Skip to content

Commit

Permalink
Create OneBranch build and release pipeline (PowerShell#1605)
Browse files Browse the repository at this point in the history
Add verbose and debug messages for Container Registry Server (PowerShell#1615)

Add Name and Repository pipeline by property name (PowerShell#1451)

Bugfix script parse whitespace (PowerShell#1457)

Bug fix for Import-PSGetRepository in Windows PS (PowerShell#1460)

Update README.md (PowerShell#1458)

update chANGELOG, psd1, csproj for release 1.0.1 (PowerShell#1473)

Bump System.Text.Json from 6.0.0 to 8.0.0 in /src/code (PowerShell#1475)

Verify whether SourceLocation is a UNC path and select the appropriate ApiVersion (PowerShell#1479)

TryConvertFromXml: Prevent NRE when NormalizedVersion is missing (PowerShell#1503)

Update InstallHelper.cs (PowerShell#1510)

Bump BenchmarkDotNet.Diagnostics.Windows in /test/perf/benchmarks (PowerShell#1528)

enable isJFrogRepo flag for domains containing `artifactory` (PowerShell#1532)

Fix 'name' bug with v2 JFrog Artifactory (PowerShell#1535)

Bugfix Update-ModuleManifest throws null pointer exception (PowerShell#1538)

Add tests for ADO v2 server (PowerShell#1539)

Bugfix - Test if InstalledScriptInfos folder exists and create if needed (PowerShell#1542)

* Test InstalledScriptInfos folder and create if needed

* Update src/code/InstallHelper.cs

Co-authored-by: Aditya Patwardhan <[email protected]>

* Update src/code/InstallHelper.cs

Co-authored-by: Aditya Patwardhan <[email protected]>

---------

Co-authored-by: Aditya Patwardhan <[email protected]>

Remove redeclaration of s_tempHome (PowerShell#1544)

Bug fix for Update-PSResource not updating from correct repository (PowerShell#1549)

Update changelog, version, releasenotes
  • Loading branch information
alerickson committed Apr 1, 2024
1 parent ee88277 commit d74cdd3
Show file tree
Hide file tree
Showing 9 changed files with 412 additions and 16 deletions.
10 changes: 10 additions & 0 deletions .config/tsaoptions.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
{
"instanceUrl": "https://msazure.visualstudio.com",
"projectName": "One",
"areaPath": "One\\MGMT\\Compute\\Powershell\\Powershell\\PowerShell Core",
"notificationAliases": [
"[email protected]",
"[email protected]",
"[email protected]"
]
}
334 changes: 334 additions & 0 deletions .pipelines/PSResourceGet-Official.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,334 @@
#################################################################################
# OneBranch Pipelines #
# This pipeline was created by EasyStart from a sample located at: #
# https://aka.ms/obpipelines/easystart/samples #
# Documentation: https://aka.ms/obpipelines #
# Yaml Schema: https://aka.ms/obpipelines/yaml/schema #
# Retail Tasks: https://aka.ms/obpipelines/tasks #
# Support: https://aka.ms/onebranchsup #
#################################################################################
name: PSResourceGet-Release-$(Build.BuildId)
trigger: none # https://aka.ms/obpipelines/triggers
pr:
branches:
include:
- main
- release*
parameters: # parameters are shown up in ADO UI in a build queue time
- name: 'debug'
displayName: 'Enable debug output'
type: boolean
default: false

variables:
- name: DOTNET_CLI_TELEMETRY_OPTOUT
value: 1
- name: POWERSHELL_TELEMETRY_OPTOUT
value: 1
- name: WindowsContainerImage
value: onebranch.azurecr.io/windows/ltsc2022/vse2022:latest # Docker image which is used to build the project https://aka.ms/obpipelines/containers

resources:
repositories:
- repository: onebranchTemplates
type: git
name: OneBranch.Pipelines/GovernedTemplates
ref: refs/heads/main

extends:
template: v2/OneBranch.Official.CrossPlat.yml@onebranchTemplates # https://aka.ms/obpipelines/templates
parameters:
featureFlags:
WindowsHostVersion: '1ESWindows2022'
customTags: 'ES365AIMigrationTooling'
globalSdl:
disableLegacyManifest: true
sbom:
enabled: true
packageName: Microsoft.PowerShell.PSResourceGet
codeql:
compiled:
enabled: true
asyncSdl: # https://aka.ms/obpipelines/asyncsdl
enabled: true
forStages: [stagebuild]
credscan:
enabled: true
scanFolder: $(Build.SourcesDirectory)\PSResourceGet
binskim:
enabled: true
apiscan:
enabled: false

stages:
- stage: stagebuild
displayName: Build and Package Microsoft.PowerShell.PSResourceGet
jobs:
- job: jobbuild
displayName: Build Microsoft.PowerShell.PSResourceGet Files
variables: # More settings at https://aka.ms/obpipelines/yaml/jobs
- name: ob_outputDirectory
value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT'
- name: repoRoot
value: $(Build.SourcesDirectory)\PSResourceGet
- name: ob_sdl_tsa_configFile
value: $(Build.SourcesDirectory)\PSResourceGet\.config\tsaoptions.json
- name: signSrcPath
value: $(repoRoot)/out
- name: depsPath
value: $(signSrcPath)\Microsoft.PowerShell.PSResourceGet\Dependencies
- name: ob_sdl_sbom_enabled
value: true
- name: ob_signing_setup_enabled
value: true
#CodeQL tasks added manually to workaround signing failures
- name: ob_sdl_codeql_compiled_enabled
value: false
pool:
type: windows
steps:
- checkout: self
env:
ob_restore_phase: true # Set ob_restore_phase to run this step before '🔒 Setup Signing' step.

- pwsh: |
if (-not (Test-Path $(repoRoot)/.config/tsaoptions.json)) {
Get-ChildItem $(Build.SourcesDirectory) -recurse -ErrorAction SilentlyContinue
throw "tsaoptions.json does not exist under $(repoRoot)/.config"
}
displayName: Test if tsaoptions.json exists
env:
ob_restore_phase: true # Set ob_restore_phase to run this step before '🔒 Setup Signing' step.
- pwsh: |
Get-ChildItem env:
displayName: Capture Environment
env:
ob_restore_phase: true # Set ob_restore_phase to run this step before '🔒 Setup Signing' step.
- task: UseDotNet@2
displayName: 'Install .NET dependencies'
env:
ob_restore_phase: true # Set ob_restore_phase to run this step before '🔒 Setup Signing' step.
inputs:
packageType: 'sdk'
useGlobalJson: true
# this is to ensure that we are installing the dotnet at the same location as container by default install the dotnet sdks
installationPath: 'C:\Program Files\dotnet\'
workingDirectory: $(repoRoot)

- task: CodeQL3000Init@0 # Add CodeQL Init task right before your 'Build' step.
env:
ob_restore_phase: true # Set ob_restore_phase to run this step before '🔒 Setup Signing' step.
inputs:
Enabled: true
AnalyzeInPipeline: true
Language: csharp

- pwsh: |
$module = 'Microsoft.PowerShell.PSResourceGet'
Write-Verbose "installing $module..." -verbose
$ProgressPreference = 'SilentlyContinue'
Install-Module $module -AllowClobber -Force
displayName: Install PSResourceGet 0.9.0 or above for build.psm1
env:
ob_restore_phase: true # Set ob_restore_phase to run this step before '🔒 Setup Signing' step.
# this is installing .NET
- pwsh: |
Set-Location "$(repoRoot)"
try { ./build.ps1 -Build -Clean -BuildConfiguration Release -BuildFramework 'net472'} catch { throw $_ }
displayName: Execute build
env:
ob_restore_phase: true # Set ob_restore_phase to run this step before '🔒 Setup Signing' step.
- task: CodeQL3000Finalize@0 # Add CodeQL Finalize task right after your 'Build' step.
condition: always()
env:
ob_restore_phase: true # Set ob_restore_phase to run this step before '🔒 Setup Signing' step.

- task: onebranch.pipeline.signing@1
displayName: Sign 1st party files
inputs:
command: 'sign'
signing_profile: external_distribution
files_to_sign: '**\*.psd1;**\*.psm1;**\*.ps1xml;**\Microsoft*.dll'
search_root: $(signSrcPath)

- pwsh: |
$unsignedDepsPath = Join-Path -Path $(signSrcPath) -ChildPath "Microsoft.PowerShell.PSResourceGet" -AdditionalChildPath "UnsignedDependencies"
New-Item -Path $unsignedDepsPath -ItemType Directory -Force
Get-ChildItem -Path $(depsPath) -Filter '*.dll' | Foreach-Object {
$sig = Get-AuthenticodeSignature -FilePath $_.FullName
if ($sig.Status -ne 'Valid' -or $sig.SignerCertificate.Subject -notlike '*Microsoft*' -or $sig.SignerCertificate.Issuer -notlike '*Microsoft Code Signing PCA*') {
# Copy for third party signing
Copy-Item -Path $_.FullName -Dest $unsignedDepsPath -Force -Verbose
}
}
displayName: Find all 3rd party files that need to be signed
- task: onebranch.pipeline.signing@1
displayName: Sign 3rd Party files
inputs:
command: 'sign'
signing_profile: 135020002
files_to_sign: '*.dll'
search_root: $(signSrcPath)/Microsoft.PowerShell.PSResourceGet/UnsignedDependencies

- pwsh: |
$newlySignedDepsPath = Join-Path -Path $(signSrcPath) -ChildPath "Microsoft.PowerShell.PSResourceGet" -AdditionalChildPath "UnsignedDependencies"
Get-ChildItem -Path $newlySignedDepsPath -Filter '*.dll' | Foreach-Object {
$sig = Get-AuthenticodeSignature -FilePath $_.FullName
if ($sig.Status -ne 'Valid' -or $sig.SignerCertificate.Subject -notlike '*Microsoft*' -or $sig.SignerCertificate.Issuer -notlike '*Microsoft Windows Production PCA*') {
Write-Error "File $($_.FileName) is not signed by Microsoft"
}
else {
Copy-Item -Path $_.FullName -Dest $(depsPath) -Force -Verbose
}
}
Remove-Item -Path $newlySignedDepsPath -Recurse -Force
displayName: Validate 3rd party files were signed
- task: CopyFiles@2
displayName: "Copy signed files to ob_outputDirectory - '$(ob_outputDirectory)'"
inputs:
SourceFolder: "$(signSrcPath)"
Contents: '**'
TargetFolder: $(ob_outputDirectory)

- pwsh: |
Write-Host "Displaying contents of signSrcPath:"
Get-ChildItem $(signSrcPath) -Recurse
Write-Host "Displaying contents of ob_outputDirectory:"
Get-ChildItem $(ob_outputDirectory) -Recurse
displayName: Get contents of dirs with signed files
- job: nupkg
dependsOn: jobbuild
displayName: Package Microsoft.PowerShell.PSResourceGet
variables:
- name: ob_outputDirectory
value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT'
- name: repoRoot
value: $(Build.SourcesDirectory)\PSResourceGet
- name: ob_sdl_tsa_configFile
value: $(Build.SourcesDirectory)\PSResourceGet\.config\tsaoptions.json
# Disable because SBOM was already built in the previous job
- name: ob_sdl_sbom_enabled
value: false
- name: signOutPath
value: $(repoRoot)/signed
- name: ob_signing_setup_enabled
value: true
# This job is not compiling code, so disable codeQL
- name: ob_sdl_codeql_compiled_enabled
value: false

pool:
type: windows
steps:
- checkout: self

- pwsh: |
if (-not (Test-Path $(repoRoot)/.config/tsaoptions.json)) {
Get-ChildItem $(Build.SourcesDirectory) -recurse -ErrorAction SilentlyContinue
throw "tsaoptions.json does not exist under $(repoRoot)/.config"
}
displayName: Test if tsaoptions.json exists
- task: DownloadPipelineArtifact@2
displayName: 'Download build files'
inputs:
targetPath: $(signOutPath)
artifact: drop_stagebuild_jobbuild

- pwsh: |
Set-Location "$(signOutPath)"
Write-Host "Contents of signOutPath:"
Get-ChildItem $(signOutPath) -Recurse
displayName: Capture artifacts directory structure
- pwsh: |
$module = 'Microsoft.PowerShell.PSResourceGet'
Write-Verbose "installing $module..." -verbose
$ProgressPreference = 'SilentlyContinue'
Install-Module $module -AllowClobber -Force
displayName: Install PSResourceGet 0.9.0 or above for build.psm1
- pwsh: |
Set-Location "$(signOutPath)\Microsoft.PowerShell.PSResourceGet"
New-Item -ItemType Directory -Path "$(signOutPath)\PublishedNupkg" -Force
Register-PSResourceRepository -Name 'localRepo' -Uri "$(signOutPath)\PublishedNupkg"
Publish-PSResource -Path "$(signOutPath)\Microsoft.PowerShell.PSResourceGet" -Repository 'localRepo' -Verbose
displayName: Create nupkg for publishing
- task: onebranch.pipeline.signing@1
displayName: Sign nupkg
inputs:
command: 'sign'
signing_profile: external_distribution
files_to_sign: '**\*.nupkg'
search_root: "$(signOutPath)\PublishedNupkg"

- pwsh: |
Set-Location "$(signOutPath)\PublishedNupkg"
Write-Host "Contents of signOutPath:"
Get-ChildItem "$(signOutPath)" -Recurse
displayName: Find Nupkg
- task: CopyFiles@2
displayName: "Copy nupkg to ob_outputDirectory - '$(ob_outputDirectory)'"
inputs:
Contents: $(signOutPath)\PublishedNupkg\Microsoft.PowerShell.PSResourceGet.*.nupkg
TargetFolder: $(ob_outputDirectory)

- pwsh: |
Write-Host "Contents of ob_outputDirectory:"
Get-ChildItem "$(ob_outputDirectory)" -Recurse
displayName: Find Signed Nupkg
- stage: release
displayName: Release PSResourceGet
dependsOn: stagebuild
variables:
version: $[ stageDependencies.build.main.outputs['package.version'] ]
drop: $(Pipeline.Workspace)/drop_build_main
jobs:
- job: validation
displayName: Manual validation
pool:
type: agentless
timeoutInMinutes: 1440
steps:
- task: ManualValidation@0
displayName: Wait 24 hours for validation
inputs:
instructions: Please validate the release
timeoutInMinutes: 1440
- job: PSGalleryPublish
displayName: Publish to PSGallery
dependsOn: validation
pool:
type: windows
variables:
ob_outputDirectory: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT'
steps:
- download: current
displayName: Download artifact

- pwsh: |
Get-ChildItem $(Pipeline.Workspace) -Recurse
displayName: Capture environment
- pwsh: |
Get-ChildItem "$(Pipeline.Workspace)/drop_stagebuild_nupkg" -Recurse
displayName: Find signed Nupkg
- task: NuGetCommand@2
displayName: Push PowerShellGet module artifacts to PSGallery feed
inputs:
command: push
packagesToPush: '$(Pipeline.Workspace)\drop_stagebuild_nupkg\PSResourceGet\signed\PublishedNupkg\Microsoft.PowerShell.PSResourceGet.*.nupkg'
nuGetFeedType: external
publishFeedCredentials: PSGet-PSGalleryPush
2 changes: 1 addition & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1 +1 @@
The change logs have been split by version and moved to [CHANGELOG](./CHANGELOG).
The change logs have been split by version and moved to [CHANGELOG](./CHANGELOG).
5 changes: 5 additions & 0 deletions global.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
{
"sdk": {
"version": "8.0.202"
}
}
27 changes: 26 additions & 1 deletion src/Microsoft.PowerShell.PSResourceGet.psd1
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
@{
RootModule = './Microsoft.PowerShell.PSResourceGet.dll'
NestedModules = @('./Microsoft.PowerShell.PSResourceGet.psm1')
ModuleVersion = '1.0.0'
ModuleVersion = '1.0.2'
CompatiblePSEditions = @('Core', 'Desktop')
GUID = 'e4e0bda1-0703-44a5-b70d-8fe704cd0643'
Author = 'Microsoft Corporation'
Expand Down Expand Up @@ -55,6 +55,31 @@
ProjectUri = 'https://go.microsoft.com/fwlink/?LinkId=828955'
LicenseUri = 'https://go.microsoft.com/fwlink/?LinkId=829061'
ReleaseNotes = @'
## 1.0.2
### Bug Fixes
- Bug fix for `Update-PSResource` not updating from correct repository (#1549)
- Bug fix for creating temp home directory on Unix (#1544)
- Bug fix for creating `InstalledScriptInfos` directory when it does not exist (#1542)
- Bug fix for `Update-ModuleManifest` throwing null pointer exception (#1538)
- Bug fix for `name` property not populating in `PSResourceInfo` object when using `Find-PSResource` with JFrog Artifactory (#1535)
- Bug fix for incorrect configuration of requests to JFrog Artifactory v2 endpoints (#1533 Thanks @sean-r-williams!)
- Bug fix for determining JFrog Artifactory repositories (#1532 Thanks @sean-r-williams!)
- Bug fix for v2 server repositories incorrectly adding script endpoint (1526)
- Bug fixes for null references (#1525)
- Typo fixes in message prompts in `Install-PSResource` (#1510 Thanks @NextGData!)
- Bug fix to add `NormalizedVersion` property to `AdditionalMetadata` only when it exists (#1503 Thanks @sean-r-williams!)
- Bug fix to verify whether `Uri` is a UNC path and set respective `ApiVersion` (#1479 Thanks @kborowinski!)
## 1.0.1
### Bug Fixes
- Bugfix to update Unix local user installation paths to be compatible with .NET 7 and .NET 8 (#1464)
- Bugfix for Import-PSGetRepository in Windows PowerShell (#1460)
- Bugfix for Test-PSScriptFileInfo to be less sensitive to whitespace (#1457)
- Bugfix to overwrite rels/rels directory on net472 when extracting nupkg to directory (#1456)
- Bugfix to add pipeline by property name support for Name and Repository properties for Find-PSResource (#1451 Thanks @ThomasNieto!)
## 1.0.0
### New Features
Expand Down
Loading

0 comments on commit d74cdd3

Please sign in to comment.