Skip to content

Commit 69e0b98

Browse files
daxian-dbwdaxian-dbw
authored
[release/v7.2.19] PowerShell co-ordinated build OneBranch pipeline (#21364) (#21432)
1 parent 98879a0 commit 69e0b98

16 files changed

+1261
-4
lines changed

.config/suppress.json

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
{
2+
"tool": "Credential Scanner",
3+
"suppressions": [
4+
{
5+
"file": "\\test\\tools\\Modules\\WebListener\\ClientCert.pfx",
6+
"_justification": "Test certificate with private key"
7+
},
8+
{
9+
"file": "\\test\\tools\\Modules\\WebListener\\ServerCert.pfx",
10+
"_justification": "Test certificate with private key"
11+
},
12+
{
13+
"file": "\\test\\powershell\\Modules\\Microsoft.PowerShell.Security\\certificateCommon.psm1",
14+
"_justification": "Test certificate with private key and inline suppression isn't working"
15+
}
16+
]
17+
}

.config/tsaoptions.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
{
2+
"instanceUrl": "https://msazure.visualstudio.com",
3+
"projectName": "One",
4+
"areaPath": "One\\MGMT\\Compute\\Powershell\\Powershell\\PowerShell Core"
5+
}

.pipelines/PowerShell-Coordinated_Packages-Official.yml

Lines changed: 251 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,251 @@
1+
name: UnifiedPackageBuild-$(Build.BuildId)
2+
trigger:
3+
branches:
4+
include:
5+
- master
6+
- release*
7+
pr:
8+
branches:
9+
include:
10+
- master
11+
- release*
12+
13+
parameters:
14+
- name: ForceAzureBlobDelete
15+
displayName: Delete Azure Blob
16+
type: string
17+
values:
18+
- true
19+
- false
20+
default: false
21+
- name: InternalSDKBlobURL
22+
displayName: URL to the blob having internal .NET SDK
23+
type: string
24+
default: ' '
25+
- name: ReleaseTagVar
26+
displayName: Release Tag
27+
type: string
28+
default: 'fromBranch'
29+
- name: SKIP_SIGNING
30+
displayName: Skip Signing
31+
type: string
32+
default: 'NO'
33+
34+
resources:
35+
repositories:
36+
- repository: ComplianceRepo
37+
type: github
38+
endpoint: ComplianceGHRepo
39+
name: PowerShell/compliance
40+
ref: master
41+
- repository: onebranchTemplates
42+
type: git
43+
name: OneBranch.Pipelines/GovernedTemplates
44+
ref: refs/heads/main
45+
46+
variables:
47+
- name: PS_RELEASE_BUILD
48+
value: 1
49+
- name: DOTNET_CLI_TELEMETRY_OPTOUT
50+
value: 1
51+
- name: POWERSHELL_TELEMETRY_OPTOUT
52+
value: 1
53+
- name: nugetMultiFeedWarnLevel
54+
value: none
55+
- name: NugetSecurityAnalysisWarningLevel
56+
value: none
57+
- name: skipNugetSecurityAnalysis
58+
value: true
59+
- name: branchCounterKey
60+
value: $[format('{0:yyyyMMdd}-{1}', pipeline.startTime,variables['Build.SourceBranch'])]
61+
- name: branchCounter
62+
value: $[counter(variables['branchCounterKey'], 1)]
63+
- name: ForceAzureBlobDelete
64+
value: ${{ parameters.ForceAzureBlobDelete }}
65+
- name: BUILDSECMON_OPT_IN
66+
value: true
67+
- name: __DOTNET_RUNTIME_FEED
68+
value: ${{ parameters.InternalSDKBlobURL }}
69+
- name: LinuxContainerImage
70+
value: onebranch.azurecr.io/linux/ubuntu-2004:latest
71+
- name: WindowsContainerImage
72+
value: onebranch.azurecr.io/windows/ltsc2019/vse2022:latest
73+
- name: CDP_DEFINITION_BUILD_COUNT
74+
value: $[counter('', 0)]
75+
- name: ReleaseTagVar
76+
value: ${{ parameters.ReleaseTagVar }}
77+
- name: SKIP_SIGNING
78+
value: ${{ parameters.SKIP_SIGNING }}
79+
- group: 'AzDevOpsArtifacts'
80+
81+
extends:
82+
template: v2/OneBranch.Official.CrossPlat.yml@onebranchTemplates
83+
parameters:
84+
customTags: 'ES365AIMigrationTooling'
85+
globalSdl:
86+
disableLegacyManifest: true
87+
# disabled Armorty as we dont have any ARM templates to scan. It fails on some sample ARM templates.
88+
armory:
89+
enabled: false
90+
sbom:
91+
enabled: true
92+
compiled:
93+
${{ if eq(variables['Build.SourceBranch'], 'refs/heads/master') }}:
94+
enabled: true
95+
${{ else }}:
96+
enabled: false
97+
credscan:
98+
enabled: true
99+
scanFolder: $(Build.SourcesDirectory)
100+
suppressionsFile: $(Build.SourcesDirectory)\.config\suppress.json
101+
cg:
102+
enabled: true
103+
ignoreDirectories: '.devcontainer,demos,docker,docs,src,test,tools/packaging'
104+
asyncSdl: # https://aka.ms/obpipelines/asyncsdl
105+
enabled: true
106+
forStages: [prep, macos, linux, windows, SignFiles, test_and_release_artifacts]
107+
credscan:
108+
enabled: true
109+
scanFolder: $(Build.SourcesDirectory)
110+
suppressionsFile: $(Build.SourcesDirectory)\PowerShell\.config\suppress.json
111+
binskim:
112+
enabled: false
113+
# APIScan requires a non-Ready-To-Run build
114+
apiscan:
115+
enabled: false
116+
tsaOptionsFile: .config\tsaoptions.json
117+
118+
stages:
119+
- stage: prep
120+
jobs:
121+
- template: /.pipelines/templates/checkAzureContainer.yml@self
122+
123+
- stage: macos
124+
displayName: macOS - build and sign
125+
dependsOn: ['prep']
126+
jobs:
127+
- template: /.pipelines/templates/mac.yml@self
128+
parameters:
129+
buildArchitecture: x64
130+
- template: /.pipelines/templates/mac.yml@self
131+
parameters:
132+
buildArchitecture: arm64
133+
134+
- stage: linux
135+
displayName: linux - build and sign
136+
dependsOn: ['prep']
137+
jobs:
138+
- template: /.pipelines/templates/linux.yml@self
139+
parameters:
140+
Runtime: 'linux-x64'
141+
JobName: 'linux_x64'
142+
143+
- template: /.pipelines/templates/linux.yml@self
144+
parameters:
145+
Runtime: 'linux-x64'
146+
JobName: 'linux_x64_minSize'
147+
BuildConfiguration: 'minSize'
148+
149+
- template: /.pipelines/templates/linux.yml@self
150+
parameters:
151+
Runtime: 'linux-arm'
152+
JobName: 'linux_arm'
153+
154+
- template: /.pipelines/templates/linux.yml@self
155+
parameters:
156+
Runtime: 'linux-arm64'
157+
JobName: 'linux_arm64'
158+
159+
- template: /.pipelines/templates/linux.yml@self
160+
parameters:
161+
Runtime: 'fxdependent-linux-x64'
162+
JobName: 'linux_fxd_x64_mariner'
163+
164+
- template: /.pipelines/templates/linux.yml@self
165+
parameters:
166+
Runtime: 'fxdependent-linux-arm64'
167+
JobName: 'linux_fxd_arm64_mariner'
168+
169+
- template: /.pipelines/templates/linux.yml@self
170+
parameters:
171+
Runtime: 'fxdependent-noopt-linux-musl-x64'
172+
JobName: 'linux_fxd_x64_alpine'
173+
174+
- template: /.pipelines/templates/linux.yml@self
175+
parameters:
176+
Runtime: 'fxdependent'
177+
JobName: 'linux_fxd'
178+
179+
- template: /.pipelines/templates/linux.yml@self
180+
parameters:
181+
Runtime: 'linux-musl-x64'
182+
JobName: 'linux_x64_alpine'
183+
184+
- stage: windows
185+
displayName: windows - build and sign
186+
dependsOn: ['prep']
187+
jobs:
188+
- template: /.pipelines/templates/windows-hosted-build.yml@self
189+
parameters:
190+
Architecture: x64
191+
BuildConfiguration: release
192+
JobName: build_windows_x64_release
193+
- template: /.pipelines/templates/windows-hosted-build.yml@self
194+
parameters:
195+
Architecture: x64
196+
BuildConfiguration: minSize
197+
JobName: build_windows_x64_minSize
198+
- template: /.pipelines/templates/windows-hosted-build.yml@self
199+
parameters:
200+
Architecture: x86
201+
JobName: build_windows_x86_release
202+
- template: /.pipelines/templates/windows-hosted-build.yml@self
203+
parameters:
204+
Architecture: arm64
205+
JobName: build_windows_arm64_release
206+
- template: /.pipelines/templates/windows-hosted-build.yml@self
207+
parameters:
208+
Architecture: fxdependent
209+
JobName: build_windows_fxdependent_release
210+
- template: /.pipelines/templates/windows-hosted-build.yml@self
211+
parameters:
212+
Architecture: fxdependentWinDesktop
213+
JobName: build_windows_fxdependentWinDesktop_release
214+
215+
- stage: test_and_release_artifacts
216+
displayName: Test and Release Artifacts
217+
dependsOn: ['prep']
218+
jobs:
219+
- template: /.pipelines/templates/testartifacts.yml@self
220+
221+
- job: release_json
222+
displayName: Create and Upload release.json
223+
pool:
224+
type: windows
225+
variables:
226+
- name: ob_outputDirectory
227+
value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT'
228+
- name: ob_sdl_tsa_configFile
229+
value: $(Build.SourcesDirectory)\PowerShell\.config\tsaoptions.json
230+
- name: ob_sdl_credscan_suppressionsFile
231+
value: $(Build.SourcesDirectory)\PowerShell\.config\suppress.json
232+
steps:
233+
- checkout: self
234+
clean: true
235+
- template: /.pipelines/templates/SetVersionVariables.yml@self
236+
parameters:
237+
ReleaseTagVar: $(ReleaseTagVar)
238+
- powershell: |
239+
$metadata = Get-Content '$(Build.SourcesDirectory)/PowerShell/tools/metadata.json' -Raw | ConvertFrom-Json
240+
$LTS = $metadata.LTSRelease.Package
241+
@{ ReleaseVersion = "$(Version)"; LTSRelease = $LTS } | ConvertTo-Json | Out-File "$(Build.StagingDirectory)\release.json"
242+
Get-Content "$(Build.StagingDirectory)\release.json"
243+
244+
if (-not (Test-Path "$(ob_outputDirectory)\metadata")) {
245+
New-Item -ItemType Directory -Path "$(ob_outputDirectory)\metadata"
246+
}
247+
248+
Copy-Item -Path "$(Build.StagingDirectory)\release.json" -Destination "$(ob_outputDirectory)\metadata" -Force
249+
displayName: Create and upload release.json file to build artifact
250+
retryCountOnTaskFailure: 2
251+
- template: /.pipelines/templates/step/finalize.yml@self

.pipelines/templates/SetVersionVariables.yml

Lines changed: 68 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,68 @@
1+
parameters:
2+
ReleaseTagVar: v6.2.0
3+
ReleaseTagVarName: ReleaseTagVar
4+
CreateJson: 'no'
5+
UseJson: 'yes'
6+
7+
steps:
8+
- ${{ if eq(parameters['UseJson'],'yes') }}:
9+
- task: DownloadBuildArtifacts@0
10+
inputs:
11+
artifactName: 'drop_prep_DeleteBlob'
12+
itemPattern: '*.json'
13+
downloadPath: '$(System.ArtifactsDirectory)'
14+
displayName: Download Build Info Json
15+
env:
16+
ob_restore_phase: true # This ensures checkout is done at the beginning of the restore phase
17+
18+
- powershell: |
19+
$path = "./build.psm1"
20+
if($env:REPOROOT){
21+
Write-Verbose "reporoot already set to ${env:REPOROOT}" -Verbose
22+
exit 0
23+
}
24+
if(Test-Path -Path $path)
25+
{
26+
Write-Verbose "reporoot detect at: ." -Verbose
27+
$repoRoot = '.'
28+
}
29+
else{
30+
$path = "./PowerShell/build.psm1"
31+
if(Test-Path -Path $path)
32+
{
33+
Write-Verbose "reporoot detect at: ./PowerShell" -Verbose
34+
$repoRoot = './PowerShell'
35+
}
36+
}
37+
if($repoRoot) {
38+
$vstsCommandString = "vso[task.setvariable variable=repoRoot]$repoRoot"
39+
Write-Host ("sending " + $vstsCommandString)
40+
Write-Host "##$vstsCommandString"
41+
} else {
42+
Write-Verbose -Verbose "repo not found"
43+
}
44+
displayName: 'Set repo Root'
45+
env:
46+
ob_restore_phase: true # This ensures checkout is done at the beginning of the restore phase
47+
48+
- powershell: |
49+
$createJson = ("${{ parameters.CreateJson }}" -ne "no")
50+
$releaseTag = & "$env:REPOROOT/tools/releaseBuild/setReleaseTag.ps1" -ReleaseTag ${{ parameters.ReleaseTagVar }} -Variable "${{ parameters.ReleaseTagVarName }}" -CreateJson:$createJson
51+
$version = $releaseTag.Substring(1)
52+
$vstsCommandString = "vso[task.setvariable variable=Version]$version"
53+
Write-Host ("sending " + $vstsCommandString)
54+
Write-Host "##$vstsCommandString"
55+
$azureVersion = $releaseTag.ToLowerInvariant() -replace '\.', '-'
56+
$vstsCommandString = "vso[task.setvariable variable=AzureVersion]$azureVersion"
57+
Write-Host ("sending " + $vstsCommandString)
58+
Write-Host "##$vstsCommandString"
59+
displayName: 'Set ${{ parameters.ReleaseTagVarName }} and other version Variables'
60+
env:
61+
ob_restore_phase: true # This ensures checkout is done at the beginning of the restore phase
62+
63+
- powershell: |
64+
Get-ChildItem -Path env:
65+
displayName: Capture environment
66+
condition: succeededOrFailed()
67+
env:
68+
ob_restore_phase: true # This ensures checkout is done at the beginning of the restore phase

0 commit comments

Comments
 (0)