From af70c2eb8e77073c5a654fe8c69cc985b3383289 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Wed, 30 Aug 2023 13:42:32 -0700 Subject: [PATCH 01/67] initial yaml for release pipeline --- .vsts-ci/release.yml | 164 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 164 insertions(+) create mode 100644 .vsts-ci/release.yml diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml new file mode 100644 index 00000000..3d16c96e --- /dev/null +++ b/.vsts-ci/release.yml @@ -0,0 +1,164 @@ +trigger: none + +variables: + - name: BuildConfiguration + value: 'Release' + - name: PackageRoot + value: '$(System.ArtifactsDirectory)/Packages' + - group: DSCAPIScan + - group: Azure Blob variable group + +resources: + repositories: + - repository: ComplianceRepo + type: github + endpoint: ComplianceGHRepo + name: PowerShell/compliance + ref: fixApiScanNet6 + +stages: +- stage: Build + displayName: Build Native Binaries + dependsOn: [] + jobs: + - job: BuildWin + pool: + name: PowerShell1ES + demands: + - ImageOverride -equals PSMMS2019-Rust-Secure + displayName: Windows + strategy: + matrix: + Windows x64: + buildName: x86_64-pc-windows-msvc + Windows x64_arm64: + buildName: aarch64-pc-windows-msvc + + steps: + - template: windows-build.yml + + - job: SignWin + pool: + name: PowerShell1ES + demands: + - ImageOverride -equals PSMMS2019-Rust-Secure + + displayName: Sign Windows + variables: + - group: ESRP + dependsOn: BuildWin + strategy: + matrix: + Windows x64: + buildName: x86_64-pc-windows-msvc + Windows x64_arm64: + buildName: aarch64-pc-windows-msvc + + steps: + - template: windows-sign.yml + + - job: BuildLinux + displayName: Linux + pool: + name: PowerShell1ES + demands: + - ImageOverride -equals PSMMSUbuntu20.04-Secure + strategy: + matrix: + Linux ARM64 GNU: + buildName: aarch64-unknown-linux-gnu + Linux ARM64 MUSL: + buildName: aarch64-unknown-linux-musl + Linux x64 GNU: + buildName: x86_64-unknown-linux-gnu + Linux x64 MUSL: + buildName: x86_64-unknown-linux-musl + steps: + - template: linux.yml + + - job: BuildMac + displayName: Build Native Binaries on macOS + pool: + vmImage: macOS-Latest + steps: + - template: mac.yml + +- stage: compliance + displayName: Compliance + dependsOn: Build + jobs: + - job: Compliance_Job + pool: + name: PowerShell1ES + demands: + - ImageOverride -equals PSMMS2019-PS-Native-Secure + steps: + - checkout: self + clean: true + - checkout: ComplianceRepo + clean: true + + - download: current + artifact: release + + - download: current + artifact: signed + + - template: setVersion.yml + + - pwsh: | + Get-ChildItem -Path 'ENV:' + displayName: Capture environment + + - powershell: | + $null = New-Item $(PackageRoot) -ItemType Directory -Force -Verbose + if(-not (Test-Path '$(Pipeline.Workspace)/release' )) + { + New-Item -ItemType Directory -Path '$(Pipeline.Workspace)/release' -Force + } + Invoke-WebRequest -Uri '$(PSRPBlobUrl)' -OutFile $(Pipeline.Workspace)/release/psrp.zip -Verbose + displayName: 'Download PSRP package' + + - powershell: 'Get-ChildItem $(Pipeline.Workspace)/release' + displayName: 'Capture downloaded zips' + + - powershell: | + $extractedRoot = New-Item $(Pipeline.Workspace)/uncompressed -ItemType Directory -Force -Verbose + Get-ChildItem $(Pipeline.Workspace)/release/*.zip | ForEach-Object { + $baseName = $_.BaseName + if($baseName -match 'x64_arm') { + Write-Verbose "Skipping expanding file $_.Name" -Verbose + } + else { + $folderPath = Join-Path $extractedRoot $baseName + Expand-Archive $_.FullName -DestinationPath $folderPath -Force + } + } + Write-Host "Extracted files:" + Get-ChildItem -Recurse $extractedRoot -File + displayName: 'Extract All Zips' + + - pwsh: | + Write-Verbose -Verbose "$(PackageVersion)" + displayName: 'Write the package version' + + - template: assembly-module-compliance.yml@ComplianceRepo + parameters: + # binskim + AnalyzeTarget: '$(Pipeline.Workspace)/uncompressed/*.dll' + AnalyzeSymPath: 'SRV*' + # component-governance + sourceScanPath: '$(Build.SourcesDirectory)/DSC' + # credscan + suppressionsFile: '' + # TermCheck + optionsRulesDBPath: '' + optionsFTPath: '' + # tsa-upload + codeBaseName: 'DSC' + # selections + softwareName: 'DSC' + softwareNameFolder: '$(Pipeline.Workspace)/uncompressed' + softwareVersion: '$(PackageVersion)' + connectionString: RunAs=App;AppId=$(APIScanClient);TenantId=$(APIScanTenant);AppKey=$(APIScanSecret) + APIScan: true # set to false when not using Windows APIs. From ca00525f03de96755c03b2f0284239a7826e9dfc Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 31 Aug 2023 14:17:35 -0700 Subject: [PATCH 02/67] add build steps --- .vsts-ci/release.yml | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 3d16c96e..2405875e 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -35,7 +35,8 @@ stages: buildName: aarch64-pc-windows-msvc steps: - - template: windows-build.yml + - powershell: ./build.ps1 -Release -Architecture $(buildName) + displayName: 'Build $(buildName)' - job: SignWin pool: @@ -74,14 +75,22 @@ stages: Linux x64 MUSL: buildName: x86_64-unknown-linux-musl steps: - - template: linux.yml + - powershell: ./build.ps1 -Release -Architecture $(buildName) + displayName: 'Build $(buildName)' - job: BuildMac displayName: Build Native Binaries on macOS pool: vmImage: macOS-Latest + strategy: + matrix: + macOS x64: + buildName: x86_64-apple-darwin + macOS arm64: + buildName: aarch64-apple-darwin steps: - - template: mac.yml + - powershell: ./build.ps1 -Release -Architecture $(buildName) + displayName: 'Build $(buildName)' - stage: compliance displayName: Compliance From dd33c507db3e1a98339c6901c0e5dfc35dfa00de Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 31 Aug 2023 14:23:04 -0700 Subject: [PATCH 03/67] remove signing --- .vsts-ci/release.yml | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 2405875e..95f293f1 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -38,26 +38,6 @@ stages: - powershell: ./build.ps1 -Release -Architecture $(buildName) displayName: 'Build $(buildName)' - - job: SignWin - pool: - name: PowerShell1ES - demands: - - ImageOverride -equals PSMMS2019-Rust-Secure - - displayName: Sign Windows - variables: - - group: ESRP - dependsOn: BuildWin - strategy: - matrix: - Windows x64: - buildName: x86_64-pc-windows-msvc - Windows x64_arm64: - buildName: aarch64-pc-windows-msvc - - steps: - - template: windows-sign.yml - - job: BuildLinux displayName: Linux pool: From 3c5885d9c825b856987dd281306998afd90c8bbe Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 31 Aug 2023 14:25:04 -0700 Subject: [PATCH 04/67] remove unused portion --- .vsts-ci/release.yml | 36 +----------------------------------- 1 file changed, 1 insertion(+), 35 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 95f293f1..ad83fd4e 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -80,7 +80,7 @@ stages: pool: name: PowerShell1ES demands: - - ImageOverride -equals PSMMS2019-PS-Native-Secure + - ImageOverride -equals PSMMS2019-Rust-Secure steps: - checkout: self clean: true @@ -93,44 +93,10 @@ stages: - download: current artifact: signed - - template: setVersion.yml - - pwsh: | Get-ChildItem -Path 'ENV:' displayName: Capture environment - - powershell: | - $null = New-Item $(PackageRoot) -ItemType Directory -Force -Verbose - if(-not (Test-Path '$(Pipeline.Workspace)/release' )) - { - New-Item -ItemType Directory -Path '$(Pipeline.Workspace)/release' -Force - } - Invoke-WebRequest -Uri '$(PSRPBlobUrl)' -OutFile $(Pipeline.Workspace)/release/psrp.zip -Verbose - displayName: 'Download PSRP package' - - - powershell: 'Get-ChildItem $(Pipeline.Workspace)/release' - displayName: 'Capture downloaded zips' - - - powershell: | - $extractedRoot = New-Item $(Pipeline.Workspace)/uncompressed -ItemType Directory -Force -Verbose - Get-ChildItem $(Pipeline.Workspace)/release/*.zip | ForEach-Object { - $baseName = $_.BaseName - if($baseName -match 'x64_arm') { - Write-Verbose "Skipping expanding file $_.Name" -Verbose - } - else { - $folderPath = Join-Path $extractedRoot $baseName - Expand-Archive $_.FullName -DestinationPath $folderPath -Force - } - } - Write-Host "Extracted files:" - Get-ChildItem -Recurse $extractedRoot -File - displayName: 'Extract All Zips' - - - pwsh: | - Write-Verbose -Verbose "$(PackageVersion)" - displayName: 'Write the package version' - - template: assembly-module-compliance.yml@ComplianceRepo parameters: # binskim From c60c37956b56baa631aa8a21960b8b65c7228e11 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 31 Aug 2023 14:32:40 -0700 Subject: [PATCH 05/67] update variable group name --- .vsts-ci/release.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index ad83fd4e..4db8a172 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -6,7 +6,6 @@ variables: - name: PackageRoot value: '$(System.ArtifactsDirectory)/Packages' - group: DSCAPIScan - - group: Azure Blob variable group resources: repositories: From 15b51e3b1e635fa53e658732bc1ad95bd7548353 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 31 Aug 2023 15:32:45 -0700 Subject: [PATCH 06/67] replace powershell with pwsh --- .vsts-ci/release.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 4db8a172..363030be 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -34,7 +34,7 @@ stages: buildName: aarch64-pc-windows-msvc steps: - - powershell: ./build.ps1 -Release -Architecture $(buildName) + - pwsh: ./build.ps1 -Release -Architecture $(buildName) displayName: 'Build $(buildName)' - job: BuildLinux @@ -54,7 +54,7 @@ stages: Linux x64 MUSL: buildName: x86_64-unknown-linux-musl steps: - - powershell: ./build.ps1 -Release -Architecture $(buildName) + - pwsh: ./build.ps1 -Release -Architecture $(buildName) displayName: 'Build $(buildName)' - job: BuildMac @@ -68,7 +68,7 @@ stages: macOS arm64: buildName: aarch64-apple-darwin steps: - - powershell: ./build.ps1 -Release -Architecture $(buildName) + - pwsh: ./build.ps1 -Release -Architecture $(buildName) displayName: 'Build $(buildName)' - stage: compliance From 688cb3c3dfdaae44f6c904f1764415cbdef3bfe1 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Fri, 1 Sep 2023 09:54:35 -0700 Subject: [PATCH 07/67] update use of rust --- .vsts-ci/release.yml | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 363030be..f3d75940 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -34,7 +34,10 @@ stages: buildName: aarch64-pc-windows-msvc steps: - - pwsh: ./build.ps1 -Release -Architecture $(buildName) + - pwsh: | + rustup default stable + rustup target add $(buildName) + ./build.ps1 -Release -Architecture $(buildName) displayName: 'Build $(buildName)' - job: BuildLinux @@ -54,7 +57,10 @@ stages: Linux x64 MUSL: buildName: x86_64-unknown-linux-musl steps: - - pwsh: ./build.ps1 -Release -Architecture $(buildName) + - pwsh: | + rustup default stable + rustup target add $(buildName) + ./build.ps1 -Release -Architecture $(buildName) displayName: 'Build $(buildName)' - job: BuildMac @@ -68,7 +74,9 @@ stages: macOS arm64: buildName: aarch64-apple-darwin steps: - - pwsh: ./build.ps1 -Release -Architecture $(buildName) + - pwsh: | + rustup target add $(buildName) + ./build.ps1 -Release -Architecture $(buildName) displayName: 'Build $(buildName)' - stage: compliance From 0c043e6b4c87c9dd5307cf781416ba5a3f2b12a2 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Wed, 13 Sep 2023 21:16:15 -0700 Subject: [PATCH 08/67] explicitly add cargo path --- .vsts-ci/release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index f3d75940..4553052f 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -58,6 +58,7 @@ stages: buildName: x86_64-unknown-linux-musl steps: - pwsh: | + $env:PATH += ':~/.cargo/bin' rustup default stable rustup target add $(buildName) ./build.ps1 -Release -Architecture $(buildName) From 6d9f6f6a301d4a18ca0f8af85485dffe37373352 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 14 Sep 2023 10:37:32 -0700 Subject: [PATCH 09/67] separate linux and linux-arm64 --- .vsts-ci/release.yml | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 4553052f..91ad8314 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -35,7 +35,6 @@ stages: steps: - pwsh: | - rustup default stable rustup target add $(buildName) ./build.ps1 -Release -Architecture $(buildName) displayName: 'Build $(buildName)' @@ -46,23 +45,23 @@ stages: name: PowerShell1ES demands: - ImageOverride -equals PSMMSUbuntu20.04-Secure - strategy: - matrix: - Linux ARM64 GNU: - buildName: aarch64-unknown-linux-gnu - Linux ARM64 MUSL: - buildName: aarch64-unknown-linux-musl - Linux x64 GNU: - buildName: x86_64-unknown-linux-gnu - Linux x64 MUSL: - buildName: x86_64-unknown-linux-musl steps: - pwsh: | $env:PATH += ':~/.cargo/bin' - rustup default stable - rustup target add $(buildName) - ./build.ps1 -Release -Architecture $(buildName) - displayName: 'Build $(buildName)' + ./build.ps1 -Release -Architecture x86_64-unknown-linux-gnu + displayName: 'Build x86_64-unknown-linux-gnu' + + - job: BuildLinuxArm64 + displayName: Linux ARM64 + pool: + name: PowerShell1ES + demands: + - ImageOverride -equals PSMMSUbuntu20.04-ARM64-Secure + steps: + - pwsh: | + $env:PATH += ':~/.cargo/bin' + ./build.ps1 -Release -Architecture aarch64-unknown-linux-gnu + displayName: 'Build aarch64-unknown-linux-gnu' - job: BuildMac displayName: Build Native Binaries on macOS From ad6b57aa6ca401ba9aa82d99c4b43b36f4e3a4dc Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 14 Sep 2023 10:40:14 -0700 Subject: [PATCH 10/67] fix casing --- .vsts-ci/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 91ad8314..3c31f3e5 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -56,7 +56,7 @@ stages: pool: name: PowerShell1ES demands: - - ImageOverride -equals PSMMSUbuntu20.04-ARM64-Secure + - ImageOverride -equals PSMMSUbuntu20.04-ARM64-secure steps: - pwsh: | $env:PATH += ':~/.cargo/bin' From 84100659a58667f377080e2c1a474a26e83e8b40 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 21 Sep 2023 14:06:25 -0700 Subject: [PATCH 11/67] add tracing --- .vsts-ci/release.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 3c31f3e5..254fcb10 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -60,6 +60,12 @@ stages: steps: - pwsh: | $env:PATH += ':~/.cargo/bin' + write-verbose -verbose "~" + dir -hidden -path ~ + write-verbose -verbose ".cargo" + dir -path ~/.cargo + write-verbose -verbose ".cargo/bin" + dir -path ~/.cargo/bin ./build.ps1 -Release -Architecture aarch64-unknown-linux-gnu displayName: 'Build aarch64-unknown-linux-gnu' From 6830da83378744ba96f01c73f47761a4c40fcdc3 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 21 Sep 2023 14:12:02 -0700 Subject: [PATCH 12/67] move tracing --- .vsts-ci/release.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 254fcb10..4c647d88 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -48,6 +48,12 @@ stages: steps: - pwsh: | $env:PATH += ':~/.cargo/bin' + write-verbose -verbose "~" + dir -hidden -path ~ + write-verbose -verbose ".cargo" + dir -path ~/.cargo + write-verbose -verbose ".cargo/bin" + dir -path ~/.cargo/bin ./build.ps1 -Release -Architecture x86_64-unknown-linux-gnu displayName: 'Build x86_64-unknown-linux-gnu' @@ -60,12 +66,6 @@ stages: steps: - pwsh: | $env:PATH += ':~/.cargo/bin' - write-verbose -verbose "~" - dir -hidden -path ~ - write-verbose -verbose ".cargo" - dir -path ~/.cargo - write-verbose -verbose ".cargo/bin" - dir -path ~/.cargo/bin ./build.ps1 -Release -Architecture aarch64-unknown-linux-gnu displayName: 'Build aarch64-unknown-linux-gnu' From 5eb7773e2bbe6d407422466fa1356c79a0ffe543 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Fri, 22 Sep 2023 13:59:12 -0700 Subject: [PATCH 13/67] change pool for linux-arm --- .vsts-ci/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 4c647d88..58440cf5 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -60,7 +60,7 @@ stages: - job: BuildLinuxArm64 displayName: Linux ARM64 pool: - name: PowerShell1ES + name: ps-powershell-rel-arm demands: - ImageOverride -equals PSMMSUbuntu20.04-ARM64-secure steps: From 859712fe25aa7abc6a8d614f418f9b2751371b25 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Fri, 22 Sep 2023 14:01:30 -0700 Subject: [PATCH 14/67] change pool name again --- .vsts-ci/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 58440cf5..35cc0e08 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -60,7 +60,7 @@ stages: - job: BuildLinuxArm64 displayName: Linux ARM64 pool: - name: ps-powershell-rel-arm + name: 1es-arm demands: - ImageOverride -equals PSMMSUbuntu20.04-ARM64-secure steps: From 7c518b5f7d416db58325039bfa2a5ec3cd852b33 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Fri, 22 Sep 2023 14:25:40 -0700 Subject: [PATCH 15/67] changing pool back --- .vsts-ci/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 35cc0e08..58440cf5 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -60,7 +60,7 @@ stages: - job: BuildLinuxArm64 displayName: Linux ARM64 pool: - name: 1es-arm + name: ps-powershell-rel-arm demands: - ImageOverride -equals PSMMSUbuntu20.04-ARM64-secure steps: From 1520a29ae8002998f28c5709459f24b1d18bc32f Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 28 Sep 2023 14:04:45 -0700 Subject: [PATCH 16/67] remove tracing --- .vsts-ci/release.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 58440cf5..00a2796a 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -47,13 +47,6 @@ stages: - ImageOverride -equals PSMMSUbuntu20.04-Secure steps: - pwsh: | - $env:PATH += ':~/.cargo/bin' - write-verbose -verbose "~" - dir -hidden -path ~ - write-verbose -verbose ".cargo" - dir -path ~/.cargo - write-verbose -verbose ".cargo/bin" - dir -path ~/.cargo/bin ./build.ps1 -Release -Architecture x86_64-unknown-linux-gnu displayName: 'Build x86_64-unknown-linux-gnu' @@ -65,7 +58,6 @@ stages: - ImageOverride -equals PSMMSUbuntu20.04-ARM64-secure steps: - pwsh: | - $env:PATH += ':~/.cargo/bin' ./build.ps1 -Release -Architecture aarch64-unknown-linux-gnu displayName: 'Build aarch64-unknown-linux-gnu' From aea7823f5d7c68ac898756c683c9201988804739 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 28 Sep 2023 14:09:43 -0700 Subject: [PATCH 17/67] set default --- .vsts-ci/release.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 00a2796a..594d561f 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -47,6 +47,7 @@ stages: - ImageOverride -equals PSMMSUbuntu20.04-Secure steps: - pwsh: | + rustup default stable ./build.ps1 -Release -Architecture x86_64-unknown-linux-gnu displayName: 'Build x86_64-unknown-linux-gnu' @@ -58,6 +59,7 @@ stages: - ImageOverride -equals PSMMSUbuntu20.04-ARM64-secure steps: - pwsh: | + rustup default stable ./build.ps1 -Release -Architecture aarch64-unknown-linux-gnu displayName: 'Build aarch64-unknown-linux-gnu' From d4cc2c0941141154056f4e4be3b143c5565e9d22 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Fri, 29 Sep 2023 14:47:37 -0700 Subject: [PATCH 18/67] setup stable rust --- .vsts-ci/release.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 594d561f..ec12b515 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -35,6 +35,7 @@ stages: steps: - pwsh: | + rustup default stable rustup target add $(buildName) ./build.ps1 -Release -Architecture $(buildName) displayName: 'Build $(buildName)' @@ -75,6 +76,7 @@ stages: buildName: aarch64-apple-darwin steps: - pwsh: | + rustup default stable rustup target add $(buildName) ./build.ps1 -Release -Architecture $(buildName) displayName: 'Build $(buildName)' From 0fd0ef8c2562a775b3e718cb842fa4d04caf1ae1 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 19 Oct 2023 13:21:55 -0700 Subject: [PATCH 19/67] compress and upload --- .vsts-ci/release.yml | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index ec12b515..dd76a439 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -39,6 +39,15 @@ stages: rustup target add $(buildName) ./build.ps1 -Release -Architecture $(buildName) displayName: 'Build $(buildName)' + condition: succeeded() + - pwsh: | + compress-archive -Path "$(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration)" -DestinationPath "$(System.ArtifactsDirectory)\Packages\$(buildName).zip" + displayName: 'Compress $(buildName)' + condition: succeeded() + - pwsh: | + Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(System.ArtifactsDirectory)\Packages\$(buildName).zip" + displayName: Upload artifacts + condition: succeeded() - job: BuildLinux displayName: Linux @@ -51,6 +60,15 @@ stages: rustup default stable ./build.ps1 -Release -Architecture x86_64-unknown-linux-gnu displayName: 'Build x86_64-unknown-linux-gnu' + condition: succeeded() + - pwsh: | + tar -czvf $(System.ArtifactsDirectory)/Packages/x86_64-unknown-linux-gnu.tar.gz -C $(Build.SourcesDirectory)/bin/$(BuildConfiguration)/x86_64-unknown-linux-gnu . + displayName: 'Compress x86_64-unknown-linux-gnu' + condition: succeeded() + - pwsh: | + Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(System.ArtifactsDirectory)\Packages\x86_64-unknown-linux-gnu.zip" + displayName: Upload artifacts + condition: succeeded() - job: BuildLinuxArm64 displayName: Linux ARM64 @@ -63,6 +81,16 @@ stages: rustup default stable ./build.ps1 -Release -Architecture aarch64-unknown-linux-gnu displayName: 'Build aarch64-unknown-linux-gnu' + condition: succeeded() + - pwsh: | + tar -czvf $(System.ArtifactsDirectory)/Packages/aarch64-unknown-linux-gnu.tar.gz -C $(Build.SourcesDirectory)/bin/$(BuildConfiguration)/aarch64-unknown-linux-gnu . + displayName: 'Compress aarch64-unknown-linux-gnu' + condition: succeeded() + - pwsh: | + Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(System.ArtifactsDirectory)\Packages\aarch64-unknown-linux-gnu.zip" + displayName: Upload artifacts + condition: succeeded() + - job: BuildMac displayName: Build Native Binaries on macOS @@ -80,6 +108,15 @@ stages: rustup target add $(buildName) ./build.ps1 -Release -Architecture $(buildName) displayName: 'Build $(buildName)' + condition: succeeded() + - pwsh: | + tar -czvf $(System.ArtifactsDirectory)/Packages/$(buildName).tar.gz -C $(Build.SourcesDirectory)/bin/$(BuildConfiguration)/$(buildName) . + displayName: 'Compress $(buildName)' + condition: succeeded() + - pwsh: | + Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(System.ArtifactsDirectory)\Packages\$(buildName).zip" + displayName: Upload artifacts + condition: succeeded() - stage: compliance displayName: Compliance From 2b57da8fc589f023c339d2b6234717478e515be2 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 26 Oct 2023 14:24:17 -0700 Subject: [PATCH 20/67] update release pipeline --- .vsts-ci/release.yml | 73 +++++++++++++++++++++++++++++++++++++++----- build.ps1 | 12 +++++++- 2 files changed, 77 insertions(+), 8 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index dd76a439..1a6e7535 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -13,14 +13,16 @@ resources: type: github endpoint: ComplianceGHRepo name: PowerShell/compliance - ref: fixApiScanNet6 + ref: master stages: -- stage: Build +- stage: BuildAndSign displayName: Build Native Binaries dependsOn: [] jobs: - job: BuildWin + variables: + - group: ESRP pool: name: PowerShell1ES demands: @@ -41,7 +43,64 @@ stages: displayName: 'Build $(buildName)' condition: succeeded() - pwsh: | - compress-archive -Path "$(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration)" -DestinationPath "$(System.ArtifactsDirectory)\Packages\$(buildName).zip" + Set-Location "$(Build.SourcesDirectory)/Package" + $signSrcPath = "$(Build.SourcesDirectory)/Package/out" + # Set signing src path variable + $vstsCommandString = "vso[task.setvariable variable=signSrcPath]${signSrcPath}" + Write-Host ("sending " + $vstsCommandString) + Write-Host "##$vstsCommandString" + + $signOutPath = "$(Build.SourcesDirectory)/Package/signed" + $null = New-Item -ItemType Directory -Path $signOutPath + # Set signing out path variable + $vstsCommandString = "vso[task.setvariable variable=signOutPath]${signOutPath}" + Write-Host "sending " + $vstsCommandString + Write-Host "##$vstsCommandString" + + # Set path variable for guardian codesign validation + $vstsCommandString = "vso[task.setvariable variable=GDN_CODESIGN_TARGETDIRECTORY]${signOutPath}" + Write-Host "sending " + $vstsCommandString + Write-Host "##$vstsCommandString" + + $packageVersion = ./build.ps1 -GetPackageVersion + $vstsCommandString = "vso[task.setvariable variable=PackageVersion]$packageVersion" + Write-Host ("sending " + $vstsCommandString) + Write-Host "##$vstsCommandString" + displayName: Setup variables for signing + + - publish: "$(Build.SourcesDirectory)/Package/out/" + artifact: out + + displayName: Publish unsigned files + + - checkout: ComplianceRepo + + - template: EsrpSign.yml@ComplianceRepo + parameters: + # the folder which contains the binaries to sign + buildOutputPath: $(signSrcPath) + # the location to put the signed output + signOutputPath: $(signOutPath) + # the certificate ID to use + certificateId: "CP-230012" + # The file pattern to use + # If not using minimatch: comma separated, with * supported + # If using minimatch: newline separated, with !, **, and * supported. + # See link in the useMinimatch comments. + pattern: '*.exe' + # decides if the task should use minimatch for the pattern matching. + # https://github.com/isaacs/minimatch#features + useMinimatch: false + + - template: Sbom.yml@ComplianceRepo + parameters: + BuildDropPath: $(Build.SourcesDirectory)/package/signed + Build_Repository_Uri: 'https://github.com/powershell/DSC' + PackageName: 'DSC' + PackageVersion: $(PackageVersion) + + - pwsh: | + compress-archive -Path "$(Build.SourcesDirectory)/package/signed" -DestinationPath "$(System.ArtifactsDirectory)\Packages\$(buildName).zip" displayName: 'Compress $(buildName)' condition: succeeded() - pwsh: | @@ -62,7 +121,7 @@ stages: displayName: 'Build x86_64-unknown-linux-gnu' condition: succeeded() - pwsh: | - tar -czvf $(System.ArtifactsDirectory)/Packages/x86_64-unknown-linux-gnu.tar.gz -C $(Build.SourcesDirectory)/bin/$(BuildConfiguration)/x86_64-unknown-linux-gnu . + tar czf $(System.ArtifactsDirectory)/Packages/x86_64-unknown-linux-gnu.tar.gz $(Build.SourcesDirectory)/bin/$(BuildConfiguration)/x86_64-unknown-linux-gnu . displayName: 'Compress x86_64-unknown-linux-gnu' condition: succeeded() - pwsh: | @@ -83,7 +142,7 @@ stages: displayName: 'Build aarch64-unknown-linux-gnu' condition: succeeded() - pwsh: | - tar -czvf $(System.ArtifactsDirectory)/Packages/aarch64-unknown-linux-gnu.tar.gz -C $(Build.SourcesDirectory)/bin/$(BuildConfiguration)/aarch64-unknown-linux-gnu . + tar czf $(System.ArtifactsDirectory)/Packages/aarch64-unknown-linux-gnu.tar.gz $(Build.SourcesDirectory)/bin/$(BuildConfiguration)/aarch64-unknown-linux-gnu . displayName: 'Compress aarch64-unknown-linux-gnu' condition: succeeded() - pwsh: | @@ -110,7 +169,7 @@ stages: displayName: 'Build $(buildName)' condition: succeeded() - pwsh: | - tar -czvf $(System.ArtifactsDirectory)/Packages/$(buildName).tar.gz -C $(Build.SourcesDirectory)/bin/$(BuildConfiguration)/$(buildName) . + tar czf $(System.ArtifactsDirectory)/Packages/$(buildName).tar.gz $(Build.SourcesDirectory)/bin/$(BuildConfiguration)/$(buildName) . displayName: 'Compress $(buildName)' condition: succeeded() - pwsh: | @@ -146,7 +205,7 @@ stages: - template: assembly-module-compliance.yml@ComplianceRepo parameters: # binskim - AnalyzeTarget: '$(Pipeline.Workspace)/uncompressed/*.dll' + AnalyzeTarget: '$(Pipeline.Workspace)/uncompressed/*.exe' AnalyzeSymPath: 'SRV*' # component-governance sourceScanPath: '$(Build.SourcesDirectory)/DSC' diff --git a/build.ps1 b/build.ps1 index e72385d6..3b6e11a0 100644 --- a/build.ps1 +++ b/build.ps1 @@ -6,9 +6,19 @@ param( [ValidateSet('current','aarch64-pc-windows-msvc','x86_64-pc-windows-msvc','aarch64-apple-darwin','x86_64-apple-darwin','aarch64-unknown-linux-gnu','aarch64-unknown-linux-musl','x86_64-unknown-linux-gnu','x86_64-unknown-linux-musl')] $architecture = 'current', [switch]$Clippy, - [switch]$Test + [switch]$Test, + [switch]$GetPackageVersion ) +if ($GetPackageVersion) { + $match = Select-String -Path ./dsc/Cargo.toml -Pattern '^version\s*=\s*"(?.*?)"$' + if ($null -eq $match) { + throw 'Unable to find version in Cargo.toml' + } + + return $match.Matches.Groups[1].Value +} + ## Test if Rust is installed if (!(Get-Command 'cargo' -ErrorAction Ignore)) { Write-Verbose -Verbose "Rust not found, installing..." From eb2ab4b5b1c1e909932069e105f756abd0cc50f1 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 26 Oct 2023 14:25:58 -0700 Subject: [PATCH 21/67] fix dependency --- .vsts-ci/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 1a6e7535..d50e45d1 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -179,7 +179,7 @@ stages: - stage: compliance displayName: Compliance - dependsOn: Build + dependsOn: BuildAndSign jobs: - job: Compliance_Job pool: From 80f2f09d1a659b14987504699deed679873eb318 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 26 Oct 2023 14:52:39 -0700 Subject: [PATCH 22/67] set location and create pkg dir --- .vsts-ci/release.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index d50e45d1..51f147e2 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -39,6 +39,7 @@ stages: - pwsh: | rustup default stable rustup target add $(buildName) + Set-Location "$(Build.SourcesDirectory)" ./build.ps1 -Release -Architecture $(buildName) displayName: 'Build $(buildName)' condition: succeeded() @@ -121,6 +122,7 @@ stages: displayName: 'Build x86_64-unknown-linux-gnu' condition: succeeded() - pwsh: | + new-item -itemType Directory -$(System.ArtifactsDirectory)/Packages -Force tar czf $(System.ArtifactsDirectory)/Packages/x86_64-unknown-linux-gnu.tar.gz $(Build.SourcesDirectory)/bin/$(BuildConfiguration)/x86_64-unknown-linux-gnu . displayName: 'Compress x86_64-unknown-linux-gnu' condition: succeeded() @@ -142,6 +144,7 @@ stages: displayName: 'Build aarch64-unknown-linux-gnu' condition: succeeded() - pwsh: | + new-item -itemType Directory -$(System.ArtifactsDirectory)/Packages -Force tar czf $(System.ArtifactsDirectory)/Packages/aarch64-unknown-linux-gnu.tar.gz $(Build.SourcesDirectory)/bin/$(BuildConfiguration)/aarch64-unknown-linux-gnu . displayName: 'Compress aarch64-unknown-linux-gnu' condition: succeeded() @@ -169,6 +172,7 @@ stages: displayName: 'Build $(buildName)' condition: succeeded() - pwsh: | + new-item -itemType Directory -$(System.ArtifactsDirectory)/Packages -Force tar czf $(System.ArtifactsDirectory)/Packages/$(buildName).tar.gz $(Build.SourcesDirectory)/bin/$(BuildConfiguration)/$(buildName) . displayName: 'Compress $(buildName)' condition: succeeded() From 5ab8bea8ce7f2f579d413f87f3247996b54fea9d Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 26 Oct 2023 15:18:57 -0700 Subject: [PATCH 23/67] fix capitalization of release --- .vsts-ci/release.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 51f147e2..c996a49e 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -2,7 +2,7 @@ trigger: none variables: - name: BuildConfiguration - value: 'Release' + value: 'release' - name: PackageRoot value: '$(System.ArtifactsDirectory)/Packages' - group: DSCAPIScan @@ -40,7 +40,8 @@ stages: rustup default stable rustup target add $(buildName) Set-Location "$(Build.SourcesDirectory)" - ./build.ps1 -Release -Architecture $(buildName) + write-verbose -verbose (dir | out-string) + .\build.ps1 -Release -Architecture $(buildName) displayName: 'Build $(buildName)' condition: succeeded() - pwsh: | From 37d10de47af5e98b1cb945e89afd46cc1a4f32a8 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 26 Oct 2023 15:34:13 -0700 Subject: [PATCH 24/67] move rustup updates to build script --- .vsts-ci/release.yml | 10 +--------- build.ps1 | 2 ++ 2 files changed, 3 insertions(+), 9 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index c996a49e..1ada8b8f 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -37,11 +37,7 @@ stages: steps: - pwsh: | - rustup default stable - rustup target add $(buildName) - Set-Location "$(Build.SourcesDirectory)" - write-verbose -verbose (dir | out-string) - .\build.ps1 -Release -Architecture $(buildName) + ./build.ps1 -Release -Architecture $(buildName) displayName: 'Build $(buildName)' condition: succeeded() - pwsh: | @@ -118,7 +114,6 @@ stages: - ImageOverride -equals PSMMSUbuntu20.04-Secure steps: - pwsh: | - rustup default stable ./build.ps1 -Release -Architecture x86_64-unknown-linux-gnu displayName: 'Build x86_64-unknown-linux-gnu' condition: succeeded() @@ -140,7 +135,6 @@ stages: - ImageOverride -equals PSMMSUbuntu20.04-ARM64-secure steps: - pwsh: | - rustup default stable ./build.ps1 -Release -Architecture aarch64-unknown-linux-gnu displayName: 'Build aarch64-unknown-linux-gnu' condition: succeeded() @@ -167,8 +161,6 @@ stages: buildName: aarch64-apple-darwin steps: - pwsh: | - rustup default stable - rustup target add $(buildName) ./build.ps1 -Release -Architecture $(buildName) displayName: 'Build $(buildName)' condition: succeeded() diff --git a/build.ps1 b/build.ps1 index 3b6e11a0..f7f5eeea 100644 --- a/build.ps1 +++ b/build.ps1 @@ -33,6 +33,7 @@ if (!(Get-Command 'cargo' -ErrorAction Ignore)) { } } +rustup default stable $BuildToolsPath = "${env:ProgramFiles(x86)}\Microsoft Visual Studio\2022\BuildTools\VC\Tools\MSVC" function Find-LinkExe { @@ -89,6 +90,7 @@ if ($architecture -eq 'current') { $target = Join-Path $PSScriptRoot 'bin' $configuration } else { + rustup target add $architecture $flags += '--target' $flags += $architecture $path = ".\target\$architecture\$configuration" From ce9f6c941e328e4a60ffc8e23a28bfd402c64b5e Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 26 Oct 2023 15:43:35 -0700 Subject: [PATCH 25/67] set location --- .vsts-ci/release.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 1ada8b8f..e59b1926 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -36,7 +36,9 @@ stages: buildName: aarch64-pc-windows-msvc steps: + - checkout: self - pwsh: | + Set-Location "$(Build.SourcesDirectory)/DSC" ./build.ps1 -Release -Architecture $(buildName) displayName: 'Build $(buildName)' condition: succeeded() From ac05f20d5f8f4d50f71aa5e9afe8eee994ef5616 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 26 Oct 2023 15:59:22 -0700 Subject: [PATCH 26/67] add skiplinktest --- .vsts-ci/release.yml | 8 ++++---- build.ps1 | 5 +++-- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index e59b1926..a8c71bca 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -39,7 +39,7 @@ stages: - checkout: self - pwsh: | Set-Location "$(Build.SourcesDirectory)/DSC" - ./build.ps1 -Release -Architecture $(buildName) + ./build.ps1 -Release -Architecture $(buildName) -SkipLinkTest displayName: 'Build $(buildName)' condition: succeeded() - pwsh: | @@ -121,7 +121,7 @@ stages: condition: succeeded() - pwsh: | new-item -itemType Directory -$(System.ArtifactsDirectory)/Packages -Force - tar czf $(System.ArtifactsDirectory)/Packages/x86_64-unknown-linux-gnu.tar.gz $(Build.SourcesDirectory)/bin/$(BuildConfiguration)/x86_64-unknown-linux-gnu . + tar czf $(System.ArtifactsDirectory)/Packages/x86_64-unknown-linux-gnu.tar.gz $(Build.SourcesDirectory)/DSC/bin/$(BuildConfiguration)/x86_64-unknown-linux-gnu . displayName: 'Compress x86_64-unknown-linux-gnu' condition: succeeded() - pwsh: | @@ -142,7 +142,7 @@ stages: condition: succeeded() - pwsh: | new-item -itemType Directory -$(System.ArtifactsDirectory)/Packages -Force - tar czf $(System.ArtifactsDirectory)/Packages/aarch64-unknown-linux-gnu.tar.gz $(Build.SourcesDirectory)/bin/$(BuildConfiguration)/aarch64-unknown-linux-gnu . + tar czf $(System.ArtifactsDirectory)/Packages/aarch64-unknown-linux-gnu.tar.gz $(Build.SourcesDirectory)/DSC/bin/$(BuildConfiguration)/aarch64-unknown-linux-gnu . displayName: 'Compress aarch64-unknown-linux-gnu' condition: succeeded() - pwsh: | @@ -168,7 +168,7 @@ stages: condition: succeeded() - pwsh: | new-item -itemType Directory -$(System.ArtifactsDirectory)/Packages -Force - tar czf $(System.ArtifactsDirectory)/Packages/$(buildName).tar.gz $(Build.SourcesDirectory)/bin/$(BuildConfiguration)/$(buildName) . + tar czf $(System.ArtifactsDirectory)/Packages/$(buildName).tar.gz $(Build.SourcesDirectory)/DSC/bin/$(BuildConfiguration)/$(buildName) . displayName: 'Compress $(buildName)' condition: succeeded() - pwsh: | diff --git a/build.ps1 b/build.ps1 index f7f5eeea..cc6acaeb 100644 --- a/build.ps1 +++ b/build.ps1 @@ -7,7 +7,8 @@ param( $architecture = 'current', [switch]$Clippy, [switch]$Test, - [switch]$GetPackageVersion + [switch]$GetPackageVersion, + [switch]$SkipLinkCheck ) if ($GetPackageVersion) { @@ -51,7 +52,7 @@ function Find-LinkExe { } } -if ($IsWindows -and !(Get-Command 'link.exe' -ErrorAction Ignore)) { +if (!$SkipLinkCheck -and $IsWindows -and !(Get-Command 'link.exe' -ErrorAction Ignore)) { if (!(Test-Path $BuildToolsPath)) { Write-Verbose -Verbose "link.exe not found, installing C++ build tools" Invoke-WebRequest 'https://aka.ms/vs/17/release/vs_BuildTools.exe' -OutFile 'temp:/vs_buildtools.exe' From f3eea09c7e7d0f1b9b96e7108f3a94c9fea54708 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 26 Oct 2023 16:06:37 -0700 Subject: [PATCH 27/67] fix typo --- .vsts-ci/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index a8c71bca..8e4e1202 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -39,7 +39,7 @@ stages: - checkout: self - pwsh: | Set-Location "$(Build.SourcesDirectory)/DSC" - ./build.ps1 -Release -Architecture $(buildName) -SkipLinkTest + ./build.ps1 -Release -Architecture $(buildName) -SkipLinkCheck displayName: 'Build $(buildName)' condition: succeeded() - pwsh: | From 21e63efdcc8d629ac4e3d701fd95ecb6beef1fa3 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Wed, 1 Nov 2023 20:26:06 -0700 Subject: [PATCH 28/67] change to use packagesroot variable --- .vsts-ci/release.yml | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 8e4e1202..534c2745 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -43,14 +43,20 @@ stages: displayName: 'Build $(buildName)' condition: succeeded() - pwsh: | - Set-Location "$(Build.SourcesDirectory)/Package" - $signSrcPath = "$(Build.SourcesDirectory)/Package/out" + New-Item -ItemType Directory -Path "$(PackageRoot)" + New-Item -ItemType Directory -Path "$(PackageRoot)/out" + Copy-Item -Path "$(Build.SourcesDirectory)/DSC/bin/$(BuildConfiguration)/$(buildName)" -Destination "$(PackageRoot)" -Force + displayName: Copy binaries + condition: succeeded() + - pwsh: | + Set-Location "$(PackageRoot)" + $signSrcPath = "$(PackageRoot)/out" # Set signing src path variable $vstsCommandString = "vso[task.setvariable variable=signSrcPath]${signSrcPath}" Write-Host ("sending " + $vstsCommandString) Write-Host "##$vstsCommandString" - $signOutPath = "$(Build.SourcesDirectory)/Package/signed" + $signOutPath = "$(PackageRoot)/signed" $null = New-Item -ItemType Directory -Path $signOutPath # Set signing out path variable $vstsCommandString = "vso[task.setvariable variable=signOutPath]${signOutPath}" @@ -100,11 +106,11 @@ stages: PackageVersion: $(PackageVersion) - pwsh: | - compress-archive -Path "$(Build.SourcesDirectory)/package/signed" -DestinationPath "$(System.ArtifactsDirectory)\Packages\$(buildName).zip" + compress-archive -Path "$(PackageRoot)/signed" -DestinationPath "$(PackageRoot)/$(buildName).zip" displayName: 'Compress $(buildName)' condition: succeeded() - pwsh: | - Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(System.ArtifactsDirectory)\Packages\$(buildName).zip" + Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)\$(buildName).zip" displayName: Upload artifacts condition: succeeded() @@ -120,12 +126,12 @@ stages: displayName: 'Build x86_64-unknown-linux-gnu' condition: succeeded() - pwsh: | - new-item -itemType Directory -$(System.ArtifactsDirectory)/Packages -Force - tar czf $(System.ArtifactsDirectory)/Packages/x86_64-unknown-linux-gnu.tar.gz $(Build.SourcesDirectory)/DSC/bin/$(BuildConfiguration)/x86_64-unknown-linux-gnu . + new-item -itemType Directory $(PackageRoot) -Force + tar czf $(PackageRoot)/x86_64-unknown-linux-gnu.tar.gz $(Build.SourcesDirectory)/DSC/bin/$(BuildConfiguration)/x86_64-unknown-linux-gnu . displayName: 'Compress x86_64-unknown-linux-gnu' condition: succeeded() - pwsh: | - Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(System.ArtifactsDirectory)\Packages\x86_64-unknown-linux-gnu.zip" + Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)\x86_64-unknown-linux-gnu.zip" displayName: Upload artifacts condition: succeeded() @@ -141,12 +147,12 @@ stages: displayName: 'Build aarch64-unknown-linux-gnu' condition: succeeded() - pwsh: | - new-item -itemType Directory -$(System.ArtifactsDirectory)/Packages -Force - tar czf $(System.ArtifactsDirectory)/Packages/aarch64-unknown-linux-gnu.tar.gz $(Build.SourcesDirectory)/DSC/bin/$(BuildConfiguration)/aarch64-unknown-linux-gnu . + new-item -itemType Directory $(PackageRoot) -Force + tar czf $(PackageRoot)/aarch64-unknown-linux-gnu.tar.gz $(Build.SourcesDirectory)/DSC/bin/$(BuildConfiguration)/aarch64-unknown-linux-gnu . displayName: 'Compress aarch64-unknown-linux-gnu' condition: succeeded() - pwsh: | - Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(System.ArtifactsDirectory)\Packages\aarch64-unknown-linux-gnu.zip" + Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)\aarch64-unknown-linux-gnu.zip" displayName: Upload artifacts condition: succeeded() @@ -167,12 +173,12 @@ stages: displayName: 'Build $(buildName)' condition: succeeded() - pwsh: | - new-item -itemType Directory -$(System.ArtifactsDirectory)/Packages -Force - tar czf $(System.ArtifactsDirectory)/Packages/$(buildName).tar.gz $(Build.SourcesDirectory)/DSC/bin/$(BuildConfiguration)/$(buildName) . + new-item -itemType Directory $(PackageRoot) -Force + tar czf $(PackageRoot)/$(buildName).tar.gz $(Build.SourcesDirectory)/DSC/bin/$(BuildConfiguration)/$(buildName) . displayName: 'Compress $(buildName)' condition: succeeded() - pwsh: | - Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(System.ArtifactsDirectory)\Packages\$(buildName).zip" + Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)\$(buildName).zip" displayName: Upload artifacts condition: succeeded() From c60f6f2b0a1c8a3162e5e127e2830f7965f1fce7 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Wed, 1 Nov 2023 20:54:59 -0700 Subject: [PATCH 29/67] switch build config and name --- .vsts-ci/release.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 534c2745..f9bbb3c8 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -45,7 +45,7 @@ stages: - pwsh: | New-Item -ItemType Directory -Path "$(PackageRoot)" New-Item -ItemType Directory -Path "$(PackageRoot)/out" - Copy-Item -Path "$(Build.SourcesDirectory)/DSC/bin/$(BuildConfiguration)/$(buildName)" -Destination "$(PackageRoot)" -Force + Copy-Item -Path "$(Build.SourcesDirectory)/DSC/bin/$(buildName)/$(BuildConfiguration)" -Destination "$(PackageRoot)" -Force displayName: Copy binaries condition: succeeded() - pwsh: | @@ -127,7 +127,7 @@ stages: condition: succeeded() - pwsh: | new-item -itemType Directory $(PackageRoot) -Force - tar czf $(PackageRoot)/x86_64-unknown-linux-gnu.tar.gz $(Build.SourcesDirectory)/DSC/bin/$(BuildConfiguration)/x86_64-unknown-linux-gnu . + tar czf $(PackageRoot)/x86_64-unknown-linux-gnu.tar.gz $(Build.SourcesDirectory)/DSC/bin/x86_64-unknown-linux-gnu/$(BuildConfiguration) . displayName: 'Compress x86_64-unknown-linux-gnu' condition: succeeded() - pwsh: | @@ -148,7 +148,7 @@ stages: condition: succeeded() - pwsh: | new-item -itemType Directory $(PackageRoot) -Force - tar czf $(PackageRoot)/aarch64-unknown-linux-gnu.tar.gz $(Build.SourcesDirectory)/DSC/bin/$(BuildConfiguration)/aarch64-unknown-linux-gnu . + tar czf $(PackageRoot)/aarch64-unknown-linux-gnu.tar.gz $(Build.SourcesDirectory)/DSC/bin/aarch64-unknown-linux-gnu/$(BuildConfiguration) . displayName: 'Compress aarch64-unknown-linux-gnu' condition: succeeded() - pwsh: | @@ -174,7 +174,7 @@ stages: condition: succeeded() - pwsh: | new-item -itemType Directory $(PackageRoot) -Force - tar czf $(PackageRoot)/$(buildName).tar.gz $(Build.SourcesDirectory)/DSC/bin/$(BuildConfiguration)/$(buildName) . + tar czf $(PackageRoot)/$(buildName).tar.gz $(Build.SourcesDirectory)/DSC/bin/$(buildName)/$(BuildConfiguration)/ . displayName: 'Compress $(buildName)' condition: succeeded() - pwsh: | From 855f10b064c269a3c3b2af1821a5901c392657a7 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Wed, 1 Nov 2023 21:27:34 -0700 Subject: [PATCH 30/67] fix paths --- .vsts-ci/release.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index f9bbb3c8..397483f1 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -27,7 +27,7 @@ stages: name: PowerShell1ES demands: - ImageOverride -equals PSMMS2019-Rust-Secure - displayName: Windows + displayName: Build strategy: matrix: Windows x64: @@ -68,7 +68,7 @@ stages: Write-Host "sending " + $vstsCommandString Write-Host "##$vstsCommandString" - $packageVersion = ./build.ps1 -GetPackageVersion + $packageVersion = $(Build.SourcesDirectory)/DSC/build.ps1 -GetPackageVersion $vstsCommandString = "vso[task.setvariable variable=PackageVersion]$packageVersion" Write-Host ("sending " + $vstsCommandString) Write-Host "##$vstsCommandString" @@ -115,7 +115,7 @@ stages: condition: succeeded() - job: BuildLinux - displayName: Linux + displayName: Linux-gnu pool: name: PowerShell1ES demands: @@ -127,7 +127,7 @@ stages: condition: succeeded() - pwsh: | new-item -itemType Directory $(PackageRoot) -Force - tar czf $(PackageRoot)/x86_64-unknown-linux-gnu.tar.gz $(Build.SourcesDirectory)/DSC/bin/x86_64-unknown-linux-gnu/$(BuildConfiguration) . + tar czf $(PackageRoot)/x86_64-unknown-linux-gnu.tar.gz $(Build.SourcesDirectory)/bin/x86_64-unknown-linux-gnu/$(BuildConfiguration) . displayName: 'Compress x86_64-unknown-linux-gnu' condition: succeeded() - pwsh: | @@ -136,7 +136,7 @@ stages: condition: succeeded() - job: BuildLinuxArm64 - displayName: Linux ARM64 + displayName: Linux-ARM64-gnu pool: name: ps-powershell-rel-arm demands: @@ -148,7 +148,7 @@ stages: condition: succeeded() - pwsh: | new-item -itemType Directory $(PackageRoot) -Force - tar czf $(PackageRoot)/aarch64-unknown-linux-gnu.tar.gz $(Build.SourcesDirectory)/DSC/bin/aarch64-unknown-linux-gnu/$(BuildConfiguration) . + tar czf $(PackageRoot)/aarch64-unknown-linux-gnu.tar.gz $(Build.SourcesDirectory)/bin/aarch64-unknown-linux-gnu/$(BuildConfiguration) . displayName: 'Compress aarch64-unknown-linux-gnu' condition: succeeded() - pwsh: | @@ -158,7 +158,7 @@ stages: - job: BuildMac - displayName: Build Native Binaries on macOS + displayName: Build pool: vmImage: macOS-Latest strategy: @@ -174,7 +174,7 @@ stages: condition: succeeded() - pwsh: | new-item -itemType Directory $(PackageRoot) -Force - tar czf $(PackageRoot)/$(buildName).tar.gz $(Build.SourcesDirectory)/DSC/bin/$(buildName)/$(BuildConfiguration)/ . + tar czf $(PackageRoot)/$(buildName).tar.gz $(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration)/ . displayName: 'Compress $(buildName)' condition: succeeded() - pwsh: | From 33ce989167c0a6315bb3ba793d96d8a434713a65 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Wed, 1 Nov 2023 22:12:02 -0700 Subject: [PATCH 31/67] fix linux/mac extension and use $psscriptroot in build --- .vsts-ci/release.yml | 6 +++--- build.ps1 | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 397483f1..4e0f4851 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -131,7 +131,7 @@ stages: displayName: 'Compress x86_64-unknown-linux-gnu' condition: succeeded() - pwsh: | - Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)\x86_64-unknown-linux-gnu.zip" + Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/x86_64-unknown-linux-gnu.tar.gz" displayName: Upload artifacts condition: succeeded() @@ -152,7 +152,7 @@ stages: displayName: 'Compress aarch64-unknown-linux-gnu' condition: succeeded() - pwsh: | - Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)\aarch64-unknown-linux-gnu.zip" + Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/aarch64-unknown-linux-gnu.tar.gz" displayName: Upload artifacts condition: succeeded() @@ -178,7 +178,7 @@ stages: displayName: 'Compress $(buildName)' condition: succeeded() - pwsh: | - Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)\$(buildName).zip" + Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/$(buildName).tar.gz" displayName: Upload artifacts condition: succeeded() diff --git a/build.ps1 b/build.ps1 index cc6acaeb..8be253f3 100644 --- a/build.ps1 +++ b/build.ps1 @@ -12,7 +12,7 @@ param( ) if ($GetPackageVersion) { - $match = Select-String -Path ./dsc/Cargo.toml -Pattern '^version\s*=\s*"(?.*?)"$' + $match = Select-String -Path $PSScriptRoot/dsc/Cargo.toml -Pattern '^version\s*=\s*"(?.*?)"$' if ($null -eq $match) { throw 'Unable to find version in Cargo.toml' } From 35c02b85eeb57fcd5b7832b37fc02279491733ae Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 2 Nov 2023 06:34:14 -0700 Subject: [PATCH 32/67] update publish folder --- .vsts-ci/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 4e0f4851..3173706c 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -74,7 +74,7 @@ stages: Write-Host "##$vstsCommandString" displayName: Setup variables for signing - - publish: "$(Build.SourcesDirectory)/Package/out/" + - publish: "$(PackageRoot)/out" artifact: out displayName: Publish unsigned files From 8896d1810f69e7dbba54ed192a5610f1b4647045 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 2 Nov 2023 14:15:57 -0700 Subject: [PATCH 33/67] rename build to include architecture --- .vsts-ci/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 3173706c..b2304a33 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -115,7 +115,7 @@ stages: condition: succeeded() - job: BuildLinux - displayName: Linux-gnu + displayName: Linux-x64-gnu pool: name: PowerShell1ES demands: From 43f5008a9b23126f34514ad6f503a5d5bc76c1b9 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 2 Nov 2023 15:37:14 -0700 Subject: [PATCH 34/67] fix SBOM path --- .vsts-ci/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index b2304a33..4a82e20a 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -100,7 +100,7 @@ stages: - template: Sbom.yml@ComplianceRepo parameters: - BuildDropPath: $(Build.SourcesDirectory)/package/signed + BuildDropPath: $(PackageRoot)/signed Build_Repository_Uri: 'https://github.com/powershell/DSC' PackageName: 'DSC' PackageVersion: $(PackageVersion) From 983b38ce18af56d855ead0605845753ef8a18ccc Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 2 Nov 2023 18:00:16 -0700 Subject: [PATCH 35/67] fix paths --- .vsts-ci/release.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 4a82e20a..ae5f1928 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -43,9 +43,9 @@ stages: displayName: 'Build $(buildName)' condition: succeeded() - pwsh: | - New-Item -ItemType Directory -Path "$(PackageRoot)" - New-Item -ItemType Directory -Path "$(PackageRoot)/out" - Copy-Item -Path "$(Build.SourcesDirectory)/DSC/bin/$(buildName)/$(BuildConfiguration)" -Destination "$(PackageRoot)" -Force + $null = New-Item -ItemType Directory -Path "$(PackageRoot)" + $null = New-Item -ItemType Directory -Path "$(PackageRoot)/out" + Copy-Item -Path "$(Build.SourcesDirectory)/DSC/bin/$(buildName)/$(BuildConfiguration)/*" -Destination "$(PackageRoot)/out" -Verbose -Force displayName: Copy binaries condition: succeeded() - pwsh: | @@ -106,7 +106,7 @@ stages: PackageVersion: $(PackageVersion) - pwsh: | - compress-archive -Path "$(PackageRoot)/signed" -DestinationPath "$(PackageRoot)/$(buildName).zip" + compress-archive -Path "$(PackageRoot)/signed/*" -DestinationPath "$(PackageRoot)/$(buildName).zip" displayName: 'Compress $(buildName)' condition: succeeded() - pwsh: | From 4b3b02d6d258e074ee873c67f7ca8d897b27b0a7 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Fri, 3 Nov 2023 15:41:24 -0700 Subject: [PATCH 36/67] separate out to builds --- .vsts-ci/release.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index ae5f1928..35aa101a 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -43,14 +43,15 @@ stages: displayName: 'Build $(buildName)' condition: succeeded() - pwsh: | - $null = New-Item -ItemType Directory -Path "$(PackageRoot)" - $null = New-Item -ItemType Directory -Path "$(PackageRoot)/out" - Copy-Item -Path "$(Build.SourcesDirectory)/DSC/bin/$(buildName)/$(BuildConfiguration)/*" -Destination "$(PackageRoot)/out" -Verbose -Force + $null = New-Item -ItemType Directory -Path "$(PackageRoot)" -ErrorAction Ignore + $null = New-Item -ItemType Directory -Path "$(PackageRoot)/out" -ErrorAction Ignore + $null = New-Item -ItemType Directory -Path "$(PackageRoot)/out/$(buildName)" + Copy-Item -Path "$(Build.SourcesDirectory)/DSC/bin/$(buildName)/$(BuildConfiguration)/*" -Destination "$(PackageRoot)/out/$(buildName)" -Verbose -Force displayName: Copy binaries condition: succeeded() - pwsh: | Set-Location "$(PackageRoot)" - $signSrcPath = "$(PackageRoot)/out" + $signSrcPath = "$(PackageRoot)/out/$(buildName)" # Set signing src path variable $vstsCommandString = "vso[task.setvariable variable=signSrcPath]${signSrcPath}" Write-Host ("sending " + $vstsCommandString) From 70d5dfad989e3a607763571d193ad00c642c88fe Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Fri, 3 Nov 2023 16:23:10 -0700 Subject: [PATCH 37/67] separate out builds --- .vsts-ci/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 35aa101a..86e5eac7 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -75,7 +75,7 @@ stages: Write-Host "##$vstsCommandString" displayName: Setup variables for signing - - publish: "$(PackageRoot)/out" + - publish: "$(PackageRoot)/out/$(buildName)" artifact: out displayName: Publish unsigned files From 93e23526b7ea165ab256df6b073b070c0157c86a Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Tue, 7 Nov 2023 13:14:36 -0800 Subject: [PATCH 38/67] publish all of out folder --- .vsts-ci/release.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 86e5eac7..8518bfae 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -45,8 +45,8 @@ stages: - pwsh: | $null = New-Item -ItemType Directory -Path "$(PackageRoot)" -ErrorAction Ignore $null = New-Item -ItemType Directory -Path "$(PackageRoot)/out" -ErrorAction Ignore - $null = New-Item -ItemType Directory -Path "$(PackageRoot)/out/$(buildName)" - Copy-Item -Path "$(Build.SourcesDirectory)/DSC/bin/$(buildName)/$(BuildConfiguration)/*" -Destination "$(PackageRoot)/out/$(buildName)" -Verbose -Force + $outPath = New-Item -ItemType Directory -Path "$(PackageRoot)/out/$(buildName)" -ErrorAction Ignore + Copy-Item -Path "$(Build.SourcesDirectory)/DSC/bin/$(buildName)/$(BuildConfiguration)/*" -Destination $outPath -Verbose -Force displayName: Copy binaries condition: succeeded() - pwsh: | @@ -75,7 +75,7 @@ stages: Write-Host "##$vstsCommandString" displayName: Setup variables for signing - - publish: "$(PackageRoot)/out/$(buildName)" + - publish: "$(PackageRoot)/out" artifact: out displayName: Publish unsigned files From 5b573655e323fd6bcb6015a11033f857fbaeeba1 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 9 Nov 2023 09:06:37 -0800 Subject: [PATCH 39/67] remove publish unsigned --- .vsts-ci/release.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 8518bfae..81f3c603 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -75,10 +75,9 @@ stages: Write-Host "##$vstsCommandString" displayName: Setup variables for signing - - publish: "$(PackageRoot)/out" - artifact: out - - displayName: Publish unsigned files +# - publish: "$(PackageRoot)/out" +# artifact: out +# displayName: Publish unsigned files - checkout: ComplianceRepo From c54672b8e54ff43ab64f5cd8063bfd264cf22595 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 9 Nov 2023 11:37:05 -0800 Subject: [PATCH 40/67] fix name of packages --- .vsts-ci/release.yml | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 81f3c603..0b3a8440 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -75,10 +75,6 @@ stages: Write-Host "##$vstsCommandString" displayName: Setup variables for signing -# - publish: "$(PackageRoot)/out" -# artifact: out -# displayName: Publish unsigned files - - checkout: ComplianceRepo - template: EsrpSign.yml@ComplianceRepo @@ -106,11 +102,11 @@ stages: PackageVersion: $(PackageVersion) - pwsh: | - compress-archive -Path "$(PackageRoot)/signed/*" -DestinationPath "$(PackageRoot)/$(buildName).zip" + compress-archive -Path "$(PackageRoot)/signed/*" -DestinationPath "$(PackageRoot)/DSC-${packageVersion}-$(buildName).zip" displayName: 'Compress $(buildName)' condition: succeeded() - pwsh: | - Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)\$(buildName).zip" + Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)\DSC-${packageVersion}-$(buildName).zip" displayName: Upload artifacts condition: succeeded() @@ -127,11 +123,12 @@ stages: condition: succeeded() - pwsh: | new-item -itemType Directory $(PackageRoot) -Force - tar czf $(PackageRoot)/x86_64-unknown-linux-gnu.tar.gz $(Build.SourcesDirectory)/bin/x86_64-unknown-linux-gnu/$(BuildConfiguration) . + $packageVersion = $(Build.SourcesDirectory)/DSC/build.ps1 -GetPackageVersion + tar czf $(PackageRoot)/DSC-${packageVersion}-x86_64-unknown-linux-gnu.tar.gz $(Build.SourcesDirectory)/bin/x86_64-unknown-linux-gnu/$(BuildConfiguration) . displayName: 'Compress x86_64-unknown-linux-gnu' condition: succeeded() - pwsh: | - Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/x86_64-unknown-linux-gnu.tar.gz" + Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-${packageVersion}-x86_64-unknown-linux-gnu.tar.gz" displayName: Upload artifacts condition: succeeded() @@ -148,6 +145,7 @@ stages: condition: succeeded() - pwsh: | new-item -itemType Directory $(PackageRoot) -Force + $packageVersion = $(Build.SourcesDirectory)/DSC/build.ps1 -GetPackageVersion tar czf $(PackageRoot)/aarch64-unknown-linux-gnu.tar.gz $(Build.SourcesDirectory)/bin/aarch64-unknown-linux-gnu/$(BuildConfiguration) . displayName: 'Compress aarch64-unknown-linux-gnu' condition: succeeded() @@ -174,11 +172,12 @@ stages: condition: succeeded() - pwsh: | new-item -itemType Directory $(PackageRoot) -Force - tar czf $(PackageRoot)/$(buildName).tar.gz $(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration)/ . + $packageVersion = $(Build.SourcesDirectory)/DSC/build.ps1 -GetPackageVersion + tar czf DSC-${packageVersion}-$(PackageRoot)/$(buildName).tar.gz $(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration)/ . displayName: 'Compress $(buildName)' condition: succeeded() - pwsh: | - Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/$(buildName).tar.gz" + Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-${packageVersion}-$(buildName).tar.gz" displayName: Upload artifacts condition: succeeded() @@ -210,7 +209,7 @@ stages: - template: assembly-module-compliance.yml@ComplianceRepo parameters: # binskim - AnalyzeTarget: '$(Pipeline.Workspace)/uncompressed/*.exe' + AnalyzeTarget: '$(Build.SourcesDirectory)/DSC/bin/x86_64-pc-windows-msvc/release/*.exe' #'$(Pipeline.Workspace)/uncompressed/*.exe' AnalyzeSymPath: 'SRV*' # component-governance sourceScanPath: '$(Build.SourcesDirectory)/DSC' @@ -223,7 +222,7 @@ stages: codeBaseName: 'DSC' # selections softwareName: 'DSC' - softwareNameFolder: '$(Pipeline.Workspace)/uncompressed' + softwareNameFolder: '$(Build.SourcesDirectory)/DSC/bin/x86_64-pc-windows-msvc/release' #'$(Pipeline.Workspace)/uncompressed' softwareVersion: '$(PackageVersion)' connectionString: RunAs=App;AppId=$(APIScanClient);TenantId=$(APIScanTenant);AppKey=$(APIScanSecret) APIScan: true # set to false when not using Windows APIs. From 298f47d5867314412d277e262bc1d393711c9526 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 9 Nov 2023 11:55:08 -0800 Subject: [PATCH 41/67] fix path to build.ps1 on non-Windows --- .vsts-ci/release.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 0b3a8440..06c4e362 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -123,7 +123,7 @@ stages: condition: succeeded() - pwsh: | new-item -itemType Directory $(PackageRoot) -Force - $packageVersion = $(Build.SourcesDirectory)/DSC/build.ps1 -GetPackageVersion + $packageVersion = ./build.ps1 -GetPackageVersion tar czf $(PackageRoot)/DSC-${packageVersion}-x86_64-unknown-linux-gnu.tar.gz $(Build.SourcesDirectory)/bin/x86_64-unknown-linux-gnu/$(BuildConfiguration) . displayName: 'Compress x86_64-unknown-linux-gnu' condition: succeeded() @@ -145,7 +145,7 @@ stages: condition: succeeded() - pwsh: | new-item -itemType Directory $(PackageRoot) -Force - $packageVersion = $(Build.SourcesDirectory)/DSC/build.ps1 -GetPackageVersion + $packageVersion = ./build.ps1 -GetPackageVersion tar czf $(PackageRoot)/aarch64-unknown-linux-gnu.tar.gz $(Build.SourcesDirectory)/bin/aarch64-unknown-linux-gnu/$(BuildConfiguration) . displayName: 'Compress aarch64-unknown-linux-gnu' condition: succeeded() @@ -172,7 +172,7 @@ stages: condition: succeeded() - pwsh: | new-item -itemType Directory $(PackageRoot) -Force - $packageVersion = $(Build.SourcesDirectory)/DSC/build.ps1 -GetPackageVersion + $packageVersion = ./build.ps1 -GetPackageVersion tar czf DSC-${packageVersion}-$(PackageRoot)/$(buildName).tar.gz $(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration)/ . displayName: 'Compress $(buildName)' condition: succeeded() From bceb83bdccf689a6a929aed413bc1f8cfaa632f2 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 9 Nov 2023 12:09:29 -0800 Subject: [PATCH 42/67] fix files included in tgz --- .vsts-ci/release.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 06c4e362..98a5932f 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -124,7 +124,7 @@ stages: - pwsh: | new-item -itemType Directory $(PackageRoot) -Force $packageVersion = ./build.ps1 -GetPackageVersion - tar czf $(PackageRoot)/DSC-${packageVersion}-x86_64-unknown-linux-gnu.tar.gz $(Build.SourcesDirectory)/bin/x86_64-unknown-linux-gnu/$(BuildConfiguration) . + tar czf $(PackageRoot)/DSC-${packageVersion}-x86_64-unknown-linux-gnu.tar.gz $(Build.SourcesDirectory)/bin/x86_64-unknown-linux-gnu/$(BuildConfiguration)/* displayName: 'Compress x86_64-unknown-linux-gnu' condition: succeeded() - pwsh: | @@ -146,7 +146,7 @@ stages: - pwsh: | new-item -itemType Directory $(PackageRoot) -Force $packageVersion = ./build.ps1 -GetPackageVersion - tar czf $(PackageRoot)/aarch64-unknown-linux-gnu.tar.gz $(Build.SourcesDirectory)/bin/aarch64-unknown-linux-gnu/$(BuildConfiguration) . + tar czf $(PackageRoot)/aarch64-unknown-linux-gnu.tar.gz $(Build.SourcesDirectory)/bin/aarch64-unknown-linux-gnu/$(BuildConfiguration)* displayName: 'Compress aarch64-unknown-linux-gnu' condition: succeeded() - pwsh: | @@ -173,7 +173,7 @@ stages: - pwsh: | new-item -itemType Directory $(PackageRoot) -Force $packageVersion = ./build.ps1 -GetPackageVersion - tar czf DSC-${packageVersion}-$(PackageRoot)/$(buildName).tar.gz $(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration)/ . + tar czf DSC-${packageVersion}-$(PackageRoot)/$(buildName).tar.gz $(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration)/* displayName: 'Compress $(buildName)' condition: succeeded() - pwsh: | From a7403fa82032064d317b94752400385a786842d5 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 9 Nov 2023 12:24:42 -0800 Subject: [PATCH 43/67] fix getting packageversion to upload --- .vsts-ci/release.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 98a5932f..b859b713 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -124,11 +124,13 @@ stages: - pwsh: | new-item -itemType Directory $(PackageRoot) -Force $packageVersion = ./build.ps1 -GetPackageVersion - tar czf $(PackageRoot)/DSC-${packageVersion}-x86_64-unknown-linux-gnu.tar.gz $(Build.SourcesDirectory)/bin/x86_64-unknown-linux-gnu/$(BuildConfiguration)/* + Write-Verbose -Verbose $packageVersion + tar czf $(PackageRoot)/DSC-$packageVersion-x86_64-unknown-linux-gnu.tar.gz $(Build.SourcesDirectory)/bin/x86_64-unknown-linux-gnu/$(BuildConfiguration)/* displayName: 'Compress x86_64-unknown-linux-gnu' condition: succeeded() - pwsh: | - Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-${packageVersion}-x86_64-unknown-linux-gnu.tar.gz" + $packageVersion = ./build.ps1 -GetPackageVersion + Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$packageVersion-x86_64-unknown-linux-gnu.tar.gz" displayName: Upload artifacts condition: succeeded() @@ -146,11 +148,12 @@ stages: - pwsh: | new-item -itemType Directory $(PackageRoot) -Force $packageVersion = ./build.ps1 -GetPackageVersion - tar czf $(PackageRoot)/aarch64-unknown-linux-gnu.tar.gz $(Build.SourcesDirectory)/bin/aarch64-unknown-linux-gnu/$(BuildConfiguration)* + tar czf $(PackageRoot)/DSC-$packageVersion-aarch64-unknown-linux-gnu.tar.gz $(Build.SourcesDirectory)/bin/aarch64-unknown-linux-gnu/$(BuildConfiguration)* displayName: 'Compress aarch64-unknown-linux-gnu' condition: succeeded() - pwsh: | - Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/aarch64-unknown-linux-gnu.tar.gz" + $packageVersion = ./build.ps1 -GetPackageVersion + Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$packageVersion-aarch64-unknown-linux-gnu.tar.gz" displayName: Upload artifacts condition: succeeded() @@ -177,6 +180,7 @@ stages: displayName: 'Compress $(buildName)' condition: succeeded() - pwsh: | + $packageVersion = ./build.ps1 -GetPackageVersion Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-${packageVersion}-$(buildName).tar.gz" displayName: Upload artifacts condition: succeeded() From 78f3b0e61393aaf96e4cdaf99f30653398ff383f Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 9 Nov 2023 12:53:02 -0800 Subject: [PATCH 44/67] fix mac packageing --- .vsts-ci/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index b859b713..4ea9f36a 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -176,12 +176,12 @@ stages: - pwsh: | new-item -itemType Directory $(PackageRoot) -Force $packageVersion = ./build.ps1 -GetPackageVersion - tar czf DSC-${packageVersion}-$(PackageRoot)/$(buildName).tar.gz $(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration)/* + tar czf $(PackageRoot)/DSC-$packageVersion-$(buildName).tar.gz $(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration)/* displayName: 'Compress $(buildName)' condition: succeeded() - pwsh: | $packageVersion = ./build.ps1 -GetPackageVersion - Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-${packageVersion}-$(buildName).tar.gz" + Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$packageVersion-$(buildName).tar.gz" displayName: Upload artifacts condition: succeeded() From e19e58df3f540b4ad470a7809997d170a373e5ee Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 9 Nov 2023 13:22:06 -0800 Subject: [PATCH 45/67] fix tar to not include path --- .vsts-ci/release.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 4ea9f36a..68cb7045 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -125,7 +125,7 @@ stages: new-item -itemType Directory $(PackageRoot) -Force $packageVersion = ./build.ps1 -GetPackageVersion Write-Verbose -Verbose $packageVersion - tar czf $(PackageRoot)/DSC-$packageVersion-x86_64-unknown-linux-gnu.tar.gz $(Build.SourcesDirectory)/bin/x86_64-unknown-linux-gnu/$(BuildConfiguration)/* + tar czf $(PackageRoot)/DSC-$packageVersion-x86_64-unknown-linux-gnu.tar.gz -C $(Build.SourcesDirectory)/bin/x86_64-unknown-linux-gnu/$(BuildConfiguration) . displayName: 'Compress x86_64-unknown-linux-gnu' condition: succeeded() - pwsh: | @@ -148,7 +148,7 @@ stages: - pwsh: | new-item -itemType Directory $(PackageRoot) -Force $packageVersion = ./build.ps1 -GetPackageVersion - tar czf $(PackageRoot)/DSC-$packageVersion-aarch64-unknown-linux-gnu.tar.gz $(Build.SourcesDirectory)/bin/aarch64-unknown-linux-gnu/$(BuildConfiguration)* + tar czf $(PackageRoot)/DSC-$packageVersion-aarch64-unknown-linux-gnu.tar.gz -C $(Build.SourcesDirectory)/bin/aarch64-unknown-linux-gnu/$(BuildConfiguration) . displayName: 'Compress aarch64-unknown-linux-gnu' condition: succeeded() - pwsh: | @@ -176,7 +176,7 @@ stages: - pwsh: | new-item -itemType Directory $(PackageRoot) -Force $packageVersion = ./build.ps1 -GetPackageVersion - tar czf $(PackageRoot)/DSC-$packageVersion-$(buildName).tar.gz $(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration)/* + tar czf $(PackageRoot)/DSC-$packageVersion-$(buildName).tar.gz -C $(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration) . displayName: 'Compress $(buildName)' condition: succeeded() - pwsh: | From 1003f8f625c6ad7468c3415bbfa2dcd115da7a08 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 9 Nov 2023 14:08:22 -0800 Subject: [PATCH 46/67] add SBOM to linux/mac --- .vsts-ci/release.yml | 43 ++++++++++++++++++++++++++++++------------- 1 file changed, 30 insertions(+), 13 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 68cb7045..ace1f313 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -119,18 +119,23 @@ stages: steps: - pwsh: | ./build.ps1 -Release -Architecture x86_64-unknown-linux-gnu + $packageVersion = ./build.ps1 -GetPackageVersion + $vstsCommandString = "vso[task.setvariable variable=PackageVersion]$packageVersion" displayName: 'Build x86_64-unknown-linux-gnu' condition: succeeded() + - template: Sbom.yml@ComplianceRepo + parameters: + BuildDropPath: $(Build.SourcesDirectory)/bin/x86_64-unknown-linux-gnu/$(BuildConfiguration) + Build_Repository_Uri: 'https://github.com/powershell/DSC' + PackageName: 'DSC' + PackageVersion: $(PackageVersion) - pwsh: | new-item -itemType Directory $(PackageRoot) -Force - $packageVersion = ./build.ps1 -GetPackageVersion - Write-Verbose -Verbose $packageVersion - tar czf $(PackageRoot)/DSC-$packageVersion-x86_64-unknown-linux-gnu.tar.gz -C $(Build.SourcesDirectory)/bin/x86_64-unknown-linux-gnu/$(BuildConfiguration) . + tar czf $(PackageRoot)/DSC-$(PackageVersion)-x86_64-unknown-linux-gnu.tar.gz -C $(Build.SourcesDirectory)/bin/x86_64-unknown-linux-gnu/$(BuildConfiguration) . displayName: 'Compress x86_64-unknown-linux-gnu' condition: succeeded() - pwsh: | - $packageVersion = ./build.ps1 -GetPackageVersion - Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$packageVersion-x86_64-unknown-linux-gnu.tar.gz" + Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$(PackageVersion)-x86_64-unknown-linux-gnu.tar.gz" displayName: Upload artifacts condition: succeeded() @@ -143,17 +148,23 @@ stages: steps: - pwsh: | ./build.ps1 -Release -Architecture aarch64-unknown-linux-gnu + $packageVersion = ./build.ps1 -GetPackageVersion + $vstsCommandString = "vso[task.setvariable variable=PackageVersion]$packageVersion" displayName: 'Build aarch64-unknown-linux-gnu' condition: succeeded() + - template: Sbom.yml@ComplianceRepo + parameters: + BuildDropPath: $(Build.SourcesDirectory)/bin/aarch64-unknown-linux-gnu/$(BuildConfiguration) + Build_Repository_Uri: 'https://github.com/powershell/DSC' + PackageName: 'DSC' + PackageVersion: $(PackageVersion) - pwsh: | new-item -itemType Directory $(PackageRoot) -Force - $packageVersion = ./build.ps1 -GetPackageVersion - tar czf $(PackageRoot)/DSC-$packageVersion-aarch64-unknown-linux-gnu.tar.gz -C $(Build.SourcesDirectory)/bin/aarch64-unknown-linux-gnu/$(BuildConfiguration) . + tar czf $(PackageRoot)/DSC-$(PackageVersion)-aarch64-unknown-linux-gnu.tar.gz -C $(Build.SourcesDirectory)/bin/aarch64-unknown-linux-gnu/$(BuildConfiguration) . displayName: 'Compress aarch64-unknown-linux-gnu' condition: succeeded() - pwsh: | - $packageVersion = ./build.ps1 -GetPackageVersion - Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$packageVersion-aarch64-unknown-linux-gnu.tar.gz" + Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$(PackageVersion)-aarch64-unknown-linux-gnu.tar.gz" displayName: Upload artifacts condition: succeeded() @@ -171,17 +182,23 @@ stages: steps: - pwsh: | ./build.ps1 -Release -Architecture $(buildName) + $packageVersion = ./build.ps1 -GetPackageVersion + $vstsCommandString = "vso[task.setvariable variable=PackageVersion]$packageVersion" displayName: 'Build $(buildName)' condition: succeeded() + - template: Sbom.yml@ComplianceRepo + parameters: + BuildDropPath: $(Build.SourcesDirectory)/bin/aarch64-unknown-linux-gnu/$(BuildConfiguration) + Build_Repository_Uri: 'https://github.com/powershell/DSC' + PackageName: 'DSC' + PackageVersion: $(PackageVersion) - pwsh: | new-item -itemType Directory $(PackageRoot) -Force - $packageVersion = ./build.ps1 -GetPackageVersion - tar czf $(PackageRoot)/DSC-$packageVersion-$(buildName).tar.gz -C $(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration) . + tar czf $(PackageRoot)/DSC-$(PackageVersion)-$(buildName).tar.gz -C $(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration) . displayName: 'Compress $(buildName)' condition: succeeded() - pwsh: | - $packageVersion = ./build.ps1 -GetPackageVersion - Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$packageVersion-$(buildName).tar.gz" + Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$(PackageVersion)-$(buildName).tar.gz" displayName: Upload artifacts condition: succeeded() From 161018f53963f256f2da227035077c8e7278693b Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 9 Nov 2023 14:24:19 -0800 Subject: [PATCH 47/67] change npm to not install optional --- tree-sitter-dscexpression/build.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tree-sitter-dscexpression/build.ps1 b/tree-sitter-dscexpression/build.ps1 index b90332be..e91251fd 100644 --- a/tree-sitter-dscexpression/build.ps1 +++ b/tree-sitter-dscexpression/build.ps1 @@ -27,7 +27,7 @@ if ($null -eq (Get-Command npm -ErrorAction Ignore)) { npm list tree-sitter-cli if ($LASTEXITCODE -ne 0) { - npm install tree-sitter-cli + npm install tree-sitter-cli --no-optional } Invoke-NativeCommand 'npx tree-sitter generate' From 52f98d6fdfdf7c9cf6d338ed3b0576742d204abd Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 9 Nov 2023 14:27:20 -0800 Subject: [PATCH 48/67] fix tar filepath and macos sbom --- .vsts-ci/release.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index ace1f313..fad06f60 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -131,7 +131,7 @@ stages: PackageVersion: $(PackageVersion) - pwsh: | new-item -itemType Directory $(PackageRoot) -Force - tar czf $(PackageRoot)/DSC-$(PackageVersion)-x86_64-unknown-linux-gnu.tar.gz -C $(Build.SourcesDirectory)/bin/x86_64-unknown-linux-gnu/$(BuildConfiguration) . + tar czf '$(PackageRoot)/DSC-$(PackageVersion)-x86_64-unknown-linux-gnu.tar.gz' -C $(Build.SourcesDirectory)/bin/x86_64-unknown-linux-gnu/$(BuildConfiguration) . displayName: 'Compress x86_64-unknown-linux-gnu' condition: succeeded() - pwsh: | @@ -160,7 +160,7 @@ stages: PackageVersion: $(PackageVersion) - pwsh: | new-item -itemType Directory $(PackageRoot) -Force - tar czf $(PackageRoot)/DSC-$(PackageVersion)-aarch64-unknown-linux-gnu.tar.gz -C $(Build.SourcesDirectory)/bin/aarch64-unknown-linux-gnu/$(BuildConfiguration) . + tar czf '$(PackageRoot)/DSC-$(PackageVersion)-aarch64-unknown-linux-gnu.tar.gz' -C $(Build.SourcesDirectory)/bin/aarch64-unknown-linux-gnu/$(BuildConfiguration) . displayName: 'Compress aarch64-unknown-linux-gnu' condition: succeeded() - pwsh: | @@ -188,13 +188,13 @@ stages: condition: succeeded() - template: Sbom.yml@ComplianceRepo parameters: - BuildDropPath: $(Build.SourcesDirectory)/bin/aarch64-unknown-linux-gnu/$(BuildConfiguration) + BuildDropPath: $(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration) Build_Repository_Uri: 'https://github.com/powershell/DSC' PackageName: 'DSC' PackageVersion: $(PackageVersion) - pwsh: | new-item -itemType Directory $(PackageRoot) -Force - tar czf $(PackageRoot)/DSC-$(PackageVersion)-$(buildName).tar.gz -C $(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration) . + tar czf '$(PackageRoot)/DSC-$(PackageVersion)-$(buildName).tar.gz' -C $(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration) . displayName: 'Compress $(buildName)' condition: succeeded() - pwsh: | From f283fe251707fa734e448b7306f3d73ad6c925e8 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 9 Nov 2023 14:49:44 -0800 Subject: [PATCH 49/67] update use of packageversion --- .vsts-ci/release.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index fad06f60..cb764cf6 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -135,7 +135,7 @@ stages: displayName: 'Compress x86_64-unknown-linux-gnu' condition: succeeded() - pwsh: | - Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$(PackageVersion)-x86_64-unknown-linux-gnu.tar.gz" + Write-Host '##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$(PackageVersion)-x86_64-unknown-linux-gnu.tar.gz' displayName: Upload artifacts condition: succeeded() @@ -164,7 +164,7 @@ stages: displayName: 'Compress aarch64-unknown-linux-gnu' condition: succeeded() - pwsh: | - Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$(PackageVersion)-aarch64-unknown-linux-gnu.tar.gz" + Write-Host '##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$(PackageVersion)-aarch64-unknown-linux-gnu.tar.gz' displayName: Upload artifacts condition: succeeded() @@ -198,7 +198,8 @@ stages: displayName: 'Compress $(buildName)' condition: succeeded() - pwsh: | - Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$(PackageVersion)-$(buildName).tar.gz" + $packageVersion = '$(PackageVersion)' + Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$packageVersion-$(buildName).tar.gz" displayName: Upload artifacts condition: succeeded() From 79538026eedd2d55c03e3e268cd119a478cb6004 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 9 Nov 2023 14:52:21 -0800 Subject: [PATCH 50/67] switch to npm ci --- tree-sitter-dscexpression/build.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tree-sitter-dscexpression/build.ps1 b/tree-sitter-dscexpression/build.ps1 index e91251fd..16badd6a 100644 --- a/tree-sitter-dscexpression/build.ps1 +++ b/tree-sitter-dscexpression/build.ps1 @@ -27,7 +27,7 @@ if ($null -eq (Get-Command npm -ErrorAction Ignore)) { npm list tree-sitter-cli if ($LASTEXITCODE -ne 0) { - npm install tree-sitter-cli --no-optional + npm ci tree-sitter-cli --no-optional } Invoke-NativeCommand 'npx tree-sitter generate' From 9cc526cbb9ae494867a81cfc3257023d7e5b8281 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Thu, 9 Nov 2023 16:18:16 -0800 Subject: [PATCH 51/67] change lock file to v1 --- package-lock.json | 17 +++---------- tree-sitter-dscexpression/package-lock.json | 27 +++++---------------- 2 files changed, 10 insertions(+), 34 deletions(-) diff --git a/package-lock.json b/package-lock.json index c318cefa..ab822b5c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,21 +1,12 @@ { "name": "DSC", - "lockfileVersion": 3, + "lockfileVersion": 1, "requires": true, - "packages": { - "": { - "dependencies": { - "tree-sitter-cli": "^0.20.8" - } - }, - "node_modules/tree-sitter-cli": { + "dependencies": { + "tree-sitter-cli": { "version": "0.20.8", "resolved": "https://registry.npmjs.org/tree-sitter-cli/-/tree-sitter-cli-0.20.8.tgz", - "integrity": "sha512-XjTcS3wdTy/2cc/ptMLc/WRyOLECRYcMTrSWyhZnj1oGSOWbHLTklgsgRICU3cPfb0vy+oZCC33M43u6R1HSCA==", - "hasInstallScript": true, - "bin": { - "tree-sitter": "cli.js" - } + "integrity": "sha512-XjTcS3wdTy/2cc/ptMLc/WRyOLECRYcMTrSWyhZnj1oGSOWbHLTklgsgRICU3cPfb0vy+oZCC33M43u6R1HSCA==" } } } diff --git a/tree-sitter-dscexpression/package-lock.json b/tree-sitter-dscexpression/package-lock.json index bdc4e9e6..8788dbcc 100644 --- a/tree-sitter-dscexpression/package-lock.json +++ b/tree-sitter-dscexpression/package-lock.json @@ -1,32 +1,17 @@ { "name": "tree-sitter-dscexpression", "version": "0.0.1", - "lockfileVersion": 3, + "lockfileVersion": 1, "requires": true, - "packages": { - "": { - "name": "tree-sitter-dscexpression", - "version": "0.0.1", - "dependencies": { - "nan": "^2.18.0" - }, - "devDependencies": { - "tree-sitter-cli": "^0.20.8" - } + "dependencies": { + "nan": { + "version": "2.18.0" }, - "node_modules/nan": { - "version": "2.18.0", - "license": "MIT" - }, - "node_modules/tree-sitter-cli": { + "tree-sitter-cli": { "version": "0.20.8", "resolved": "https://registry.npmjs.org/tree-sitter-cli/-/tree-sitter-cli-0.20.8.tgz", "integrity": "sha512-XjTcS3wdTy/2cc/ptMLc/WRyOLECRYcMTrSWyhZnj1oGSOWbHLTklgsgRICU3cPfb0vy+oZCC33M43u6R1HSCA==", - "dev": true, - "hasInstallScript": true, - "bin": { - "tree-sitter": "cli.js" - } + "dev": true } } } From 3286b69b99266a954339694b1b814834b32fff6a Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Fri, 10 Nov 2023 08:49:53 -0800 Subject: [PATCH 52/67] make setting packageversion a job --- .vsts-ci/release.yml | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index cb764cf6..a24c50fa 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -20,7 +20,18 @@ stages: displayName: Build Native Binaries dependsOn: [] jobs: + - job: SetPackageVersion + displayName: Set PackageVersion + steps: + - checkout: self + - pwsh: | + $packageVersion = $(Build.SourcesDirectory)/DSC/build.ps1 -GetPackageVersion + $vstsCommandString = "vso[task.setvariable variable=PackageVersion;]$packageVersion" + Write-Host ("sending " + $vstsCommandString) + Write-Host "##$vstsCommandString" + - job: BuildWin + dependsOn: SetPackageVersion variables: - group: ESRP pool: @@ -68,11 +79,6 @@ stages: $vstsCommandString = "vso[task.setvariable variable=GDN_CODESIGN_TARGETDIRECTORY]${signOutPath}" Write-Host "sending " + $vstsCommandString Write-Host "##$vstsCommandString" - - $packageVersion = $(Build.SourcesDirectory)/DSC/build.ps1 -GetPackageVersion - $vstsCommandString = "vso[task.setvariable variable=PackageVersion]$packageVersion" - Write-Host ("sending " + $vstsCommandString) - Write-Host "##$vstsCommandString" displayName: Setup variables for signing - checkout: ComplianceRepo @@ -102,15 +108,21 @@ stages: PackageVersion: $(PackageVersion) - pwsh: | - compress-archive -Path "$(PackageRoot)/signed/*" -DestinationPath "$(PackageRoot)/DSC-${packageVersion}-$(buildName).zip" + compress-archive -Path "$(PackageRoot)/signed/*" -DestinationPath "$(PackageRoot)/DSC-$(PackageVersion)-$(buildName).zip" displayName: 'Compress $(buildName)' condition: succeeded() - pwsh: | - Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)\DSC-${packageVersion}-$(buildName).zip" + Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)\DSC-$(PackageVersion)-$(buildName).zip" displayName: Upload artifacts condition: succeeded() + - task: PublishPipelineArtifact@1 + inputs: + targetpath: $(signOutPath) + artifactName: signed + - job: BuildLinux + dependsOn: SetPackageVersion displayName: Linux-x64-gnu pool: name: PowerShell1ES @@ -140,6 +152,7 @@ stages: condition: succeeded() - job: BuildLinuxArm64 + dependsOn: SetPackageVersion displayName: Linux-ARM64-gnu pool: name: ps-powershell-rel-arm @@ -168,8 +181,8 @@ stages: displayName: Upload artifacts condition: succeeded() - - job: BuildMac + dependsOn: SetPackageVersion displayName: Build pool: vmImage: macOS-Latest From 67afccca8f31d94f98db4c9c173fc63b7264465d Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Fri, 10 Nov 2023 08:53:31 -0800 Subject: [PATCH 53/67] indent --- .vsts-ci/release.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index a24c50fa..a4f876bb 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -25,10 +25,10 @@ stages: steps: - checkout: self - pwsh: | - $packageVersion = $(Build.SourcesDirectory)/DSC/build.ps1 -GetPackageVersion - $vstsCommandString = "vso[task.setvariable variable=PackageVersion;]$packageVersion" - Write-Host ("sending " + $vstsCommandString) - Write-Host "##$vstsCommandString" + $packageVersion = $(Build.SourcesDirectory)/DSC/build.ps1 -GetPackageVersion + $vstsCommandString = "vso[task.setvariable variable=PackageVersion;]$packageVersion" + Write-Host ("sending " + $vstsCommandString) + Write-Host "##$vstsCommandString" - job: BuildWin dependsOn: SetPackageVersion From fd871a68864bc2a99659001d6f039e8718fb29c1 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Fri, 10 Nov 2023 08:55:13 -0800 Subject: [PATCH 54/67] change path to build --- .vsts-ci/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index a4f876bb..1075571d 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -25,7 +25,7 @@ stages: steps: - checkout: self - pwsh: | - $packageVersion = $(Build.SourcesDirectory)/DSC/build.ps1 -GetPackageVersion + $packageVersion = ./build.ps1 -GetPackageVersion $vstsCommandString = "vso[task.setvariable variable=PackageVersion;]$packageVersion" Write-Host ("sending " + $vstsCommandString) Write-Host "##$vstsCommandString" From 397a2a94cf007067e6fe869a75034d214378cf5c Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Fri, 10 Nov 2023 09:31:17 -0800 Subject: [PATCH 55/67] fix packageversion --- .vsts-ci/release.yml | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 1075571d..efe61919 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -26,7 +26,7 @@ stages: - checkout: self - pwsh: | $packageVersion = ./build.ps1 -GetPackageVersion - $vstsCommandString = "vso[task.setvariable variable=PackageVersion;]$packageVersion" + $vstsCommandString = "vso[task.setvariable variable=PackageVersion]$packageVersion" Write-Host ("sending " + $vstsCommandString) Write-Host "##$vstsCommandString" @@ -131,8 +131,6 @@ stages: steps: - pwsh: | ./build.ps1 -Release -Architecture x86_64-unknown-linux-gnu - $packageVersion = ./build.ps1 -GetPackageVersion - $vstsCommandString = "vso[task.setvariable variable=PackageVersion]$packageVersion" displayName: 'Build x86_64-unknown-linux-gnu' condition: succeeded() - template: Sbom.yml@ComplianceRepo @@ -161,8 +159,6 @@ stages: steps: - pwsh: | ./build.ps1 -Release -Architecture aarch64-unknown-linux-gnu - $packageVersion = ./build.ps1 -GetPackageVersion - $vstsCommandString = "vso[task.setvariable variable=PackageVersion]$packageVersion" displayName: 'Build aarch64-unknown-linux-gnu' condition: succeeded() - template: Sbom.yml@ComplianceRepo @@ -195,8 +191,6 @@ stages: steps: - pwsh: | ./build.ps1 -Release -Architecture $(buildName) - $packageVersion = ./build.ps1 -GetPackageVersion - $vstsCommandString = "vso[task.setvariable variable=PackageVersion]$packageVersion" displayName: 'Build $(buildName)' condition: succeeded() - template: Sbom.yml@ComplianceRepo @@ -211,8 +205,7 @@ stages: displayName: 'Compress $(buildName)' condition: succeeded() - pwsh: | - $packageVersion = '$(PackageVersion)' - Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$packageVersion-$(buildName).tar.gz" + Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$(PackageVersion)-$(buildName).tar.gz" displayName: Upload artifacts condition: succeeded() From a760f8eb9ac5ab8a52205356c2219a8d2708e75b Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Fri, 10 Nov 2023 09:40:38 -0800 Subject: [PATCH 56/67] try env --- .vsts-ci/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index efe61919..647ac3d1 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -201,7 +201,7 @@ stages: PackageVersion: $(PackageVersion) - pwsh: | new-item -itemType Directory $(PackageRoot) -Force - tar czf '$(PackageRoot)/DSC-$(PackageVersion)-$(buildName).tar.gz' -C $(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration) . + tar czf '$(PackageRoot)/DSC-$env:PackageVersion-$(buildName).tar.gz' -C $(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration) . displayName: 'Compress $(buildName)' condition: succeeded() - pwsh: | From f5486da9a406a717ee6eb51acf3bdbd3315c9a1f Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Fri, 10 Nov 2023 10:05:29 -0800 Subject: [PATCH 57/67] change to env --- .vsts-ci/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 647ac3d1..a5fc88ad 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -205,7 +205,7 @@ stages: displayName: 'Compress $(buildName)' condition: succeeded() - pwsh: | - Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$(PackageVersion)-$(buildName).tar.gz" + Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$env:PackageVersion)-$(buildName).tar.gz" displayName: Upload artifacts condition: succeeded() From 145d3d7733edc4c7d2fa287067fd340ac1a2a69a Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Fri, 10 Nov 2023 10:46:58 -0800 Subject: [PATCH 58/67] pass packageversion as output --- .vsts-ci/release.yml | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index a5fc88ad..7741edc9 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -26,13 +26,14 @@ stages: - checkout: self - pwsh: | $packageVersion = ./build.ps1 -GetPackageVersion - $vstsCommandString = "vso[task.setvariable variable=PackageVersion]$packageVersion" + $vstsCommandString = "vso[task.setvariable variable=PackageVersion;isoutput=true]$packageVersion" Write-Host ("sending " + $vstsCommandString) Write-Host "##$vstsCommandString" - job: BuildWin dependsOn: SetPackageVersion variables: + - PackageVersion: $[ dependencies.SetPackageVersion.outputs['passOutput.PackageVersion'] ] - group: ESRP pool: name: PowerShell1ES @@ -123,6 +124,8 @@ stages: - job: BuildLinux dependsOn: SetPackageVersion + variables: + - PackageVersion: $[ dependencies.SetPackageVersion.outputs['passOutput.PackageVersion'] ] displayName: Linux-x64-gnu pool: name: PowerShell1ES @@ -151,6 +154,8 @@ stages: - job: BuildLinuxArm64 dependsOn: SetPackageVersion + variables: + - PackageVersion: $[ dependencies.SetPackageVersion.outputs['passOutput.PackageVersion'] ] displayName: Linux-ARM64-gnu pool: name: ps-powershell-rel-arm @@ -179,6 +184,8 @@ stages: - job: BuildMac dependsOn: SetPackageVersion + variables: + - PackageVersion: $[ dependencies.SetPackageVersion.outputs['passOutput.PackageVersion'] ] displayName: Build pool: vmImage: macOS-Latest @@ -201,11 +208,11 @@ stages: PackageVersion: $(PackageVersion) - pwsh: | new-item -itemType Directory $(PackageRoot) -Force - tar czf '$(PackageRoot)/DSC-$env:PackageVersion-$(buildName).tar.gz' -C $(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration) . + tar czf "$(PackageRoot)/DSC-$(PackageVersion)-$(buildName).tar.gz -C $(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration) . displayName: 'Compress $(buildName)' condition: succeeded() - pwsh: | - Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$env:PackageVersion)-$(buildName).tar.gz" + Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(PackageRoot)/DSC-$(PackageVersion)-$(buildName).tar.gz" displayName: Upload artifacts condition: succeeded() From 1d9519a078425b371baeede7e34e5b5986d9fd46 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Fri, 10 Nov 2023 10:54:31 -0800 Subject: [PATCH 59/67] fix how variable is passed --- .vsts-ci/release.yml | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 7741edc9..2fadef10 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -26,14 +26,15 @@ stages: - checkout: self - pwsh: | $packageVersion = ./build.ps1 -GetPackageVersion - $vstsCommandString = "vso[task.setvariable variable=PackageVersion;isoutput=true]$packageVersion" + $vstsCommandString = "vso[task.setvariable variable=Version;isoutput=true]$packageVersion" Write-Host ("sending " + $vstsCommandString) Write-Host "##$vstsCommandString" + name: Package - job: BuildWin dependsOn: SetPackageVersion variables: - - PackageVersion: $[ dependencies.SetPackageVersion.outputs['passOutput.PackageVersion'] ] + PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] - group: ESRP pool: name: PowerShell1ES @@ -125,7 +126,7 @@ stages: - job: BuildLinux dependsOn: SetPackageVersion variables: - - PackageVersion: $[ dependencies.SetPackageVersion.outputs['passOutput.PackageVersion'] ] + PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] displayName: Linux-x64-gnu pool: name: PowerShell1ES @@ -155,7 +156,7 @@ stages: - job: BuildLinuxArm64 dependsOn: SetPackageVersion variables: - - PackageVersion: $[ dependencies.SetPackageVersion.outputs['passOutput.PackageVersion'] ] + PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] displayName: Linux-ARM64-gnu pool: name: ps-powershell-rel-arm @@ -185,7 +186,7 @@ stages: - job: BuildMac dependsOn: SetPackageVersion variables: - - PackageVersion: $[ dependencies.SetPackageVersion.outputs['passOutput.PackageVersion'] ] + PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] displayName: Build pool: vmImage: macOS-Latest @@ -221,6 +222,8 @@ stages: dependsOn: BuildAndSign jobs: - job: Compliance_Job + variables: + PackageVersion: $[ stageDependencies.BuildAndSign.SetPackageVersion.outputs['Package.Version'] ] pool: name: PowerShell1ES demands: From 28ca16dd0d537ae536d1b343e141f24567f21447 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Fri, 10 Nov 2023 10:56:42 -0800 Subject: [PATCH 60/67] fix group --- .vsts-ci/release.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 2fadef10..ca39743d 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -34,8 +34,9 @@ stages: - job: BuildWin dependsOn: SetPackageVersion variables: - PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] - group: ESRP + - name: PackageVersion + value: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] pool: name: PowerShell1ES demands: From 9797039f9439e1a238bccebf359993ef465b6165 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Fri, 10 Nov 2023 13:38:42 -0800 Subject: [PATCH 61/67] fix mac compress path and windows publishing --- .vsts-ci/release.yml | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index ca39743d..61f112a8 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -70,14 +70,15 @@ stages: $vstsCommandString = "vso[task.setvariable variable=signSrcPath]${signSrcPath}" Write-Host ("sending " + $vstsCommandString) Write-Host "##$vstsCommandString" - + - pwsh: | $signOutPath = "$(PackageRoot)/signed" $null = New-Item -ItemType Directory -Path $signOutPath # Set signing out path variable - $vstsCommandString = "vso[task.setvariable variable=signOutPath]${signOutPath}" + $vstsCommandString = "vso[task.setvariable variable=signOutPath;isoutput=true]${signOutPath}" Write-Host "sending " + $vstsCommandString Write-Host "##$vstsCommandString" - + name: signOutPath + - pwsh: | # Set path variable for guardian codesign validation $vstsCommandString = "vso[task.setvariable variable=GDN_CODESIGN_TARGETDIRECTORY]${signOutPath}" Write-Host "sending " + $vstsCommandString @@ -119,6 +120,12 @@ stages: displayName: Upload artifacts condition: succeeded() + - job: Publish Signed + dependsOn: BuildWin + variables: + - name: signOutPath + value: $[ dependencies.BuildWin.outputs['signOutPath.signOutPath'] ] + steps: - task: PublishPipelineArtifact@1 inputs: targetpath: $(signOutPath) @@ -210,7 +217,7 @@ stages: PackageVersion: $(PackageVersion) - pwsh: | new-item -itemType Directory $(PackageRoot) -Force - tar czf "$(PackageRoot)/DSC-$(PackageVersion)-$(buildName).tar.gz -C $(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration) . + tar czf '$(PackageRoot)/DSC-$(PackageVersion)-$(buildName).tar.gz' -C $(Build.SourcesDirectory)/bin/$(buildName)/$(BuildConfiguration) . displayName: 'Compress $(buildName)' condition: succeeded() - pwsh: | From 566fbe4a9bc1516a8f61060c6f5b376b514018bf Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Fri, 10 Nov 2023 13:39:57 -0800 Subject: [PATCH 62/67] fix job name --- .vsts-ci/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 61f112a8..cf82f235 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -120,7 +120,7 @@ stages: displayName: Upload artifacts condition: succeeded() - - job: Publish Signed + - job: PublishSigned dependsOn: BuildWin variables: - name: signOutPath From 3a6a138bf26bc92f16e20afa3de6f79f933d65aa Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Fri, 10 Nov 2023 14:30:42 -0800 Subject: [PATCH 63/67] fix use of variable --- .vsts-ci/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index cf82f235..ec95bd29 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -92,7 +92,7 @@ stages: # the folder which contains the binaries to sign buildOutputPath: $(signSrcPath) # the location to put the signed output - signOutputPath: $(signOutPath) + signOutputPath: $(signOutPath.signOutPath) # the certificate ID to use certificateId: "CP-230012" # The file pattern to use From 7327ac531fdc8f968fd19ff9a0f49680270a39bf Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Fri, 10 Nov 2023 15:14:51 -0800 Subject: [PATCH 64/67] fix signing path --- .vsts-ci/release.yml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index ec95bd29..ce8aecf3 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -90,7 +90,7 @@ stages: - template: EsrpSign.yml@ComplianceRepo parameters: # the folder which contains the binaries to sign - buildOutputPath: $(signSrcPath) + buildOutputPath: $(Build.SourcesDirectory)/DSC/bin/$(buildName)/$(BuildConfiguration) # the location to put the signed output signOutputPath: $(signOutPath.signOutPath) # the certificate ID to use @@ -120,16 +120,16 @@ stages: displayName: Upload artifacts condition: succeeded() - - job: PublishSigned - dependsOn: BuildWin - variables: - - name: signOutPath - value: $[ dependencies.BuildWin.outputs['signOutPath.signOutPath'] ] - steps: - - task: PublishPipelineArtifact@1 - inputs: - targetpath: $(signOutPath) - artifactName: signed +# - job: PublishSigned +# dependsOn: BuildWin +# variables: +# - name: signOutPath +# value: $[ dependencies.BuildWin.outputs['signOutPath.signOutPath'] ] +# steps: +# - task: PublishPipelineArtifact@1 +# inputs: +# targetpath: $(signOutPath) +# artifactName: signed - job: BuildLinux dependsOn: SetPackageVersion From e3a67b79e58dae5e6191c8877cab52ccb2164443 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Fri, 10 Nov 2023 15:54:14 -0800 Subject: [PATCH 65/67] add back publish signed --- .vsts-ci/release.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index ce8aecf3..bf758ed9 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -120,16 +120,16 @@ stages: displayName: Upload artifacts condition: succeeded() -# - job: PublishSigned -# dependsOn: BuildWin -# variables: -# - name: signOutPath -# value: $[ dependencies.BuildWin.outputs['signOutPath.signOutPath'] ] -# steps: -# - task: PublishPipelineArtifact@1 -# inputs: -# targetpath: $(signOutPath) -# artifactName: signed + - job: PublishSigned + dependsOn: BuildWin + variables: + - name: signOutPath + value: $[ dependencies.BuildWin.outputs['signOutPath.signOutPath'] ] + steps: + - task: PublishPipelineArtifact@1 + inputs: + targetpath: $(signOutPath) + artifactName: signed - job: BuildLinux dependsOn: SetPackageVersion From 379f27f1af79d2a36564aec811ff71393b91d3a8 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Fri, 10 Nov 2023 16:55:14 -0800 Subject: [PATCH 66/67] update use of signoutpath --- .vsts-ci/release.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index bf758ed9..45f1119f 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -80,7 +80,7 @@ stages: name: signOutPath - pwsh: | # Set path variable for guardian codesign validation - $vstsCommandString = "vso[task.setvariable variable=GDN_CODESIGN_TARGETDIRECTORY]${signOutPath}" + $vstsCommandString = "vso[task.setvariable variable=GDN_CODESIGN_TARGETDIRECTORY]$(signOutPath.signOutPath)" Write-Host "sending " + $vstsCommandString Write-Host "##$vstsCommandString" displayName: Setup variables for signing @@ -106,13 +106,13 @@ stages: - template: Sbom.yml@ComplianceRepo parameters: - BuildDropPath: $(PackageRoot)/signed + BuildDropPath: $(signOutPath.signOutPath) Build_Repository_Uri: 'https://github.com/powershell/DSC' PackageName: 'DSC' PackageVersion: $(PackageVersion) - pwsh: | - compress-archive -Path "$(PackageRoot)/signed/*" -DestinationPath "$(PackageRoot)/DSC-$(PackageVersion)-$(buildName).zip" + compress-archive -Path "$(signOutPath.signOutPath)/*" -DestinationPath "$(PackageRoot)/DSC-$(PackageVersion)-$(buildName).zip" displayName: 'Compress $(buildName)' condition: succeeded() - pwsh: | From 5e15967fb3a7e53876d50e3eabd8a8cfdd9351ff Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Tue, 14 Nov 2023 13:08:40 -0800 Subject: [PATCH 67/67] add signing script --- .vsts-ci/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.vsts-ci/release.yml b/.vsts-ci/release.yml index 45f1119f..ce149304 100644 --- a/.vsts-ci/release.yml +++ b/.vsts-ci/release.yml @@ -99,7 +99,7 @@ stages: # If not using minimatch: comma separated, with * supported # If using minimatch: newline separated, with !, **, and * supported. # See link in the useMinimatch comments. - pattern: '*.exe' + pattern: '*.exe','*.ps1' # decides if the task should use minimatch for the pattern matching. # https://github.com/isaacs/minimatch#features useMinimatch: false