From 892740bee6f5bbe898be86549a339b5fc49d848c Mon Sep 17 00:00:00 2001 From: Andy Jordan <2226434+andyleejordan@users.noreply.github.com> Date: Fri, 20 Sep 2024 17:52:20 -0700 Subject: [PATCH] Setup Invoke-Build and OneBranch pipeline --- .pipelines/SecretStore-Official.yml | 173 ++++++++++++++++++ SecretStore.build.ps1 | 81 ++++++++ .../Microsoft.PowerShell.SecretStore.csproj | 13 +- 3 files changed, 261 insertions(+), 6 deletions(-) create mode 100644 .pipelines/SecretStore-Official.yml create mode 100644 SecretStore.build.ps1 diff --git a/.pipelines/SecretStore-Official.yml b/.pipelines/SecretStore-Official.yml new file mode 100644 index 0000000..d3d3b8c --- /dev/null +++ b/.pipelines/SecretStore-Official.yml @@ -0,0 +1,173 @@ +################################################################################# +# OneBranch Pipelines # +# This pipeline was created by EasyStart from a sample located at: # +# https://aka.ms/obpipelines/easystart/samples # +# Documentation: https://aka.ms/obpipelines # +# Yaml Schema: https://aka.ms/obpipelines/yaml/schema # +# Retail Tasks: https://aka.ms/obpipelines/tasks # +# Support: https://aka.ms/onebranchsup # +################################################################################# + +trigger: +- main + +schedules: +- cron: '23 16 * * 4' + displayName: Weekly CodeQL + branches: + include: + - main + always: true + +parameters: +- name: debug + displayName: Enable debug output + type: boolean + default: false + +variables: + system.debug: ${{ parameters.debug }} + BuildConfiguration: Release + WindowsContainerImage: onebranch.azurecr.io/windows/ltsc2022/vse2022:latest + DOTNET_NOLOGO: true + DOTNET_GENERATE_ASPNET_CERTIFICATE: false + +resources: + repositories: + - repository: templates + type: git + name: OneBranch.Pipelines/GovernedTemplates + ref: refs/heads/main + +extends: + # https://aka.ms/obpipelines/templates + template: v2/OneBranch.Official.CrossPlat.yml@templates + parameters: + globalSdl: # https://aka.ms/obpipelines/sdl + asyncSdl: + enabled: true + forStages: [build] + featureFlags: + EnableCDPxPAT: false + WindowsHostVersion: + Version: 2022 + Network: Netlock + stages: + - stage: build + jobs: + - job: main + displayName: Build package + pool: + type: windows + variables: + ob_outputDirectory: $(Build.SourcesDirectory)/out + steps: + - pwsh: | + [xml]$xml = Get-Content Directory.Build.props + $version = $xml.Project.PropertyGroup.ModuleVersion + Write-Output "##vso[task.setvariable variable=version;isOutput=true]$version" + name: package + displayName: Get version from project properties + - task: onebranch.pipeline.version@1 + displayName: Set OneBranch version + inputs: + system: Custom + customVersion: $(package.version) + - task: UseDotNet@2 + displayName: Use .NET SDK + inputs: + packageType: sdk + useGlobalJson: true + - pwsh: | + Register-PSRepository -Name CFS -SourceLocation "https://pkgs.dev.azure.com/powershell/PowerShell/_packaging/powershell/nuget/v2" -InstallationPolicy Trusted + Install-Module -Repository CFS -Name Microsoft.PowerShell.PSResourceGet + ./tools/installPSResources.ps1 -PSRepository CFS + displayName: Install PSResources + - pwsh: Invoke-Build -Configuration $(BuildConfiguration) -Task Build, Test + displayName: Build + - task: onebranch.pipeline.signing@1 + displayName: Sign 1st-party files in module + inputs: + command: sign + signing_profile: external_distribution + search_root: $(Build.SourcesDirectory)/module + files_to_sign: | + Microsoft.*.dll; + **/Microsoft.*.psd1; + **/Microsoft.*.psm1; + - task: ArchiveFiles@2 + displayName: Zip module + inputs: + rootFolderOrFile: $(Build.SourcesDirectory)/module + includeRootFolder: false + archiveType: zip + archiveFile: out/SecretStore-v$(package.version).zip + - pwsh: Invoke-Build -Configuration $(BuildConfiguration) Package + displayName: Package module + - task: onebranch.pipeline.signing@1 + displayName: Sign NuGet package + inputs: + command: sign + signing_profile: external_distribution + search_root: $(Build.SourcesDirectory)/out + files_to_sign: | + *.nupkg + - stage: release + dependsOn: build + condition: eq(variables['Build.Reason'], 'Manual') + variables: + version: $[ stageDependencies.build.main.outputs['package.version'] ] + drop: $(Pipeline.Workspace)/drop_build_main + jobs: + - job: github + displayName: Publish draft to GitHub + pool: + type: windows + variables: + ob_outputDirectory: $(Build.SourcesDirectory)/out + steps: + - download: current + displayName: Download artifacts + - task: GitHubRelease@1 + displayName: Create GitHub release + inputs: + gitHubConnection: GitHub + repositoryName: PowerShell/SecretStore + assets: | + $(drop)/Microsoft.PowerShell.SecretStore.$(version).nupkg + $(drop)/SecretStore-v$(version).zip + tagSource: userSpecifiedTag + tag: v$(version) + isDraft: true + addChangeLog: false + releaseNotesSource: inline + releaseNotesInline: "" + - job: validation + displayName: Manual validation + pool: + type: agentless + timeoutInMinutes: 1440 + steps: + - task: ManualValidation@0 + displayName: Wait 24 hours for validation + inputs: + notifyUsers: $(Build.RequestedForEmail) + instructions: Please validate the release and then publish it! + timeoutInMinutes: 1440 + - job: publish + dependsOn: validation + displayName: Publish to PowerShell Gallery + pool: + type: windows + variables: + ob_outputDirectory: $(Build.SourcesDirectory)/out + steps: + - download: current + displayName: Download artifacts + - task: NuGetCommand@2 + displayName: Publish module to PowerShell Gallery + inputs: + command: push + packagesToPush: $(drop)/Microsoft.PowerShell.SecretStore.$(version).nupkg + nuGetFeedType: external + publishFeedCredentials: PowerShellGallery diff --git a/SecretStore.build.ps1 b/SecretStore.build.ps1 new file mode 100644 index 0000000..fec96d6 --- /dev/null +++ b/SecretStore.build.ps1 @@ -0,0 +1,81 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. +[CmdletBinding()] +param( + [ValidateSet("Debug", "Release")] + [string]$Configuration = "Debug" +) + +#Requires -Modules @{ ModuleName = "InvokeBuild"; ModuleVersion = "5.0.0" } + +task FindDotNet -Before Clean, Build { + Assert (Get-Command dotnet -ErrorAction SilentlyContinue) "The dotnet CLI was not found, please install it: https://aka.ms/dotnet-cli" + $DotnetVersion = dotnet --version + Assert ($?) "The required .NET SDK was not found, please install it: https://aka.ms/dotnet-cli" + Write-Host "Using dotnet $DotnetVersion at path $((Get-Command dotnet).Source)" -ForegroundColor Green +} + +task Clean { + Remove-BuildItem ./artifacts, ./module, ./out + Invoke-BuildExec { dotnet clean ./src/code } +} + +task BuildDocs -If { Test-Path -LiteralPath ./help } { + New-ExternalHelp -Path ./help -OutputPath ./module/en-US +} + +task BuildModule { + New-Item -ItemType Directory -Force ./module | Out-Null + + Invoke-BuildExec { dotnet publish ./src/code -c $Configuration } + + $FullModuleName = "Microsoft.PowerShell.SecretStore" + + $CSharpArtifacts = @( + "$FullModuleName.dll", + "$FullModuleName.pdb", + "System.IO.FileSystem.AccessControl.dll", + "System.Runtime.InteropServices.RuntimeInformation.dll") + + $CSharpArtifacts | ForEach-Object { + $item = "./artifacts/publish/$FullModuleName/$($Configuration.ToLower())/$_" + Copy-Item -Force -LiteralPath $item -Destination ./module + } + + $BaseArtifacts = @( + "README.md", + "LICENSE", + "ThirdPartyNotices.txt") + + $BaseArtifacts | ForEach-Object { + $itemToCopy = Join-Path $PSScriptRoot $_ + Copy-Item -Force -LiteralPath $itemToCopy -Destination ./module + } + + Copy-Item -Force -Recurse "./src/$FullModuleName.Extension/" -Destination ./module + + [xml]$xml = Get-Content Directory.Build.props + $moduleVersion = $xml.Project.PropertyGroup.ModuleVersion + $manifestContent = Get-Content -LiteralPath "./src/$FullModuleName.psd1" -Raw + $newManifestContent = $manifestContent -replace '{{ModuleVersion}}', $moduleVersion + Set-Content -LiteralPath "./module/$FullModuleName.psd1" -Encoding utf8 -Value $newManifestContent +} + +task Package { + New-Item -ItemType Directory -Force ./out | Out-Null + + try { + Register-PSResourceRepository -Name SecretStore -Uri ./out -ErrorAction Stop + Publish-PSResource -Path ./module -Repository SecretStore -SkipDependenciesCheck -Verbose + } finally { + Unregister-PSResourceRepository -Name SecretStore + } +} + +task Test { + Invoke-Pester -CI -Output Diagnostic +} + +task Build BuildModule, BuildDocs + +task . Clean, Build diff --git a/src/code/Microsoft.PowerShell.SecretStore.csproj b/src/code/Microsoft.PowerShell.SecretStore.csproj index 0ec068d..1e5287a 100644 --- a/src/code/Microsoft.PowerShell.SecretStore.csproj +++ b/src/code/Microsoft.PowerShell.SecretStore.csproj @@ -2,20 +2,21 @@ + true Library Microsoft.PowerShell.SecretStore Microsoft.PowerShell.SecretStore - 1.0.6.0 - 1.0.6 - 1.0.6 - net461 + $(ModuleVersion).0 + $(ModuleVersion) + $(ModuleVersion) + net462 - - + +