Skip to content

Commit

Permalink
Official PowerShell Package pipeline (#21504)
Browse files Browse the repository at this point in the history
  • Loading branch information
@adityapatwardhan
adityapatwardhan committed Apr 22, 2024
1 parent fe38405 commit b2574ce
Show file tree
Hide file tree
Showing 13 changed files with 1,562 additions and 20 deletions.
1 change: 1 addition & 0 deletions .pipelines/PowerShell-Coordinated_Packages-Official.yml
View file
Expand Up @@ -68,6 +68,7 @@ variables:
- name: SKIP_SIGNING
value: ${{ parameters.SKIP_SIGNING }}
- group: 'AzDevOpsArtifacts'
- group: 'mscodehub-feed-read-akv'

extends:
template: v2/OneBranch.Official.CrossPlat.yml@onebranchTemplates
Expand Down
223 changes: 223 additions & 0 deletions .pipelines/PowerShell-Packages-Official.yml
View file
@@ -0,0 +1,223 @@
trigger: none # https://aka.ms/obpipelines/triggers

parameters: # parameters are shown up in ADO UI in a build queue time
- name: 'debug'
displayName: 'Enable debug output'
type: boolean
default: false
- name: InternalSDKBlobURL
displayName: URL to the blob having internal .NET SDK
type: string
default: ' '
- name: ReleaseTagVar
displayName: Release Tag
type: string
default: 'fromBranch'
- name: SKIP_SIGNING
displayName: Skip Signing
type: string
default: 'NO'

variables:
- name: CDP_DEFINITION_BUILD_COUNT
value: $[counter('', 0)] # needed for onebranch.pipeline.version task https://aka.ms/obpipelines/versioning
- name: system.debug
value: ${{ parameters.debug }}
- name: ENABLE_PRS_DELAYSIGN
value: 1
- name: ROOT
value: $(Build.SourcesDirectory)
- name: NUGET_XMLDOC_MODE
value: none
- name: nugetMultiFeedWarnLevel
value: none
- name: NugetSecurityAnalysisWarningLevel
value: none
- name: skipNugetSecurityAnalysis
value: true
- name: ReleaseTagVar
value: ${{ parameters.ReleaseTagVar }}
- name: ob_outputDirectory
value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT'
- name: WindowsContainerImage
value: 'onebranch.azurecr.io/windows/ltsc2019/vse2022:latest' # Docker image which is used to build the project https://aka.ms/obpipelines/containers
- name: LinuxContainerImage
value: mcr.microsoft.com/onebranch/cbl-mariner/build:2.0
- group: mscodehub-feed-read-akv

resources:
pipelines:
- pipeline: CoOrdinatedBuildPipeline
source: 'PowerShell-Coordinated Packages-Official'
trigger:
branches:
include:
- master
- releases/*

repositories:
- repository: templates
type: git
name: OneBranch.Pipelines/GovernedTemplates
ref: refs/heads/main

extends:
template: v2/OneBranch.Official.CrossPlat.yml@templates # https://aka.ms/obpipelines/templates
parameters:
cloudvault: # https://aka.ms/obpipelines/cloudvault
enabled: false
featureFlags:
linuxEsrpSigning: true
globalSdl:
disableLegacyManifest: true
# disabled Armorty as we dont have any ARM templates to scan. It fails on some sample ARM templates.
armory:
enabled: false
sbom:
enabled: true
compiled:
enabled: false
credscan:
enabled: true
scanFolder: $(Build.SourcesDirectory)
suppressionsFile: $(Build.SourcesDirectory)\.config\suppress.json
cg:
enabled: true
ignoreDirectories: '.devcontainer,demos,docker,docs,src,test,tools/packaging'
asyncSdl: # https://aka.ms/obpipelines/asyncsdl
enabled: true
forStages: ['build']
credscan:
enabled: true
scanFolder: $(Build.SourcesDirectory)
suppressionsFile: $(Build.SourcesDirectory)\PowerShell\.config\suppress.json
binskim:
enabled: false
# APIScan requires a non-Ready-To-Run build
apiscan:
enabled: false
tsaOptionsFile: .config\tsaoptions.json
stages:
- stage: mac_package
jobs:
- template: /.pipelines/templates/mac-package-build.yml@self
parameters:
buildArchitecture: x64

- template: /.pipelines/templates/mac-package-build.yml@self
parameters:
buildArchitecture: arm64

- stage: windows_package
jobs:
- template: /.pipelines/templates/windows-package-build.yml@self
parameters:
runtime: x64

- template: /.pipelines/templates/windows-package-build.yml@self
parameters:
runtime: arm64

- template: /.pipelines/templates/windows-package-build.yml@self
parameters:
runtime: x86

- template: /.pipelines/templates/windows-package-build.yml@self
parameters:
runtime: fxdependent

- template: /.pipelines/templates/windows-package-build.yml@self
parameters:
runtime: fxdependentWinDesktop

- template: /.pipelines/templates/windows-package-build.yml@self
parameters:
runtime: minsize

- stage: linux_package
jobs:
- template: /.pipelines/templates/linux-package-build.yml@self
parameters:
unsignedDrop: 'drop_linux_build_linux_x64'
signedDrop: 'drop_linux_sign_linux_x64'
packageType: deb
jobName: deb

- template: /.pipelines/templates/linux-package-build.yml@self
parameters:
unsignedDrop: 'drop_linux_build_linux_fxd_x64_mariner'
signedDrop: 'drop_linux_sign_linux_fxd_x64_mariner'
packageType: rpm-fxdependent #mariner-x64
jobName: mariner_x64

- template: /.pipelines/templates/linux-package-build.yml@self
parameters:
unsignedDrop: 'drop_linux_build_linux_fxd_arm64_mariner'
signedDrop: 'drop_linux_sign_linux_fxd_arm64_mariner'
packageType: rpm-fxdependent-arm64 #mariner-arm64
jobName: mariner_arm64

- template: /.pipelines/templates/linux-package-build.yml@self
parameters:
unsignedDrop: 'drop_linux_build_linux_x64'
signedDrop: 'drop_linux_sign_linux_x64'
packageType: rpm
jobName: rpm

- template: /.pipelines/templates/linux-package-build.yml@self
parameters:
unsignedDrop: 'drop_linux_build_linux_arm'
signedDrop: 'drop_linux_sign_linux_arm'
packageType: tar-arm
jobName: tar_arm

- template: /.pipelines/templates/linux-package-build.yml@self
parameters:
unsignedDrop: 'drop_linux_build_linux_arm64'
signedDrop: 'drop_linux_sign_linux_arm64'
packageType: tar-arm64
jobName: tar_arm64

- template: /.pipelines/templates/linux-package-build.yml@self
parameters:
unsignedDrop: 'drop_linux_build_linux_x64_alpine'
signedDrop: 'drop_linux_sign_linux_x64_alpine'
packageType: tar-alpine
jobName: tar_alpine

- template: /.pipelines/templates/linux-package-build.yml@self
parameters:
unsignedDrop: 'drop_linux_build_linux_fxd'
signedDrop: 'drop_linux_sign_linux_fxd'
packageType: fxdependent
jobName: fxdependent

- template: /.pipelines/templates/linux-package-build.yml@self
parameters:
unsignedDrop: 'drop_linux_build_linux_x64'
signedDrop: 'drop_linux_sign_linux_x64'
packageType: tar
jobName: tar

- template: /.pipelines/templates/linux-package-build.yml@self
parameters:
unsignedDrop: 'drop_linux_build_linux_fxd_x64_alpine'
signedDrop: 'drop_linux_sign_linux_fxd_x64_alpine'
packageType: tar-alpine-fxdependent
jobName: tar_alpine_fxd

- template: /.pipelines/templates/linux-package-build.yml@self
parameters:
unsignedDrop: 'drop_linux_build_linux_x64_minSize'
signedDrop: 'drop_linux_sign_linux_x64_minSize'
packageType: min-size
jobName: minSize

- stage: nupkg
jobs:
- template: /.pipelines/templates/nupkg.yml@self

- stage: upload
dependsOn: [mac_package, windows_package, linux_package, nupkg]
jobs:
- template: /.pipelines/templates/uploadToAzure.yml@self
8 changes: 4 additions & 4 deletions .pipelines/templates/SetVersionVariables.yml
View file
Expand Up @@ -13,7 +13,7 @@ steps:
downloadPath: '$(System.ArtifactsDirectory)'
displayName: Download Build Info Json
env:
ob_restore_phase: true # This ensures checkout is done at the beginning of the restore phase
ob_restore_phase: true # This ensures this done in restore phase to workaround signing issue

- powershell: |
$path = "./build.psm1"
Expand Down Expand Up @@ -43,7 +43,7 @@ steps:
}
displayName: 'Set repo Root'
env:
ob_restore_phase: true # This ensures checkout is done at the beginning of the restore phase
ob_restore_phase: true # This ensures this done in restore phase to workaround signing issue

- powershell: |
$createJson = ("${{ parameters.CreateJson }}" -ne "no")
Expand All @@ -58,11 +58,11 @@ steps:
Write-Host "##$vstsCommandString"
displayName: 'Set ${{ parameters.ReleaseTagVarName }} and other version Variables'
env:
ob_restore_phase: true # This ensures checkout is done at the beginning of the restore phase
ob_restore_phase: true # This ensures this done in restore phase to workaround signing issue

- powershell: |
Get-ChildItem -Path env:
displayName: Capture environment
condition: succeededOrFailed()
env:
ob_restore_phase: true # This ensures checkout is done at the beginning of the restore phase
ob_restore_phase: true # This ensures this done in restore phase to workaround signing issue
4 changes: 2 additions & 2 deletions .pipelines/templates/insert-nuget-config-azfeed.yml
View file
Expand Up @@ -5,7 +5,7 @@ steps:
- pwsh: |
$configPath = "${env:NugetConfigDir}/nuget.config"
Import-Module ${{ parameters.repoRoot }}/build.psm1 -Force
New-NugetConfigFile -NugetFeedUrl $(PowerShellCore_PublicPackages) -UserName $(AzDevOpsFeedUserName) -ClearTextPAT $(AzDevOpsFeedUserName) -FeedName AzDevOpsFeed -Destination "${env:NugetConfigDir}"
New-NugetConfigFile -NugetFeedUrl $(PowerShellCore_PublicPackages) -UserName $(AzDevopsFeedUserNameKVPAT) -ClearTextPAT $(mscodehubPackageReadPat) -FeedName AzDevOpsFeed -Destination "${env:NugetConfigDir}"
if(-not (Test-Path $configPath))
{
throw "nuget.config is not created"
Expand All @@ -20,7 +20,7 @@ steps:
- pwsh: |
$configPath = "${env:NugetConfigDir}/nuget.config"
Import-Module ${{ parameters.repoRoot }}/build.psm1 -Force
New-NugetConfigFile -NugetFeedUrl $(PowerShellCore_PublicPackages) -UserName $(AzDevOpsFeedUserName) -ClearTextPAT $(AzDevOpsFeedUserName) -FeedName AzDevOpsFeed -Destination "${env:NugetConfigDir}"
New-NugetConfigFile -NugetFeedUrl $(PowerShellCore_PublicPackages) -UserName $(AzDevopsFeedUserNameKVPAT) -ClearTextPAT $(mscodehubPackageReadPat) -FeedName AzDevOpsFeed -Destination "${env:NugetConfigDir}"
if(-not (Test-Path $configPath))
{
throw "nuget.config is not created"
Expand Down

0 comments on commit b2574ce

Please sign in to comment.