From 3e465f9c014937e67997a82ec270d403b821b82d Mon Sep 17 00:00:00 2001 From: ryfu-msft Date: Tue, 12 Nov 2024 12:22:10 -0800 Subject: [PATCH 01/22] add files --- pipelines/azure-pipelines.publish.yml | 55 +++++++++++++ pipelines/azure-pipelines.yml | 105 +++++++------------------ pipelines/templates/manual-trigger.yml | 15 ++++ 3 files changed, 98 insertions(+), 77 deletions(-) create mode 100644 pipelines/azure-pipelines.publish.yml create mode 100644 pipelines/templates/manual-trigger.yml diff --git a/pipelines/azure-pipelines.publish.yml b/pipelines/azure-pipelines.publish.yml new file mode 100644 index 00000000..c68badff --- /dev/null +++ b/pipelines/azure-pipelines.publish.yml @@ -0,0 +1,55 @@ +# winget-dsc pipeline to publish module artifacts +name: '$(Build.DefinitionName)-$(Build.DefinitionVersion)-$(Date:yyyyMMdd)-$(Rev:r)' + +trigger: none + +parameters: # parameters are shown up in ADO UI in a build queue time + +- name: 'Microsoft.Windows.Developer' + displayName: 'Publish Microsoft.Windows.Developer to PSGallery' + type: boolean + default: false + +resources: + repositories: + - repository: self + type: git + ref: refs/heads/main + - repository: 1ESPipelineTemplates + type: git + name: 1ESPipelineTemplates/1ESPipelineTemplates + ref: refs/tags/release +extends: + template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates + parameters: + pool: + name: Azure-Pipelines-1ESPT-ExDShared + image: windows-2022 + os: windows + customBuildTags: + - ES365AIMigrationTooling + settings: + skipBuildTagsForGitHubPullRequests: true + + stages: + - stage: Manual Approval + displayName: Manual Approval + dependsOn: [] + jobs: + - ${{ if eq(parameters.Microsoft.Windows.Developer, false) }}: + - template: /azure-pipelines/templates/manual-trigger.yml@self + parameters: + publishTarget: Microsoft.Windows.Developer PSGallery + - template: /azure-pipelines/templates/jobs/publish/store.yml@self + parameters: + runImmediately: ${{ parameters.msstore }} + - stage: Publish pipeline artifact + jobs: + - job: Publish pipeline artifact + displayName: 'Publish Microsoft.Windows.Developer' + templateContext: + outputs: + - output: pipelineArtifact + displayName: Publish ${{ parameters.buildName }} + targetPath: $(Build.SourcesDirectory)\resources\Microsoft.Windows.Developer\ + artifactName: Microsoft.Windows.Developer diff --git a/pipelines/azure-pipelines.yml b/pipelines/azure-pipelines.yml index e68067ed..5009ae74 100644 --- a/pipelines/azure-pipelines.yml +++ b/pipelines/azure-pipelines.yml @@ -1,20 +1,14 @@ -# winget-dsc pipeline to publish artifacts +# winget-dsc pipeline to publish module artifacts name: '$(Build.DefinitionName)-$(Build.DefinitionVersion)-$(Date:yyyyMMdd)-$(Rev:r)' -# Commit triggers -trigger: - - main +trigger: none -# PR triggers -pr: - branches: - include: - - main - paths: - include: - - pipelines/azure-pipelines.yml - - resources/* - - tests/* +parameters: # parameters are shown up in ADO UI in a build queue time + +- name: 'Microsoft.Windows.Developer' + displayName: 'Publish Microsoft.Windows.Developer to PSGallery' + type: boolean + default: false resources: repositories: @@ -38,67 +32,24 @@ extends: skipBuildTagsForGitHubPullRequests: true stages: - - stage: WinGet_DSC_Artifacts_Publish + - stage: Manual Approval + displayName: Manual Approval + dependsOn: [] jobs: - - job: Publish_WinGet_DSC_Resources - displayName: 'Publish WinGet DSC Resources' - templateContext: - outputs: - - output: pipelineArtifact - displayName: 'Publish Pipeline Microsoft.Windows.Developer' - targetPath: $(Build.SourcesDirectory)\resources\Microsoft.Windows.Developer\ - artifactName: Microsoft.Windows.Developer - - output: pipelineArtifact - displayName: 'Publish Pipeline Microsoft.Windows.Setting.Accessibility' - targetPath: $(Build.SourcesDirectory)\resources\Microsoft.Windows.Setting.Accessibility\ - artifactName: Microsoft.Windows.Setting.Accessibility - - output: pipelineArtifact - displayName: 'Publish Pipeline PythonPip3Dsc' - targetPath: $(Build.SourcesDirectory)\resources\PythonPip3Dsc\ - artifactName: PythonPip3Dsc - - output: pipelineArtifact - displayName: 'Publish Pipeline YarnDsc' - targetPath: $(Build.SourcesDirectory)\resources\YarnDsc\ - artifactName: YarnDsc - - output: pipelineArtifact - displayName: 'Publish Pipeline NpmDsc' - targetPath: $(Build.SourcesDirectory)\resources\NpmDsc\ - artifactName: NpmDsc - - output: pipelineArtifact - displayName: 'Publish Pipeline Microsoft.WindowsSandbox.DSC' - targetPath: $(Build.SourcesDirectory)\resources\Microsoft.WindowsSandbox.DSC\ - artifactName: Microsoft.WindowsSandbox.DSC - - output: pipelineArtifact - displayName: 'Publish Pipeline GitDsc' - targetPath: $(Build.SourcesDirectory)\resources\GitDsc\ - artifactName: GitDsc - - output: pipelineArtifact - displayName: 'Publish Pipeline Microsoft.VSCode.Dsc' - targetPath: $(Build.SourcesDirectory)\resources\Microsoft.VSCode.Dsc\ - artifactName: Microsoft.VSCode.Dsc - - output: pipelineArtifact - displayName: 'Publish Pipeline Microsoft.DotNet.Dsc' - targetPath: $(Build.SourcesDirectory)\resources\Microsoft.DotNet.Dsc\ - artifactName: Microsoft.DotNet.Dsc - - steps: - - checkout: self - clean: true - fetchTags: false - - - task: PowerShell@2 - displayName: 'Run Pester tests for DSC modules' - inputs: - pwsh: true - targetType: 'inline' - script: | - $env:PSModulePath += ";$(Build.SourcesDirectory)\resources" - Invoke-Pester -CI - workingDirectory: $(Build.SourcesDirectory)\tests\ - ignoreLASTEXITCODE: true - - - task: PublishTestResults@2 - inputs: - testResultsFormat: 'NUnit' - testResultsFiles: '**/Test*.xml' - failTaskOnFailedTests: true + - ${{ if eq(parameters.Microsoft.Windows.Developer, false) }}: + - template: /azure-pipelines/templates/manual-trigger.yml@self + parameters: + publishTarget: Microsoft.Windows.Developer PSGallery + - template: /azure-pipelines/templates/jobs/publish/store.yml@self + parameters: + runImmediately: ${{ parameters.msstore }} + - stage: Publish pipeline artifact + jobs: + - job: Publish pipeline artifact + displayName: 'Publish Microsoft.Windows.Developer' + templateContext: + outputs: + - output: pipelineArtifact + displayName: Publish ${{ parameters.buildName }} + targetPath: $(Build.SourcesDirectory)\resources\Microsoft.Windows.Developer\ + artifactName: Microsoft.Windows.Developer diff --git a/pipelines/templates/manual-trigger.yml b/pipelines/templates/manual-trigger.yml new file mode 100644 index 00000000..6e9c5e0d --- /dev/null +++ b/pipelines/templates/manual-trigger.yml @@ -0,0 +1,15 @@ +parameters: +- name: publishTarget + type: string + +jobs: +- job: ManualTrigger + displayName: Manual trigger for ${{ parameters.publishTarget }} + pool: server + timeoutInMinutes: 86400 # job times out in 60 days + steps: + - task: ManualValidation@0 + timeoutInMinutes: 86400 # task times out in 60 days + inputs: + notifyUsers: '' + instructions: Approve this step to proceed with publishing for ${{ parameters.publishTarget }} From 8989c7e5b081d35efc8ceee4e951412e94c958b9 Mon Sep 17 00:00:00 2001 From: ryfu-msft Date: Tue, 12 Nov 2024 12:26:43 -0800 Subject: [PATCH 02/22] try again --- pipelines/azure-pipelines.yml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/pipelines/azure-pipelines.yml b/pipelines/azure-pipelines.yml index 5009ae74..dd8b16bb 100644 --- a/pipelines/azure-pipelines.yml +++ b/pipelines/azure-pipelines.yml @@ -5,7 +5,7 @@ trigger: none parameters: # parameters are shown up in ADO UI in a build queue time -- name: 'Microsoft.Windows.Developer' +- name: 'Microsoft_Windows_Developer' displayName: 'Publish Microsoft.Windows.Developer to PSGallery' type: boolean default: false @@ -36,13 +36,10 @@ extends: displayName: Manual Approval dependsOn: [] jobs: - - ${{ if eq(parameters.Microsoft.Windows.Developer, false) }}: + - ${{ if eq(parameters.Microsoft_Windows_Developer, false) }}: - template: /azure-pipelines/templates/manual-trigger.yml@self parameters: - publishTarget: Microsoft.Windows.Developer PSGallery - - template: /azure-pipelines/templates/jobs/publish/store.yml@self - parameters: - runImmediately: ${{ parameters.msstore }} + publishTarget: Microsoft.Windows.Developer to PSGallery - stage: Publish pipeline artifact jobs: - job: Publish pipeline artifact @@ -50,6 +47,6 @@ extends: templateContext: outputs: - output: pipelineArtifact - displayName: Publish ${{ parameters.buildName }} + displayName: Publish Microsoft.Windows.Developer targetPath: $(Build.SourcesDirectory)\resources\Microsoft.Windows.Developer\ artifactName: Microsoft.Windows.Developer From 544940b68600d07a41f818b37215eeaf7dace34c Mon Sep 17 00:00:00 2001 From: ryfu-msft Date: Tue, 12 Nov 2024 12:29:50 -0800 Subject: [PATCH 03/22] fix name --- pipelines/azure-pipelines.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pipelines/azure-pipelines.yml b/pipelines/azure-pipelines.yml index dd8b16bb..f78ddb62 100644 --- a/pipelines/azure-pipelines.yml +++ b/pipelines/azure-pipelines.yml @@ -32,7 +32,7 @@ extends: skipBuildTagsForGitHubPullRequests: true stages: - - stage: Manual Approval + - stage: Manual_Approval displayName: Manual Approval dependsOn: [] jobs: @@ -40,9 +40,9 @@ extends: - template: /azure-pipelines/templates/manual-trigger.yml@self parameters: publishTarget: Microsoft.Windows.Developer to PSGallery - - stage: Publish pipeline artifact + - stage: Microsoft_Windows_Developer jobs: - - job: Publish pipeline artifact + - job: publish_artifact displayName: 'Publish Microsoft.Windows.Developer' templateContext: outputs: From 67134875fe75a082bba3d16be9f008ddf887c37e Mon Sep 17 00:00:00 2001 From: ryfu-msft Date: Tue, 12 Nov 2024 12:31:41 -0800 Subject: [PATCH 04/22] no dependency --- pipelines/azure-pipelines.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/pipelines/azure-pipelines.yml b/pipelines/azure-pipelines.yml index f78ddb62..b479e4ab 100644 --- a/pipelines/azure-pipelines.yml +++ b/pipelines/azure-pipelines.yml @@ -34,7 +34,6 @@ extends: stages: - stage: Manual_Approval displayName: Manual Approval - dependsOn: [] jobs: - ${{ if eq(parameters.Microsoft_Windows_Developer, false) }}: - template: /azure-pipelines/templates/manual-trigger.yml@self From 36e442b14cb3b4aa9cc7629962037e5bb9f146a1 Mon Sep 17 00:00:00 2001 From: ryfu-msft Date: Tue, 12 Nov 2024 12:33:06 -0800 Subject: [PATCH 05/22] fix path --- pipelines/azure-pipelines.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pipelines/azure-pipelines.yml b/pipelines/azure-pipelines.yml index b479e4ab..de854e47 100644 --- a/pipelines/azure-pipelines.yml +++ b/pipelines/azure-pipelines.yml @@ -36,7 +36,7 @@ extends: displayName: Manual Approval jobs: - ${{ if eq(parameters.Microsoft_Windows_Developer, false) }}: - - template: /azure-pipelines/templates/manual-trigger.yml@self + - template: /pipelines/templates/manual-trigger.yml@self parameters: publishTarget: Microsoft.Windows.Developer to PSGallery - stage: Microsoft_Windows_Developer From b2a623bb6c8144d42824a33b6f3fa2cafd8e1381 Mon Sep 17 00:00:00 2001 From: ryfu-msft Date: Tue, 12 Nov 2024 13:30:36 -0800 Subject: [PATCH 06/22] add additional steps --- pipelines/azure-pipelines.publish.yml | 20 ++-- pipelines/azure-pipelines.yml | 126 ++++++++++++++++++++++---- 2 files changed, 118 insertions(+), 28 deletions(-) diff --git a/pipelines/azure-pipelines.publish.yml b/pipelines/azure-pipelines.publish.yml index c68badff..017a1daf 100644 --- a/pipelines/azure-pipelines.publish.yml +++ b/pipelines/azure-pipelines.publish.yml @@ -5,7 +5,7 @@ trigger: none parameters: # parameters are shown up in ADO UI in a build queue time -- name: 'Microsoft.Windows.Developer' +- name: 'Microsoft_Windows_Developer' displayName: 'Publish Microsoft.Windows.Developer to PSGallery' type: boolean default: false @@ -32,24 +32,20 @@ extends: skipBuildTagsForGitHubPullRequests: true stages: - - stage: Manual Approval + - stage: Manual_Approval displayName: Manual Approval - dependsOn: [] jobs: - - ${{ if eq(parameters.Microsoft.Windows.Developer, false) }}: - - template: /azure-pipelines/templates/manual-trigger.yml@self + - ${{ if eq(parameters.Microsoft_Windows_Developer, false) }}: + - template: /pipelines/templates/manual-trigger.yml@self parameters: - publishTarget: Microsoft.Windows.Developer PSGallery - - template: /azure-pipelines/templates/jobs/publish/store.yml@self - parameters: - runImmediately: ${{ parameters.msstore }} - - stage: Publish pipeline artifact + publishTarget: Microsoft.Windows.Developer to PSGallery + - stage: Microsoft_Windows_Developer jobs: - - job: Publish pipeline artifact + - job: publish_artifact displayName: 'Publish Microsoft.Windows.Developer' templateContext: outputs: - output: pipelineArtifact - displayName: Publish ${{ parameters.buildName }} + displayName: Publish Microsoft.Windows.Developer targetPath: $(Build.SourcesDirectory)\resources\Microsoft.Windows.Developer\ artifactName: Microsoft.Windows.Developer diff --git a/pipelines/azure-pipelines.yml b/pipelines/azure-pipelines.yml index de854e47..4bdd8d82 100644 --- a/pipelines/azure-pipelines.yml +++ b/pipelines/azure-pipelines.yml @@ -5,10 +5,13 @@ trigger: none parameters: # parameters are shown up in ADO UI in a build queue time -- name: 'Microsoft_Windows_Developer' - displayName: 'Publish Microsoft.Windows.Developer to PSGallery' - type: boolean - default: false +- name: moduleName + displayName: 'Name of the module to publish to the PSGallery' + type: string + +- name: moduleVersion + displayName: 'Version of the module' + type: string resources: repositories: @@ -32,20 +35,111 @@ extends: skipBuildTagsForGitHubPullRequests: true stages: - - stage: Manual_Approval - displayName: Manual Approval - jobs: - - ${{ if eq(parameters.Microsoft_Windows_Developer, false) }}: - - template: /pipelines/templates/manual-trigger.yml@self - parameters: - publishTarget: Microsoft.Windows.Developer to PSGallery - - stage: Microsoft_Windows_Developer + - stage: Publish ${{ parameters.moduleName }} jobs: + - job: prepare_module + displayName: Prepare and sign ${{ parameters.moduleName }} + steps: + - task: NuGetToolInstaller@1 + displayName: 'Use NuGet 6.x' + inputs: + versionSpec: 6.x + - task: PowerShell@2 + displayName: Replace module version + inputs: + targetType: inline + pwsh: true + script: | + $manifestContent = (Get-Content -path $(Build.SourcesDirectory)\resources\${{ parameters.moduleName }}\${{ parameters.moduleName }}.psd1 -Raw) + + $newManifestContent = $manifestContent -replace "'0.1.0'", "'${{ parameters.moduleVersion }}'" + + Set-Content -path $(Build.SourcesDirectory)\resources\${{ parameters.moduleName }}\${{ parameters.moduleName }}.psd1 -Value $newManifestContent + + New-Item ToSign -Type Directory + Set-Content -path ToSign\${{ parameters.moduleName }}.psd1 -Value $newManifestContent + Get-Content ToSign\${{ parameters.moduleName }}.psd1 -Raw + + Copy-Item -Path "$(Build.SourcesDirectory)\resources\${{ parameters.moduleName }}\${{ parameters.moduleName }}.psm1" -Destination "ToSign\${{ parameters.moduleName }}.psm1" -Force + - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5 + displayName: 'Sign manifest' + inputs: + ConnectedServiceName: AppInstallerESRPCodeSigning + AppRegistrationClientId: '32216f16-efc9-4013-9fae-c6a2c54a3fc0' + AppRegistrationTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47' + AuthAKVName: PeetDevOpsKeyVault + AuthCertName: ESRPAuth + AuthSignCertName: ESRPRequestSigning + FolderPath: '$(System.DefaultWorkingDirectory)\ToSign\' + Pattern: '*' + signConfigType: inlineSignParams + inlineOperation: | + [ + { + "KeyCode" : "CP-230012", + "OperationCode" : "SigntoolSign", + "Parameters" : { + "OpusName" : "Microsoft", + "OpusInfo" : "http://www.microsoft.com", + "FileDigest" : "/fd \"SHA256\"", + "PageHash" : "/NPH", + "TimeStamp" : "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" + }, + "ToolName" : "sign", + "ToolVersion" : "1.0" + }, + { + "KeyCode" : "CP-230012", + "OperationCode" : "SigntoolVerify", + "Parameters" : {}, + "ToolName" : "sign", + "ToolVersion" : "1.0" + } + ] + - task: PowerShell@2 + displayName: Copy Signed Files and Validate signature + inputs: + targetType: inline + pwsh: true + script: | + New-Item ToPublish\${{ parameters.moduleName }} -Type Directory + $moduleFolder = "ToPublish\${{ parameters.moduleName }}" + Copy-Item -Path "ToSign\${{ parameters.moduleName }}.psm1" -Destination "ToPublish\${{ parameters.moduleName }}\${{ parameters.moduleName }}.psm1" -Force + Copy-Item -Path "ToSign\${{ parameters.moduleName }}.psd1" -Destination "ToPublish\${{ parameters.moduleName }}\${{ parameters.moduleName }}.psd1" -Force + + $notValid = Get-ChildItem $moduleFolder -Recurse -Attributes !Directory | Get-AuthenticodeSignature | where { $_.Status -ne 'Valid' } + if ($null -ne $notValid) + { + $notValid + throw "A file is not signed" + } - job: publish_artifact - displayName: 'Publish Microsoft.Windows.Developer' + displayName: Publish ${{ parameters.moduleName }} templateContext: outputs: - output: pipelineArtifact - displayName: Publish Microsoft.Windows.Developer - targetPath: $(Build.SourcesDirectory)\resources\Microsoft.Windows.Developer\ - artifactName: Microsoft.Windows.Developer + displayName: Publish ${{ parameters.moduleName }} artifact + targetPath: ToPublish\${{ parameters.moduleName }} + artifactName: ${{ parameters.moduleName }} + - stage: Manual_Approval + displayName: Manual Approval + steps: + - template: /pipelines/templates/manual-trigger.yml@self + parameters: + publishTarget: ${{ parameters.moduleName }} to PSGallery + - task: PowerShell@2 + displayName: Publish Module + inputs: + targetType: inline + pwsh: true + script: | + $moduleFolder = "ToPublish\${{ parameters.moduleName }}" + + # List out all items in module folder + Get-ChildItem -Path $moduleFolder -Recurse + + $moduleFolderPath = (Resolve-Path $moduleFolder).Path + + Publish-Module -Path $moduleFolderPath -Repository PSGallery -NuGetApiKey $(DscSamplesNugetApiKey) -verbose + displayName: Publish ${{ parameters.moduleName }}' + From 95a5bff07fb019e19ad5b2b411972778a47a5844 Mon Sep 17 00:00:00 2001 From: ryfu-msft Date: Tue, 12 Nov 2024 13:40:05 -0800 Subject: [PATCH 07/22] clean up --- pipelines/azure-pipelines.yml | 40 +++++++++++++++++------------------ 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/pipelines/azure-pipelines.yml b/pipelines/azure-pipelines.yml index 4bdd8d82..7010ef05 100644 --- a/pipelines/azure-pipelines.yml +++ b/pipelines/azure-pipelines.yml @@ -121,25 +121,25 @@ extends: displayName: Publish ${{ parameters.moduleName }} artifact targetPath: ToPublish\${{ parameters.moduleName }} artifactName: ${{ parameters.moduleName }} - - stage: Manual_Approval + - stage: Publish to the gallery displayName: Manual Approval - steps: - - template: /pipelines/templates/manual-trigger.yml@self - parameters: - publishTarget: ${{ parameters.moduleName }} to PSGallery - - task: PowerShell@2 - displayName: Publish Module - inputs: - targetType: inline - pwsh: true - script: | - $moduleFolder = "ToPublish\${{ parameters.moduleName }}" - - # List out all items in module folder - Get-ChildItem -Path $moduleFolder -Recurse - - $moduleFolderPath = (Resolve-Path $moduleFolder).Path - - Publish-Module -Path $moduleFolderPath -Repository PSGallery -NuGetApiKey $(DscSamplesNugetApiKey) -verbose - displayName: Publish ${{ parameters.moduleName }}' + trigger: manual + jobs: + - job: Execute_Publish_Module + steps: + - task: PowerShell@2 + displayName: Publish Module + inputs: + targetType: inline + pwsh: true + script: | + $moduleFolder = "ToPublish\${{ parameters.moduleName }}" + + # List out all items in module folder + Get-ChildItem -Path $moduleFolder -Recurse + + $moduleFolderPath = (Resolve-Path $moduleFolder).Path + + Publish-Module -Path $moduleFolderPath -Repository PSGallery -NuGetApiKey $(DscSamplesNugetApiKey) -verbose + displayName: Publish ${{ parameters.moduleName }}' From 2fefcae310a5b012cc4fc7fd3ce464545d98d7c5 Mon Sep 17 00:00:00 2001 From: ryfu-msft Date: Tue, 12 Nov 2024 13:42:18 -0800 Subject: [PATCH 08/22] try again --- pipelines/azure-pipelines.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pipelines/azure-pipelines.yml b/pipelines/azure-pipelines.yml index 7010ef05..a92917ae 100644 --- a/pipelines/azure-pipelines.yml +++ b/pipelines/azure-pipelines.yml @@ -35,7 +35,7 @@ extends: skipBuildTagsForGitHubPullRequests: true stages: - - stage: Publish ${{ parameters.moduleName }} + - stage: Prepare module jobs: - job: prepare_module displayName: Prepare and sign ${{ parameters.moduleName }} @@ -121,7 +121,7 @@ extends: displayName: Publish ${{ parameters.moduleName }} artifact targetPath: ToPublish\${{ parameters.moduleName }} artifactName: ${{ parameters.moduleName }} - - stage: Publish to the gallery + - stage: Publish to the PowerShell Gallery displayName: Manual Approval trigger: manual jobs: From aa1aebaab0f81a964d6c235e9ad4523fe3b6c94e Mon Sep 17 00:00:00 2001 From: ryfu-msft Date: Tue, 12 Nov 2024 13:44:29 -0800 Subject: [PATCH 09/22] fix name --- pipelines/azure-pipelines.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pipelines/azure-pipelines.yml b/pipelines/azure-pipelines.yml index a92917ae..41c7e531 100644 --- a/pipelines/azure-pipelines.yml +++ b/pipelines/azure-pipelines.yml @@ -35,9 +35,9 @@ extends: skipBuildTagsForGitHubPullRequests: true stages: - - stage: Prepare module + - stage: jobs: - - job: prepare_module + - job: Prepare displayName: Prepare and sign ${{ parameters.moduleName }} steps: - task: NuGetToolInstaller@1 @@ -121,7 +121,7 @@ extends: displayName: Publish ${{ parameters.moduleName }} artifact targetPath: ToPublish\${{ parameters.moduleName }} artifactName: ${{ parameters.moduleName }} - - stage: Publish to the PowerShell Gallery + - stage: Publish displayName: Manual Approval trigger: manual jobs: From 2ddfa081fc4143bfa331a2b87f1ae68c2862c0bb Mon Sep 17 00:00:00 2001 From: ryfu-msft Date: Tue, 12 Nov 2024 14:14:27 -0800 Subject: [PATCH 10/22] add dependencies --- pipelines/azure-pipelines.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/pipelines/azure-pipelines.yml b/pipelines/azure-pipelines.yml index 41c7e531..c191e614 100644 --- a/pipelines/azure-pipelines.yml +++ b/pipelines/azure-pipelines.yml @@ -35,9 +35,9 @@ extends: skipBuildTagsForGitHubPullRequests: true stages: - - stage: + - stage: Prepare jobs: - - job: Prepare + - job: Prepare_Sign displayName: Prepare and sign ${{ parameters.moduleName }} steps: - task: NuGetToolInstaller@1 @@ -112,9 +112,10 @@ extends: { $notValid throw "A file is not signed" - } + } - job: publish_artifact displayName: Publish ${{ parameters.moduleName }} + dependsOn: Prepare_Sign templateContext: outputs: - output: pipelineArtifact @@ -123,6 +124,7 @@ extends: artifactName: ${{ parameters.moduleName }} - stage: Publish displayName: Manual Approval + dependsOn: Prepare trigger: manual jobs: - job: Execute_Publish_Module From c886cd8f8010ad5417163c894d73999e3e1f41ed Mon Sep 17 00:00:00 2001 From: ryfu-msft Date: Tue, 12 Nov 2024 14:19:05 -0800 Subject: [PATCH 11/22] remove dependency --- pipelines/azure-pipelines.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/pipelines/azure-pipelines.yml b/pipelines/azure-pipelines.yml index c191e614..8ca74207 100644 --- a/pipelines/azure-pipelines.yml +++ b/pipelines/azure-pipelines.yml @@ -124,7 +124,6 @@ extends: artifactName: ${{ parameters.moduleName }} - stage: Publish displayName: Manual Approval - dependsOn: Prepare trigger: manual jobs: - job: Execute_Publish_Module From 1d902d463e1d97b4234090f67c156a73bfbee8f2 Mon Sep 17 00:00:00 2001 From: ryfu-msft Date: Wed, 13 Nov 2024 12:01:17 -0800 Subject: [PATCH 12/22] try again --- pipelines/azure-pipelines.yml | 31 +++++++++++++++++++++---------- 1 file changed, 21 insertions(+), 10 deletions(-) diff --git a/pipelines/azure-pipelines.yml b/pipelines/azure-pipelines.yml index 8ca74207..bf4e3299 100644 --- a/pipelines/azure-pipelines.yml +++ b/pipelines/azure-pipelines.yml @@ -113,28 +113,39 @@ extends: $notValid throw "A file is not signed" } - - job: publish_artifact - displayName: Publish ${{ parameters.moduleName }} - dependsOn: Prepare_Sign - templateContext: - outputs: - - output: pipelineArtifact - displayName: Publish ${{ parameters.moduleName }} artifact - targetPath: ToPublish\${{ parameters.moduleName }} - artifactName: ${{ parameters.moduleName }} + - task: CopyFiles@2 + displayName: Copy files to be published to staging directory + inputs: + SourceFolder: ToPublish\${{ parameters.moduleName }} + targetFolder: $(Build.ArtifactStagingDirectory)/${{ parameters.moduleName }} + flattenFolders: true + contents: | + *.psm1 + *.psd1 + - task: 1ES.PublishPipelineArtifact@1 + inputs: + targetPath: $(Build.ArtifactStagingDirectory)/${{ parameters.moduleName }} + artifactName: ${{ parameters.moduleName }} + displayName: Publish Module Artifact + - stage: Publish displayName: Manual Approval trigger: manual jobs: - job: Execute_Publish_Module steps: + - task: DownloadPipelineArtifact@2 + inputs: + buildType: current + artifactName: ${{ parameters.moduleName }} + targetPath: $(Pipeline.Workspace) - task: PowerShell@2 displayName: Publish Module inputs: targetType: inline pwsh: true script: | - $moduleFolder = "ToPublish\${{ parameters.moduleName }}" + $moduleFolder = "$(Pipeline.Workspace)\${{ parameters.moduleName }}" # List out all items in module folder Get-ChildItem -Path $moduleFolder -Recurse From f7f49874d51724064f98d96c620ed068ba53555a Mon Sep 17 00:00:00 2001 From: ryfu-msft Date: Wed, 13 Nov 2024 12:32:22 -0800 Subject: [PATCH 13/22] fix pwsh task --- pipelines/azure-pipelines.yml | 30 +++++++++++++----------------- 1 file changed, 13 insertions(+), 17 deletions(-) diff --git a/pipelines/azure-pipelines.yml b/pipelines/azure-pipelines.yml index bf4e3299..fd6bb308 100644 --- a/pipelines/azure-pipelines.yml +++ b/pipelines/azure-pipelines.yml @@ -138,20 +138,16 @@ extends: inputs: buildType: current artifactName: ${{ parameters.moduleName }} - targetPath: $(Pipeline.Workspace) - - task: PowerShell@2 - displayName: Publish Module - inputs: - targetType: inline - pwsh: true - script: | - $moduleFolder = "$(Pipeline.Workspace)\${{ parameters.moduleName }}" - - # List out all items in module folder - Get-ChildItem -Path $moduleFolder -Recurse - - $moduleFolderPath = (Resolve-Path $moduleFolder).Path - - Publish-Module -Path $moduleFolderPath -Repository PSGallery -NuGetApiKey $(DscSamplesNugetApiKey) -verbose - displayName: Publish ${{ parameters.moduleName }}' - + targetPath: $(System.DefaultWorkingDirectory) + itemPattern: | + *.psm1 + *.psd1 + - pwsh: | + $moduleFolder = $(System.DefaultWorkingDirectory)\${{ parameters.moduleName }} + Get-ChildItem -Path $moduleFolder -Recurse + $moduleFolderPath = (Resolve-Path $moduleFolder).Path + Publish-Module -Path $moduleFolderPath -Repository PSGallery -NuGetApiKey $NugetApiKey -verbose + displayName: Publish ${{ parameters.moduleName }}' + env: + NugetApiKey: $(DscSamplesNugetApiKey) + \ No newline at end of file From 30de838b795b87298808cd74ad53c66f373647c0 Mon Sep 17 00:00:00 2001 From: ryfu-msft Date: Wed, 13 Nov 2024 13:20:55 -0800 Subject: [PATCH 14/22] fix pathing --- pipelines/azure-pipelines.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pipelines/azure-pipelines.yml b/pipelines/azure-pipelines.yml index fd6bb308..4a91e9f5 100644 --- a/pipelines/azure-pipelines.yml +++ b/pipelines/azure-pipelines.yml @@ -143,7 +143,7 @@ extends: *.psm1 *.psd1 - pwsh: | - $moduleFolder = $(System.DefaultWorkingDirectory)\${{ parameters.moduleName }} + $moduleFolder = Join-Path -Path $(System.DefaultWorkingDirectory) -ChildPath ${{ parameters.moduleName }} Get-ChildItem -Path $moduleFolder -Recurse $moduleFolderPath = (Resolve-Path $moduleFolder).Path Publish-Module -Path $moduleFolderPath -Repository PSGallery -NuGetApiKey $NugetApiKey -verbose From d97e727eca9532f873ecdf28147f358a72ff5872 Mon Sep 17 00:00:00 2001 From: ryfu-msft Date: Wed, 13 Nov 2024 14:46:01 -0800 Subject: [PATCH 15/22] try again --- pipelines/azure-pipelines.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pipelines/azure-pipelines.yml b/pipelines/azure-pipelines.yml index 4a91e9f5..69c65e1b 100644 --- a/pipelines/azure-pipelines.yml +++ b/pipelines/azure-pipelines.yml @@ -132,18 +132,18 @@ extends: displayName: Manual Approval trigger: manual jobs: - - job: Execute_Publish_Module + - job: PublishToGallery steps: - task: DownloadPipelineArtifact@2 inputs: buildType: current artifactName: ${{ parameters.moduleName }} - targetPath: $(System.DefaultWorkingDirectory) + targetPath: $(System.DefaultWorkingDirectory)/ModuleToPublish/${{ parameters.moduleName }} itemPattern: | *.psm1 *.psd1 - pwsh: | - $moduleFolder = Join-Path -Path $(System.DefaultWorkingDirectory) -ChildPath ${{ parameters.moduleName }} + $moduleFolder = "$(System.DefaultWorkingDirectory)/ModuleToPublish/${{ parameters.moduleName }}" Get-ChildItem -Path $moduleFolder -Recurse $moduleFolderPath = (Resolve-Path $moduleFolder).Path Publish-Module -Path $moduleFolderPath -Repository PSGallery -NuGetApiKey $NugetApiKey -verbose From 6898420ca72eea6bbe08bd3173b15d575016a430 Mon Sep 17 00:00:00 2001 From: ryfu-msft Date: Wed, 13 Nov 2024 15:00:51 -0800 Subject: [PATCH 16/22] try different apikey --- pipelines/azure-pipelines.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/pipelines/azure-pipelines.yml b/pipelines/azure-pipelines.yml index 69c65e1b..f66d5482 100644 --- a/pipelines/azure-pipelines.yml +++ b/pipelines/azure-pipelines.yml @@ -146,8 +146,6 @@ extends: $moduleFolder = "$(System.DefaultWorkingDirectory)/ModuleToPublish/${{ parameters.moduleName }}" Get-ChildItem -Path $moduleFolder -Recurse $moduleFolderPath = (Resolve-Path $moduleFolder).Path - Publish-Module -Path $moduleFolderPath -Repository PSGallery -NuGetApiKey $NugetApiKey -verbose + Publish-Module -Path $moduleFolderPath -Repository PSGallery -NuGetApiKey ${env:DSCSAMPLESNUGETAPIKEY} -verbose displayName: Publish ${{ parameters.moduleName }}' - env: - NugetApiKey: $(DscSamplesNugetApiKey) \ No newline at end of file From f9d4dc9b25a28fa0d59c9e8b6c542c79ba30352c Mon Sep 17 00:00:00 2001 From: ryfu-msft Date: Wed, 13 Nov 2024 15:19:32 -0800 Subject: [PATCH 17/22] fix spelling --- .../actions/spelling/expect/generic_terms.txt | 28 +++++++++++++------ pipelines/azure-pipelines.yml | 4 ++- 2 files changed, 22 insertions(+), 10 deletions(-) diff --git a/.github/actions/spelling/expect/generic_terms.txt b/.github/actions/spelling/expect/generic_terms.txt index 8a799bed..17866d26 100644 --- a/.github/actions/spelling/expect/generic_terms.txt +++ b/.github/actions/spelling/expect/generic_terms.txt @@ -1,15 +1,25 @@ -wildcards -ssh +AKV Amd -usr -screenshots +Authenticode +automerge currentstate +esrp +gtm +msft +NPH +Peet +rfc +SAMPLESNUGETAPIKEY +screenshots Scrollbars Searchbox -VGpu -versioning -worktree +SFP +Signtool sortby -msft -automerge +ssh +usr +versioning +VGpu +wildcards Workaround +worktree \ No newline at end of file diff --git a/pipelines/azure-pipelines.yml b/pipelines/azure-pipelines.yml index f66d5482..27afa4ed 100644 --- a/pipelines/azure-pipelines.yml +++ b/pipelines/azure-pipelines.yml @@ -146,6 +146,8 @@ extends: $moduleFolder = "$(System.DefaultWorkingDirectory)/ModuleToPublish/${{ parameters.moduleName }}" Get-ChildItem -Path $moduleFolder -Recurse $moduleFolderPath = (Resolve-Path $moduleFolder).Path - Publish-Module -Path $moduleFolderPath -Repository PSGallery -NuGetApiKey ${env:DSCSAMPLESNUGETAPIKEY} -verbose + Publish-Module -Path $moduleFolderPath -Repository PSGallery -NuGetApiKey $env:api_key -verbose displayName: Publish ${{ parameters.moduleName }}' + env: + api_key: $(DscSamplesNugetApiKey) \ No newline at end of file From abe63d3135ccf32616020099e632b0d28855de8b Mon Sep 17 00:00:00 2001 From: ryfu-msft Date: Wed, 13 Nov 2024 15:31:56 -0800 Subject: [PATCH 18/22] revert and finalize --- .../actions/spelling/expect/generic_terms.txt | 2 - pipelines/azure-pipelines.publish.yml | 140 ++++++++++-- pipelines/azure-pipelines.yml | 201 +++++++----------- pipelines/templates/manual-trigger.yml | 15 -- 4 files changed, 197 insertions(+), 161 deletions(-) delete mode 100644 pipelines/templates/manual-trigger.yml diff --git a/.github/actions/spelling/expect/generic_terms.txt b/.github/actions/spelling/expect/generic_terms.txt index 17866d26..0b7ad3f3 100644 --- a/.github/actions/spelling/expect/generic_terms.txt +++ b/.github/actions/spelling/expect/generic_terms.txt @@ -9,7 +9,6 @@ msft NPH Peet rfc -SAMPLESNUGETAPIKEY screenshots Scrollbars Searchbox @@ -21,5 +20,4 @@ usr versioning VGpu wildcards -Workaround worktree \ No newline at end of file diff --git a/pipelines/azure-pipelines.publish.yml b/pipelines/azure-pipelines.publish.yml index 017a1daf..0066d882 100644 --- a/pipelines/azure-pipelines.publish.yml +++ b/pipelines/azure-pipelines.publish.yml @@ -5,10 +5,13 @@ trigger: none parameters: # parameters are shown up in ADO UI in a build queue time -- name: 'Microsoft_Windows_Developer' - displayName: 'Publish Microsoft.Windows.Developer to PSGallery' - type: boolean - default: false +- name: moduleName + displayName: 'Name of the module to publish to the PSGallery' + type: string + +- name: moduleVersion + displayName: 'Version of the module' + type: string resources: repositories: @@ -32,20 +35,119 @@ extends: skipBuildTagsForGitHubPullRequests: true stages: - - stage: Manual_Approval - displayName: Manual Approval + - stage: Prepare jobs: - - ${{ if eq(parameters.Microsoft_Windows_Developer, false) }}: - - template: /pipelines/templates/manual-trigger.yml@self - parameters: - publishTarget: Microsoft.Windows.Developer to PSGallery - - stage: Microsoft_Windows_Developer + - job: Prepare_Sign + displayName: Prepare and sign ${{ parameters.moduleName }} + steps: + - task: NuGetToolInstaller@1 + displayName: 'Use NuGet 6.x' + inputs: + versionSpec: 6.x + - task: PowerShell@2 + displayName: Replace module version + inputs: + targetType: inline + pwsh: true + script: | + $manifestContent = (Get-Content -path $(Build.SourcesDirectory)\resources\${{ parameters.moduleName }}\${{ parameters.moduleName }}.psd1 -Raw) + + $newManifestContent = $manifestContent -replace "'0.1.0'", "'${{ parameters.moduleVersion }}'" + + Set-Content -path $(Build.SourcesDirectory)\resources\${{ parameters.moduleName }}\${{ parameters.moduleName }}.psd1 -Value $newManifestContent + + New-Item ToSign -Type Directory + Set-Content -path ToSign\${{ parameters.moduleName }}.psd1 -Value $newManifestContent + Get-Content ToSign\${{ parameters.moduleName }}.psd1 -Raw + + Copy-Item -Path "$(Build.SourcesDirectory)\resources\${{ parameters.moduleName }}\${{ parameters.moduleName }}.psm1" -Destination "ToSign\${{ parameters.moduleName }}.psm1" -Force + - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5 + displayName: 'Sign manifest' + inputs: + ConnectedServiceName: AppInstallerESRPCodeSigning + AppRegistrationClientId: '32216f16-efc9-4013-9fae-c6a2c54a3fc0' + AppRegistrationTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47' + AuthAKVName: PeetDevOpsKeyVault + AuthCertName: ESRPAuth + AuthSignCertName: ESRPRequestSigning + FolderPath: '$(System.DefaultWorkingDirectory)\ToSign\' + Pattern: '*' + signConfigType: inlineSignParams + inlineOperation: | + [ + { + "KeyCode" : "CP-230012", + "OperationCode" : "SigntoolSign", + "Parameters" : { + "OpusName" : "Microsoft", + "OpusInfo" : "http://www.microsoft.com", + "FileDigest" : "/fd \"SHA256\"", + "PageHash" : "/NPH", + "TimeStamp" : "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" + }, + "ToolName" : "sign", + "ToolVersion" : "1.0" + }, + { + "KeyCode" : "CP-230012", + "OperationCode" : "SigntoolVerify", + "Parameters" : {}, + "ToolName" : "sign", + "ToolVersion" : "1.0" + } + ] + - task: PowerShell@2 + displayName: Copy Signed Files and Validate signature + inputs: + targetType: inline + pwsh: true + script: | + New-Item ToPublish\${{ parameters.moduleName }} -Type Directory + $moduleFolder = "ToPublish\${{ parameters.moduleName }}" + Copy-Item -Path "ToSign\${{ parameters.moduleName }}.psm1" -Destination "ToPublish\${{ parameters.moduleName }}\${{ parameters.moduleName }}.psm1" -Force + Copy-Item -Path "ToSign\${{ parameters.moduleName }}.psd1" -Destination "ToPublish\${{ parameters.moduleName }}\${{ parameters.moduleName }}.psd1" -Force + + $notValid = Get-ChildItem $moduleFolder -Recurse -Attributes !Directory | Get-AuthenticodeSignature | where { $_.Status -ne 'Valid' } + if ($null -ne $notValid) + { + $notValid + throw "A file is not signed" + } + - task: CopyFiles@2 + displayName: Copy files to be published to staging directory + inputs: + SourceFolder: ToPublish\${{ parameters.moduleName }} + targetFolder: $(Build.ArtifactStagingDirectory)/${{ parameters.moduleName }} + flattenFolders: true + contents: | + *.psm1 + *.psd1 + - task: 1ES.PublishPipelineArtifact@1 + inputs: + targetPath: $(Build.ArtifactStagingDirectory)/${{ parameters.moduleName }} + artifactName: ${{ parameters.moduleName }} + displayName: Publish Module Artifact + + - stage: Publish + displayName: Manual Approval + trigger: manual jobs: - - job: publish_artifact - displayName: 'Publish Microsoft.Windows.Developer' - templateContext: - outputs: - - output: pipelineArtifact - displayName: Publish Microsoft.Windows.Developer - targetPath: $(Build.SourcesDirectory)\resources\Microsoft.Windows.Developer\ - artifactName: Microsoft.Windows.Developer + - job: PublishToGallery + steps: + - task: DownloadPipelineArtifact@2 + inputs: + buildType: current + artifactName: ${{ parameters.moduleName }} + targetPath: $(System.DefaultWorkingDirectory)/ModuleToPublish/${{ parameters.moduleName }} + itemPattern: | + *.psm1 + *.psd1 + - pwsh: | + $moduleFolder = "$(System.DefaultWorkingDirectory)/ModuleToPublish/${{ parameters.moduleName }}" + Get-ChildItem -Path $moduleFolder -Recurse + $moduleFolderPath = (Resolve-Path $moduleFolder).Path + Publish-Module -Path $moduleFolderPath -Repository PSGallery -NuGetApiKey $env:api_key -verbose + displayName: Publish ${{ parameters.moduleName }}' + env: + api_key: $(DscSamplesNugetApiKey) + \ No newline at end of file diff --git a/pipelines/azure-pipelines.yml b/pipelines/azure-pipelines.yml index 27afa4ed..e68067ed 100644 --- a/pipelines/azure-pipelines.yml +++ b/pipelines/azure-pipelines.yml @@ -1,17 +1,20 @@ -# winget-dsc pipeline to publish module artifacts +# winget-dsc pipeline to publish artifacts name: '$(Build.DefinitionName)-$(Build.DefinitionVersion)-$(Date:yyyyMMdd)-$(Rev:r)' -trigger: none +# Commit triggers +trigger: + - main -parameters: # parameters are shown up in ADO UI in a build queue time - -- name: moduleName - displayName: 'Name of the module to publish to the PSGallery' - type: string - -- name: moduleVersion - displayName: 'Version of the module' - type: string +# PR triggers +pr: + branches: + include: + - main + paths: + include: + - pipelines/azure-pipelines.yml + - resources/* + - tests/* resources: repositories: @@ -35,119 +38,67 @@ extends: skipBuildTagsForGitHubPullRequests: true stages: - - stage: Prepare + - stage: WinGet_DSC_Artifacts_Publish jobs: - - job: Prepare_Sign - displayName: Prepare and sign ${{ parameters.moduleName }} - steps: - - task: NuGetToolInstaller@1 - displayName: 'Use NuGet 6.x' - inputs: - versionSpec: 6.x - - task: PowerShell@2 - displayName: Replace module version - inputs: - targetType: inline - pwsh: true - script: | - $manifestContent = (Get-Content -path $(Build.SourcesDirectory)\resources\${{ parameters.moduleName }}\${{ parameters.moduleName }}.psd1 -Raw) - - $newManifestContent = $manifestContent -replace "'0.1.0'", "'${{ parameters.moduleVersion }}'" - - Set-Content -path $(Build.SourcesDirectory)\resources\${{ parameters.moduleName }}\${{ parameters.moduleName }}.psd1 -Value $newManifestContent - - New-Item ToSign -Type Directory - Set-Content -path ToSign\${{ parameters.moduleName }}.psd1 -Value $newManifestContent - Get-Content ToSign\${{ parameters.moduleName }}.psd1 -Raw - - Copy-Item -Path "$(Build.SourcesDirectory)\resources\${{ parameters.moduleName }}\${{ parameters.moduleName }}.psm1" -Destination "ToSign\${{ parameters.moduleName }}.psm1" -Force - - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5 - displayName: 'Sign manifest' - inputs: - ConnectedServiceName: AppInstallerESRPCodeSigning - AppRegistrationClientId: '32216f16-efc9-4013-9fae-c6a2c54a3fc0' - AppRegistrationTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47' - AuthAKVName: PeetDevOpsKeyVault - AuthCertName: ESRPAuth - AuthSignCertName: ESRPRequestSigning - FolderPath: '$(System.DefaultWorkingDirectory)\ToSign\' - Pattern: '*' - signConfigType: inlineSignParams - inlineOperation: | - [ - { - "KeyCode" : "CP-230012", - "OperationCode" : "SigntoolSign", - "Parameters" : { - "OpusName" : "Microsoft", - "OpusInfo" : "http://www.microsoft.com", - "FileDigest" : "/fd \"SHA256\"", - "PageHash" : "/NPH", - "TimeStamp" : "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" - }, - "ToolName" : "sign", - "ToolVersion" : "1.0" - }, - { - "KeyCode" : "CP-230012", - "OperationCode" : "SigntoolVerify", - "Parameters" : {}, - "ToolName" : "sign", - "ToolVersion" : "1.0" - } - ] - - task: PowerShell@2 - displayName: Copy Signed Files and Validate signature - inputs: - targetType: inline - pwsh: true - script: | - New-Item ToPublish\${{ parameters.moduleName }} -Type Directory - $moduleFolder = "ToPublish\${{ parameters.moduleName }}" - Copy-Item -Path "ToSign\${{ parameters.moduleName }}.psm1" -Destination "ToPublish\${{ parameters.moduleName }}\${{ parameters.moduleName }}.psm1" -Force - Copy-Item -Path "ToSign\${{ parameters.moduleName }}.psd1" -Destination "ToPublish\${{ parameters.moduleName }}\${{ parameters.moduleName }}.psd1" -Force - - $notValid = Get-ChildItem $moduleFolder -Recurse -Attributes !Directory | Get-AuthenticodeSignature | where { $_.Status -ne 'Valid' } - if ($null -ne $notValid) - { - $notValid - throw "A file is not signed" - } - - task: CopyFiles@2 - displayName: Copy files to be published to staging directory - inputs: - SourceFolder: ToPublish\${{ parameters.moduleName }} - targetFolder: $(Build.ArtifactStagingDirectory)/${{ parameters.moduleName }} - flattenFolders: true - contents: | - *.psm1 - *.psd1 - - task: 1ES.PublishPipelineArtifact@1 - inputs: - targetPath: $(Build.ArtifactStagingDirectory)/${{ parameters.moduleName }} - artifactName: ${{ parameters.moduleName }} - displayName: Publish Module Artifact + - job: Publish_WinGet_DSC_Resources + displayName: 'Publish WinGet DSC Resources' + templateContext: + outputs: + - output: pipelineArtifact + displayName: 'Publish Pipeline Microsoft.Windows.Developer' + targetPath: $(Build.SourcesDirectory)\resources\Microsoft.Windows.Developer\ + artifactName: Microsoft.Windows.Developer + - output: pipelineArtifact + displayName: 'Publish Pipeline Microsoft.Windows.Setting.Accessibility' + targetPath: $(Build.SourcesDirectory)\resources\Microsoft.Windows.Setting.Accessibility\ + artifactName: Microsoft.Windows.Setting.Accessibility + - output: pipelineArtifact + displayName: 'Publish Pipeline PythonPip3Dsc' + targetPath: $(Build.SourcesDirectory)\resources\PythonPip3Dsc\ + artifactName: PythonPip3Dsc + - output: pipelineArtifact + displayName: 'Publish Pipeline YarnDsc' + targetPath: $(Build.SourcesDirectory)\resources\YarnDsc\ + artifactName: YarnDsc + - output: pipelineArtifact + displayName: 'Publish Pipeline NpmDsc' + targetPath: $(Build.SourcesDirectory)\resources\NpmDsc\ + artifactName: NpmDsc + - output: pipelineArtifact + displayName: 'Publish Pipeline Microsoft.WindowsSandbox.DSC' + targetPath: $(Build.SourcesDirectory)\resources\Microsoft.WindowsSandbox.DSC\ + artifactName: Microsoft.WindowsSandbox.DSC + - output: pipelineArtifact + displayName: 'Publish Pipeline GitDsc' + targetPath: $(Build.SourcesDirectory)\resources\GitDsc\ + artifactName: GitDsc + - output: pipelineArtifact + displayName: 'Publish Pipeline Microsoft.VSCode.Dsc' + targetPath: $(Build.SourcesDirectory)\resources\Microsoft.VSCode.Dsc\ + artifactName: Microsoft.VSCode.Dsc + - output: pipelineArtifact + displayName: 'Publish Pipeline Microsoft.DotNet.Dsc' + targetPath: $(Build.SourcesDirectory)\resources\Microsoft.DotNet.Dsc\ + artifactName: Microsoft.DotNet.Dsc - - stage: Publish - displayName: Manual Approval - trigger: manual - jobs: - - job: PublishToGallery - steps: - - task: DownloadPipelineArtifact@2 - inputs: - buildType: current - artifactName: ${{ parameters.moduleName }} - targetPath: $(System.DefaultWorkingDirectory)/ModuleToPublish/${{ parameters.moduleName }} - itemPattern: | - *.psm1 - *.psd1 - - pwsh: | - $moduleFolder = "$(System.DefaultWorkingDirectory)/ModuleToPublish/${{ parameters.moduleName }}" - Get-ChildItem -Path $moduleFolder -Recurse - $moduleFolderPath = (Resolve-Path $moduleFolder).Path - Publish-Module -Path $moduleFolderPath -Repository PSGallery -NuGetApiKey $env:api_key -verbose - displayName: Publish ${{ parameters.moduleName }}' - env: - api_key: $(DscSamplesNugetApiKey) - \ No newline at end of file + steps: + - checkout: self + clean: true + fetchTags: false + + - task: PowerShell@2 + displayName: 'Run Pester tests for DSC modules' + inputs: + pwsh: true + targetType: 'inline' + script: | + $env:PSModulePath += ";$(Build.SourcesDirectory)\resources" + Invoke-Pester -CI + workingDirectory: $(Build.SourcesDirectory)\tests\ + ignoreLASTEXITCODE: true + + - task: PublishTestResults@2 + inputs: + testResultsFormat: 'NUnit' + testResultsFiles: '**/Test*.xml' + failTaskOnFailedTests: true diff --git a/pipelines/templates/manual-trigger.yml b/pipelines/templates/manual-trigger.yml deleted file mode 100644 index 6e9c5e0d..00000000 --- a/pipelines/templates/manual-trigger.yml +++ /dev/null @@ -1,15 +0,0 @@ -parameters: -- name: publishTarget - type: string - -jobs: -- job: ManualTrigger - displayName: Manual trigger for ${{ parameters.publishTarget }} - pool: server - timeoutInMinutes: 86400 # job times out in 60 days - steps: - - task: ManualValidation@0 - timeoutInMinutes: 86400 # task times out in 60 days - inputs: - notifyUsers: '' - instructions: Approve this step to proceed with publishing for ${{ parameters.publishTarget }} From e894dd3df37875580f9397efc5ed99fed4f131dd Mon Sep 17 00:00:00 2001 From: ryfu-msft Date: Wed, 13 Nov 2024 15:37:07 -0800 Subject: [PATCH 19/22] fix spelling --- .github/actions/spelling/expect/generic_terms.txt | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/actions/spelling/expect/generic_terms.txt b/.github/actions/spelling/expect/generic_terms.txt index 0b7ad3f3..9455ded3 100644 --- a/.github/actions/spelling/expect/generic_terms.txt +++ b/.github/actions/spelling/expect/generic_terms.txt @@ -19,5 +19,4 @@ ssh usr versioning VGpu -wildcards -worktree \ No newline at end of file +wildcards \ No newline at end of file From 1ced0c78d1a8f0772699f97c569715a5e6a64ae1 Mon Sep 17 00:00:00 2001 From: ryfu-msft Date: Wed, 13 Nov 2024 15:41:32 -0800 Subject: [PATCH 20/22] try again --- .github/actions/spelling/allow.txt | 4 +++- .github/actions/spelling/expect/generic_terms.txt | 3 +-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/actions/spelling/allow.txt b/.github/actions/spelling/allow.txt index 77faf4cc..677b79b0 100644 --- a/.github/actions/spelling/allow.txt +++ b/.github/actions/spelling/allow.txt @@ -38,4 +38,6 @@ Windo ELSPROBLEMS requ whatif -pscustomobject +pscustomobject+ +wildcards +worktree diff --git a/.github/actions/spelling/expect/generic_terms.txt b/.github/actions/spelling/expect/generic_terms.txt index 9455ded3..5180255f 100644 --- a/.github/actions/spelling/expect/generic_terms.txt +++ b/.github/actions/spelling/expect/generic_terms.txt @@ -18,5 +18,4 @@ sortby ssh usr versioning -VGpu -wildcards \ No newline at end of file +VGpu \ No newline at end of file From 74bd3516ba28f106f6e172620cfd1646ad758b39 Mon Sep 17 00:00:00 2001 From: ryfu-msft Date: Wed, 13 Nov 2024 15:46:52 -0800 Subject: [PATCH 21/22] fix last one --- .github/actions/spelling/allow.txt | 3 ++- .github/actions/spelling/expect/software.txt | 4 +--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/actions/spelling/allow.txt b/.github/actions/spelling/allow.txt index 677b79b0..dc5a105d 100644 --- a/.github/actions/spelling/allow.txt +++ b/.github/actions/spelling/allow.txt @@ -38,6 +38,7 @@ Windo ELSPROBLEMS requ whatif -pscustomobject+ +pscustomobject +VGpu wildcards worktree diff --git a/.github/actions/spelling/expect/software.txt b/.github/actions/spelling/expect/software.txt index 239fdd28..eb235278 100644 --- a/.github/actions/spelling/expect/software.txt +++ b/.github/actions/spelling/expect/software.txt @@ -2,8 +2,6 @@ vscode Linux dotnet dotnettool -cspell NUnit reportgenerator -Toolpackage -markdownlint +markdownlint \ No newline at end of file From c2b8a23a8b949f132e06d8410cb26a5746fc299d Mon Sep 17 00:00:00 2001 From: ryfu-msft Date: Wed, 13 Nov 2024 15:50:40 -0800 Subject: [PATCH 22/22] try again --- .github/actions/spelling/allow.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/actions/spelling/allow.txt b/.github/actions/spelling/allow.txt index dc5a105d..ea08cda9 100644 --- a/.github/actions/spelling/allow.txt +++ b/.github/actions/spelling/allow.txt @@ -11,6 +11,7 @@ codeowners github https Icm +markdownlint microsoft msftbot numpy