHOULD_SIGN'], 'true')),eq(variables['buildName'], 'RPM'))
|
|
|
|
- task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
|
|
displayName: 'Component Detection'
|
|
inputs:
|
|
sourceScanPath: '$(Build.SourcesDirectory)'
|
|
snapshotForceEnabled: true
|