Mirrors/PowerToys
1
0
Fork 0
mirror of https://github.com/microsoft/PowerToys.git synced 2025-12-16 11:48:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

[Build] Switch the release pipeline to use the 1ES governed template (#29014)

Browse Source
This commit is contained in:
Dustin L. Howett
2023-10-05 18:25:16 -05:00
committed by GitHub
parent 45150067b3
commit 03ad83836d
4 changed files with 7851 additions and 394 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.github/actions/spell-check/allow/allow.txt vendored
View File

@@ -1,8 +1,11 @@
cloudai
bkmeneguello bkmeneguello
FWest FWest
gdnbaselines
github github
https https
obairka obairka
sdl
ssh ssh
ubuntu ubuntu
unuing unuing

8
.pipelines/installer-steps.yml
View File

@@ -24,7 +24,7 @@ steps:
clean: true clean: true
maximumCpuCount: true maximumCpuCount: true
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1 - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@3
displayName: Sign PowerToysSetupCustomActions DLL displayName: Sign PowerToysSetupCustomActions DLL
inputs: inputs:
ConnectedServiceName: "Terminal/Console/WinAppDriver Team Code Signing Connection" ConnectedServiceName: "Terminal/Console/WinAppDriver Team Code Signing Connection"
@@ -74,7 +74,7 @@ steps:
scriptName: .pipelines/versionAndSignCheck.ps1 scriptName: .pipelines/versionAndSignCheck.ps1
arguments: -targetDir '$(build.sourcesdirectory)\extractedMsi\Binary' arguments: -targetDir '$(build.sourcesdirectory)\extractedMsi\Binary'
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1 - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@3
displayName: Sign MSI displayName: Sign MSI
inputs: inputs:
ConnectedServiceName: "Terminal/Console/WinAppDriver Team Code Signing Connection" ConnectedServiceName: "Terminal/Console/WinAppDriver Team Code Signing Connection"
@@ -101,7 +101,7 @@ steps:
inputs: inputs:
script: '"C:\Program Files (x86)\WiX Toolset v3.14\bin\insignia.exe" -ib installer\PowerToysSetup\$(BuildPlatform)\$(BuildConfiguration)\${{parameters.buildSubDir}}\${{parameters.installerPrefix}}-${{ parameters.versionNumber }}-$(BuildPlatform).exe -o installer\engine.exe' script: '"C:\Program Files (x86)\WiX Toolset v3.14\bin\insignia.exe" -ib installer\PowerToysSetup\$(BuildPlatform)\$(BuildConfiguration)\${{parameters.buildSubDir}}\${{parameters.installerPrefix}}-${{ parameters.versionNumber }}-$(BuildPlatform).exe -o installer\engine.exe'
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1 - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@3
displayName: "ESRP CodeSigning (Engine)" displayName: "ESRP CodeSigning (Engine)"
inputs: inputs:
ConnectedServiceName: "Terminal/Console/WinAppDriver Team Code Signing Connection" ConnectedServiceName: "Terminal/Console/WinAppDriver Team Code Signing Connection"
@@ -137,7 +137,7 @@ steps:
inputs: inputs:
script: '"C:\Program Files (x86)\WiX Toolset v3.14\bin\insignia.exe" -ab installer\engine.exe installer\PowerToysSetup\$(BuildPlatform)\$(BuildConfiguration)\${{parameters.buildSubDir}}\${{parameters.installerPrefix}}-${{ parameters.versionNumber }}-$(BuildPlatform).exe -o installer\PowerToysSetup\$(BuildPlatform)\$(BuildConfiguration)\${{parameters.buildSubDir}}\${{parameters.installerPrefix}}-${{ parameters.versionNumber }}-$(BuildPlatform).exe' script: '"C:\Program Files (x86)\WiX Toolset v3.14\bin\insignia.exe" -ab installer\engine.exe installer\PowerToysSetup\$(BuildPlatform)\$(BuildConfiguration)\${{parameters.buildSubDir}}\${{parameters.installerPrefix}}-${{ parameters.versionNumber }}-$(BuildPlatform).exe -o installer\PowerToysSetup\$(BuildPlatform)\$(BuildConfiguration)\${{parameters.buildSubDir}}\${{parameters.installerPrefix}}-${{ parameters.versionNumber }}-$(BuildPlatform).exe'
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1 - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@3
displayName: Sign Bootstrapper displayName: Sign Bootstrapper
inputs: inputs:
ConnectedServiceName: "Terminal/Console/WinAppDriver Team Code Signing Connection" ConnectedServiceName: "Terminal/Console/WinAppDriver Team Code Signing Connection"

141
.pipelines/release.yml
View File

@@ -1,10 +1,13 @@
# This build should never run as CI or against a pull request. # This build should never run as CI or against a pull request.
name: $(BuildDefinitionName)_$(date:yyMM).$(date:dd)$(rev:rrr)
trigger: none trigger: none
pr: none
pool: resources:
name: SHINE-INT-L repositories:
demands: ImageOverride -equals SHINE-VS17-Latest - repository: 1ESPipelineTemplates
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release
parameters: parameters:
- name: buildConfigurations - name: buildConfigurations
@@ -20,19 +23,25 @@ parameters:
type: string type: string
default: '0.0.1' default: '0.0.1'
variables: extends:
IsPipeline: 1 # The installer uses this to detect whether it should pick up localizations template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
SkipCppCodeAnalysis: 1 # Skip the code analysis to speed up release CI. It runs on PR CI, anyway parameters:
IsExperimentationLive: 1 # The build and installer use this to turn on experimentation customBuildTags:
- 1ES.PT.ViaStartRight
pool:
name: SHINE-INT-S
image: SHINE-VS17-Latest
os: windows
name: $(BuildDefinitionName)_$(date:yyMM).$(date:dd)$(rev:rrr) stages:
resources: - stage: build
repositories: displayName: Build (Complete)
- repository: self pool:
type: git name: SHINE-INT-L
ref: main image: SHINE-VS17-Latest
jobs: os: windows
- job: Build jobs:
- job: Build
strategy: strategy:
matrix: matrix:
${{ each config in parameters.buildConfigurations }}: ${{ each config in parameters.buildConfigurations }}:
@@ -40,30 +49,42 @@ jobs:
${{ config }}_${{ platform }}: ${{ config }}_${{ platform }}:
BuildConfiguration: ${{ config }} BuildConfiguration: ${{ config }}
BuildPlatform: ${{ platform }} BuildPlatform: ${{ platform }}
NUGET_RESTORE_MSBUILD_ARGS: /p:Platform=${{ platform }} # Required for nuget to work due to self contained templateContext:
NODE_OPTIONS: --max_old_space_size=16384 outputs:
- output: pipelineArtifact
artifactName: setup-$(BuildPlatform)
targetPath: $(Build.ArtifactStagingDirectory)
sdl:
baseline:
baselineFile: $(Build.SourcesDirectory)\.pipelines\sdl.gdnbaselines
displayName: Build displayName: Build
timeoutInMinutes: 120 # Some of the loc stuff adds quite a bit of time. timeoutInMinutes: 240 # Some of the 1ES Pipeline stuff and Loc take a very long time
cancelTimeoutInMinutes: 1 cancelTimeoutInMinutes: 1
variables:
NUGET_RESTORE_MSBUILD_ARGS: /p:Platform=$(BuildPlatform) # Required for nuget to work due to self contained
NODE_OPTIONS: --max_old_space_size=16384
IsPipeline: 1 # The installer uses this to detect whether it should pick up localizations
SkipCppCodeAnalysis: 1 # Skip the code analysis to speed up release CI. It runs on PR CI, anyway
IsExperimentationLive: 1 # The build and installer use this to turn on experimentation
steps: steps:
- checkout: self - checkout: self
clean: true clean: true
submodules: true submodules: true
persistCredentials: True persistCredentials: True
# Sets versions for all PowerToy created DLLs # Sets versions for all PowerToy created DLLs
- task: PowerShell@1 - task: PowerShell@1
displayName: Set Versions.Prop displayName: Set Versions.Prop
inputs: inputs:
scriptName: .pipelines/versionSetting.ps1 scriptName: .pipelines/versionSetting.ps1
arguments: -versionNumber '${{ parameters.versionNumber }}' -DevEnvironment '' arguments: -versionNumber '${{ parameters.versionNumber }}' -DevEnvironment ''
# Guardian tool needs 'Microsoft.NETCore.App', version '2.1.0' (x64) # ESRP needs 'Microsoft.NETCore.App', version '6.0.0' (x64)
- task: UseDotNet@2 - task: UseDotNet@2
displayName: 'Use .NET Core 2.1 SDK' displayName: 'Use .NET 6 SDK'
inputs: inputs:
packageType: sdk packageType: sdk
version: '2.1.x' version: '6.x'
- task: UseDotNet@2 - task: UseDotNet@2
displayName: 'Use .NET 7 SDK' displayName: 'Use .NET 7 SDK'
@@ -76,12 +97,12 @@ jobs:
- task: NuGetToolInstaller@1 - task: NuGetToolInstaller@1
displayName: Use NuGet Installer latest displayName: Use NuGet Installer latest
# this will restore the following nugets: # this will restore the following nugets:
# - main solution # - main solution
# - Bug report tool # - Bug report tool
# - Webcam report tool # - Webcam report tool
# - Installer # - Installer
# - Bootstrapper Installer # - Bootstrapper Installer
- task: PowerShell@2 - task: PowerShell@2
displayName: Download and install WiX 3.14 development build displayName: Download and install WiX 3.14 development build
inputs: inputs:
@@ -122,7 +143,7 @@ jobs:
move /Y "Microsoft.PowerToys.Telemetry.2.0.0\build\include\TraceLoggingDefines.h" "src\common\Telemetry\TraceLoggingDefines.h" || exit /b 1 move /Y "Microsoft.PowerToys.Telemetry.2.0.0\build\include\TraceLoggingDefines.h" "src\common\Telemetry\TraceLoggingDefines.h" || exit /b 1
move /Y "Microsoft.PowerToys.Telemetry.2.0.0\build\include\TelemetryBase.cs" "src\common\Telemetry\TelemetryBase.cs" || exit /b 1 move /Y "Microsoft.PowerToys.Telemetry.2.0.0\build\include\TelemetryBase.cs" "src\common\Telemetry\TelemetryBase.cs" || exit /b 1
## ALL BUT INSTALLER BUILDING ## ALL BUT INSTALLER BUILDING
- task: VSBuild@1 - task: VSBuild@1
displayName: Build PowerToys main project displayName: Build PowerToys main project
inputs: inputs:
@@ -301,11 +322,11 @@ jobs:
arguments: -targetDir '$(build.sourcesdirectory)\$(BuildPlatform)\$(BuildConfiguration)\WinUI3Apps' arguments: -targetDir '$(build.sourcesdirectory)\$(BuildPlatform)\$(BuildConfiguration)\WinUI3Apps'
pwsh: true pwsh: true
#### MAIN SIGNING AREA #### MAIN SIGNING AREA
# reference https://dev.azure.com/microsoft/Dart/_git/AppDriver?path=/ESRPSigning.json&version=GBarm64-netcore&_a=contents for winappdriver # reference https://dev.azure.com/microsoft/Dart/_git/AppDriver?path=/ESRPSigning.json&version=GBarm64-netcore&_a=contents for winappdriver
# https://dev.azure.com/microsoft/Dart/_git/AppDriver?path=/CIPolicy.xml&version=GBarm64-netcore&_a=contents # https://dev.azure.com/microsoft/Dart/_git/AppDriver?path=/CIPolicy.xml&version=GBarm64-netcore&_a=contents
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1 - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@3
displayName: Sign Core PT displayName: Sign Core PT
inputs: inputs:
ConnectedServiceName: 'Terminal/Console/WinAppDriver Team Code Signing Connection' ConnectedServiceName: 'Terminal/Console/WinAppDriver Team Code Signing Connection'
@@ -314,7 +335,7 @@ jobs:
batchSignPolicyFile: '$(build.sourcesdirectory)\.pipelines\ESRPSigning_core.json' batchSignPolicyFile: '$(build.sourcesdirectory)\.pipelines\ESRPSigning_core.json'
ciPolicyFile: '$(build.sourcesdirectory)\.pipelines\CIPolicy.xml' ciPolicyFile: '$(build.sourcesdirectory)\.pipelines\CIPolicy.xml'
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1 - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@3
displayName: Sign x86 directshow VCM displayName: Sign x86 directshow VCM
inputs: inputs:
ConnectedServiceName: 'Terminal/Console/WinAppDriver Team Code Signing Connection' ConnectedServiceName: 'Terminal/Console/WinAppDriver Team Code Signing Connection'
@@ -322,16 +343,13 @@ jobs:
signType: batchSigning signType: batchSigning
batchSignPolicyFile: '$(build.sourcesdirectory)\.pipelines\ESRPSigning_vcm.json' batchSignPolicyFile: '$(build.sourcesdirectory)\.pipelines\ESRPSigning_vcm.json'
ciPolicyFile: '$(build.sourcesdirectory)\.pipelines\CIPolicy.xml' ciPolicyFile: '$(build.sourcesdirectory)\.pipelines\CIPolicy.xml'
#### END SIGNING #### END SIGNING
## END MAIN ## END MAIN
- task: PublishBuildArtifacts@1 - pwsh: |-
displayName: 'Publish Artifact: binlog' Move-Item msbuild.binlog "$(Build.ArtifactStagingDirectory)/"
condition: failed() displayName: Stage binlog into artifact directory
continueOnError: True condition: always()
inputs:
PathtoPublish: $(Build.SourcesDirectory)\msbuild.binlog
ArtifactName: binlog-$(BuildPlatform)
- task: ComponentGovernanceComponentDetection@0 - task: ComponentGovernanceComponentDetection@0
displayName: Component Detection displayName: Component Detection
@@ -362,20 +380,7 @@ jobs:
IndexSources: false IndexSources: false
SymbolServerType: TeamServices SymbolServerType: TeamServices
- task: PublishBuildArtifacts@1 - template: .pipelines/installer-steps.yml@self
displayName: 'Publish Artifact: Symbols'
inputs:
PathtoPublish: $(System.ArtifactsDirectory)/Symbols-$(BuildPlatform)/
ArtifactName: Symbols-${{ parameters.versionNumber }}-$(BuildPlatform)
- task: DeleteFiles@1
displayName: 'Remove symbols from ArtifactStagingDirectory'
inputs:
Contents: '*'
SourceFolder: $(Build.ArtifactStagingDirectory)/Symbols-$(BuildPlatform)/
RemoveSourceFolder: True
- template: installer-steps.yml
parameters: parameters:
versionNumber: ${{ parameters.versionNumber }} versionNumber: ${{ parameters.versionNumber }}
perUserArg: "false" perUserArg: "false"
@@ -389,7 +394,7 @@ jobs:
script: git clean -xfd -e *exe -- .\installer\ script: git clean -xfd -e *exe -- .\installer\
pwsh: true pwsh: true
- template: installer-steps.yml - template: .pipelines/installer-steps.yml@self
parameters: parameters:
versionNumber: ${{ parameters.versionNumber }} versionNumber: ${{ parameters.versionNumber }}
perUserArg: "true" perUserArg: "true"
@@ -431,18 +436,10 @@ jobs:
$machineHash | out-file -filepath $combinedMachinePath $machineHash | out-file -filepath $combinedMachinePath
pwsh: true pwsh: true
- task: PublishBuildArtifacts@1 # Publishing the GPO files
displayName: "Publish Artifact: PowerToySetup" - pwsh: |-
inputs: New-Item "$(Build.ArtifactStagingDirectory)/gpo" -Type Directory
PathtoPublish: $(System.ArtifactsDirectory) Copy-Item src\gpo\assets\* "$(Build.ArtifactStagingDirectory)/gpo" -Recurse
ArtifactName: setup-$(BuildPlatform) displayName: Stage the GPO files
# Publishing the GPO files with a version number
- task: PublishBuildArtifacts@1
displayName: 'Publish Artifact: GPO Files'
inputs:
PathtoPublish: src\gpo\assets
ArtifactName: GroupPolicyObjectsFiles-${{ parameters.versionNumber }}
... ...

7457
.pipelines/sdl.gdnbaselines Normal file
View File

File diff suppressed because it is too large Load Diff