diff --git a/.github/actions/spelling/allow.txt b/.github/actions/spelling/allow.txt index 77faf4cc..ea08cda9 100644 --- a/.github/actions/spelling/allow.txt +++ b/.github/actions/spelling/allow.txt @@ -11,6 +11,7 @@ codeowners github https Icm +markdownlint microsoft msftbot numpy @@ -39,3 +40,6 @@ ELSPROBLEMS requ whatif pscustomobject +VGpu +wildcards +worktree diff --git a/.github/actions/spelling/expect/generic_terms.txt b/.github/actions/spelling/expect/generic_terms.txt index 8a799bed..5180255f 100644 --- a/.github/actions/spelling/expect/generic_terms.txt +++ b/.github/actions/spelling/expect/generic_terms.txt @@ -1,15 +1,21 @@ -wildcards -ssh +AKV Amd -usr -screenshots +Authenticode +automerge currentstate +esrp +gtm +msft +NPH +Peet +rfc +screenshots Scrollbars Searchbox -VGpu -versioning -worktree +SFP +Signtool sortby -msft -automerge -Workaround +ssh +usr +versioning +VGpu \ No newline at end of file diff --git a/.github/actions/spelling/expect/software.txt b/.github/actions/spelling/expect/software.txt index 239fdd28..eb235278 100644 --- a/.github/actions/spelling/expect/software.txt +++ b/.github/actions/spelling/expect/software.txt @@ -2,8 +2,6 @@ vscode Linux dotnet dotnettool -cspell NUnit reportgenerator -Toolpackage -markdownlint +markdownlint \ No newline at end of file diff --git a/pipelines/azure-pipelines.publish.yml b/pipelines/azure-pipelines.publish.yml new file mode 100644 index 00000000..0066d882 --- /dev/null +++ b/pipelines/azure-pipelines.publish.yml @@ -0,0 +1,153 @@ +# winget-dsc pipeline to publish module artifacts +name: '$(Build.DefinitionName)-$(Build.DefinitionVersion)-$(Date:yyyyMMdd)-$(Rev:r)' + +trigger: none + +parameters: # parameters are shown up in ADO UI in a build queue time + +- name: moduleName + displayName: 'Name of the module to publish to the PSGallery' + type: string + +- name: moduleVersion + displayName: 'Version of the module' + type: string + +resources: + repositories: + - repository: self + type: git + ref: refs/heads/main + - repository: 1ESPipelineTemplates + type: git + name: 1ESPipelineTemplates/1ESPipelineTemplates + ref: refs/tags/release +extends: + template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates + parameters: + pool: + name: Azure-Pipelines-1ESPT-ExDShared + image: windows-2022 + os: windows + customBuildTags: + - ES365AIMigrationTooling + settings: + skipBuildTagsForGitHubPullRequests: true + + stages: + - stage: Prepare + jobs: + - job: Prepare_Sign + displayName: Prepare and sign ${{ parameters.moduleName }} + steps: + - task: NuGetToolInstaller@1 + displayName: 'Use NuGet 6.x' + inputs: + versionSpec: 6.x + - task: PowerShell@2 + displayName: Replace module version + inputs: + targetType: inline + pwsh: true + script: | + $manifestContent = (Get-Content -path $(Build.SourcesDirectory)\resources\${{ parameters.moduleName }}\${{ parameters.moduleName }}.psd1 -Raw) + + $newManifestContent = $manifestContent -replace "'0.1.0'", "'${{ parameters.moduleVersion }}'" + + Set-Content -path $(Build.SourcesDirectory)\resources\${{ parameters.moduleName }}\${{ parameters.moduleName }}.psd1 -Value $newManifestContent + + New-Item ToSign -Type Directory + Set-Content -path ToSign\${{ parameters.moduleName }}.psd1 -Value $newManifestContent + Get-Content ToSign\${{ parameters.moduleName }}.psd1 -Raw + + Copy-Item -Path "$(Build.SourcesDirectory)\resources\${{ parameters.moduleName }}\${{ parameters.moduleName }}.psm1" -Destination "ToSign\${{ parameters.moduleName }}.psm1" -Force + - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5 + displayName: 'Sign manifest' + inputs: + ConnectedServiceName: AppInstallerESRPCodeSigning + AppRegistrationClientId: '32216f16-efc9-4013-9fae-c6a2c54a3fc0' + AppRegistrationTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47' + AuthAKVName: PeetDevOpsKeyVault + AuthCertName: ESRPAuth + AuthSignCertName: ESRPRequestSigning + FolderPath: '$(System.DefaultWorkingDirectory)\ToSign\' + Pattern: '*' + signConfigType: inlineSignParams + inlineOperation: | + [ + { + "KeyCode" : "CP-230012", + "OperationCode" : "SigntoolSign", + "Parameters" : { + "OpusName" : "Microsoft", + "OpusInfo" : "http://www.microsoft.com", + "FileDigest" : "/fd \"SHA256\"", + "PageHash" : "/NPH", + "TimeStamp" : "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" + }, + "ToolName" : "sign", + "ToolVersion" : "1.0" + }, + { + "KeyCode" : "CP-230012", + "OperationCode" : "SigntoolVerify", + "Parameters" : {}, + "ToolName" : "sign", + "ToolVersion" : "1.0" + } + ] + - task: PowerShell@2 + displayName: Copy Signed Files and Validate signature + inputs: + targetType: inline + pwsh: true + script: | + New-Item ToPublish\${{ parameters.moduleName }} -Type Directory + $moduleFolder = "ToPublish\${{ parameters.moduleName }}" + Copy-Item -Path "ToSign\${{ parameters.moduleName }}.psm1" -Destination "ToPublish\${{ parameters.moduleName }}\${{ parameters.moduleName }}.psm1" -Force + Copy-Item -Path "ToSign\${{ parameters.moduleName }}.psd1" -Destination "ToPublish\${{ parameters.moduleName }}\${{ parameters.moduleName }}.psd1" -Force + + $notValid = Get-ChildItem $moduleFolder -Recurse -Attributes !Directory | Get-AuthenticodeSignature | where { $_.Status -ne 'Valid' } + if ($null -ne $notValid) + { + $notValid + throw "A file is not signed" + } + - task: CopyFiles@2 + displayName: Copy files to be published to staging directory + inputs: + SourceFolder: ToPublish\${{ parameters.moduleName }} + targetFolder: $(Build.ArtifactStagingDirectory)/${{ parameters.moduleName }} + flattenFolders: true + contents: | + *.psm1 + *.psd1 + - task: 1ES.PublishPipelineArtifact@1 + inputs: + targetPath: $(Build.ArtifactStagingDirectory)/${{ parameters.moduleName }} + artifactName: ${{ parameters.moduleName }} + displayName: Publish Module Artifact + + - stage: Publish + displayName: Manual Approval + trigger: manual + jobs: + - job: PublishToGallery + steps: + - task: DownloadPipelineArtifact@2 + inputs: + buildType: current + artifactName: ${{ parameters.moduleName }} + targetPath: $(System.DefaultWorkingDirectory)/ModuleToPublish/${{ parameters.moduleName }} + itemPattern: | + *.psm1 + *.psd1 + - pwsh: | + $moduleFolder = "$(System.DefaultWorkingDirectory)/ModuleToPublish/${{ parameters.moduleName }}" + Get-ChildItem -Path $moduleFolder -Recurse + $moduleFolderPath = (Resolve-Path $moduleFolder).Path + Publish-Module -Path $moduleFolderPath -Repository PSGallery -NuGetApiKey $env:api_key -verbose + displayName: Publish ${{ parameters.moduleName }}' + env: + api_key: $(DscSamplesNugetApiKey) + \ No newline at end of file