forked from PowerShell/PSResourceGet
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Create OneBranch build and release pipeline (PowerShell#1605)
Add verbose and debug messages for Container Registry Server (PowerShell#1615) Add Name and Repository pipeline by property name (PowerShell#1451) Bugfix script parse whitespace (PowerShell#1457) Bug fix for Import-PSGetRepository in Windows PS (PowerShell#1460) Update README.md (PowerShell#1458) update chANGELOG, psd1, csproj for release 1.0.1 (PowerShell#1473) Bump System.Text.Json from 6.0.0 to 8.0.0 in /src/code (PowerShell#1475) Verify whether SourceLocation is a UNC path and select the appropriate ApiVersion (PowerShell#1479) TryConvertFromXml: Prevent NRE when NormalizedVersion is missing (PowerShell#1503) Update InstallHelper.cs (PowerShell#1510) Bump BenchmarkDotNet.Diagnostics.Windows in /test/perf/benchmarks (PowerShell#1528) enable isJFrogRepo flag for domains containing `artifactory` (PowerShell#1532) Fix 'name' bug with v2 JFrog Artifactory (PowerShell#1535) Bugfix Update-ModuleManifest throws null pointer exception (PowerShell#1538) Add tests for ADO v2 server (PowerShell#1539) Bugfix - Test if InstalledScriptInfos folder exists and create if needed (PowerShell#1542) * Test InstalledScriptInfos folder and create if needed * Update src/code/InstallHelper.cs Co-authored-by: Aditya Patwardhan <[email protected]> * Update src/code/InstallHelper.cs Co-authored-by: Aditya Patwardhan <[email protected]> --------- Co-authored-by: Aditya Patwardhan <[email protected]> Remove redeclaration of s_tempHome (PowerShell#1544) Bug fix for Update-PSResource not updating from correct repository (PowerShell#1549) Update changelog, version, releasenotes
- Loading branch information
1 parent
ee88277
commit d74cdd3
Showing
9 changed files
with
412 additions
and
16 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
{ | ||
"instanceUrl": "https://msazure.visualstudio.com", | ||
"projectName": "One", | ||
"areaPath": "One\\MGMT\\Compute\\Powershell\\Powershell\\PowerShell Core", | ||
"notificationAliases": [ | ||
"[email protected]", | ||
"[email protected]", | ||
"[email protected]" | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,334 @@ | ||
################################################################################# | ||
# OneBranch Pipelines # | ||
# This pipeline was created by EasyStart from a sample located at: # | ||
# https://aka.ms/obpipelines/easystart/samples # | ||
# Documentation: https://aka.ms/obpipelines # | ||
# Yaml Schema: https://aka.ms/obpipelines/yaml/schema # | ||
# Retail Tasks: https://aka.ms/obpipelines/tasks # | ||
# Support: https://aka.ms/onebranchsup # | ||
################################################################################# | ||
name: PSResourceGet-Release-$(Build.BuildId) | ||
trigger: none # https://aka.ms/obpipelines/triggers | ||
pr: | ||
branches: | ||
include: | ||
- main | ||
- release* | ||
parameters: # parameters are shown up in ADO UI in a build queue time | ||
- name: 'debug' | ||
displayName: 'Enable debug output' | ||
type: boolean | ||
default: false | ||
|
||
variables: | ||
- name: DOTNET_CLI_TELEMETRY_OPTOUT | ||
value: 1 | ||
- name: POWERSHELL_TELEMETRY_OPTOUT | ||
value: 1 | ||
- name: WindowsContainerImage | ||
value: onebranch.azurecr.io/windows/ltsc2022/vse2022:latest # Docker image which is used to build the project https://aka.ms/obpipelines/containers | ||
|
||
resources: | ||
repositories: | ||
- repository: onebranchTemplates | ||
type: git | ||
name: OneBranch.Pipelines/GovernedTemplates | ||
ref: refs/heads/main | ||
|
||
extends: | ||
template: v2/OneBranch.Official.CrossPlat.yml@onebranchTemplates # https://aka.ms/obpipelines/templates | ||
parameters: | ||
featureFlags: | ||
WindowsHostVersion: '1ESWindows2022' | ||
customTags: 'ES365AIMigrationTooling' | ||
globalSdl: | ||
disableLegacyManifest: true | ||
sbom: | ||
enabled: true | ||
packageName: Microsoft.PowerShell.PSResourceGet | ||
codeql: | ||
compiled: | ||
enabled: true | ||
asyncSdl: # https://aka.ms/obpipelines/asyncsdl | ||
enabled: true | ||
forStages: [stagebuild] | ||
credscan: | ||
enabled: true | ||
scanFolder: $(Build.SourcesDirectory)\PSResourceGet | ||
binskim: | ||
enabled: true | ||
apiscan: | ||
enabled: false | ||
|
||
stages: | ||
- stage: stagebuild | ||
displayName: Build and Package Microsoft.PowerShell.PSResourceGet | ||
jobs: | ||
- job: jobbuild | ||
displayName: Build Microsoft.PowerShell.PSResourceGet Files | ||
variables: # More settings at https://aka.ms/obpipelines/yaml/jobs | ||
- name: ob_outputDirectory | ||
value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' | ||
- name: repoRoot | ||
value: $(Build.SourcesDirectory)\PSResourceGet | ||
- name: ob_sdl_tsa_configFile | ||
value: $(Build.SourcesDirectory)\PSResourceGet\.config\tsaoptions.json | ||
- name: signSrcPath | ||
value: $(repoRoot)/out | ||
- name: depsPath | ||
value: $(signSrcPath)\Microsoft.PowerShell.PSResourceGet\Dependencies | ||
- name: ob_sdl_sbom_enabled | ||
value: true | ||
- name: ob_signing_setup_enabled | ||
value: true | ||
#CodeQL tasks added manually to workaround signing failures | ||
- name: ob_sdl_codeql_compiled_enabled | ||
value: false | ||
pool: | ||
type: windows | ||
steps: | ||
- checkout: self | ||
env: | ||
ob_restore_phase: true # Set ob_restore_phase to run this step before '🔒 Setup Signing' step. | ||
|
||
- pwsh: | | ||
if (-not (Test-Path $(repoRoot)/.config/tsaoptions.json)) { | ||
Get-ChildItem $(Build.SourcesDirectory) -recurse -ErrorAction SilentlyContinue | ||
throw "tsaoptions.json does not exist under $(repoRoot)/.config" | ||
} | ||
displayName: Test if tsaoptions.json exists | ||
env: | ||
ob_restore_phase: true # Set ob_restore_phase to run this step before '🔒 Setup Signing' step. | ||
- pwsh: | | ||
Get-ChildItem env: | ||
displayName: Capture Environment | ||
env: | ||
ob_restore_phase: true # Set ob_restore_phase to run this step before '🔒 Setup Signing' step. | ||
- task: UseDotNet@2 | ||
displayName: 'Install .NET dependencies' | ||
env: | ||
ob_restore_phase: true # Set ob_restore_phase to run this step before '🔒 Setup Signing' step. | ||
inputs: | ||
packageType: 'sdk' | ||
useGlobalJson: true | ||
# this is to ensure that we are installing the dotnet at the same location as container by default install the dotnet sdks | ||
installationPath: 'C:\Program Files\dotnet\' | ||
workingDirectory: $(repoRoot) | ||
|
||
- task: CodeQL3000Init@0 # Add CodeQL Init task right before your 'Build' step. | ||
env: | ||
ob_restore_phase: true # Set ob_restore_phase to run this step before '🔒 Setup Signing' step. | ||
inputs: | ||
Enabled: true | ||
AnalyzeInPipeline: true | ||
Language: csharp | ||
|
||
- pwsh: | | ||
$module = 'Microsoft.PowerShell.PSResourceGet' | ||
Write-Verbose "installing $module..." -verbose | ||
$ProgressPreference = 'SilentlyContinue' | ||
Install-Module $module -AllowClobber -Force | ||
displayName: Install PSResourceGet 0.9.0 or above for build.psm1 | ||
env: | ||
ob_restore_phase: true # Set ob_restore_phase to run this step before '🔒 Setup Signing' step. | ||
# this is installing .NET | ||
- pwsh: | | ||
Set-Location "$(repoRoot)" | ||
try { ./build.ps1 -Build -Clean -BuildConfiguration Release -BuildFramework 'net472'} catch { throw $_ } | ||
displayName: Execute build | ||
env: | ||
ob_restore_phase: true # Set ob_restore_phase to run this step before '🔒 Setup Signing' step. | ||
- task: CodeQL3000Finalize@0 # Add CodeQL Finalize task right after your 'Build' step. | ||
condition: always() | ||
env: | ||
ob_restore_phase: true # Set ob_restore_phase to run this step before '🔒 Setup Signing' step. | ||
|
||
- task: onebranch.pipeline.signing@1 | ||
displayName: Sign 1st party files | ||
inputs: | ||
command: 'sign' | ||
signing_profile: external_distribution | ||
files_to_sign: '**\*.psd1;**\*.psm1;**\*.ps1xml;**\Microsoft*.dll' | ||
search_root: $(signSrcPath) | ||
|
||
- pwsh: | | ||
$unsignedDepsPath = Join-Path -Path $(signSrcPath) -ChildPath "Microsoft.PowerShell.PSResourceGet" -AdditionalChildPath "UnsignedDependencies" | ||
New-Item -Path $unsignedDepsPath -ItemType Directory -Force | ||
Get-ChildItem -Path $(depsPath) -Filter '*.dll' | Foreach-Object { | ||
$sig = Get-AuthenticodeSignature -FilePath $_.FullName | ||
if ($sig.Status -ne 'Valid' -or $sig.SignerCertificate.Subject -notlike '*Microsoft*' -or $sig.SignerCertificate.Issuer -notlike '*Microsoft Code Signing PCA*') { | ||
# Copy for third party signing | ||
Copy-Item -Path $_.FullName -Dest $unsignedDepsPath -Force -Verbose | ||
} | ||
} | ||
displayName: Find all 3rd party files that need to be signed | ||
- task: onebranch.pipeline.signing@1 | ||
displayName: Sign 3rd Party files | ||
inputs: | ||
command: 'sign' | ||
signing_profile: 135020002 | ||
files_to_sign: '*.dll' | ||
search_root: $(signSrcPath)/Microsoft.PowerShell.PSResourceGet/UnsignedDependencies | ||
|
||
- pwsh: | | ||
$newlySignedDepsPath = Join-Path -Path $(signSrcPath) -ChildPath "Microsoft.PowerShell.PSResourceGet" -AdditionalChildPath "UnsignedDependencies" | ||
Get-ChildItem -Path $newlySignedDepsPath -Filter '*.dll' | Foreach-Object { | ||
$sig = Get-AuthenticodeSignature -FilePath $_.FullName | ||
if ($sig.Status -ne 'Valid' -or $sig.SignerCertificate.Subject -notlike '*Microsoft*' -or $sig.SignerCertificate.Issuer -notlike '*Microsoft Windows Production PCA*') { | ||
Write-Error "File $($_.FileName) is not signed by Microsoft" | ||
} | ||
else { | ||
Copy-Item -Path $_.FullName -Dest $(depsPath) -Force -Verbose | ||
} | ||
} | ||
Remove-Item -Path $newlySignedDepsPath -Recurse -Force | ||
displayName: Validate 3rd party files were signed | ||
- task: CopyFiles@2 | ||
displayName: "Copy signed files to ob_outputDirectory - '$(ob_outputDirectory)'" | ||
inputs: | ||
SourceFolder: "$(signSrcPath)" | ||
Contents: '**' | ||
TargetFolder: $(ob_outputDirectory) | ||
|
||
- pwsh: | | ||
Write-Host "Displaying contents of signSrcPath:" | ||
Get-ChildItem $(signSrcPath) -Recurse | ||
Write-Host "Displaying contents of ob_outputDirectory:" | ||
Get-ChildItem $(ob_outputDirectory) -Recurse | ||
displayName: Get contents of dirs with signed files | ||
- job: nupkg | ||
dependsOn: jobbuild | ||
displayName: Package Microsoft.PowerShell.PSResourceGet | ||
variables: | ||
- name: ob_outputDirectory | ||
value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' | ||
- name: repoRoot | ||
value: $(Build.SourcesDirectory)\PSResourceGet | ||
- name: ob_sdl_tsa_configFile | ||
value: $(Build.SourcesDirectory)\PSResourceGet\.config\tsaoptions.json | ||
# Disable because SBOM was already built in the previous job | ||
- name: ob_sdl_sbom_enabled | ||
value: false | ||
- name: signOutPath | ||
value: $(repoRoot)/signed | ||
- name: ob_signing_setup_enabled | ||
value: true | ||
# This job is not compiling code, so disable codeQL | ||
- name: ob_sdl_codeql_compiled_enabled | ||
value: false | ||
|
||
pool: | ||
type: windows | ||
steps: | ||
- checkout: self | ||
|
||
- pwsh: | | ||
if (-not (Test-Path $(repoRoot)/.config/tsaoptions.json)) { | ||
Get-ChildItem $(Build.SourcesDirectory) -recurse -ErrorAction SilentlyContinue | ||
throw "tsaoptions.json does not exist under $(repoRoot)/.config" | ||
} | ||
displayName: Test if tsaoptions.json exists | ||
- task: DownloadPipelineArtifact@2 | ||
displayName: 'Download build files' | ||
inputs: | ||
targetPath: $(signOutPath) | ||
artifact: drop_stagebuild_jobbuild | ||
|
||
- pwsh: | | ||
Set-Location "$(signOutPath)" | ||
Write-Host "Contents of signOutPath:" | ||
Get-ChildItem $(signOutPath) -Recurse | ||
displayName: Capture artifacts directory structure | ||
- pwsh: | | ||
$module = 'Microsoft.PowerShell.PSResourceGet' | ||
Write-Verbose "installing $module..." -verbose | ||
$ProgressPreference = 'SilentlyContinue' | ||
Install-Module $module -AllowClobber -Force | ||
displayName: Install PSResourceGet 0.9.0 or above for build.psm1 | ||
- pwsh: | | ||
Set-Location "$(signOutPath)\Microsoft.PowerShell.PSResourceGet" | ||
New-Item -ItemType Directory -Path "$(signOutPath)\PublishedNupkg" -Force | ||
Register-PSResourceRepository -Name 'localRepo' -Uri "$(signOutPath)\PublishedNupkg" | ||
Publish-PSResource -Path "$(signOutPath)\Microsoft.PowerShell.PSResourceGet" -Repository 'localRepo' -Verbose | ||
displayName: Create nupkg for publishing | ||
- task: onebranch.pipeline.signing@1 | ||
displayName: Sign nupkg | ||
inputs: | ||
command: 'sign' | ||
signing_profile: external_distribution | ||
files_to_sign: '**\*.nupkg' | ||
search_root: "$(signOutPath)\PublishedNupkg" | ||
|
||
- pwsh: | | ||
Set-Location "$(signOutPath)\PublishedNupkg" | ||
Write-Host "Contents of signOutPath:" | ||
Get-ChildItem "$(signOutPath)" -Recurse | ||
displayName: Find Nupkg | ||
- task: CopyFiles@2 | ||
displayName: "Copy nupkg to ob_outputDirectory - '$(ob_outputDirectory)'" | ||
inputs: | ||
Contents: $(signOutPath)\PublishedNupkg\Microsoft.PowerShell.PSResourceGet.*.nupkg | ||
TargetFolder: $(ob_outputDirectory) | ||
|
||
- pwsh: | | ||
Write-Host "Contents of ob_outputDirectory:" | ||
Get-ChildItem "$(ob_outputDirectory)" -Recurse | ||
displayName: Find Signed Nupkg | ||
- stage: release | ||
displayName: Release PSResourceGet | ||
dependsOn: stagebuild | ||
variables: | ||
version: $[ stageDependencies.build.main.outputs['package.version'] ] | ||
drop: $(Pipeline.Workspace)/drop_build_main | ||
jobs: | ||
- job: validation | ||
displayName: Manual validation | ||
pool: | ||
type: agentless | ||
timeoutInMinutes: 1440 | ||
steps: | ||
- task: ManualValidation@0 | ||
displayName: Wait 24 hours for validation | ||
inputs: | ||
instructions: Please validate the release | ||
timeoutInMinutes: 1440 | ||
- job: PSGalleryPublish | ||
displayName: Publish to PSGallery | ||
dependsOn: validation | ||
pool: | ||
type: windows | ||
variables: | ||
ob_outputDirectory: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' | ||
steps: | ||
- download: current | ||
displayName: Download artifact | ||
|
||
- pwsh: | | ||
Get-ChildItem $(Pipeline.Workspace) -Recurse | ||
displayName: Capture environment | ||
- pwsh: | | ||
Get-ChildItem "$(Pipeline.Workspace)/drop_stagebuild_nupkg" -Recurse | ||
displayName: Find signed Nupkg | ||
- task: NuGetCommand@2 | ||
displayName: Push PowerShellGet module artifacts to PSGallery feed | ||
inputs: | ||
command: push | ||
packagesToPush: '$(Pipeline.Workspace)\drop_stagebuild_nupkg\PSResourceGet\signed\PublishedNupkg\Microsoft.PowerShell.PSResourceGet.*.nupkg' | ||
nuGetFeedType: external | ||
publishFeedCredentials: PSGet-PSGalleryPush |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
The change logs have been split by version and moved to [CHANGELOG](./CHANGELOG). | ||
The change logs have been split by version and moved to [CHANGELOG](./CHANGELOG). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
{ | ||
"sdk": { | ||
"version": "8.0.202" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.