From e18702724dc670b14f1f7d5315b8c7268065f1df Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Fri, 15 Mar 2024 17:20:12 +0000 Subject: [PATCH 01/47] Updated release.yml --- .vsts-ci/release.yml | 526 +++++++++++++++++++++---------------------- 1 file changed, 261 insertions(+), 265 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 3267b776..73c9d93e 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -1,12 +1,14 @@ trigger: none - variables: - - name: BuildConfiguration - value: 'release' - - name: PackageRoot - value: '$(System.ArtifactsDirectory)/Packages' - - group: DSCAPIScan - +- name: BuildConfiguration + value: 'release' +- name: PackageRoot + value: '$(System.ArtifactsDirectory)/Packages' +- group: DSCAPIScan +- name: LinuxContainerImage + value: onebranch.azurecr.io/linux/ubuntu-2004:latest +- name: WindowsContainerImage + value: onebranch.azurecr.io/windows/ltsc2019/vse2022:latest resources: repositories: - repository: ComplianceRepo @@ -14,261 +16,255 @@ resources: endpoint: ComplianceGHRepo name: PowerShell/compliance ref: master - -stages: -- stage: BuildAndSign - displayName: Build Native Binaries - dependsOn: [] - jobs: - - job: SetPackageVersion - displayName: Set PackageVersion - steps: - - checkout: self - - pwsh: | - $packageVersion = ./build.ps1 -GetPackageVersion - $vstsCommandString = "vso[task.setvariable variable=Version;isoutput=true]$packageVersion" - Write-Host ("sending " + $vstsCommandString) - Write-Host "##$vstsCommandString" - name: Package - - - job: BuildWin - dependsOn: SetPackageVersion - variables: - - group: ESRP - - name: PackageVersion - value: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] - pool: - name: PowerShell1ES - demands: - - ImageOverride -equals PSMMS2019-Rust-Secure - displayName: Build - strategy: - matrix: - Windows x64: - buildName: x86_64-pc-windows-msvc - Windows x64_arm64: - buildName: aarch64-pc-windows-msvc - - steps: - - checkout: self - - pwsh: | - Set-Location "$(Build.SourcesDirectory)/DSC" - ./build.ps1 -Release -Architecture $(buildName) -SkipLinkCheck - displayName: 'Build $(buildName)' - condition: succeeded() - - pwsh: | - $null = New-Item -ItemType Directory -Path "$(PackageRoot)" -ErrorAction Ignore - $null = New-Item -ItemType Directory -Path "$(PackageRoot)/out" -ErrorAction Ignore - $outPath = New-Item -ItemType Directory -Path "$(PackageRoot)/out/$(buildName)" -ErrorAction Ignore - Copy-Item -Path "$(Build.SourcesDirectory)/DSC/bin/$(buildName)/$(BuildConfiguration)/*" -Destination $outPath -Verbose -Force - displayName: Copy binaries - condition: succeeded() - - pwsh: | - Set-Location "$(PackageRoot)" - $signSrcPath = "$(PackageRoot)/out/$(buildName)" - # Set signing src path variable - $vstsCommandString = "vso[task.setvariable variable=signSrcPath]${signSrcPath}" - Write-Host ("sending " + $vstsCommandString) - Write-Host "##$vstsCommandString" - - pwsh: | - $signOutPath = "$(PackageRoot)/signed" - $null = New-Item -ItemType Directory -Path $signOutPath - # Set signing out path variable - $vstsCommandString = "vso[task.setvariable variable=signOutPath;isoutput=true]${signOutPath}" - Write-Host "sending " + $vstsCommandString - Write-Host "##$vstsCommandString" - name: signOutPath - - pwsh: | - # Set path variable for guardian codesign validation - $vstsCommandString = "vso[task.setvariable variable=GDN_CODESIGN_TARGETDIRECTORY]$(signOutPath.signOutPath)" - Write-Host "sending " + $vstsCommandString - Write-Host "##$vstsCommandString" - displayName: Setup variables for signing - - - checkout: ComplianceRepo - - - template: EsrpSign.yml@ComplianceRepo - parameters: - # the folder which contains the binaries to sign - buildOutputPath: $(Build.SourcesDirectory)/DSC/bin/$(buildName)/$(BuildConfiguration) - # the location to put the signed output - signOutputPath: $(signOutPath.signOutPath) - # the certificate ID to use - certificateId: "CP-230012" - # The file pattern to use - # If not using minimatch: comma separated, with * supported - # If using minimatch: newline separated, with !, **, and * supported. - # See link in the useMinimatch comments. - pattern: '*.exe,*.ps1' - # decides if the task should use minimatch for the pattern matching. - # https://github.com/isaacs/minimatch#features - useMinimatch: false - - - template: Sbom.yml@ComplianceRepo - parameters: - BuildDropPath: $(signOutPath.signOutPath) - Build_Repository_Uri: 'https://github.com/powershell/DSC' - PackageName: 'DSC' - PackageVersion: $(PackageVersion) - - - pwsh: | - compress-archive -Path "$(signOutPath.signOutPath)/*" -DestinationPath "$(PackageRoot)/DSC-$(PackageVersion)-$(buildName).zip" - displayName: 'Compress $(buildName)' - condition: succeeded() - - pwsh: | - Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)\DSC-$(PackageVersion)-$(buildName).zip" - displayName: Upload artifacts - condition: succeeded() - - - job: PublishSigned - dependsOn: BuildWin - variables: - - name: signOutPath - value: $[ dependencies.BuildWin.outputs['signOutPath.signOutPath'] ] - steps: - - task: PublishPipelineArtifact@1 - inputs: - targetpath: $(signOutPath) - artifactName: signed - - - job: BuildLinux - dependsOn: SetPackageVersion - variables: - PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] - displayName: Linux-x64-gnu - pool: - name: PowerShell1ES - demands: - - ImageOverride -equals PSMMSUbuntu20.04-Secure - steps: - - pwsh: | - ./build.ps1 -Release -Architecture x86_64-unknown-linux-gnu - displayName: 'Build x86_64-unknown-linux-gnu' - condition: succeeded() - - template: Sbom.yml@ComplianceRepo - parameters: - BuildDropPath: $(Build.SourcesDirectory)/bin/x86_64-unknown-linux-gnu/$(BuildConfiguration) - Build_Repository_Uri: 'https://github.com/powershell/DSC' - PackageName: 'DSC' - PackageVersion: $(PackageVersion) - - pwsh: | - new-item -itemType Directory $(PackageRoot) -Force - tar czf '$(PackageRoot)/DSC-$(PackageVersion)-x86_64-unknown-linux-gnu.tar.gz' -C $(Build.SourcesDirectory)/bin/x86_64-unknown-linux-gnu/$(BuildConfiguration) . - displayName: 'Compress x86_64-unknown-linux-gnu' - condition: succeeded() - - pwsh: | - Write-Host '##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$(PackageVersion)-x86_64-unknown-linux-gnu.tar.gz' - displayName: Upload artifacts - condition: succeeded() - - - job: BuildLinuxArm64 - dependsOn: SetPackageVersion - variables: - PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] - displayName: Linux-ARM64-gnu - pool: - name: ps-powershell-rel-arm - demands: - - ImageOverride -equals PSMMSUbuntu20.04-ARM64-secure - steps: - - pwsh: | - ./build.ps1 -Release -Architecture aarch64-unknown-linux-gnu - displayName: 'Build aarch64-unknown-linux-gnu' - condition: succeeded() - - template: Sbom.yml@ComplianceRepo - parameters: - BuildDropPath: $(Build.SourcesDirectory)/bin/aarch64-unknown-linux-gnu/$(BuildConfiguration) - Build_Repository_Uri: 'https://github.com/powershell/DSC' - PackageName: 'DSC' - PackageVersion: $(PackageVersion) - - pwsh: | - new-item -itemType Directory $(PackageRoot) -Force - tar czf '$(PackageRoot)/DSC-$(PackageVersion)-aarch64-unknown-linux-gnu.tar.gz' -C $(Build.SourcesDirectory)/bin/aarch64-unknown-linux-gnu/$(BuildConfiguration) . - displayName: 'Compress aarch64-unknown-linux-gnu' - condition: succeeded() - - pwsh: | - Write-Host '##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$(PackageVersion)-aarch64-unknown-linux-gnu.tar.gz' - displayName: Upload artifacts - condition: succeeded() - - - job: BuildMac - dependsOn: SetPackageVersion - variables: - PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] - displayName: Build - pool: - vmImage: macOS-Latest - strategy: - matrix: - macOS x64: - buildName: x86_64-apple-darwin - macOS arm64: - buildName: aarch64-apple-darwin - steps: - - pwsh: | - ./build.ps1 -Release -Architecture $(buildName) - displayName: 'Build $(buildName)' - condition: succeeded() - - template: Sbom.yml@ComplianceRepo - parameters: - BuildDropPath: $(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration) - Build_Repository_Uri: 'https://github.com/powershell/DSC' - PackageName: 'DSC' - PackageVersion: $(PackageVersion) - - pwsh: | - new-item -itemType Directory $(PackageRoot) -Force - tar czf '$(PackageRoot)/DSC-$(PackageVersion)-$(buildName).tar.gz' -C $(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration) . - displayName: 'Compress $(buildName)' - condition: succeeded() - - pwsh: | - Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$(PackageVersion)-$(buildName).tar.gz" - displayName: Upload artifacts - condition: succeeded() - -- stage: compliance - displayName: Compliance - dependsOn: BuildAndSign - jobs: - - job: Compliance_Job - variables: - PackageVersion: $[ stageDependencies.BuildAndSign.SetPackageVersion.outputs['Package.Version'] ] - pool: - name: PowerShell1ES - demands: - - ImageOverride -equals PSMMS2019-Rust-Secure - steps: - - checkout: self - clean: true - - checkout: ComplianceRepo - clean: true - - - download: current - artifact: release - - - download: current - artifact: signed - - - pwsh: | - Get-ChildItem -Path 'ENV:' - displayName: Capture environment - - - template: assembly-module-compliance.yml@ComplianceRepo - parameters: - # binskim - AnalyzeTarget: '$(Build.SourcesDirectory)/DSC/bin/x86_64-pc-windows-msvc/release/*.exe' #'$(Pipeline.Workspace)/uncompressed/*.exe' - AnalyzeSymPath: 'SRV*' - # component-governance - sourceScanPath: '$(Build.SourcesDirectory)/DSC' - # credscan - suppressionsFile: '' - # TermCheck - optionsRulesDBPath: '' - optionsFTPath: '' - # tsa-upload - codeBaseName: 'DSC' - # selections - softwareName: 'DSC' - softwareNameFolder: '$(Build.SourcesDirectory)/DSC/bin/x86_64-pc-windows-msvc/release' #'$(Pipeline.Workspace)/uncompressed' - softwareVersion: '$(PackageVersion)' - connectionString: RunAs=App;AppId=$(APIScanClient);TenantId=$(APIScanTenant);AppKey=$(APIScanSecret) - APIScan: true # set to false when not using Windows APIs. + - repository: onebranchTemplates + type: git + name: OneBranch.Pipelines/GovernedTemplates + ref: refs/heads/main +extends: + template: v2/OneBranch.Official.CrossPlat.yml@onebranchTemplates + parameters: + customTags: 'ES365AIMigrationTooling' + stages: + - stage: BuildAndSign + displayName: Build Native Binaries + dependsOn: [] + jobs: + - job: SetPackageVersion + displayName: Set PackageVersion + pool: + type: windows + variables: + - name: ob_outputDirectory + value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + steps: + - checkout: self + - pwsh: | + $packageVersion = ./build.ps1 -GetPackageVersion + $vstsCommandString = "vso[task.setvariable variable=Version;isoutput=true]$packageVersion" + Write-Host ("sending " + $vstsCommandString) + Write-Host "##$vstsCommandString" + name: Package + - job: BuildWin + dependsOn: SetPackageVersion + variables: + - group: ESRP + - name: PackageVersion + value: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] + - name: ob_outputDirectory + value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + pool: + type: windows + displayName: Build + strategy: + matrix: + Windows x64: + buildName: x86_64-pc-windows-msvc + Windows x64_arm64: + buildName: aarch64-pc-windows-msvc + steps: + - checkout: self + - pwsh: | + Set-Location "$(Build.SourcesDirectory)/DSC" + ./build.ps1 -Release -Architecture $(buildName) -SkipLinkCheck + displayName: 'Build $(buildName)' + condition: succeeded() + - pwsh: | + $null = New-Item -ItemType Directory -Path "$(PackageRoot)" -ErrorAction Ignore + $null = New-Item -ItemType Directory -Path "$(PackageRoot)/out" -ErrorAction Ignore + $outPath = New-Item -ItemType Directory -Path "$(PackageRoot)/out/$(buildName)" -ErrorAction Ignore + Copy-Item -Path "$(Build.SourcesDirectory)/DSC/bin/$(buildName)/$(BuildConfiguration)/*" -Destination $outPath -Verbose -Force + displayName: Copy binaries + condition: succeeded() + - pwsh: | + Set-Location "$(PackageRoot)" + $signSrcPath = "$(PackageRoot)/out/$(buildName)" + # Set signing src path variable + $vstsCommandString = "vso[task.setvariable variable=signSrcPath]${signSrcPath}" + Write-Host ("sending " + $vstsCommandString) + Write-Host "##$vstsCommandString" + - pwsh: | + $signOutPath = "$(PackageRoot)/signed" + $null = New-Item -ItemType Directory -Path $signOutPath + # Set signing out path variable + $vstsCommandString = "vso[task.setvariable variable=signOutPath;isoutput=true]${signOutPath}" + Write-Host "sending " + $vstsCommandString + Write-Host "##$vstsCommandString" + name: signOutPath + - pwsh: | + # Set path variable for guardian codesign validation + $vstsCommandString = "vso[task.setvariable variable=GDN_CODESIGN_TARGETDIRECTORY]$(signOutPath.signOutPath)" + Write-Host "sending " + $vstsCommandString + Write-Host "##$vstsCommandString" + displayName: Setup variables for signing + - checkout: ComplianceRepo + - template: EsrpSign.yml@ComplianceRepo + parameters: + buildOutputPath: $(Build.SourcesDirectory)/DSC/bin/$(buildName)/$(BuildConfiguration) + signOutputPath: $(signOutPath.signOutPath) + certificateId: "CP-230012" + pattern: '*.exe,*.ps1' + useMinimatch: false + - template: Sbom.yml@ComplianceRepo + parameters: + BuildDropPath: $(signOutPath.signOutPath) + Build_Repository_Uri: 'https://github.com/powershell/DSC' + PackageName: 'DSC' + PackageVersion: $(PackageVersion) + - pwsh: | + compress-archive -Path "$(signOutPath.signOutPath)/*" -DestinationPath "$(PackageRoot)/DSC-$(PackageVersion)-$(buildName).zip" + displayName: 'Compress $(buildName)' + condition: succeeded() + - pwsh: | + Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)\DSC-$(PackageVersion)-$(buildName).zip" + displayName: Upload artifacts + condition: succeeded() + - job: PublishSigned + dependsOn: BuildWin + variables: + - name: signOutPath + value: $[ dependencies.BuildWin.outputs['signOutPath.signOutPath'] ] + - name: ob_outputDirectory + value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + pool: + type: windows + steps: + - task: CopyFiles@2 + displayName: "Copy Files for 'PublishPipelineArtifact@1' publish task" + inputs: + SourceFolder: $(signOutPath) + Contents: '**' + TargetFolder: $(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT/signed + - job: BuildLinux + dependsOn: SetPackageVersion + variables: + - name: PackageVersion + value: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] + - name: ob_outputDirectory + value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + displayName: Linux-x64-gnu + pool: + type: windows + steps: + - pwsh: | + ./build.ps1 -Release -Architecture x86_64-unknown-linux-gnu + displayName: 'Build x86_64-unknown-linux-gnu' + condition: succeeded() + - template: Sbom.yml@ComplianceRepo + parameters: + BuildDropPath: $(Build.SourcesDirectory)/bin/x86_64-unknown-linux-gnu/$(BuildConfiguration) + Build_Repository_Uri: 'https://github.com/powershell/DSC' + PackageName: 'DSC' + PackageVersion: $(PackageVersion) + - pwsh: | + new-item -itemType Directory $(PackageRoot) -Force + tar czf '$(PackageRoot)/DSC-$(PackageVersion)-x86_64-unknown-linux-gnu.tar.gz' -C $(Build.SourcesDirectory)/bin/x86_64-unknown-linux-gnu/$(BuildConfiguration) . + displayName: 'Compress x86_64-unknown-linux-gnu' + condition: succeeded() + - pwsh: | + Write-Host '##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$(PackageVersion)-x86_64-unknown-linux-gnu.tar.gz' + displayName: Upload artifacts + condition: succeeded() + - job: BuildLinuxArm64 + dependsOn: SetPackageVersion + variables: + - name: PackageVersion + value: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] + - name: ob_outputDirectory + value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + displayName: Linux-ARM64-gnu + pool: + type: windows + steps: + - pwsh: | + ./build.ps1 -Release -Architecture aarch64-unknown-linux-gnu + displayName: 'Build aarch64-unknown-linux-gnu' + condition: succeeded() + - template: Sbom.yml@ComplianceRepo + parameters: + BuildDropPath: $(Build.SourcesDirectory)/bin/aarch64-unknown-linux-gnu/$(BuildConfiguration) + Build_Repository_Uri: 'https://github.com/powershell/DSC' + PackageName: 'DSC' + PackageVersion: $(PackageVersion) + - pwsh: | + new-item -itemType Directory $(PackageRoot) -Force + tar czf '$(PackageRoot)/DSC-$(PackageVersion)-aarch64-unknown-linux-gnu.tar.gz' -C $(Build.SourcesDirectory)/bin/aarch64-unknown-linux-gnu/$(BuildConfiguration) . + displayName: 'Compress aarch64-unknown-linux-gnu' + condition: succeeded() + - pwsh: | + Write-Host '##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$(PackageVersion)-aarch64-unknown-linux-gnu.tar.gz' + displayName: Upload artifacts + condition: succeeded() + - job: BuildMac + dependsOn: SetPackageVersion + variables: + - name: PackageVersion + value: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] + - name: ob_outputDirectory + value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + displayName: Build + pool: + type: windows + strategy: + matrix: + macOS x64: + buildName: x86_64-apple-darwin + macOS arm64: + buildName: aarch64-apple-darwin + steps: + - pwsh: | + ./build.ps1 -Release -Architecture $(buildName) + displayName: 'Build $(buildName)' + condition: succeeded() + - template: Sbom.yml@ComplianceRepo + parameters: + BuildDropPath: $(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration) + Build_Repository_Uri: 'https://github.com/powershell/DSC' + PackageName: 'DSC' + PackageVersion: $(PackageVersion) + - pwsh: | + new-item -itemType Directory $(PackageRoot) -Force + tar czf '$(PackageRoot)/DSC-$(PackageVersion)-$(buildName).tar.gz' -C $(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration) . + displayName: 'Compress $(buildName)' + condition: succeeded() + - pwsh: | + Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$(PackageVersion)-$(buildName).tar.gz" + displayName: Upload artifacts + condition: succeeded() + - stage: compliance + displayName: Compliance + dependsOn: BuildAndSign + jobs: + - job: Compliance_Job + variables: + - name: PackageVersion + value: $[ stageDependencies.BuildAndSign.SetPackageVersion.outputs['Package.Version'] ] + - name: ob_outputDirectory + value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + pool: + type: windows + steps: + - checkout: self + clean: true + - checkout: ComplianceRepo + clean: true + - download: current + artifact: release + - download: current + artifact: signed + - pwsh: | + Get-ChildItem -Path 'ENV:' + displayName: Capture environment + - template: assembly-module-compliance.yml@ComplianceRepo + parameters: + AnalyzeTarget: '$(Build.SourcesDirectory)/DSC/bin/x86_64-pc-windows-msvc/release/*.exe' + AnalyzeSymPath: 'SRV*' + sourceScanPath: '$(Build.SourcesDirectory)/DSC' + suppressionsFile: '' + optionsRulesDBPath: '' + optionsFTPath: '' + codeBaseName: 'DSC' + softwareName: 'DSC' + softwareNameFolder: '$(Build.SourcesDirectory)/DSC/bin/x86_64-pc-windows-msvc/release' + softwareVersion: '$(PackageVersion)' + connectionString: RunAs=App;AppId=$(APIScanClient);TenantId=$(APIScanTenant);AppKey=$(APIScanSecret) + APIScan: true \ No newline at end of file From d48f8abab5313cbf4867ed79fae10d88837a857c Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Fri, 15 Mar 2024 17:32:33 +0000 Subject: [PATCH 02/47] Added release.yml --- .pipelines/release.yml | 270 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 270 insertions(+) create mode 100644 .pipelines/release.yml diff --git a/.pipelines/release.yml b/.pipelines/release.yml new file mode 100644 index 00000000..73c9d93e --- /dev/null +++ b/.pipelines/release.yml @@ -0,0 +1,270 @@ +trigger: none +variables: +- name: BuildConfiguration + value: 'release' +- name: PackageRoot + value: '$(System.ArtifactsDirectory)/Packages' +- group: DSCAPIScan +- name: LinuxContainerImage + value: onebranch.azurecr.io/linux/ubuntu-2004:latest +- name: WindowsContainerImage + value: onebranch.azurecr.io/windows/ltsc2019/vse2022:latest +resources: + repositories: + - repository: ComplianceRepo + type: github + endpoint: ComplianceGHRepo + name: PowerShell/compliance + ref: master + - repository: onebranchTemplates + type: git + name: OneBranch.Pipelines/GovernedTemplates + ref: refs/heads/main +extends: + template: v2/OneBranch.Official.CrossPlat.yml@onebranchTemplates + parameters: + customTags: 'ES365AIMigrationTooling' + stages: + - stage: BuildAndSign + displayName: Build Native Binaries + dependsOn: [] + jobs: + - job: SetPackageVersion + displayName: Set PackageVersion + pool: + type: windows + variables: + - name: ob_outputDirectory + value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + steps: + - checkout: self + - pwsh: | + $packageVersion = ./build.ps1 -GetPackageVersion + $vstsCommandString = "vso[task.setvariable variable=Version;isoutput=true]$packageVersion" + Write-Host ("sending " + $vstsCommandString) + Write-Host "##$vstsCommandString" + name: Package + - job: BuildWin + dependsOn: SetPackageVersion + variables: + - group: ESRP + - name: PackageVersion + value: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] + - name: ob_outputDirectory + value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + pool: + type: windows + displayName: Build + strategy: + matrix: + Windows x64: + buildName: x86_64-pc-windows-msvc + Windows x64_arm64: + buildName: aarch64-pc-windows-msvc + steps: + - checkout: self + - pwsh: | + Set-Location "$(Build.SourcesDirectory)/DSC" + ./build.ps1 -Release -Architecture $(buildName) -SkipLinkCheck + displayName: 'Build $(buildName)' + condition: succeeded() + - pwsh: | + $null = New-Item -ItemType Directory -Path "$(PackageRoot)" -ErrorAction Ignore + $null = New-Item -ItemType Directory -Path "$(PackageRoot)/out" -ErrorAction Ignore + $outPath = New-Item -ItemType Directory -Path "$(PackageRoot)/out/$(buildName)" -ErrorAction Ignore + Copy-Item -Path "$(Build.SourcesDirectory)/DSC/bin/$(buildName)/$(BuildConfiguration)/*" -Destination $outPath -Verbose -Force + displayName: Copy binaries + condition: succeeded() + - pwsh: | + Set-Location "$(PackageRoot)" + $signSrcPath = "$(PackageRoot)/out/$(buildName)" + # Set signing src path variable + $vstsCommandString = "vso[task.setvariable variable=signSrcPath]${signSrcPath}" + Write-Host ("sending " + $vstsCommandString) + Write-Host "##$vstsCommandString" + - pwsh: | + $signOutPath = "$(PackageRoot)/signed" + $null = New-Item -ItemType Directory -Path $signOutPath + # Set signing out path variable + $vstsCommandString = "vso[task.setvariable variable=signOutPath;isoutput=true]${signOutPath}" + Write-Host "sending " + $vstsCommandString + Write-Host "##$vstsCommandString" + name: signOutPath + - pwsh: | + # Set path variable for guardian codesign validation + $vstsCommandString = "vso[task.setvariable variable=GDN_CODESIGN_TARGETDIRECTORY]$(signOutPath.signOutPath)" + Write-Host "sending " + $vstsCommandString + Write-Host "##$vstsCommandString" + displayName: Setup variables for signing + - checkout: ComplianceRepo + - template: EsrpSign.yml@ComplianceRepo + parameters: + buildOutputPath: $(Build.SourcesDirectory)/DSC/bin/$(buildName)/$(BuildConfiguration) + signOutputPath: $(signOutPath.signOutPath) + certificateId: "CP-230012" + pattern: '*.exe,*.ps1' + useMinimatch: false + - template: Sbom.yml@ComplianceRepo + parameters: + BuildDropPath: $(signOutPath.signOutPath) + Build_Repository_Uri: 'https://github.com/powershell/DSC' + PackageName: 'DSC' + PackageVersion: $(PackageVersion) + - pwsh: | + compress-archive -Path "$(signOutPath.signOutPath)/*" -DestinationPath "$(PackageRoot)/DSC-$(PackageVersion)-$(buildName).zip" + displayName: 'Compress $(buildName)' + condition: succeeded() + - pwsh: | + Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)\DSC-$(PackageVersion)-$(buildName).zip" + displayName: Upload artifacts + condition: succeeded() + - job: PublishSigned + dependsOn: BuildWin + variables: + - name: signOutPath + value: $[ dependencies.BuildWin.outputs['signOutPath.signOutPath'] ] + - name: ob_outputDirectory + value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + pool: + type: windows + steps: + - task: CopyFiles@2 + displayName: "Copy Files for 'PublishPipelineArtifact@1' publish task" + inputs: + SourceFolder: $(signOutPath) + Contents: '**' + TargetFolder: $(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT/signed + - job: BuildLinux + dependsOn: SetPackageVersion + variables: + - name: PackageVersion + value: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] + - name: ob_outputDirectory + value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + displayName: Linux-x64-gnu + pool: + type: windows + steps: + - pwsh: | + ./build.ps1 -Release -Architecture x86_64-unknown-linux-gnu + displayName: 'Build x86_64-unknown-linux-gnu' + condition: succeeded() + - template: Sbom.yml@ComplianceRepo + parameters: + BuildDropPath: $(Build.SourcesDirectory)/bin/x86_64-unknown-linux-gnu/$(BuildConfiguration) + Build_Repository_Uri: 'https://github.com/powershell/DSC' + PackageName: 'DSC' + PackageVersion: $(PackageVersion) + - pwsh: | + new-item -itemType Directory $(PackageRoot) -Force + tar czf '$(PackageRoot)/DSC-$(PackageVersion)-x86_64-unknown-linux-gnu.tar.gz' -C $(Build.SourcesDirectory)/bin/x86_64-unknown-linux-gnu/$(BuildConfiguration) . + displayName: 'Compress x86_64-unknown-linux-gnu' + condition: succeeded() + - pwsh: | + Write-Host '##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$(PackageVersion)-x86_64-unknown-linux-gnu.tar.gz' + displayName: Upload artifacts + condition: succeeded() + - job: BuildLinuxArm64 + dependsOn: SetPackageVersion + variables: + - name: PackageVersion + value: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] + - name: ob_outputDirectory + value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + displayName: Linux-ARM64-gnu + pool: + type: windows + steps: + - pwsh: | + ./build.ps1 -Release -Architecture aarch64-unknown-linux-gnu + displayName: 'Build aarch64-unknown-linux-gnu' + condition: succeeded() + - template: Sbom.yml@ComplianceRepo + parameters: + BuildDropPath: $(Build.SourcesDirectory)/bin/aarch64-unknown-linux-gnu/$(BuildConfiguration) + Build_Repository_Uri: 'https://github.com/powershell/DSC' + PackageName: 'DSC' + PackageVersion: $(PackageVersion) + - pwsh: | + new-item -itemType Directory $(PackageRoot) -Force + tar czf '$(PackageRoot)/DSC-$(PackageVersion)-aarch64-unknown-linux-gnu.tar.gz' -C $(Build.SourcesDirectory)/bin/aarch64-unknown-linux-gnu/$(BuildConfiguration) . + displayName: 'Compress aarch64-unknown-linux-gnu' + condition: succeeded() + - pwsh: | + Write-Host '##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$(PackageVersion)-aarch64-unknown-linux-gnu.tar.gz' + displayName: Upload artifacts + condition: succeeded() + - job: BuildMac + dependsOn: SetPackageVersion + variables: + - name: PackageVersion + value: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] + - name: ob_outputDirectory + value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + displayName: Build + pool: + type: windows + strategy: + matrix: + macOS x64: + buildName: x86_64-apple-darwin + macOS arm64: + buildName: aarch64-apple-darwin + steps: + - pwsh: | + ./build.ps1 -Release -Architecture $(buildName) + displayName: 'Build $(buildName)' + condition: succeeded() + - template: Sbom.yml@ComplianceRepo + parameters: + BuildDropPath: $(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration) + Build_Repository_Uri: 'https://github.com/powershell/DSC' + PackageName: 'DSC' + PackageVersion: $(PackageVersion) + - pwsh: | + new-item -itemType Directory $(PackageRoot) -Force + tar czf '$(PackageRoot)/DSC-$(PackageVersion)-$(buildName).tar.gz' -C $(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration) . + displayName: 'Compress $(buildName)' + condition: succeeded() + - pwsh: | + Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$(PackageVersion)-$(buildName).tar.gz" + displayName: Upload artifacts + condition: succeeded() + - stage: compliance + displayName: Compliance + dependsOn: BuildAndSign + jobs: + - job: Compliance_Job + variables: + - name: PackageVersion + value: $[ stageDependencies.BuildAndSign.SetPackageVersion.outputs['Package.Version'] ] + - name: ob_outputDirectory + value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + pool: + type: windows + steps: + - checkout: self + clean: true + - checkout: ComplianceRepo + clean: true + - download: current + artifact: release + - download: current + artifact: signed + - pwsh: | + Get-ChildItem -Path 'ENV:' + displayName: Capture environment + - template: assembly-module-compliance.yml@ComplianceRepo + parameters: + AnalyzeTarget: '$(Build.SourcesDirectory)/DSC/bin/x86_64-pc-windows-msvc/release/*.exe' + AnalyzeSymPath: 'SRV*' + sourceScanPath: '$(Build.SourcesDirectory)/DSC' + suppressionsFile: '' + optionsRulesDBPath: '' + optionsFTPath: '' + codeBaseName: 'DSC' + softwareName: 'DSC' + softwareNameFolder: '$(Build.SourcesDirectory)/DSC/bin/x86_64-pc-windows-msvc/release' + softwareVersion: '$(PackageVersion)' + connectionString: RunAs=App;AppId=$(APIScanClient);TenantId=$(APIScanTenant);AppKey=$(APIScanSecret) + APIScan: true \ No newline at end of file From d6b2c05f86daf58183179030b4e9e59429447c09 Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Fri, 15 Mar 2024 17:34:04 +0000 Subject: [PATCH 03/47] Renamed release.yml to DSC-Official.yml --- .pipelines/{release.yml => DSC-Official.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .pipelines/{release.yml => DSC-Official.yml} (100%) diff --git a/.pipelines/release.yml b/.pipelines/DSC-Official.yml similarity index 100% rename from .pipelines/release.yml rename to .pipelines/DSC-Official.yml From 512f5ba145aad9e94aa8a7f3fed6d4aa128a3e36 Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Fri, 15 Mar 2024 17:35:52 +0000 Subject: [PATCH 04/47] Updated DSC-Official.yml --- .pipelines/DSC-Official.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index 73c9d93e..b6730020 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -4,7 +4,6 @@ variables: value: 'release' - name: PackageRoot value: '$(System.ArtifactsDirectory)/Packages' -- group: DSCAPIScan - name: LinuxContainerImage value: onebranch.azurecr.io/linux/ubuntu-2004:latest - name: WindowsContainerImage From 722254f8b79f0198d45cdd2aa71384ac899296fa Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Fri, 15 Mar 2024 17:53:13 +0000 Subject: [PATCH 05/47] Remove use of old ComplianceRepo --- .pipelines/DSC-Official.yml | 43 ------------------------------------- 1 file changed, 43 deletions(-) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index b6730020..9dbfeb62 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -10,11 +10,6 @@ variables: value: onebranch.azurecr.io/windows/ltsc2019/vse2022:latest resources: repositories: - - repository: ComplianceRepo - type: github - endpoint: ComplianceGHRepo - name: PowerShell/compliance - ref: master - repository: onebranchTemplates type: git name: OneBranch.Pipelines/GovernedTemplates @@ -229,41 +224,3 @@ extends: Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$(PackageVersion)-$(buildName).tar.gz" displayName: Upload artifacts condition: succeeded() - - stage: compliance - displayName: Compliance - dependsOn: BuildAndSign - jobs: - - job: Compliance_Job - variables: - - name: PackageVersion - value: $[ stageDependencies.BuildAndSign.SetPackageVersion.outputs['Package.Version'] ] - - name: ob_outputDirectory - value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' - pool: - type: windows - steps: - - checkout: self - clean: true - - checkout: ComplianceRepo - clean: true - - download: current - artifact: release - - download: current - artifact: signed - - pwsh: | - Get-ChildItem -Path 'ENV:' - displayName: Capture environment - - template: assembly-module-compliance.yml@ComplianceRepo - parameters: - AnalyzeTarget: '$(Build.SourcesDirectory)/DSC/bin/x86_64-pc-windows-msvc/release/*.exe' - AnalyzeSymPath: 'SRV*' - sourceScanPath: '$(Build.SourcesDirectory)/DSC' - suppressionsFile: '' - optionsRulesDBPath: '' - optionsFTPath: '' - codeBaseName: 'DSC' - softwareName: 'DSC' - softwareNameFolder: '$(Build.SourcesDirectory)/DSC/bin/x86_64-pc-windows-msvc/release' - softwareVersion: '$(PackageVersion)' - connectionString: RunAs=App;AppId=$(APIScanClient);TenantId=$(APIScanTenant);AppKey=$(APIScanSecret) - APIScan: true \ No newline at end of file From dc63f218fbb117aadaa5ef6659a013ba384045f5 Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Fri, 15 Mar 2024 17:55:40 +0000 Subject: [PATCH 06/47] remove additional use of ComplianceRepo --- .pipelines/DSC-Official.yml | 32 -------------------------------- 1 file changed, 32 deletions(-) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index 9dbfeb62..dd25de07 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -90,20 +90,6 @@ extends: Write-Host "sending " + $vstsCommandString Write-Host "##$vstsCommandString" displayName: Setup variables for signing - - checkout: ComplianceRepo - - template: EsrpSign.yml@ComplianceRepo - parameters: - buildOutputPath: $(Build.SourcesDirectory)/DSC/bin/$(buildName)/$(BuildConfiguration) - signOutputPath: $(signOutPath.signOutPath) - certificateId: "CP-230012" - pattern: '*.exe,*.ps1' - useMinimatch: false - - template: Sbom.yml@ComplianceRepo - parameters: - BuildDropPath: $(signOutPath.signOutPath) - Build_Repository_Uri: 'https://github.com/powershell/DSC' - PackageName: 'DSC' - PackageVersion: $(PackageVersion) - pwsh: | compress-archive -Path "$(signOutPath.signOutPath)/*" -DestinationPath "$(PackageRoot)/DSC-$(PackageVersion)-$(buildName).zip" displayName: 'Compress $(buildName)' @@ -143,12 +129,6 @@ extends: ./build.ps1 -Release -Architecture x86_64-unknown-linux-gnu displayName: 'Build x86_64-unknown-linux-gnu' condition: succeeded() - - template: Sbom.yml@ComplianceRepo - parameters: - BuildDropPath: $(Build.SourcesDirectory)/bin/x86_64-unknown-linux-gnu/$(BuildConfiguration) - Build_Repository_Uri: 'https://github.com/powershell/DSC' - PackageName: 'DSC' - PackageVersion: $(PackageVersion) - pwsh: | new-item -itemType Directory $(PackageRoot) -Force tar czf '$(PackageRoot)/DSC-$(PackageVersion)-x86_64-unknown-linux-gnu.tar.gz' -C $(Build.SourcesDirectory)/bin/x86_64-unknown-linux-gnu/$(BuildConfiguration) . @@ -173,12 +153,6 @@ extends: ./build.ps1 -Release -Architecture aarch64-unknown-linux-gnu displayName: 'Build aarch64-unknown-linux-gnu' condition: succeeded() - - template: Sbom.yml@ComplianceRepo - parameters: - BuildDropPath: $(Build.SourcesDirectory)/bin/aarch64-unknown-linux-gnu/$(BuildConfiguration) - Build_Repository_Uri: 'https://github.com/powershell/DSC' - PackageName: 'DSC' - PackageVersion: $(PackageVersion) - pwsh: | new-item -itemType Directory $(PackageRoot) -Force tar czf '$(PackageRoot)/DSC-$(PackageVersion)-aarch64-unknown-linux-gnu.tar.gz' -C $(Build.SourcesDirectory)/bin/aarch64-unknown-linux-gnu/$(BuildConfiguration) . @@ -209,12 +183,6 @@ extends: ./build.ps1 -Release -Architecture $(buildName) displayName: 'Build $(buildName)' condition: succeeded() - - template: Sbom.yml@ComplianceRepo - parameters: - BuildDropPath: $(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration) - Build_Repository_Uri: 'https://github.com/powershell/DSC' - PackageName: 'DSC' - PackageVersion: $(PackageVersion) - pwsh: | new-item -itemType Directory $(PackageRoot) -Force tar czf '$(PackageRoot)/DSC-$(PackageVersion)-$(buildName).tar.gz' -C $(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration) . From 4213da766c0ff9d29e33068f0de0aabca62e462c Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Fri, 15 Mar 2024 18:07:09 +0000 Subject: [PATCH 07/47] Added tsaoptions.json --- .config/tsaoptions.json | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 .config/tsaoptions.json diff --git a/.config/tsaoptions.json b/.config/tsaoptions.json new file mode 100644 index 00000000..a581d13a --- /dev/null +++ b/.config/tsaoptions.json @@ -0,0 +1,9 @@ +{ + "instanceUrl": "https://msazure.visualstudio.com", + "projectName": "One", + "areaPath": "One\\MGMT\\Compute\\PowerShell Desired State Configuration", + "notificationAliases": [ + "anmenaga@microsoft.com", + "slee@microsoft.com" + ] +} From b0a06fd6e58e2c0713723cdece09541d764dc283 Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Fri, 15 Mar 2024 18:18:17 +0000 Subject: [PATCH 08/47] Set repoRoot variable --- .pipelines/DSC-Official.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index dd25de07..b75c6287 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -28,12 +28,14 @@ extends: pool: type: windows variables: + - name: repoRoot + value: $(Build.SourcesDirectory)\OSS_Microsoft_PSSA - name: ob_outputDirectory value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' steps: - checkout: self - pwsh: | - $packageVersion = ./build.ps1 -GetPackageVersion + $packageVersion = $(repoRoot)/build.ps1 -GetPackageVersion $vstsCommandString = "vso[task.setvariable variable=Version;isoutput=true]$packageVersion" Write-Host ("sending " + $vstsCommandString) Write-Host "##$vstsCommandString" From 4f2c622a3fe5ba8fa67292e0c1c9af8462dee00f Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Fri, 15 Mar 2024 18:35:04 +0000 Subject: [PATCH 09/47] Fix name of repo root --- .pipelines/DSC-Official.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index b75c6287..86d8c891 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -29,7 +29,7 @@ extends: type: windows variables: - name: repoRoot - value: $(Build.SourcesDirectory)\OSS_Microsoft_PSSA + value: $(Build.SourcesDirectory)\DSC - name: ob_outputDirectory value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' steps: From 45db9cfa08ca749fcac34bbc3af3cebc12c5ff77 Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Fri, 15 Mar 2024 18:50:23 +0000 Subject: [PATCH 10/47] add location of tsaoptions.json --- .pipelines/DSC-Official.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index 86d8c891..5612310b 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -30,6 +30,8 @@ extends: variables: - name: repoRoot value: $(Build.SourcesDirectory)\DSC + - name: ob_sdl_tsa_configFile + value: $(Build.SourcesDirectory)\DSC\.config\tsaoptions.json - name: ob_outputDirectory value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' steps: From 200bc4f679ab4ef7ec8fda12bac008a527ad6d72 Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Fri, 15 Mar 2024 19:14:59 +0000 Subject: [PATCH 11/47] Have rustup-init not prompt --- build.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.ps1 b/build.ps1 index 7972de00..af7b50a5 100644 --- a/build.ps1 +++ b/build.ps1 @@ -31,7 +31,7 @@ if (!(Get-Command 'cargo' -ErrorAction Ignore)) { else { Invoke-WebRequest 'https://static.rust-lang.org/rustup/dist/i686-pc-windows-gnu/rustup-init.exe' -OutFile 'temp:/rustup-init.exe' Write-Verbose -Verbose "Use the default settings to ensure build works" - & 'temp:/rustup-init.exe' + & 'temp:/rustup-init.exe' -y Remove-Item temp:/rustup-init.exe -ErrorAction Ignore } } From 75c31cfb51997d47e158c3460fed943cadcaec65 Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Fri, 15 Mar 2024 19:16:26 +0000 Subject: [PATCH 12/47] have rust install not prompt --- build.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.ps1 b/build.ps1 index af7b50a5..516e54a1 100644 --- a/build.ps1 +++ b/build.ps1 @@ -26,7 +26,7 @@ if ($GetPackageVersion) { if (!(Get-Command 'cargo' -ErrorAction Ignore)) { Write-Verbose -Verbose "Rust not found, installing..." if (!$IsWindows) { - curl https://sh.rustup.rs -sSf | sh + curl https://sh.rustup.rs -sSf | sh -- -y } else { Invoke-WebRequest 'https://static.rust-lang.org/rustup/dist/i686-pc-windows-gnu/rustup-init.exe' -OutFile 'temp:/rustup-init.exe' From 664fe2e35130fbb314359e9afa1fc35d3fb06f18 Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Fri, 15 Mar 2024 19:35:09 +0000 Subject: [PATCH 13/47] add rust to path after install --- build.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/build.ps1 b/build.ps1 index 516e54a1..d132d01c 100644 --- a/build.ps1 +++ b/build.ps1 @@ -32,6 +32,7 @@ if (!(Get-Command 'cargo' -ErrorAction Ignore)) { Invoke-WebRequest 'https://static.rust-lang.org/rustup/dist/i686-pc-windows-gnu/rustup-init.exe' -OutFile 'temp:/rustup-init.exe' Write-Verbose -Verbose "Use the default settings to ensure build works" & 'temp:/rustup-init.exe' -y + $env:PATH += ";$env:USERPROFILE\.cargo\bin" Remove-Item temp:/rustup-init.exe -ErrorAction Ignore } } From 498f6fa5ceebc1e50d869565a68a4e5931add39e Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Fri, 15 Mar 2024 20:03:03 +0000 Subject: [PATCH 14/47] fix linux and macOS pools --- .pipelines/DSC-Official.yml | 55 ++++++++++++++++--------------------- 1 file changed, 23 insertions(+), 32 deletions(-) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index 5612310b..672f76a8 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -1,13 +1,9 @@ trigger: none variables: -- name: BuildConfiguration - value: 'release' -- name: PackageRoot - value: '$(System.ArtifactsDirectory)/Packages' -- name: LinuxContainerImage - value: onebranch.azurecr.io/linux/ubuntu-2004:latest -- name: WindowsContainerImage - value: onebranch.azurecr.io/windows/ltsc2019/vse2022:latest + BuildConfiguration: 'release' + PackageRoot: '$(System.ArtifactsDirectory)/Packages' + LinuxContainerImage: onebranch.azurecr.io/linux/ubuntu-2004:latest + WindowsContainerImage: onebranch.azurecr.io/windows/ltsc2019/vse2022:latest resources: repositories: - repository: onebranchTemplates @@ -28,12 +24,9 @@ extends: pool: type: windows variables: - - name: repoRoot - value: $(Build.SourcesDirectory)\DSC - - name: ob_sdl_tsa_configFile - value: $(Build.SourcesDirectory)\DSC\.config\tsaoptions.json - - name: ob_outputDirectory - value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + repoRoot: $(Build.SourcesDirectory)\DSC + ob_sdl_tsa_configFile: $(Build.SourcesDirectory)\DSC\.config\tsaoptions.json + ob_outputDirectory: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' steps: - checkout: self - pwsh: | @@ -105,10 +98,8 @@ extends: - job: PublishSigned dependsOn: BuildWin variables: - - name: signOutPath - value: $[ dependencies.BuildWin.outputs['signOutPath.signOutPath'] ] - - name: ob_outputDirectory - value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + signOutPath: $[ dependencies.BuildWin.outputs['signOutPath.signOutPath'] ] + ob_outputDirectory: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' pool: type: windows steps: @@ -121,13 +112,11 @@ extends: - job: BuildLinux dependsOn: SetPackageVersion variables: - - name: PackageVersion - value: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] - - name: ob_outputDirectory - value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] + ob_outputDirectory: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' displayName: Linux-x64-gnu pool: - type: windows + type: lniux steps: - pwsh: | ./build.ps1 -Release -Architecture x86_64-unknown-linux-gnu @@ -145,10 +134,8 @@ extends: - job: BuildLinuxArm64 dependsOn: SetPackageVersion variables: - - name: PackageVersion - value: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] - - name: ob_outputDirectory - value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] + ob_outputDirectory: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' displayName: Linux-ARM64-gnu pool: type: windows @@ -169,13 +156,17 @@ extends: - job: BuildMac dependsOn: SetPackageVersion variables: - - name: PackageVersion - value: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] - - name: ob_outputDirectory - value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] + ob_outputDirectory: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + Codeql.Enabled: true + Codeql.Language: cpp + Codeql.Cadence: 72 displayName: Build pool: - type: windows + type: linux + isCustom: true + name: Azure Pipelines + vmImage: 'macOS-latest' strategy: matrix: macOS x64: From 1fe8d33044a266c5166188ea219e89c77fd5a068 Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Fri, 15 Mar 2024 20:03:56 +0000 Subject: [PATCH 15/47] fix typo --- .pipelines/DSC-Official.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index 672f76a8..d50e02da 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -116,7 +116,7 @@ extends: ob_outputDirectory: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' displayName: Linux-x64-gnu pool: - type: lniux + type: linux steps: - pwsh: | ./build.ps1 -Release -Architecture x86_64-unknown-linux-gnu From f8b6db53c4bf659ab73335d9e5e1abd508360181 Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Fri, 15 Mar 2024 20:41:28 +0000 Subject: [PATCH 16/47] fix using linux pool --- .pipelines/DSC-Official.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index d50e02da..0b53b921 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -138,7 +138,7 @@ extends: ob_outputDirectory: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' displayName: Linux-ARM64-gnu pool: - type: windows + type: linux steps: - pwsh: | ./build.ps1 -Release -Architecture aarch64-unknown-linux-gnu From 8b016902bf26eae8a2b340ca8ee3c21296c5bfee Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Fri, 15 Mar 2024 20:47:35 +0000 Subject: [PATCH 17/47] add workaround for known issue building rust in OneBranch on Windows --- .pipelines/DSC-Official.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index 0b53b921..449b6475 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -54,6 +54,11 @@ extends: buildName: aarch64-pc-windows-msvc steps: - checkout: self + - pwsh: | + $tmpdir = Join-Path ([System.IO.Path]::GetTempPath()) ([System.Guid]::NewGuid()) + New-Item -ItemType Directory -Path $tmpdir + Write-Host "##vso[task.setvariable variable=CARGO_TARGET_DIR;]$tmpdir" + displayName: 🛠️ Workaround for the LoadLibrary ACCESS_VIOLATION OneBranch issue - pwsh: | Set-Location "$(Build.SourcesDirectory)/DSC" ./build.ps1 -Release -Architecture $(buildName) -SkipLinkCheck @@ -63,7 +68,10 @@ extends: $null = New-Item -ItemType Directory -Path "$(PackageRoot)" -ErrorAction Ignore $null = New-Item -ItemType Directory -Path "$(PackageRoot)/out" -ErrorAction Ignore $outPath = New-Item -ItemType Directory -Path "$(PackageRoot)/out/$(buildName)" -ErrorAction Ignore - Copy-Item -Path "$(Build.SourcesDirectory)/DSC/bin/$(buildName)/$(BuildConfiguration)/*" -Destination $outPath -Verbose -Force + # workaround known issue of building in OneBranch copying from TMP folder + $null = New-Item -ItemType Directory -Path "$(Build.SourcesDirectory)/DSC/bin" -ErrorAction Ignore + Copy-Item -Recurse -Force $env:CARGO_TARGET_DIR "$(Build.SourcesDirectory)/DSC/bin" + # Copy-Item -Path "$(Build.SourcesDirectory)/DSC/bin/$(buildName)/$(BuildConfiguration)/*" -Destination $outPath -Verbose -Force displayName: Copy binaries condition: succeeded() - pwsh: | From 19848ccd5a0435b35ada311d281b78f7b7f90ace Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Fri, 15 Mar 2024 21:08:31 +0000 Subject: [PATCH 18/47] set host architecture for arm64 linux --- .pipelines/DSC-Official.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index 449b6475..d103a7a1 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -147,6 +147,7 @@ extends: displayName: Linux-ARM64-gnu pool: type: linux + hostArchitecture: arm64 steps: - pwsh: | ./build.ps1 -Release -Architecture aarch64-unknown-linux-gnu From c68591c7126c9ea86c3b44ba164c92a2929d2d32 Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Fri, 15 Mar 2024 21:18:45 +0000 Subject: [PATCH 19/47] fix codeql language --- .pipelines/DSC-Official.yml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index d103a7a1..9230b2a6 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -38,11 +38,8 @@ extends: - job: BuildWin dependsOn: SetPackageVersion variables: - - group: ESRP - - name: PackageVersion - value: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] - - name: ob_outputDirectory - value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] + ob_outputDirectory: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' pool: type: windows displayName: Build @@ -168,7 +165,7 @@ extends: PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] ob_outputDirectory: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' Codeql.Enabled: true - Codeql.Language: cpp + Codeql.Language: rust Codeql.Cadence: 72 displayName: Build pool: From 82db6dbf219267d74d6233e8b57c68aa7dbde10c Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Fri, 15 Mar 2024 21:48:56 +0000 Subject: [PATCH 20/47] use mariner images --- .pipelines/DSC-Official.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index 9230b2a6..d6558fd5 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -119,6 +119,7 @@ extends: variables: PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] ob_outputDirectory: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + LinuxContainerImage: 'mcr.microsoft.com/onebranch/cbl-mariner/build:2.0' displayName: Linux-x64-gnu pool: type: linux @@ -141,6 +142,7 @@ extends: variables: PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] ob_outputDirectory: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + LinuxContainerImage: 'mcr.microsoft.com/onebranch/cbl-mariner/build:2.0' displayName: Linux-ARM64-gnu pool: type: linux From a6ac2ad841bb4521e2c7ea6573b655573278a66b Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Fri, 15 Mar 2024 23:07:23 +0000 Subject: [PATCH 21/47] fix install of rust on Linux --- build.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.ps1 b/build.ps1 index d132d01c..afd25c21 100644 --- a/build.ps1 +++ b/build.ps1 @@ -26,7 +26,7 @@ if ($GetPackageVersion) { if (!(Get-Command 'cargo' -ErrorAction Ignore)) { Write-Verbose -Verbose "Rust not found, installing..." if (!$IsWindows) { - curl https://sh.rustup.rs -sSf | sh -- -y + curl https://sh.rustup.rs -sSf | sh -s -- -y } else { Invoke-WebRequest 'https://static.rust-lang.org/rustup/dist/i686-pc-windows-gnu/rustup-init.exe' -OutFile 'temp:/rustup-init.exe' From 51a3b30ece698e130a03a0433ce8dff3bed5ca31 Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Fri, 15 Mar 2024 23:09:07 +0000 Subject: [PATCH 22/47] add tsaconfig path to more stages --- .pipelines/DSC-Official.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index d6558fd5..a246c82d 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -39,6 +39,7 @@ extends: dependsOn: SetPackageVersion variables: PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] + ob_sdl_tsa_configFile: $(Build.SourcesDirectory)\DSC\.config\tsaoptions.json ob_outputDirectory: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' pool: type: windows @@ -104,6 +105,7 @@ extends: dependsOn: BuildWin variables: signOutPath: $[ dependencies.BuildWin.outputs['signOutPath.signOutPath'] ] + ob_sdl_tsa_configFile: $(Build.SourcesDirectory)\DSC\.config\tsaoptions.json ob_outputDirectory: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' pool: type: windows From 415722525b6c0f44801eee729c91cee9927b8b46 Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Sat, 16 Mar 2024 00:02:20 +0000 Subject: [PATCH 23/47] add cargo to path after install on linux --- build.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/build.ps1 b/build.ps1 index afd25c21..3c8259fb 100644 --- a/build.ps1 +++ b/build.ps1 @@ -27,6 +27,7 @@ if (!(Get-Command 'cargo' -ErrorAction Ignore)) { Write-Verbose -Verbose "Rust not found, installing..." if (!$IsWindows) { curl https://sh.rustup.rs -sSf | sh -s -- -y + $env:PATH += ":$env:HOME/.cargo/bin" } else { Invoke-WebRequest 'https://static.rust-lang.org/rustup/dist/i686-pc-windows-gnu/rustup-init.exe' -OutFile 'temp:/rustup-init.exe' From 7cf9dc5ce1f0d7b837400fe81f74bb8649b51582 Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Sat, 16 Mar 2024 03:09:45 +0000 Subject: [PATCH 24/47] install openssl-devel on mariner --- build.ps1 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/build.ps1 b/build.ps1 index 3c8259fb..c5e74148 100644 --- a/build.ps1 +++ b/build.ps1 @@ -38,6 +38,10 @@ if (!(Get-Command 'cargo' -ErrorAction Ignore)) { } } +if ($IsLinux -and (Test-Path /etc/mariner-release)) { + tdnf install -y openssl-devel +} + rustup default stable $BuildToolsPath = "${env:ProgramFiles(x86)}\Microsoft Visual Studio\2022\BuildTools\VC\Tools\MSVC" From a0c4cfb1f66899e605fb9d7ea62dee15d0b2b990 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Fri, 15 Mar 2024 20:45:53 -0700 Subject: [PATCH 25/47] fix destination path for archives --- .pipelines/DSC-Official.yml | 33 +++++++-------------------------- 1 file changed, 7 insertions(+), 26 deletions(-) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index a246c82d..b12c4061 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -41,6 +41,9 @@ extends: PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] ob_sdl_tsa_configFile: $(Build.SourcesDirectory)\DSC\.config\tsaoptions.json ob_outputDirectory: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + Codeql.Enabled: true + Codeql.Language: rust + Codeql.Cadence: 72 pool: type: windows displayName: Build @@ -94,13 +97,9 @@ extends: Write-Host "##$vstsCommandString" displayName: Setup variables for signing - pwsh: | - compress-archive -Path "$(signOutPath.signOutPath)/*" -DestinationPath "$(PackageRoot)/DSC-$(PackageVersion)-$(buildName).zip" + compress-archive -Path "$(signOutPath.signOutPath)/*" -DestinationPath "$(ob_outputDirectory)/DSC-$(PackageVersion)-$(buildName).zip" displayName: 'Compress $(buildName)' condition: succeeded() - - pwsh: | - Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)\DSC-$(PackageVersion)-$(buildName).zip" - displayName: Upload artifacts - condition: succeeded() - job: PublishSigned dependsOn: BuildWin variables: @@ -131,14 +130,9 @@ extends: displayName: 'Build x86_64-unknown-linux-gnu' condition: succeeded() - pwsh: | - new-item -itemType Directory $(PackageRoot) -Force - tar czf '$(PackageRoot)/DSC-$(PackageVersion)-x86_64-unknown-linux-gnu.tar.gz' -C $(Build.SourcesDirectory)/bin/x86_64-unknown-linux-gnu/$(BuildConfiguration) . + tar czf '$(ob_outputDirectory)/DSC-$(PackageVersion)-x86_64-unknown-linux-gnu.tar.gz' -C $(Build.SourcesDirectory)/bin/x86_64-unknown-linux-gnu/$(BuildConfiguration) . displayName: 'Compress x86_64-unknown-linux-gnu' condition: succeeded() - - pwsh: | - Write-Host '##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$(PackageVersion)-x86_64-unknown-linux-gnu.tar.gz' - displayName: Upload artifacts - condition: succeeded() - job: BuildLinuxArm64 dependsOn: SetPackageVersion variables: @@ -155,22 +149,14 @@ extends: displayName: 'Build aarch64-unknown-linux-gnu' condition: succeeded() - pwsh: | - new-item -itemType Directory $(PackageRoot) -Force - tar czf '$(PackageRoot)/DSC-$(PackageVersion)-aarch64-unknown-linux-gnu.tar.gz' -C $(Build.SourcesDirectory)/bin/aarch64-unknown-linux-gnu/$(BuildConfiguration) . + tar czf '$(ob_outputDirectory)/DSC-$(PackageVersion)-aarch64-unknown-linux-gnu.tar.gz' -C $(Build.SourcesDirectory)/bin/aarch64-unknown-linux-gnu/$(BuildConfiguration) . displayName: 'Compress aarch64-unknown-linux-gnu' condition: succeeded() - - pwsh: | - Write-Host '##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$(PackageVersion)-aarch64-unknown-linux-gnu.tar.gz' - displayName: Upload artifacts - condition: succeeded() - job: BuildMac dependsOn: SetPackageVersion variables: PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] ob_outputDirectory: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' - Codeql.Enabled: true - Codeql.Language: rust - Codeql.Cadence: 72 displayName: Build pool: type: linux @@ -189,11 +175,6 @@ extends: displayName: 'Build $(buildName)' condition: succeeded() - pwsh: | - new-item -itemType Directory $(PackageRoot) -Force - tar czf '$(PackageRoot)/DSC-$(PackageVersion)-$(buildName).tar.gz' -C $(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration) . + tar czf '$(ob_outputDirectory)/DSC-$(PackageVersion)-$(buildName).tar.gz' -C $(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration) . displayName: 'Compress $(buildName)' condition: succeeded() - - pwsh: | - Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$(PackageVersion)-$(buildName).tar.gz" - displayName: Upload artifacts - condition: succeeded() From b9763b6eddba470575d76b4693f2ed1e7131f728 Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Mon, 18 Mar 2024 22:54:59 +0000 Subject: [PATCH 26/47] update compliance steps --- .pipelines/DSC-Official.yml | 89 ++++++++++++++++++++++++++----------- 1 file changed, 62 insertions(+), 27 deletions(-) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index b12c4061..4d7bef68 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -1,19 +1,48 @@ +name: DSC-Release-$(Build.BuildId) trigger: none + +pr: + branches: + include: + - onebranch + - release* + variables: BuildConfiguration: 'release' PackageRoot: '$(System.ArtifactsDirectory)/Packages' - LinuxContainerImage: onebranch.azurecr.io/linux/ubuntu-2004:latest + LinuxContainerImage: 'mcr.microsoft.com/onebranch/cbl-mariner/build:2.0' WindowsContainerImage: onebranch.azurecr.io/windows/ltsc2019/vse2022:latest + resources: repositories: - repository: onebranchTemplates type: git name: OneBranch.Pipelines/GovernedTemplates ref: refs/heads/main + extends: template: v2/OneBranch.Official.CrossPlat.yml@onebranchTemplates parameters: customTags: 'ES365AIMigrationTooling' + globalSdl: + disableLegacyManifest: true + sbom: + enabled: true + packageName: Microsoft.DSC + codeql: + compiled: + enabled: true + asyncSdl: # https://aka.ms/obpipelines/asyncsdl + enabled: true + forStages: [Build] + credscan: + enabled: true + scanFolder: $(Build.SourcesDirectory)\DSC + binskim: + enabled: true + apiscan: + enabled: false + stages: - stage: BuildAndSign displayName: Build Native Binaries @@ -29,6 +58,8 @@ extends: ob_outputDirectory: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' steps: - checkout: self + env: + ob_restore_phase: true # set to run before signing step - pwsh: | $packageVersion = $(repoRoot)/build.ps1 -GetPackageVersion $vstsCommandString = "vso[task.setvariable variable=Version;isoutput=true]$packageVersion" @@ -41,6 +72,7 @@ extends: PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] ob_sdl_tsa_configFile: $(Build.SourcesDirectory)\DSC\.config\tsaoptions.json ob_outputDirectory: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + signSrcPath: $(repoRoot)/out Codeql.Enabled: true Codeql.Language: rust Codeql.Cadence: 72 @@ -55,6 +87,15 @@ extends: buildName: aarch64-pc-windows-msvc steps: - checkout: self + env: + ob_restore_phase: true + - task: CodeQL3000Init@0 # Add CodeQL Init task right before your 'Build' step. + env: + ob_restore_phase: true + inputs: + Enabled: true + AnalyzeInPipeline: true + Language: rust - pwsh: | $tmpdir = Join-Path ([System.IO.Path]::GetTempPath()) ([System.Guid]::NewGuid()) New-Item -ItemType Directory -Path $tmpdir @@ -65,39 +106,35 @@ extends: ./build.ps1 -Release -Architecture $(buildName) -SkipLinkCheck displayName: 'Build $(buildName)' condition: succeeded() + - task: CodeQL3000Finalize@0 # Add CodeQL Finalize task right after your 'Build' step. + condition: always() + env: + ob_restore_phase: true - pwsh: | $null = New-Item -ItemType Directory -Path "$(PackageRoot)" -ErrorAction Ignore $null = New-Item -ItemType Directory -Path "$(PackageRoot)/out" -ErrorAction Ignore $outPath = New-Item -ItemType Directory -Path "$(PackageRoot)/out/$(buildName)" -ErrorAction Ignore # workaround known issue of building in OneBranch copying from TMP folder - $null = New-Item -ItemType Directory -Path "$(Build.SourcesDirectory)/DSC/bin" -ErrorAction Ignore - Copy-Item -Recurse -Force $env:CARGO_TARGET_DIR "$(Build.SourcesDirectory)/DSC/bin" + $null = New-Item -ItemType Directory -Path "$(signSrcPath)" -ErrorAction Ignore + Copy-Item -Recurse -Force $env:CARGO_TARGET_DIR "$(signSrcPath)" # Copy-Item -Path "$(Build.SourcesDirectory)/DSC/bin/$(buildName)/$(BuildConfiguration)/*" -Destination $outPath -Verbose -Force displayName: Copy binaries condition: succeeded() + - task: onebranch.pipeline.signing@1 + displayName: Sign 1st party files + inputs: + command: 'sign' + signing_profile: external_distribution + files_to_sign: '**\*.exe;**\*.json' + search_root: $(signSrcPath) + - task: CopyFiles@2 + displayName: "Copy signed files to ob_outputDirectory - '$(ob_outputDirectory)'" + inputs: + SourceFolder: "$(signSrcPath)" + Contents: '**' + TargetFolder: $(ob_outputDirectory) - pwsh: | - Set-Location "$(PackageRoot)" - $signSrcPath = "$(PackageRoot)/out/$(buildName)" - # Set signing src path variable - $vstsCommandString = "vso[task.setvariable variable=signSrcPath]${signSrcPath}" - Write-Host ("sending " + $vstsCommandString) - Write-Host "##$vstsCommandString" - - pwsh: | - $signOutPath = "$(PackageRoot)/signed" - $null = New-Item -ItemType Directory -Path $signOutPath - # Set signing out path variable - $vstsCommandString = "vso[task.setvariable variable=signOutPath;isoutput=true]${signOutPath}" - Write-Host "sending " + $vstsCommandString - Write-Host "##$vstsCommandString" - name: signOutPath - - pwsh: | - # Set path variable for guardian codesign validation - $vstsCommandString = "vso[task.setvariable variable=GDN_CODESIGN_TARGETDIRECTORY]$(signOutPath.signOutPath)" - Write-Host "sending " + $vstsCommandString - Write-Host "##$vstsCommandString" - displayName: Setup variables for signing - - pwsh: | - compress-archive -Path "$(signOutPath.signOutPath)/*" -DestinationPath "$(ob_outputDirectory)/DSC-$(PackageVersion)-$(buildName).zip" + compress-archive -Path "$(ob_outputDirectory)/*" -DestinationPath "$(ob_outputDirectory)/DSC-$(PackageVersion)-$(buildName).zip" displayName: 'Compress $(buildName)' condition: succeeded() - job: PublishSigned @@ -120,7 +157,6 @@ extends: variables: PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] ob_outputDirectory: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' - LinuxContainerImage: 'mcr.microsoft.com/onebranch/cbl-mariner/build:2.0' displayName: Linux-x64-gnu pool: type: linux @@ -138,7 +174,6 @@ extends: variables: PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] ob_outputDirectory: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' - LinuxContainerImage: 'mcr.microsoft.com/onebranch/cbl-mariner/build:2.0' displayName: Linux-ARM64-gnu pool: type: linux From 57b13e4919678435dbca325ad853cba4a8eb7a76 Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Mon, 18 Mar 2024 23:41:44 +0000 Subject: [PATCH 27/47] set repo root --- .pipelines/DSC-Official.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index 4d7bef68..2b6fbc44 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -72,6 +72,7 @@ extends: PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] ob_sdl_tsa_configFile: $(Build.SourcesDirectory)\DSC\.config\tsaoptions.json ob_outputDirectory: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + repoRoot: $(Build.SourcesDirectory)\DSC signSrcPath: $(repoRoot)/out Codeql.Enabled: true Codeql.Language: rust From 59e0ff99dfab33090dad0964c61c9409f5b1730a Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Mon, 18 Mar 2024 23:44:39 +0000 Subject: [PATCH 28/47] add whitespace between platform jobs --- .pipelines/DSC-Official.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index 2b6fbc44..90a91a19 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -66,6 +66,7 @@ extends: Write-Host ("sending " + $vstsCommandString) Write-Host "##$vstsCommandString" name: Package + - job: BuildWin dependsOn: SetPackageVersion variables: @@ -153,6 +154,7 @@ extends: SourceFolder: $(signOutPath) Contents: '**' TargetFolder: $(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT/signed + - job: BuildLinux dependsOn: SetPackageVersion variables: @@ -170,6 +172,7 @@ extends: tar czf '$(ob_outputDirectory)/DSC-$(PackageVersion)-x86_64-unknown-linux-gnu.tar.gz' -C $(Build.SourcesDirectory)/bin/x86_64-unknown-linux-gnu/$(BuildConfiguration) . displayName: 'Compress x86_64-unknown-linux-gnu' condition: succeeded() + - job: BuildLinuxArm64 dependsOn: SetPackageVersion variables: @@ -188,6 +191,7 @@ extends: tar czf '$(ob_outputDirectory)/DSC-$(PackageVersion)-aarch64-unknown-linux-gnu.tar.gz' -C $(Build.SourcesDirectory)/bin/aarch64-unknown-linux-gnu/$(BuildConfiguration) . displayName: 'Compress aarch64-unknown-linux-gnu' condition: succeeded() + - job: BuildMac dependsOn: SetPackageVersion variables: From 8567dd6dc2653bf2937e8ad922bbe7fa1637b94d Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Mon, 18 Mar 2024 23:54:11 +0000 Subject: [PATCH 29/47] create output folder for Linux/macOS --- .pipelines/DSC-Official.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index 90a91a19..9a33de33 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -169,6 +169,7 @@ extends: displayName: 'Build x86_64-unknown-linux-gnu' condition: succeeded() - pwsh: | + new-item -itemtype directory -path '$(ob_outputDirectory)' tar czf '$(ob_outputDirectory)/DSC-$(PackageVersion)-x86_64-unknown-linux-gnu.tar.gz' -C $(Build.SourcesDirectory)/bin/x86_64-unknown-linux-gnu/$(BuildConfiguration) . displayName: 'Compress x86_64-unknown-linux-gnu' condition: succeeded() @@ -188,6 +189,7 @@ extends: displayName: 'Build aarch64-unknown-linux-gnu' condition: succeeded() - pwsh: | + new-item -itemtype directory -path '$(ob_outputDirectory)' tar czf '$(ob_outputDirectory)/DSC-$(PackageVersion)-aarch64-unknown-linux-gnu.tar.gz' -C $(Build.SourcesDirectory)/bin/aarch64-unknown-linux-gnu/$(BuildConfiguration) . displayName: 'Compress aarch64-unknown-linux-gnu' condition: succeeded() @@ -215,6 +217,7 @@ extends: displayName: 'Build $(buildName)' condition: succeeded() - pwsh: | + new-item -itemtype directory -path '$(ob_outputDirectory)' -ErrorAction Ignore tar czf '$(ob_outputDirectory)/DSC-$(PackageVersion)-$(buildName).tar.gz' -C $(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration) . displayName: 'Compress $(buildName)' condition: succeeded() From 34b4795c956fbe5314caff4a81ad1956f4e5bf76 Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Mon, 18 Mar 2024 23:57:37 +0000 Subject: [PATCH 30/47] use root of artifact folder --- .pipelines/DSC-Official.yml | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index 9a33de33..6d5a62f5 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -55,7 +55,7 @@ extends: variables: repoRoot: $(Build.SourcesDirectory)\DSC ob_sdl_tsa_configFile: $(Build.SourcesDirectory)\DSC\.config\tsaoptions.json - ob_outputDirectory: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + ob_outputDirectory: '$(Build.ArtifactStagingDirectory)' steps: - checkout: self env: @@ -72,7 +72,7 @@ extends: variables: PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] ob_sdl_tsa_configFile: $(Build.SourcesDirectory)\DSC\.config\tsaoptions.json - ob_outputDirectory: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + ob_outputDirectory: '$(Build.ArtifactStagingDirectory)' repoRoot: $(Build.SourcesDirectory)\DSC signSrcPath: $(repoRoot)/out Codeql.Enabled: true @@ -144,7 +144,7 @@ extends: variables: signOutPath: $[ dependencies.BuildWin.outputs['signOutPath.signOutPath'] ] ob_sdl_tsa_configFile: $(Build.SourcesDirectory)\DSC\.config\tsaoptions.json - ob_outputDirectory: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + ob_outputDirectory: '$(Build.ArtifactStagingDirectory)' pool: type: windows steps: @@ -153,13 +153,13 @@ extends: inputs: SourceFolder: $(signOutPath) Contents: '**' - TargetFolder: $(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT/signed + TargetFolder: $(Build.ArtifactStagingDirectory)/signed - job: BuildLinux dependsOn: SetPackageVersion variables: PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] - ob_outputDirectory: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + ob_outputDirectory: '$(Build.ArtifactStagingDirectory)' displayName: Linux-x64-gnu pool: type: linux @@ -169,7 +169,6 @@ extends: displayName: 'Build x86_64-unknown-linux-gnu' condition: succeeded() - pwsh: | - new-item -itemtype directory -path '$(ob_outputDirectory)' tar czf '$(ob_outputDirectory)/DSC-$(PackageVersion)-x86_64-unknown-linux-gnu.tar.gz' -C $(Build.SourcesDirectory)/bin/x86_64-unknown-linux-gnu/$(BuildConfiguration) . displayName: 'Compress x86_64-unknown-linux-gnu' condition: succeeded() @@ -178,7 +177,7 @@ extends: dependsOn: SetPackageVersion variables: PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] - ob_outputDirectory: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + ob_outputDirectory: '$(Build.ArtifactStagingDirectory)' displayName: Linux-ARM64-gnu pool: type: linux @@ -189,7 +188,6 @@ extends: displayName: 'Build aarch64-unknown-linux-gnu' condition: succeeded() - pwsh: | - new-item -itemtype directory -path '$(ob_outputDirectory)' tar czf '$(ob_outputDirectory)/DSC-$(PackageVersion)-aarch64-unknown-linux-gnu.tar.gz' -C $(Build.SourcesDirectory)/bin/aarch64-unknown-linux-gnu/$(BuildConfiguration) . displayName: 'Compress aarch64-unknown-linux-gnu' condition: succeeded() @@ -198,7 +196,7 @@ extends: dependsOn: SetPackageVersion variables: PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] - ob_outputDirectory: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + ob_outputDirectory: '$(Build.ArtifactStagingDirectory)' displayName: Build pool: type: linux @@ -217,7 +215,6 @@ extends: displayName: 'Build $(buildName)' condition: succeeded() - pwsh: | - new-item -itemtype directory -path '$(ob_outputDirectory)' -ErrorAction Ignore tar czf '$(ob_outputDirectory)/DSC-$(PackageVersion)-$(buildName).tar.gz' -C $(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration) . displayName: 'Compress $(buildName)' condition: succeeded() From ef9cc518ccd7491085dc41533dc2ae45656c0654 Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Tue, 19 Mar 2024 00:38:22 +0000 Subject: [PATCH 31/47] add signing variables --- .pipelines/DSC-Official.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index 6d5a62f5..41702bef 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -75,9 +75,9 @@ extends: ob_outputDirectory: '$(Build.ArtifactStagingDirectory)' repoRoot: $(Build.SourcesDirectory)\DSC signSrcPath: $(repoRoot)/out - Codeql.Enabled: true - Codeql.Language: rust - Codeql.Cadence: 72 + ob_sdl_sbom_enabled: true + ob_signing_setup_enabled: true + ob_sdl_codeql_compiled_enabled: false pool: type: windows displayName: Build From d216cf8773572e3bf5f12dd5680a6e054d12c844 Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Tue, 19 Mar 2024 00:40:20 +0000 Subject: [PATCH 32/47] remove restore --- .pipelines/DSC-Official.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index 41702bef..50a82d6c 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -58,8 +58,6 @@ extends: ob_outputDirectory: '$(Build.ArtifactStagingDirectory)' steps: - checkout: self - env: - ob_restore_phase: true # set to run before signing step - pwsh: | $packageVersion = $(repoRoot)/build.ps1 -GetPackageVersion $vstsCommandString = "vso[task.setvariable variable=Version;isoutput=true]$packageVersion" @@ -89,11 +87,7 @@ extends: buildName: aarch64-pc-windows-msvc steps: - checkout: self - env: - ob_restore_phase: true - task: CodeQL3000Init@0 # Add CodeQL Init task right before your 'Build' step. - env: - ob_restore_phase: true inputs: Enabled: true AnalyzeInPipeline: true @@ -110,8 +104,6 @@ extends: condition: succeeded() - task: CodeQL3000Finalize@0 # Add CodeQL Finalize task right after your 'Build' step. condition: always() - env: - ob_restore_phase: true - pwsh: | $null = New-Item -ItemType Directory -Path "$(PackageRoot)" -ErrorAction Ignore $null = New-Item -ItemType Directory -Path "$(PackageRoot)/out" -ErrorAction Ignore From 81387df3b1e851bf41d1e92b7b37d8bd9309eb9c Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Tue, 19 Mar 2024 00:50:55 +0000 Subject: [PATCH 33/47] remove unnecessary variable --- .pipelines/DSC-Official.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index 50a82d6c..72c39d6f 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -55,7 +55,6 @@ extends: variables: repoRoot: $(Build.SourcesDirectory)\DSC ob_sdl_tsa_configFile: $(Build.SourcesDirectory)\DSC\.config\tsaoptions.json - ob_outputDirectory: '$(Build.ArtifactStagingDirectory)' steps: - checkout: self - pwsh: | From 026001c0d8aea60129769456dd491849d72fac71 Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Tue, 19 Mar 2024 00:58:34 +0000 Subject: [PATCH 34/47] add target to checkout --- .pipelines/DSC-Official.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index 72c39d6f..8b8d6f0e 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -57,6 +57,7 @@ extends: ob_sdl_tsa_configFile: $(Build.SourcesDirectory)\DSC\.config\tsaoptions.json steps: - checkout: self + target: host - pwsh: | $packageVersion = $(repoRoot)/build.ps1 -GetPackageVersion $vstsCommandString = "vso[task.setvariable variable=Version;isoutput=true]$packageVersion" @@ -86,6 +87,7 @@ extends: buildName: aarch64-pc-windows-msvc steps: - checkout: self + target: host - task: CodeQL3000Init@0 # Add CodeQL Init task right before your 'Build' step. inputs: Enabled: true From a9ef18d284b5f5c08e8abd5cbdd437dfdfd1713f Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Tue, 19 Mar 2024 01:15:05 +0000 Subject: [PATCH 35/47] remove unused file_lib project --- build.ps1 | 1 - 1 file changed, 1 deletion(-) diff --git a/build.ps1 b/build.ps1 index c5e74148..6af2eb60 100644 --- a/build.ps1 +++ b/build.ps1 @@ -119,7 +119,6 @@ $projects = @( "tree-sitter-dscexpression", "security_context_lib", "dsc_lib", - "file_lib", "dsc", "osinfo", "powershell-adapter", From 241539c5f3489cf3b53475baeb7259ee4ef6ff04 Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Tue, 19 Mar 2024 01:15:30 +0000 Subject: [PATCH 36/47] delete old pipline --- .vsts-ci/release.yml | 270 ------------------------------------------- 1 file changed, 270 deletions(-) delete mode 100644 .vsts-ci/release.yml diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml deleted file mode 100644 index 73c9d93e..00000000 --- a/.vsts-ci/release.yml +++ /dev/null @@ -1,270 +0,0 @@ -trigger: none -variables: -- name: BuildConfiguration - value: 'release' -- name: PackageRoot - value: '$(System.ArtifactsDirectory)/Packages' -- group: DSCAPIScan -- name: LinuxContainerImage - value: onebranch.azurecr.io/linux/ubuntu-2004:latest -- name: WindowsContainerImage - value: onebranch.azurecr.io/windows/ltsc2019/vse2022:latest -resources: - repositories: - - repository: ComplianceRepo - type: github - endpoint: ComplianceGHRepo - name: PowerShell/compliance - ref: master - - repository: onebranchTemplates - type: git - name: OneBranch.Pipelines/GovernedTemplates - ref: refs/heads/main -extends: - template: v2/OneBranch.Official.CrossPlat.yml@onebranchTemplates - parameters: - customTags: 'ES365AIMigrationTooling' - stages: - - stage: BuildAndSign - displayName: Build Native Binaries - dependsOn: [] - jobs: - - job: SetPackageVersion - displayName: Set PackageVersion - pool: - type: windows - variables: - - name: ob_outputDirectory - value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' - steps: - - checkout: self - - pwsh: | - $packageVersion = ./build.ps1 -GetPackageVersion - $vstsCommandString = "vso[task.setvariable variable=Version;isoutput=true]$packageVersion" - Write-Host ("sending " + $vstsCommandString) - Write-Host "##$vstsCommandString" - name: Package - - job: BuildWin - dependsOn: SetPackageVersion - variables: - - group: ESRP - - name: PackageVersion - value: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] - - name: ob_outputDirectory - value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' - pool: - type: windows - displayName: Build - strategy: - matrix: - Windows x64: - buildName: x86_64-pc-windows-msvc - Windows x64_arm64: - buildName: aarch64-pc-windows-msvc - steps: - - checkout: self - - pwsh: | - Set-Location "$(Build.SourcesDirectory)/DSC" - ./build.ps1 -Release -Architecture $(buildName) -SkipLinkCheck - displayName: 'Build $(buildName)' - condition: succeeded() - - pwsh: | - $null = New-Item -ItemType Directory -Path "$(PackageRoot)" -ErrorAction Ignore - $null = New-Item -ItemType Directory -Path "$(PackageRoot)/out" -ErrorAction Ignore - $outPath = New-Item -ItemType Directory -Path "$(PackageRoot)/out/$(buildName)" -ErrorAction Ignore - Copy-Item -Path "$(Build.SourcesDirectory)/DSC/bin/$(buildName)/$(BuildConfiguration)/*" -Destination $outPath -Verbose -Force - displayName: Copy binaries - condition: succeeded() - - pwsh: | - Set-Location "$(PackageRoot)" - $signSrcPath = "$(PackageRoot)/out/$(buildName)" - # Set signing src path variable - $vstsCommandString = "vso[task.setvariable variable=signSrcPath]${signSrcPath}" - Write-Host ("sending " + $vstsCommandString) - Write-Host "##$vstsCommandString" - - pwsh: | - $signOutPath = "$(PackageRoot)/signed" - $null = New-Item -ItemType Directory -Path $signOutPath - # Set signing out path variable - $vstsCommandString = "vso[task.setvariable variable=signOutPath;isoutput=true]${signOutPath}" - Write-Host "sending " + $vstsCommandString - Write-Host "##$vstsCommandString" - name: signOutPath - - pwsh: | - # Set path variable for guardian codesign validation - $vstsCommandString = "vso[task.setvariable variable=GDN_CODESIGN_TARGETDIRECTORY]$(signOutPath.signOutPath)" - Write-Host "sending " + $vstsCommandString - Write-Host "##$vstsCommandString" - displayName: Setup variables for signing - - checkout: ComplianceRepo - - template: EsrpSign.yml@ComplianceRepo - parameters: - buildOutputPath: $(Build.SourcesDirectory)/DSC/bin/$(buildName)/$(BuildConfiguration) - signOutputPath: $(signOutPath.signOutPath) - certificateId: "CP-230012" - pattern: '*.exe,*.ps1' - useMinimatch: false - - template: Sbom.yml@ComplianceRepo - parameters: - BuildDropPath: $(signOutPath.signOutPath) - Build_Repository_Uri: 'https://github.com/powershell/DSC' - PackageName: 'DSC' - PackageVersion: $(PackageVersion) - - pwsh: | - compress-archive -Path "$(signOutPath.signOutPath)/*" -DestinationPath "$(PackageRoot)/DSC-$(PackageVersion)-$(buildName).zip" - displayName: 'Compress $(buildName)' - condition: succeeded() - - pwsh: | - Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)\DSC-$(PackageVersion)-$(buildName).zip" - displayName: Upload artifacts - condition: succeeded() - - job: PublishSigned - dependsOn: BuildWin - variables: - - name: signOutPath - value: $[ dependencies.BuildWin.outputs['signOutPath.signOutPath'] ] - - name: ob_outputDirectory - value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' - pool: - type: windows - steps: - - task: CopyFiles@2 - displayName: "Copy Files for 'PublishPipelineArtifact@1' publish task" - inputs: - SourceFolder: $(signOutPath) - Contents: '**' - TargetFolder: $(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT/signed - - job: BuildLinux - dependsOn: SetPackageVersion - variables: - - name: PackageVersion - value: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] - - name: ob_outputDirectory - value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' - displayName: Linux-x64-gnu - pool: - type: windows - steps: - - pwsh: | - ./build.ps1 -Release -Architecture x86_64-unknown-linux-gnu - displayName: 'Build x86_64-unknown-linux-gnu' - condition: succeeded() - - template: Sbom.yml@ComplianceRepo - parameters: - BuildDropPath: $(Build.SourcesDirectory)/bin/x86_64-unknown-linux-gnu/$(BuildConfiguration) - Build_Repository_Uri: 'https://github.com/powershell/DSC' - PackageName: 'DSC' - PackageVersion: $(PackageVersion) - - pwsh: | - new-item -itemType Directory $(PackageRoot) -Force - tar czf '$(PackageRoot)/DSC-$(PackageVersion)-x86_64-unknown-linux-gnu.tar.gz' -C $(Build.SourcesDirectory)/bin/x86_64-unknown-linux-gnu/$(BuildConfiguration) . - displayName: 'Compress x86_64-unknown-linux-gnu' - condition: succeeded() - - pwsh: | - Write-Host '##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$(PackageVersion)-x86_64-unknown-linux-gnu.tar.gz' - displayName: Upload artifacts - condition: succeeded() - - job: BuildLinuxArm64 - dependsOn: SetPackageVersion - variables: - - name: PackageVersion - value: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] - - name: ob_outputDirectory - value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' - displayName: Linux-ARM64-gnu - pool: - type: windows - steps: - - pwsh: | - ./build.ps1 -Release -Architecture aarch64-unknown-linux-gnu - displayName: 'Build aarch64-unknown-linux-gnu' - condition: succeeded() - - template: Sbom.yml@ComplianceRepo - parameters: - BuildDropPath: $(Build.SourcesDirectory)/bin/aarch64-unknown-linux-gnu/$(BuildConfiguration) - Build_Repository_Uri: 'https://github.com/powershell/DSC' - PackageName: 'DSC' - PackageVersion: $(PackageVersion) - - pwsh: | - new-item -itemType Directory $(PackageRoot) -Force - tar czf '$(PackageRoot)/DSC-$(PackageVersion)-aarch64-unknown-linux-gnu.tar.gz' -C $(Build.SourcesDirectory)/bin/aarch64-unknown-linux-gnu/$(BuildConfiguration) . - displayName: 'Compress aarch64-unknown-linux-gnu' - condition: succeeded() - - pwsh: | - Write-Host '##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$(PackageVersion)-aarch64-unknown-linux-gnu.tar.gz' - displayName: Upload artifacts - condition: succeeded() - - job: BuildMac - dependsOn: SetPackageVersion - variables: - - name: PackageVersion - value: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] - - name: ob_outputDirectory - value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' - displayName: Build - pool: - type: windows - strategy: - matrix: - macOS x64: - buildName: x86_64-apple-darwin - macOS arm64: - buildName: aarch64-apple-darwin - steps: - - pwsh: | - ./build.ps1 -Release -Architecture $(buildName) - displayName: 'Build $(buildName)' - condition: succeeded() - - template: Sbom.yml@ComplianceRepo - parameters: - BuildDropPath: $(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration) - Build_Repository_Uri: 'https://github.com/powershell/DSC' - PackageName: 'DSC' - PackageVersion: $(PackageVersion) - - pwsh: | - new-item -itemType Directory $(PackageRoot) -Force - tar czf '$(PackageRoot)/DSC-$(PackageVersion)-$(buildName).tar.gz' -C $(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration) . - displayName: 'Compress $(buildName)' - condition: succeeded() - - pwsh: | - Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$(PackageVersion)-$(buildName).tar.gz" - displayName: Upload artifacts - condition: succeeded() - - stage: compliance - displayName: Compliance - dependsOn: BuildAndSign - jobs: - - job: Compliance_Job - variables: - - name: PackageVersion - value: $[ stageDependencies.BuildAndSign.SetPackageVersion.outputs['Package.Version'] ] - - name: ob_outputDirectory - value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' - pool: - type: windows - steps: - - checkout: self - clean: true - - checkout: ComplianceRepo - clean: true - - download: current - artifact: release - - download: current - artifact: signed - - pwsh: | - Get-ChildItem -Path 'ENV:' - displayName: Capture environment - - template: assembly-module-compliance.yml@ComplianceRepo - parameters: - AnalyzeTarget: '$(Build.SourcesDirectory)/DSC/bin/x86_64-pc-windows-msvc/release/*.exe' - AnalyzeSymPath: 'SRV*' - sourceScanPath: '$(Build.SourcesDirectory)/DSC' - suppressionsFile: '' - optionsRulesDBPath: '' - optionsFTPath: '' - codeBaseName: 'DSC' - softwareName: 'DSC' - softwareNameFolder: '$(Build.SourcesDirectory)/DSC/bin/x86_64-pc-windows-msvc/release' - softwareVersion: '$(PackageVersion)' - connectionString: RunAs=App;AppId=$(APIScanClient);TenantId=$(APIScanTenant);AppKey=$(APIScanSecret) - APIScan: true \ No newline at end of file From 623cb69b430817f85eafcdf486239871e71f37f6 Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Tue, 19 Mar 2024 01:16:58 +0000 Subject: [PATCH 37/47] add back variable as ADO complains --- .pipelines/DSC-Official.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index 8b8d6f0e..bf0e5f8e 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -55,6 +55,7 @@ extends: variables: repoRoot: $(Build.SourcesDirectory)\DSC ob_sdl_tsa_configFile: $(Build.SourcesDirectory)\DSC\.config\tsaoptions.json + ob_outputDirectory: '$(Build.ArtifactStagingDirectory)' steps: - checkout: self target: host From 058119f1105bb5ce126b4b3bd1d21851a21f8b55 Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Tue, 19 Mar 2024 16:52:44 +0000 Subject: [PATCH 38/47] fix files being copied to be signed --- .pipelines/DSC-Official.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index bf0e5f8e..d29a18bd 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -112,7 +112,8 @@ extends: $outPath = New-Item -ItemType Directory -Path "$(PackageRoot)/out/$(buildName)" -ErrorAction Ignore # workaround known issue of building in OneBranch copying from TMP folder $null = New-Item -ItemType Directory -Path "$(signSrcPath)" -ErrorAction Ignore - Copy-Item -Recurse -Force $env:CARGO_TARGET_DIR "$(signSrcPath)" + # copy only the exes from the TMP folder since it contains intermediately built files we don't want to sign + Copy-Item "$env:CARGO_TARGET_DIR/*.exe" "$(signSrcPath)" # Copy-Item -Path "$(Build.SourcesDirectory)/DSC/bin/$(buildName)/$(BuildConfiguration)/*" -Destination $outPath -Verbose -Force displayName: Copy binaries condition: succeeded() @@ -121,13 +122,16 @@ extends: inputs: command: 'sign' signing_profile: external_distribution - files_to_sign: '**\*.exe;**\*.json' + files_to_sign: | + *.exe; + *.json; + *.ps1; search_root: $(signSrcPath) - task: CopyFiles@2 displayName: "Copy signed files to ob_outputDirectory - '$(ob_outputDirectory)'" inputs: SourceFolder: "$(signSrcPath)" - Contents: '**' + Contents: '*' TargetFolder: $(ob_outputDirectory) - pwsh: | compress-archive -Path "$(ob_outputDirectory)/*" -DestinationPath "$(ob_outputDirectory)/DSC-$(PackageVersion)-$(buildName).zip" From e7702618f88a5a4d59b6cc1c84c64be95b3880fe Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Tue, 19 Mar 2024 17:48:40 +0000 Subject: [PATCH 39/47] add GitHub release step and building msixbundle --- .pipelines/DSC-Official.yml | 65 +++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index d29a18bd..1ee9bbbe 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -137,6 +137,26 @@ extends: compress-archive -Path "$(ob_outputDirectory)/*" -DestinationPath "$(ob_outputDirectory)/DSC-$(PackageVersion)-$(buildName).zip" displayName: 'Compress $(buildName)' condition: succeeded() + - pwsh: | + Set-Location "$(Build.SourcesDirectory)/DSC" + ./build.ps1 -msix -skipbuild + Copy-Item *.msix "$(ob_outputDirectory)" + displayName: 'Create msix for $(buildName)' + condition: succeeded() + + - job: Create msix bundle + dependsOn: BuildWin + variables: + ob_outputDirectory: '$(Build.ArtifactStagingDirectory)' + pool: + type: windows + steps: + - pwsh: | + Set-Location "$(Build.SourcesDirectory)/DSC" + ./build.ps1 -msixbundle + displayName: 'Create msixbundle' + condition: succeeded() + - job: PublishSigned dependsOn: BuildWin variables: @@ -216,3 +236,48 @@ extends: tar czf '$(ob_outputDirectory)/DSC-$(PackageVersion)-$(buildName).tar.gz' -C $(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration) . displayName: 'Compress $(buildName)' condition: succeeded() + + - stage: Release + dependsOn: BuildAndSign + variables: + PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] + drop: $(Pipeline.Workspace)/drop_build_main + jobs: + - job: Validation + displayName: Manual validation + pool: + type: agentless + timeoutInMinutes: 1440 + steps: + - task: ManualValidation@0 + displayName: Wait 24 hours for validation + inputs: + notifyUsers: $(Build.RequestedForEmail) + instructions: Please validate the release + timeoutInMinutes: 1440 + - job: GitHub + dependsOn: validation + displayName: Publish draft to GitHub + pool: + type: windows + variables: + ob_outputDirectory: '$(Build.SourcesDirectory)'' + steps: + - download: current + displayName: Download artifacts + - task: GitHubRelease@1 + displayName: Create GitHub release + inputs: + gitHubConnection: GitHub + repositoryName: PowerShell/DSC + action: create + assets: | + *.zip; + *.tar.gz; + addChangeLog: true + changeLogCompareToRelease: 'lastFullRelease' + changeLogType: 'commitBased' + releaseNotesFilePath: CHANGELOG.md + tagSource: gitTag + tag: v$(version) + isDraft: true \ No newline at end of file From 52a80963901f2882dbdcbc60a8d80b53bc1f1883 Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Tue, 19 Mar 2024 17:57:48 +0000 Subject: [PATCH 40/47] add building msixbundle --- build.ps1 | 45 ++++++++++++++++++++++++++++++++++++--------- 1 file changed, 36 insertions(+), 9 deletions(-) diff --git a/build.ps1 b/build.ps1 index 6af2eb60..6f608c74 100644 --- a/build.ps1 +++ b/build.ps1 @@ -8,6 +8,7 @@ param( [switch]$Clippy, [switch]$SkipBuild, [switch]$Msix, + [switch]$MsixBundle, [switch]$Test, [switch]$GetPackageVersion, [switch]$SkipLinkCheck @@ -60,6 +61,10 @@ function Find-LinkExe { } } +if ($Msix -or $MsixBundle) { + $SkipBuild = $true +} + if (!$SkipBuild -and !$SkipLinkCheck -and $IsWindows -and !(Get-Command 'link.exe' -ErrorAction Ignore)) { if (!(Test-Path $BuildToolsPath)) { Write-Verbose -Verbose "link.exe not found, installing C++ build tools" @@ -300,15 +305,7 @@ if ($Test) { Invoke-Pester -ErrorAction Stop } -if ($Msix) { - if (!$IsWindows) { - throw "MSIX is only supported on Windows" - } - - if ($architecture -eq 'current') { - throw 'MSIX requires a specific architecture' - } - +function Find-MakeAppx() { $makeappx = Get-Command makeappx -CommandType Application -ErrorAction Ignore if ($null -eq $makeappx) { # try to find @@ -325,6 +322,36 @@ if ($Msix) { } } + $makeappx +} + +if ($MsixBundle) { + if ($Msix) { + throw "Creating MsixBundle requires all msix packages to already be created" + } + + if (!$IsWindows) { + throw "MsixBundle is only supported on Windows" + } + + $productVersion = ((Get-Content $PSScriptRoot/dsc/Cargo.toml) -match '^version\s*=\s*') -replace 'version\s*=\s*"(.*?)"', '$1' + $isPreview = $productVersion -like '*-*' + $packageName = "DSC-$productVersion-Win" + $makeappx = Find-MakeAppx + & $makeappx bundle /d $PSScriptRoot /p "$PSScriptRoot\$packageName.msixbundle' + return +} + +if ($Msix) { + if (!$IsWindows) { + throw "MSIX is only supported on Windows" + } + + if ($architecture -eq 'current') { + throw 'MSIX requires a specific architecture' + } + + $makeappx = Find-MakeAppx $makepri = Get-Item (Join-Path $makeappx.Directory "makepri.exe") -ErrorAction Stop $displayName = "DesiredStateConfiguration" $productVersion = ((Get-Content $PSScriptRoot/dsc/Cargo.toml) -match '^version\s*=\s*') -replace 'version\s*=\s*"(.*?)"', '$1' From a5c8c3be728821167d840c20a5cb7056767e70ec Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Tue, 19 Mar 2024 18:05:57 +0000 Subject: [PATCH 41/47] define artifact base name --- .pipelines/DSC-Official.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index 1ee9bbbe..745c5a6b 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -68,24 +68,25 @@ extends: - job: BuildWin dependsOn: SetPackageVersion + strategy: + matrix: + Windows x64: + buildName: x86_64-pc-windows-msvc + Windows x64_arm64: + buildName: aarch64-pc-windows-msvc variables: PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] ob_sdl_tsa_configFile: $(Build.SourcesDirectory)\DSC\.config\tsaoptions.json ob_outputDirectory: '$(Build.ArtifactStagingDirectory)' repoRoot: $(Build.SourcesDirectory)\DSC signSrcPath: $(repoRoot)/out + ob_artifactBaseName: 'DSC-$(buildName)' ob_sdl_sbom_enabled: true ob_signing_setup_enabled: true ob_sdl_codeql_compiled_enabled: false pool: type: windows displayName: Build - strategy: - matrix: - Windows x64: - buildName: x86_64-pc-windows-msvc - Windows x64_arm64: - buildName: aarch64-pc-windows-msvc steps: - checkout: self target: host From e93cd0f94f10acc84297d8eb486b3aa1e62846ae Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Tue, 19 Mar 2024 18:07:05 +0000 Subject: [PATCH 42/47] remove changelog option --- .pipelines/DSC-Official.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index 745c5a6b..9f25e241 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -276,7 +276,6 @@ extends: *.zip; *.tar.gz; addChangeLog: true - changeLogCompareToRelease: 'lastFullRelease' changeLogType: 'commitBased' releaseNotesFilePath: CHANGELOG.md tagSource: gitTag From c9c5eb8afb4b9d11e547ba099468cebccd098970 Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Tue, 19 Mar 2024 18:07:40 +0000 Subject: [PATCH 43/47] remove changelog option --- .pipelines/DSC-Official.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index 9f25e241..712c83fc 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -276,7 +276,6 @@ extends: *.zip; *.tar.gz; addChangeLog: true - changeLogType: 'commitBased' releaseNotesFilePath: CHANGELOG.md tagSource: gitTag tag: v$(version) From d96e6b364c14460618c3f11ab8e7d5836b690568 Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Tue, 19 Mar 2024 18:08:08 +0000 Subject: [PATCH 44/47] add trailing newline --- .pipelines/DSC-Official.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index 712c83fc..e1895ce0 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -279,4 +279,4 @@ extends: releaseNotesFilePath: CHANGELOG.md tagSource: gitTag tag: v$(version) - isDraft: true \ No newline at end of file + isDraft: true From 5315f70f737f9dd85c2f23b94b9cb6dd8f430b55 Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Tue, 19 Mar 2024 18:10:25 +0000 Subject: [PATCH 45/47] fix quoting --- .pipelines/DSC-Official.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index e1895ce0..4d87140f 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -262,7 +262,7 @@ extends: pool: type: windows variables: - ob_outputDirectory: '$(Build.SourcesDirectory)'' + ob_outputDirectory: '$(Build.SourcesDirectory)' steps: - download: current displayName: Download artifacts @@ -276,6 +276,7 @@ extends: *.zip; *.tar.gz; addChangeLog: true + changeLogType: commitBased releaseNotesFilePath: CHANGELOG.md tagSource: gitTag tag: v$(version) From 3e3fad75945f69ee92d708844ae945b78935a9b1 Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL)" Date: Tue, 19 Mar 2024 18:11:10 +0000 Subject: [PATCH 46/47] fix job name --- .pipelines/DSC-Official.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index 4d87140f..011b63a7 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -145,7 +145,7 @@ extends: displayName: 'Create msix for $(buildName)' condition: succeeded() - - job: Create msix bundle + - job: CreateMsixBundle dependsOn: BuildWin variables: ob_outputDirectory: '$(Build.ArtifactStagingDirectory)' From c6971e48e639acb1778d1ec4e4477b59b5792505 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Sat, 23 Mar 2024 14:30:43 -0700 Subject: [PATCH 47/47] fix wrong end quote --- build.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.ps1 b/build.ps1 index 6f608c74..f893e2dc 100644 --- a/build.ps1 +++ b/build.ps1 @@ -338,7 +338,7 @@ if ($MsixBundle) { $isPreview = $productVersion -like '*-*' $packageName = "DSC-$productVersion-Win" $makeappx = Find-MakeAppx - & $makeappx bundle /d $PSScriptRoot /p "$PSScriptRoot\$packageName.msixbundle' + & $makeappx bundle /d $PSScriptRoot /p "$PSScriptRoot\$packageName.msixbundle" return }