278 lines
10 KiB
YAML
278 lines
10 KiB
YAML
|
parameters:
|
||
|
# Which publishing infra should be used. THIS SHOULD MATCH THE VERSION ON THE BUILD MANIFEST.
|
||
|
# Publishing V1 is no longer supported
|
||
|
# Publishing V2 is no longer supported
|
||
|
# Publishing V3 is the default
|
||
|
- name: publishingInfraVersion
|
||
|
displayName: Which version of publishing should be used to promote the build definition?
|
||
|
type: number
|
||
|
default: 3
|
||
|
values:
|
||
|
- 3
|
||
|
|
||
|
- name: BARBuildId
|
||
|
displayName: BAR Build Id
|
||
|
type: number
|
||
|
default: 0
|
||
|
|
||
|
- name: PromoteToChannelIds
|
||
|
displayName: Channel to promote BARBuildId to
|
||
|
type: string
|
||
|
default: ''
|
||
|
|
||
|
- name: enableSourceLinkValidation
|
||
|
displayName: Enable SourceLink validation
|
||
|
type: boolean
|
||
|
default: false
|
||
|
|
||
|
- name: enableSigningValidation
|
||
|
displayName: Enable signing validation
|
||
|
type: boolean
|
||
|
default: true
|
||
|
|
||
|
- name: enableSymbolValidation
|
||
|
displayName: Enable symbol validation
|
||
|
type: boolean
|
||
|
default: false
|
||
|
|
||
|
- name: enableNugetValidation
|
||
|
displayName: Enable NuGet validation
|
||
|
type: boolean
|
||
|
default: true
|
||
|
|
||
|
- name: publishInstallersAndChecksums
|
||
|
displayName: Publish installers and checksums
|
||
|
type: boolean
|
||
|
default: true
|
||
|
|
||
|
- name: SDLValidationParameters
|
||
|
type: object
|
||
|
default:
|
||
|
enable: false
|
||
|
continueOnError: false
|
||
|
params: ''
|
||
|
artifactNames: ''
|
||
|
downloadArtifacts: true
|
||
|
|
||
|
# These parameters let the user customize the call to sdk-task.ps1 for publishing
|
||
|
# symbols & general artifacts as well as for signing validation
|
||
|
- name: symbolPublishingAdditionalParameters
|
||
|
displayName: Symbol publishing additional parameters
|
||
|
type: string
|
||
|
default: ''
|
||
|
|
||
|
- name: artifactsPublishingAdditionalParameters
|
||
|
displayName: Artifact publishing additional parameters
|
||
|
type: string
|
||
|
default: ''
|
||
|
|
||
|
- name: signingValidationAdditionalParameters
|
||
|
displayName: Signing validation additional parameters
|
||
|
type: string
|
||
|
default: ''
|
||
|
|
||
|
# Which stages should finish execution before post-build stages start
|
||
|
- name: validateDependsOn
|
||
|
type: object
|
||
|
default:
|
||
|
- build
|
||
|
|
||
|
- name: publishDependsOn
|
||
|
type: object
|
||
|
default:
|
||
|
- Validate
|
||
|
|
||
|
stages:
|
||
|
- ${{ if or(eq( parameters.enableNugetValidation, 'true'), eq(parameters.enableSigningValidation, 'true'), eq(parameters.enableSourceLinkValidation, 'true'), eq(parameters.SDLValidationParameters.enable, 'true')) }}:
|
||
|
- stage: Validate
|
||
|
dependsOn: ${{ parameters.validateDependsOn }}
|
||
|
displayName: Validate Build Assets
|
||
|
variables:
|
||
|
- template: common-variables.yml
|
||
|
jobs:
|
||
|
- job:
|
||
|
displayName: NuGet Validation
|
||
|
condition: eq( ${{ parameters.enableNugetValidation }}, 'true')
|
||
|
pool:
|
||
|
# We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com)
|
||
|
${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:
|
||
|
name: AzurePipelines-EO
|
||
|
image: 1ESPT-Windows2022
|
||
|
demands: Cmd
|
||
|
os: windows
|
||
|
# If it's not devdiv, it's dnceng
|
||
|
${{ if ne(variables['System.TeamProject'], 'DevDiv') }}:
|
||
|
name: NetCore1ESPool-Svc-Internal
|
||
|
image: 1es-windows-2022-pt
|
||
|
os: windows
|
||
|
|
||
|
steps:
|
||
|
- template: setup-maestro-vars.yml
|
||
|
parameters:
|
||
|
BARBuildId: ${{ parameters.BARBuildId }}
|
||
|
PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}
|
||
|
|
||
|
- task: DownloadBuildArtifacts@0
|
||
|
displayName: Download Package Artifacts
|
||
|
inputs:
|
||
|
buildType: specific
|
||
|
buildVersionToDownload: specific
|
||
|
project: $(AzDOProjectName)
|
||
|
pipeline: $(AzDOPipelineId)
|
||
|
buildId: $(AzDOBuildId)
|
||
|
artifactName: PackageArtifacts
|
||
|
checkDownloadedFiles: true
|
||
|
|
||
|
- task: PowerShell@2
|
||
|
displayName: Validate
|
||
|
inputs:
|
||
|
filePath: $(Build.SourcesDirectory)/eng/common/post-build/nuget-validation.ps1
|
||
|
arguments: -PackagesPath $(Build.ArtifactStagingDirectory)/PackageArtifacts/
|
||
|
-ToolDestinationPath $(Agent.BuildDirectory)/Extract/
|
||
|
|
||
|
- job:
|
||
|
displayName: Signing Validation
|
||
|
condition: and( eq( ${{ parameters.enableSigningValidation }}, 'true'), ne( variables['PostBuildSign'], 'true'))
|
||
|
pool:
|
||
|
# We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com)
|
||
|
${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:
|
||
|
name: AzurePipelines-EO
|
||
|
demands: Cmd
|
||
|
os: windows
|
||
|
# If it's not devdiv, it's dnceng
|
||
|
${{ if ne(variables['System.TeamProject'], 'DevDiv') }}:
|
||
|
name: NetCore1ESPool-Svc-Internal
|
||
|
image: 1es-windows-2022-pt
|
||
|
os: windows
|
||
|
steps:
|
||
|
- template: setup-maestro-vars.yml
|
||
|
parameters:
|
||
|
BARBuildId: ${{ parameters.BARBuildId }}
|
||
|
PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}
|
||
|
|
||
|
- task: DownloadBuildArtifacts@0
|
||
|
displayName: Download Package Artifacts
|
||
|
inputs:
|
||
|
buildType: specific
|
||
|
buildVersionToDownload: specific
|
||
|
project: $(AzDOProjectName)
|
||
|
pipeline: $(AzDOPipelineId)
|
||
|
buildId: $(AzDOBuildId)
|
||
|
artifactName: PackageArtifacts
|
||
|
checkDownloadedFiles: true
|
||
|
itemPattern: |
|
||
|
**
|
||
|
!**/Microsoft.SourceBuild.Intermediate.*.nupkg
|
||
|
|
||
|
# This is necessary whenever we want to publish/restore to an AzDO private feed
|
||
|
# Since sdk-task.ps1 tries to restore packages we need to do this authentication here
|
||
|
# otherwise it'll complain about accessing a private feed.
|
||
|
- task: NuGetAuthenticate@1
|
||
|
displayName: 'Authenticate to AzDO Feeds'
|
||
|
|
||
|
- task: PowerShell@2
|
||
|
displayName: Enable cross-org publishing
|
||
|
inputs:
|
||
|
filePath: eng\common\enable-cross-org-publishing.ps1
|
||
|
arguments: -token $(dn-bot-dnceng-artifact-feeds-rw)
|
||
|
|
||
|
# Signing validation will optionally work with the buildmanifest file which is downloaded from
|
||
|
# Azure DevOps above.
|
||
|
- task: PowerShell@2
|
||
|
displayName: Validate
|
||
|
inputs:
|
||
|
filePath: eng\common\sdk-task.ps1
|
||
|
arguments: -task SigningValidation -restore -msbuildEngine vs
|
||
|
/p:PackageBasePath='$(Build.ArtifactStagingDirectory)/PackageArtifacts'
|
||
|
/p:SignCheckExclusionsFile='$(Build.SourcesDirectory)/eng/SignCheckExclusionsFile.txt'
|
||
|
${{ parameters.signingValidationAdditionalParameters }}
|
||
|
|
||
|
- template: ../steps/publish-logs.yml
|
||
|
parameters:
|
||
|
StageLabel: 'Validation'
|
||
|
JobLabel: 'Signing'
|
||
|
|
||
|
- job:
|
||
|
displayName: SourceLink Validation
|
||
|
condition: eq( ${{ parameters.enableSourceLinkValidation }}, 'true')
|
||
|
pool:
|
||
|
# We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com)
|
||
|
${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:
|
||
|
name: AzurePipelines-EO
|
||
|
image: 1ESPT-Windows2022
|
||
|
demands: Cmd
|
||
|
os: windows
|
||
|
# If it's not devdiv, it's dnceng
|
||
|
${{ if ne(variables['System.TeamProject'], 'DevDiv') }}:
|
||
|
name: NetCore1ESPool-Svc-Internal
|
||
|
image: 1es-windows-2022-pt
|
||
|
os: windows
|
||
|
steps:
|
||
|
- template: setup-maestro-vars.yml
|
||
|
parameters:
|
||
|
BARBuildId: ${{ parameters.BARBuildId }}
|
||
|
PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}
|
||
|
|
||
|
- task: DownloadBuildArtifacts@0
|
||
|
displayName: Download Blob Artifacts
|
||
|
inputs:
|
||
|
buildType: specific
|
||
|
buildVersionToDownload: specific
|
||
|
project: $(AzDOProjectName)
|
||
|
pipeline: $(AzDOPipelineId)
|
||
|
buildId: $(AzDOBuildId)
|
||
|
artifactName: BlobArtifacts
|
||
|
checkDownloadedFiles: true
|
||
|
|
||
|
- task: PowerShell@2
|
||
|
displayName: Validate
|
||
|
inputs:
|
||
|
filePath: $(Build.SourcesDirectory)/eng/common/post-build/sourcelink-validation.ps1
|
||
|
arguments: -InputPath $(Build.ArtifactStagingDirectory)/BlobArtifacts/
|
||
|
-ExtractPath $(Agent.BuildDirectory)/Extract/
|
||
|
-GHRepoName $(Build.Repository.Name)
|
||
|
-GHCommit $(Build.SourceVersion)
|
||
|
-SourcelinkCliVersion $(SourceLinkCLIVersion)
|
||
|
continueOnError: true
|
||
|
|
||
|
- stage: publish_using_darc
|
||
|
${{ if or(eq(parameters.enableNugetValidation, 'true'), eq(parameters.enableSigningValidation, 'true'), eq(parameters.enableSourceLinkValidation, 'true'), eq(parameters.SDLValidationParameters.enable, 'true')) }}:
|
||
|
dependsOn: ${{ parameters.publishDependsOn }}
|
||
|
${{ if and(ne(parameters.enableNugetValidation, 'true'), ne(parameters.enableSigningValidation, 'true'), ne(parameters.enableSourceLinkValidation, 'true'), ne(parameters.SDLValidationParameters.enable, 'true')) }}:
|
||
|
dependsOn: ${{ parameters.validateDependsOn }}
|
||
|
displayName: Publish using Darc
|
||
|
variables:
|
||
|
- template: common-variables.yml
|
||
|
jobs:
|
||
|
- job:
|
||
|
displayName: Publish Using Darc
|
||
|
timeoutInMinutes: 120
|
||
|
pool:
|
||
|
# We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com)
|
||
|
${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:
|
||
|
name: AzurePipelines-EO
|
||
|
demands: Cmd
|
||
|
os: windows
|
||
|
# If it's not devdiv, it's dnceng
|
||
|
${{ else }}:
|
||
|
name: NetCore1ESPool-Svc-Internal
|
||
|
image: 1es-windows-2022-pt
|
||
|
os: windows
|
||
|
steps:
|
||
|
- template: setup-maestro-vars.yml
|
||
|
parameters:
|
||
|
BARBuildId: ${{ parameters.BARBuildId }}
|
||
|
PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}
|
||
|
|
||
|
- task: PowerShell@2
|
||
|
displayName: Publish Using Darc
|
||
|
inputs:
|
||
|
filePath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1
|
||
|
arguments: -BuildId $(BARBuildId)
|
||
|
-PublishingInfraVersion ${{ parameters.publishingInfraVersion }}
|
||
|
-AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)'
|
||
|
-MaestroToken '$(MaestroApiAccessToken)'
|
||
|
-WaitPublishingFinish true
|
||
|
-ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}'
|
||
|
-SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}'
|