[release/8.0.1xx] Switch to dSAS for internal runtimes (#19945)
This commit is contained in:
parent
502a6d149a
commit
34a414a79d
25 changed files with 301 additions and 67 deletions
|
@ -21,14 +21,12 @@ variables:
|
|||
- ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
|
||||
- name: Codeql.Enabled
|
||||
value: true
|
||||
- group: DotNet-DotNetCli-Storage
|
||||
- group: DotNet-Installer-SDLValidation-Params
|
||||
- name: _PublishUsingPipelines
|
||||
value: true
|
||||
- name: _InternalRuntimeDownloadArgs
|
||||
value: ''
|
||||
- ${{ if eq(variables['System.TeamProject'], 'internal') }}:
|
||||
- group: DotNetBuilds storage account read tokens
|
||||
- name: _InternalRuntimeDownloadArgs
|
||||
value: /p:DotNetRuntimeSourceFeed=https://dotnetbuilds.blob.core.windows.net/internal
|
||||
/p:DotNetRuntimeSourceFeedKey=$(dotnetbuilds-internal-container-read-token-base64)
|
||||
|
@ -334,6 +332,8 @@ extends:
|
|||
|
||||
# Source Build
|
||||
- template: /eng/common/templates-official/jobs/source-build.yml@self
|
||||
parameters:
|
||||
enableInternalSources: true
|
||||
|
||||
- ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
|
||||
- stage: Publish
|
||||
|
|
|
@ -19,7 +19,6 @@ variables:
|
|||
- ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
|
||||
- name: Codeql.Enabled
|
||||
value: true
|
||||
- group: DotNet-DotNetCli-Storage
|
||||
- group: DotNet-Installer-SDLValidation-Params
|
||||
- name: _PublishUsingPipelines
|
||||
value: true
|
||||
|
@ -28,7 +27,6 @@ variables:
|
|||
value: ''
|
||||
|
||||
- ${{ if eq(variables['System.TeamProject'], 'internal') }}:
|
||||
- group: DotNetBuilds storage account read tokens
|
||||
- name: _InternalRuntimeDownloadArgs
|
||||
value: /p:DotNetRuntimeSourceFeed=https://dotnetbuilds.blob.core.windows.net/internal
|
||||
/p:DotNetRuntimeSourceFeedKey=$(dotnetbuilds-internal-container-read-token-base64)
|
||||
|
@ -345,6 +343,8 @@ stages:
|
|||
runTests: false
|
||||
|
||||
- template: /eng/common/templates/jobs/source-build.yml
|
||||
parameters:
|
||||
enableInternalSources: true
|
||||
|
||||
- ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
|
||||
- stage: Publish
|
||||
|
|
|
@ -219,18 +219,18 @@
|
|||
</Dependency>
|
||||
</ProductDependencies>
|
||||
<ToolsetDependencies>
|
||||
<Dependency Name="Microsoft.DotNet.Arcade.Sdk" Version="8.0.0-beta.24266.3">
|
||||
<Dependency Name="Microsoft.DotNet.Arcade.Sdk" Version="8.0.0-beta.24352.1">
|
||||
<Uri>https://github.com/dotnet/arcade</Uri>
|
||||
<Sha>e6f70c7dd528f05cd28cec2a179d58c22e91d9ac</Sha>
|
||||
<Sha>8b879da4e449c48d99f3f642fc429379a64e8fe8</Sha>
|
||||
<SourceBuild RepoName="arcade" ManagedOnly="true" />
|
||||
</Dependency>
|
||||
<Dependency Name="Microsoft.DotNet.CMake.Sdk" Version="8.0.0-beta.24266.3">
|
||||
<Dependency Name="Microsoft.DotNet.CMake.Sdk" Version="8.0.0-beta.24352.1">
|
||||
<Uri>https://github.com/dotnet/arcade</Uri>
|
||||
<Sha>e6f70c7dd528f05cd28cec2a179d58c22e91d9ac</Sha>
|
||||
<Sha>8b879da4e449c48d99f3f642fc429379a64e8fe8</Sha>
|
||||
</Dependency>
|
||||
<Dependency Name="Microsoft.DotNet.Build.Tasks.Installers" Version="8.0.0-beta.24266.3">
|
||||
<Dependency Name="Microsoft.DotNet.Build.Tasks.Installers" Version="8.0.0-beta.24352.1">
|
||||
<Uri>https://github.com/dotnet/arcade</Uri>
|
||||
<Sha>e6f70c7dd528f05cd28cec2a179d58c22e91d9ac</Sha>
|
||||
<Sha>8b879da4e449c48d99f3f642fc429379a64e8fe8</Sha>
|
||||
</Dependency>
|
||||
<Dependency Name="Microsoft.DotNet.Darc" Version="1.1.0-beta.23578.2">
|
||||
<Uri>https://github.com/dotnet/arcade-services</Uri>
|
||||
|
|
|
@ -40,7 +40,7 @@
|
|||
</PropertyGroup>
|
||||
<PropertyGroup>
|
||||
<!-- Dependency from https://github.com/dotnet/arcade -->
|
||||
<MicrosoftDotNetBuildTasksInstallersPackageVersion>8.0.0-beta.24266.3</MicrosoftDotNetBuildTasksInstallersPackageVersion>
|
||||
<MicrosoftDotNetBuildTasksInstallersPackageVersion>8.0.0-beta.24352.1</MicrosoftDotNetBuildTasksInstallersPackageVersion>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup>
|
||||
<!-- Dependency from https://github.com/dotnet/arcade-services -->
|
||||
|
|
|
@ -173,6 +173,7 @@ jobs:
|
|||
steps:
|
||||
- checkout: self
|
||||
clean: true
|
||||
- template: /eng/common/templates/steps/enable-internal-runtimes.yml
|
||||
- ${{ if eq(parameters.agentOs, 'Windows_NT') }}:
|
||||
- ${{ if and(not(parameters.isBuiltFromVmr), ne(variables['System.TeamProject'], 'public')) }}:
|
||||
- task: PowerShell@2
|
||||
|
|
|
@ -179,6 +179,7 @@ jobs:
|
|||
steps:
|
||||
- checkout: self
|
||||
clean: true
|
||||
- template: /eng/common/templates/steps/enable-internal-runtimes.yml
|
||||
- ${{ if eq(parameters.agentOs, 'Windows_NT') }}:
|
||||
- ${{ if and(not(parameters.isBuiltFromVmr), ne(variables['System.TeamProject'], 'public')) }}:
|
||||
- task: PowerShell@2
|
||||
|
|
|
@ -2,7 +2,6 @@ param(
|
|||
[Parameter(Mandatory=$true)][int] $BuildId,
|
||||
[Parameter(Mandatory=$true)][int] $PublishingInfraVersion,
|
||||
[Parameter(Mandatory=$true)][string] $AzdoToken,
|
||||
[Parameter(Mandatory=$true)][string] $MaestroToken,
|
||||
[Parameter(Mandatory=$false)][string] $MaestroApiEndPoint = 'https://maestro.dot.net',
|
||||
[Parameter(Mandatory=$true)][string] $WaitPublishingFinish,
|
||||
[Parameter(Mandatory=$false)][string] $ArtifactsPublishingAdditionalParameters,
|
||||
|
@ -35,9 +34,9 @@ try {
|
|||
--publishing-infra-version $PublishingInfraVersion `
|
||||
--default-channels `
|
||||
--source-branch main `
|
||||
--azdev-pat $AzdoToken `
|
||||
--bar-uri $MaestroApiEndPoint `
|
||||
--password $MaestroToken `
|
||||
--azdev-pat "$AzdoToken" `
|
||||
--bar-uri "$MaestroApiEndPoint" `
|
||||
--ci `
|
||||
@optionalParams
|
||||
|
||||
if ($LastExitCode -ne 0) {
|
||||
|
|
|
@ -76,13 +76,16 @@ jobs:
|
|||
|
||||
- task: NuGetAuthenticate@1
|
||||
|
||||
- task: PowerShell@2
|
||||
- task: AzureCLI@2
|
||||
displayName: Publish Build Assets
|
||||
inputs:
|
||||
filePath: eng\common\sdk-task.ps1
|
||||
arguments: -task PublishBuildAssets -restore -msbuildEngine dotnet
|
||||
azureSubscription: "Darc: Maestro Production"
|
||||
scriptType: ps
|
||||
scriptLocation: scriptPath
|
||||
scriptPath: $(Build.SourcesDirectory)/eng/common/sdk-task.ps1
|
||||
arguments: >
|
||||
-task PublishBuildAssets -restore -msbuildEngine dotnet
|
||||
/p:ManifestsPath='$(Build.StagingDirectory)/Download/AssetManifests'
|
||||
/p:BuildAssetRegistryToken=$(MaestroAccessToken)
|
||||
/p:MaestroApiEndpoint=https://maestro-prod.westus2.cloudapp.azure.com
|
||||
/p:PublishUsingPipelines=${{ parameters.publishUsingPipelines }}
|
||||
/p:OfficialBuildId=$(Build.BuildNumber)
|
||||
|
@ -144,7 +147,6 @@ jobs:
|
|||
arguments: -BuildId $(BARBuildId)
|
||||
-PublishingInfraVersion 3
|
||||
-AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)'
|
||||
-MaestroToken '$(MaestroApiAccessToken)'
|
||||
-WaitPublishingFinish true
|
||||
-ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}'
|
||||
-SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}'
|
||||
|
|
|
@ -31,6 +31,12 @@ parameters:
|
|||
# container and pool.
|
||||
platform: {}
|
||||
|
||||
# If set to true and running on a non-public project,
|
||||
# Internal blob storage locations will be enabled.
|
||||
# This is not enabled by default because many repositories do not need internal sources
|
||||
# and do not need to have the required service connections approved in the pipeline.
|
||||
enableInternalSources: false
|
||||
|
||||
jobs:
|
||||
- job: ${{ parameters.jobNamePrefix }}_${{ parameters.platform.name }}
|
||||
displayName: Source-Build (${{ parameters.platform.name }})
|
||||
|
@ -62,6 +68,8 @@ jobs:
|
|||
clean: all
|
||||
|
||||
steps:
|
||||
- ${{ if eq(parameters.enableInternalSources, true) }}:
|
||||
- template: /eng/common/templates-official/steps/enable-internal-runtimes.yml
|
||||
- template: /eng/common/templates-official/steps/source-build.yml
|
||||
parameters:
|
||||
platform: ${{ parameters.platform }}
|
||||
|
|
|
@ -23,7 +23,7 @@ jobs:
|
|||
value: ${{ parameters.sourceIndexPackageSource }}
|
||||
- name: BinlogPath
|
||||
value: ${{ parameters.binlogPath }}
|
||||
- template: /eng/common/templates/variables/pool-providers.yml
|
||||
- template: /eng/common/templates-official/variables/pool-providers.yml
|
||||
|
||||
${{ if ne(parameters.pool, '') }}:
|
||||
pool: ${{ parameters.pool }}
|
||||
|
@ -34,7 +34,8 @@ jobs:
|
|||
demands: ImageOverride -equals windows.vs2019.amd64.open
|
||||
${{ if eq(variables['System.TeamProject'], 'internal') }}:
|
||||
name: $(DncEngInternalBuildPool)
|
||||
demands: ImageOverride -equals windows.vs2019.amd64
|
||||
image: windows.vs2022.amd64
|
||||
os: windows
|
||||
|
||||
steps:
|
||||
- ${{ each preStep in parameters.preSteps }}:
|
||||
|
@ -70,14 +71,11 @@ jobs:
|
|||
scriptType: 'ps'
|
||||
scriptLocation: 'inlineScript'
|
||||
inlineScript: |
|
||||
echo "##vso[task.setvariable variable=ARM_CLIENT_ID]$env:servicePrincipalId"
|
||||
echo "##vso[task.setvariable variable=ARM_ID_TOKEN]$env:idToken"
|
||||
echo "##vso[task.setvariable variable=ARM_TENANT_ID]$env:tenantId"
|
||||
echo "##vso[task.setvariable variable=ARM_CLIENT_ID;issecret=true]$env:servicePrincipalId"
|
||||
echo "##vso[task.setvariable variable=ARM_ID_TOKEN;issecret=true]$env:idToken"
|
||||
echo "##vso[task.setvariable variable=ARM_TENANT_ID;issecret=true]$env:tenantId"
|
||||
|
||||
- script: |
|
||||
echo "Client ID: $(ARM_CLIENT_ID)"
|
||||
echo "ID Token: $(ARM_ID_TOKEN)"
|
||||
echo "Tenant ID: $(ARM_TENANT_ID)"
|
||||
az login --service-principal -u $(ARM_CLIENT_ID) --tenant $(ARM_TENANT_ID) --allow-no-subscriptions --federated-token $(ARM_ID_TOKEN)
|
||||
displayName: "Login to Azure"
|
||||
|
||||
|
|
|
@ -21,6 +21,12 @@ parameters:
|
|||
# one job runs on 'defaultManagedPlatform'.
|
||||
platforms: []
|
||||
|
||||
# If set to true and running on a non-public project,
|
||||
# Internal nuget and blob storage locations will be enabled.
|
||||
# This is not enabled by default because many repositories do not need internal sources
|
||||
# and do not need to have the required service connections approved in the pipeline.
|
||||
enableInternalSources: false
|
||||
|
||||
jobs:
|
||||
|
||||
- ${{ if ne(parameters.allCompletedJobId, '') }}:
|
||||
|
@ -38,9 +44,11 @@ jobs:
|
|||
parameters:
|
||||
jobNamePrefix: ${{ parameters.jobNamePrefix }}
|
||||
platform: ${{ platform }}
|
||||
enableInternalSources: ${{ parameters.enableInternalSources }}
|
||||
|
||||
- ${{ if eq(length(parameters.platforms), 0) }}:
|
||||
- template: /eng/common/templates-official/job/source-build.yml
|
||||
parameters:
|
||||
jobNamePrefix: ${{ parameters.jobNamePrefix }}
|
||||
platform: ${{ parameters.defaultManagedPlatform }}
|
||||
enableInternalSources: ${{ parameters.enableInternalSources }}
|
||||
|
|
|
@ -272,14 +272,16 @@ stages:
|
|||
|
||||
- task: NuGetAuthenticate@1
|
||||
|
||||
- task: PowerShell@2
|
||||
- task: AzureCLI@2
|
||||
displayName: Publish Using Darc
|
||||
inputs:
|
||||
filePath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1
|
||||
azureSubscription: "Darc: Maestro Production"
|
||||
scriptType: ps
|
||||
scriptLocation: scriptPath
|
||||
scriptPath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1
|
||||
arguments: -BuildId $(BARBuildId)
|
||||
-PublishingInfraVersion ${{ parameters.publishingInfraVersion }}
|
||||
-AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)'
|
||||
-MaestroToken '$(MaestroApiAccessToken)'
|
||||
-WaitPublishingFinish true
|
||||
-ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}'
|
||||
-SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}'
|
||||
|
|
|
@ -0,0 +1,28 @@
|
|||
# Obtains internal runtime download credentials and populates the 'dotnetbuilds-internal-container-read-token-base64'
|
||||
# variable with the base64-encoded SAS token, by default
|
||||
|
||||
parameters:
|
||||
- name: federatedServiceConnection
|
||||
type: string
|
||||
default: 'dotnetbuilds-internal-read'
|
||||
- name: outputVariableName
|
||||
type: string
|
||||
default: 'dotnetbuilds-internal-container-read-token-base64'
|
||||
- name: expiryInHours
|
||||
type: number
|
||||
default: 1
|
||||
- name: base64Encode
|
||||
type: boolean
|
||||
default: true
|
||||
|
||||
steps:
|
||||
- ${{ if ne(variables['System.TeamProject'], 'public') }}:
|
||||
- template: /eng/common/templates-official/steps/get-delegation-sas.yml
|
||||
parameters:
|
||||
federatedServiceConnection: ${{ parameters.federatedServiceConnection }}
|
||||
outputVariableName: ${{ parameters.outputVariableName }}
|
||||
expiryInHours: ${{ parameters.expiryInHours }}
|
||||
base64Encode: ${{ parameters.base64Encode }}
|
||||
storageAccount: dotnetbuilds
|
||||
container: internal
|
||||
permissions: rl
|
43
eng/common/templates-official/steps/get-delegation-sas.yml
Normal file
43
eng/common/templates-official/steps/get-delegation-sas.yml
Normal file
|
@ -0,0 +1,43 @@
|
|||
parameters:
|
||||
- name: federatedServiceConnection
|
||||
type: string
|
||||
- name: outputVariableName
|
||||
type: string
|
||||
- name: expiryInHours
|
||||
type: number
|
||||
default: 1
|
||||
- name: base64Encode
|
||||
type: boolean
|
||||
default: false
|
||||
- name: storageAccount
|
||||
type: string
|
||||
- name: container
|
||||
type: string
|
||||
- name: permissions
|
||||
type: string
|
||||
default: 'rl'
|
||||
|
||||
steps:
|
||||
- task: AzureCLI@2
|
||||
displayName: 'Generate delegation SAS Token for ${{ parameters.storageAccount }}/${{ parameters.container }}'
|
||||
inputs:
|
||||
azureSubscription: ${{ parameters.federatedServiceConnection }}
|
||||
scriptType: 'pscore'
|
||||
scriptLocation: 'inlineScript'
|
||||
inlineScript: |
|
||||
# Calculate the expiration of the SAS token and convert to UTC
|
||||
$expiry = (Get-Date).AddHours(${{ parameters.expiryInHours }}).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ")
|
||||
|
||||
$sas = az storage container generate-sas --account-name ${{ parameters.storageAccount }} --name ${{ parameters.container }} --permissions ${{ parameters.permissions }} --expiry $expiry --auth-mode login --as-user -o tsv
|
||||
|
||||
if ($LASTEXITCODE -ne 0) {
|
||||
Write-Error "Failed to generate SAS token."
|
||||
exit 1
|
||||
}
|
||||
|
||||
if ('${{ parameters.base64Encode }}' -eq 'true') {
|
||||
$sas = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($sas))
|
||||
}
|
||||
|
||||
Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value"
|
||||
Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true]$sas"
|
|
@ -0,0 +1,28 @@
|
|||
parameters:
|
||||
- name: federatedServiceConnection
|
||||
type: string
|
||||
- name: outputVariableName
|
||||
type: string
|
||||
# Resource to get a token for. Common values include:
|
||||
# - '499b84ac-1321-427f-aa17-267ca6975798' for Azure DevOps
|
||||
# - 'https://storage.azure.com/' for storage
|
||||
# Defaults to Azure DevOps
|
||||
- name: resource
|
||||
type: string
|
||||
default: '499b84ac-1321-427f-aa17-267ca6975798'
|
||||
|
||||
steps:
|
||||
- task: AzureCLI@2
|
||||
displayName: 'Getting federated access token for feeds'
|
||||
inputs:
|
||||
azureSubscription: ${{ parameters.federatedServiceConnection }}
|
||||
scriptType: 'pscore'
|
||||
scriptLocation: 'inlineScript'
|
||||
inlineScript: |
|
||||
$accessToken = az account get-access-token --query accessToken --resource ${{ parameters.resource }} --output tsv
|
||||
if ($LASTEXITCODE -ne 0) {
|
||||
Write-Error "Failed to get access token for resource '${{ parameters.resource }}'"
|
||||
exit 1
|
||||
}
|
||||
Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value"
|
||||
Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true]$accessToken"
|
|
@ -74,13 +74,16 @@ jobs:
|
|||
|
||||
- task: NuGetAuthenticate@1
|
||||
|
||||
- task: PowerShell@2
|
||||
- task: AzureCLI@2
|
||||
displayName: Publish Build Assets
|
||||
inputs:
|
||||
filePath: eng\common\sdk-task.ps1
|
||||
arguments: -task PublishBuildAssets -restore -msbuildEngine dotnet
|
||||
azureSubscription: "Darc: Maestro Production"
|
||||
scriptType: ps
|
||||
scriptLocation: scriptPath
|
||||
scriptPath: $(Build.SourcesDirectory)/eng/common/sdk-task.ps1
|
||||
arguments: >
|
||||
-task PublishBuildAssets -restore -msbuildEngine dotnet
|
||||
/p:ManifestsPath='$(Build.StagingDirectory)/Download/AssetManifests'
|
||||
/p:BuildAssetRegistryToken=$(MaestroAccessToken)
|
||||
/p:MaestroApiEndpoint=https://maestro.dot.net
|
||||
/p:PublishUsingPipelines=${{ parameters.publishUsingPipelines }}
|
||||
/p:OfficialBuildId=$(Build.BuildNumber)
|
||||
|
@ -140,7 +143,6 @@ jobs:
|
|||
arguments: -BuildId $(BARBuildId)
|
||||
-PublishingInfraVersion 3
|
||||
-AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)'
|
||||
-MaestroToken '$(MaestroApiAccessToken)'
|
||||
-WaitPublishingFinish true
|
||||
-ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}'
|
||||
-SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}'
|
||||
|
|
|
@ -31,6 +31,12 @@ parameters:
|
|||
# container and pool.
|
||||
platform: {}
|
||||
|
||||
# If set to true and running on a non-public project,
|
||||
# Internal blob storage locations will be enabled.
|
||||
# This is not enabled by default because many repositories do not need internal sources
|
||||
# and do not need to have the required service connections approved in the pipeline.
|
||||
enableInternalSources: false
|
||||
|
||||
jobs:
|
||||
- job: ${{ parameters.jobNamePrefix }}_${{ parameters.platform.name }}
|
||||
displayName: Source-Build (${{ parameters.platform.name }})
|
||||
|
@ -61,6 +67,8 @@ jobs:
|
|||
clean: all
|
||||
|
||||
steps:
|
||||
- ${{ if eq(parameters.enableInternalSources, true) }}:
|
||||
- template: /eng/common/templates/steps/enable-internal-runtimes.yml
|
||||
- template: /eng/common/templates/steps/source-build.yml
|
||||
parameters:
|
||||
platform: ${{ parameters.platform }}
|
||||
|
|
|
@ -70,14 +70,11 @@ jobs:
|
|||
scriptType: 'ps'
|
||||
scriptLocation: 'inlineScript'
|
||||
inlineScript: |
|
||||
echo "##vso[task.setvariable variable=ARM_CLIENT_ID]$env:servicePrincipalId"
|
||||
echo "##vso[task.setvariable variable=ARM_ID_TOKEN]$env:idToken"
|
||||
echo "##vso[task.setvariable variable=ARM_TENANT_ID]$env:tenantId"
|
||||
echo "##vso[task.setvariable variable=ARM_CLIENT_ID;issecret=true]$env:servicePrincipalId"
|
||||
echo "##vso[task.setvariable variable=ARM_ID_TOKEN;issecret=true]$env:idToken"
|
||||
echo "##vso[task.setvariable variable=ARM_TENANT_ID;issecret=true]$env:tenantId"
|
||||
|
||||
- script: |
|
||||
echo "Client ID: $(ARM_CLIENT_ID)"
|
||||
echo "ID Token: $(ARM_ID_TOKEN)"
|
||||
echo "Tenant ID: $(ARM_TENANT_ID)"
|
||||
az login --service-principal -u $(ARM_CLIENT_ID) --tenant $(ARM_TENANT_ID) --allow-no-subscriptions --federated-token $(ARM_ID_TOKEN)
|
||||
displayName: "Login to Azure"
|
||||
|
||||
|
|
|
@ -21,6 +21,12 @@ parameters:
|
|||
# one job runs on 'defaultManagedPlatform'.
|
||||
platforms: []
|
||||
|
||||
# If set to true and running on a non-public project,
|
||||
# Internal nuget and blob storage locations will be enabled.
|
||||
# This is not enabled by default because many repositories do not need internal sources
|
||||
# and do not need to have the required service connections approved in the pipeline.
|
||||
enableInternalSources: false
|
||||
|
||||
jobs:
|
||||
|
||||
- ${{ if ne(parameters.allCompletedJobId, '') }}:
|
||||
|
@ -38,9 +44,11 @@ jobs:
|
|||
parameters:
|
||||
jobNamePrefix: ${{ parameters.jobNamePrefix }}
|
||||
platform: ${{ platform }}
|
||||
enableInternalSources: ${{ parameters.enableInternalSources }}
|
||||
|
||||
- ${{ if eq(length(parameters.platforms), 0) }}:
|
||||
- template: /eng/common/templates/job/source-build.yml
|
||||
parameters:
|
||||
jobNamePrefix: ${{ parameters.jobNamePrefix }}
|
||||
platform: ${{ parameters.defaultManagedPlatform }}
|
||||
enableInternalSources: ${{ parameters.enableInternalSources }}
|
||||
|
|
|
@ -268,14 +268,16 @@ stages:
|
|||
|
||||
- task: NuGetAuthenticate@1
|
||||
|
||||
- task: PowerShell@2
|
||||
- task: AzureCLI@2
|
||||
displayName: Publish Using Darc
|
||||
inputs:
|
||||
filePath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1
|
||||
azureSubscription: "Darc: Maestro Production"
|
||||
scriptType: ps
|
||||
scriptLocation: scriptPath
|
||||
scriptPath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1
|
||||
arguments: -BuildId $(BARBuildId)
|
||||
-PublishingInfraVersion ${{ parameters.publishingInfraVersion }}
|
||||
-AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)'
|
||||
-MaestroToken '$(MaestroApiAccessToken)'
|
||||
-WaitPublishingFinish true
|
||||
-ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}'
|
||||
-SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}'
|
||||
|
|
|
@ -11,13 +11,14 @@ steps:
|
|||
artifactName: ReleaseConfigs
|
||||
checkDownloadedFiles: true
|
||||
|
||||
- task: PowerShell@2
|
||||
- task: AzureCLI@2
|
||||
name: setReleaseVars
|
||||
displayName: Set Release Configs Vars
|
||||
inputs:
|
||||
targetType: inline
|
||||
pwsh: true
|
||||
script: |
|
||||
azureSubscription: "Darc: Maestro Production"
|
||||
scriptType: pscore
|
||||
scriptLocation: inlineScript
|
||||
inlineScript: |
|
||||
try {
|
||||
if (!$Env:PromoteToMaestroChannels -or $Env:PromoteToMaestroChannels.Trim() -eq '') {
|
||||
$Content = Get-Content $(Build.StagingDirectory)/ReleaseConfigs/ReleaseConfigs.txt
|
||||
|
@ -31,15 +32,16 @@ steps:
|
|||
$AzureDevOpsBuildId = $Env:Build_BuildId
|
||||
}
|
||||
else {
|
||||
$buildApiEndpoint = "${Env:MaestroApiEndPoint}/api/builds/${Env:BARBuildId}?api-version=${Env:MaestroApiVersion}"
|
||||
. $(Build.SourcesDirectory)\eng\common\tools.ps1
|
||||
$darc = Get-Darc
|
||||
$buildInfo = & $darc get-build `
|
||||
--id ${{ parameters.BARBuildId }} `
|
||||
--extended `
|
||||
--output-format json `
|
||||
--ci `
|
||||
| convertFrom-Json
|
||||
|
||||
$apiHeaders = New-Object 'System.Collections.Generic.Dictionary[[String],[String]]'
|
||||
$apiHeaders.Add('Accept', 'application/json')
|
||||
$apiHeaders.Add('Authorization',"Bearer ${Env:MAESTRO_API_TOKEN}")
|
||||
|
||||
$buildInfo = try { Invoke-WebRequest -Method Get -Uri $buildApiEndpoint -Headers $apiHeaders | ConvertFrom-Json } catch { Write-Host "Error: $_" }
|
||||
|
||||
$BarId = $Env:BARBuildId
|
||||
$BarId = ${{ parameters.BARBuildId }}
|
||||
$Channels = $Env:PromoteToMaestroChannels -split ","
|
||||
$Channels = $Channels -join "]["
|
||||
$Channels = "[$Channels]"
|
||||
|
@ -65,6 +67,4 @@ steps:
|
|||
exit 1
|
||||
}
|
||||
env:
|
||||
MAESTRO_API_TOKEN: $(MaestroApiAccessToken)
|
||||
BARBuildId: ${{ parameters.BARBuildId }}
|
||||
PromoteToMaestroChannels: ${{ parameters.PromoteToChannelIds }}
|
||||
|
|
28
eng/common/templates/steps/enable-internal-runtimes.yml
Normal file
28
eng/common/templates/steps/enable-internal-runtimes.yml
Normal file
|
@ -0,0 +1,28 @@
|
|||
# Obtains internal runtime download credentials and populates the 'dotnetbuilds-internal-container-read-token-base64'
|
||||
# variable with the base64-encoded SAS token, by default
|
||||
|
||||
parameters:
|
||||
- name: federatedServiceConnection
|
||||
type: string
|
||||
default: 'dotnetbuilds-internal-read'
|
||||
- name: outputVariableName
|
||||
type: string
|
||||
default: 'dotnetbuilds-internal-container-read-token-base64'
|
||||
- name: expiryInHours
|
||||
type: number
|
||||
default: 1
|
||||
- name: base64Encode
|
||||
type: boolean
|
||||
default: true
|
||||
|
||||
steps:
|
||||
- ${{ if ne(variables['System.TeamProject'], 'public') }}:
|
||||
- template: /eng/common/templates/steps/get-delegation-sas.yml
|
||||
parameters:
|
||||
federatedServiceConnection: ${{ parameters.federatedServiceConnection }}
|
||||
outputVariableName: ${{ parameters.outputVariableName }}
|
||||
expiryInHours: ${{ parameters.expiryInHours }}
|
||||
base64Encode: ${{ parameters.base64Encode }}
|
||||
storageAccount: dotnetbuilds
|
||||
container: internal
|
||||
permissions: rl
|
43
eng/common/templates/steps/get-delegation-sas.yml
Normal file
43
eng/common/templates/steps/get-delegation-sas.yml
Normal file
|
@ -0,0 +1,43 @@
|
|||
parameters:
|
||||
- name: federatedServiceConnection
|
||||
type: string
|
||||
- name: outputVariableName
|
||||
type: string
|
||||
- name: expiryInHours
|
||||
type: number
|
||||
default: 1
|
||||
- name: base64Encode
|
||||
type: boolean
|
||||
default: false
|
||||
- name: storageAccount
|
||||
type: string
|
||||
- name: container
|
||||
type: string
|
||||
- name: permissions
|
||||
type: string
|
||||
default: 'rl'
|
||||
|
||||
steps:
|
||||
- task: AzureCLI@2
|
||||
displayName: 'Generate delegation SAS Token for ${{ parameters.storageAccount }}/${{ parameters.container }}'
|
||||
inputs:
|
||||
azureSubscription: ${{ parameters.federatedServiceConnection }}
|
||||
scriptType: 'pscore'
|
||||
scriptLocation: 'inlineScript'
|
||||
inlineScript: |
|
||||
# Calculate the expiration of the SAS token and convert to UTC
|
||||
$expiry = (Get-Date).AddHours(${{ parameters.expiryInHours }}).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ")
|
||||
|
||||
$sas = az storage container generate-sas --account-name ${{ parameters.storageAccount }} --name ${{ parameters.container }} --permissions ${{ parameters.permissions }} --expiry $expiry --auth-mode login --as-user -o tsv
|
||||
|
||||
if ($LASTEXITCODE -ne 0) {
|
||||
Write-Error "Failed to generate SAS token."
|
||||
exit 1
|
||||
}
|
||||
|
||||
if ('${{ parameters.base64Encode }}' -eq 'true') {
|
||||
$sas = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($sas))
|
||||
}
|
||||
|
||||
Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value"
|
||||
Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true]$sas"
|
28
eng/common/templates/steps/get-federated-access-token.yml
Normal file
28
eng/common/templates/steps/get-federated-access-token.yml
Normal file
|
@ -0,0 +1,28 @@
|
|||
parameters:
|
||||
- name: federatedServiceConnection
|
||||
type: string
|
||||
- name: outputVariableName
|
||||
type: string
|
||||
# Resource to get a token for. Common values include:
|
||||
# - '499b84ac-1321-427f-aa17-267ca6975798' for Azure DevOps
|
||||
# - 'https://storage.azure.com/' for storage
|
||||
# Defaults to Azure DevOps
|
||||
- name: resource
|
||||
type: string
|
||||
default: '499b84ac-1321-427f-aa17-267ca6975798'
|
||||
|
||||
steps:
|
||||
- task: AzureCLI@2
|
||||
displayName: 'Getting federated access token for feeds'
|
||||
inputs:
|
||||
azureSubscription: ${{ parameters.federatedServiceConnection }}
|
||||
scriptType: 'pscore'
|
||||
scriptLocation: 'inlineScript'
|
||||
inlineScript: |
|
||||
$accessToken = az account get-access-token --query accessToken --resource ${{ parameters.resource }} --output tsv
|
||||
if ($LASTEXITCODE -ne 0) {
|
||||
Write-Error "Failed to get access token for resource '${{ parameters.resource }}'"
|
||||
exit 1
|
||||
}
|
||||
Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value"
|
||||
Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true]$accessToken"
|
|
@ -11,7 +11,7 @@
|
|||
"cmake": "3.21.0"
|
||||
},
|
||||
"msbuild-sdks": {
|
||||
"Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.24266.3",
|
||||
"Microsoft.DotNet.CMake.Sdk": "8.0.0-beta.24266.3"
|
||||
"Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.24352.1",
|
||||
"Microsoft.DotNet.CMake.Sdk": "8.0.0-beta.24352.1"
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue