revert to version 5 #63
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This pipeline will be triggered manually. | |
parameters: | |
- name: version | |
type: string | |
default: 0.8.6 | |
- name: prerelease | |
displayName: Prerelease? | |
type: boolean | |
default: true | |
- name: buildConfigs | |
type: object | |
default: | |
- pool: | |
name: Azure-Pipelines-1ESPT-ExDShared | |
image: windows-latest | |
os: windows | |
runtime: win10-x64 | |
archiveExt: zip | |
- pool: | |
name: Azure Pipelines | |
image: macOS-latest | |
os: macOS | |
runtime: osx-x64 | |
archiveExt: tar.gz | |
- pool: | |
name: Azure Pipelines | |
image: macOS-latest | |
os: macOS | |
runtime: osx-arm64 | |
archiveExt: tar.gz | |
variables: | |
- name: tags | |
value: "nonproduction" | |
readonly: true | |
- name: pythonVersion | |
value: 3.10 | |
readonly: true | |
trigger: none | |
pr: none | |
resources: | |
repositories: | |
- repository: CustomPipelineTemplates | |
type: git | |
name: 1ESPipelineTemplates/OfficePipelineTemplates | |
ref: refs/tags/release | |
extends: | |
template: v1/Office.Unofficial.PipelineTemplate.yml@CustomPipelineTemplates | |
parameters: | |
pool: | |
name: Azure-Pipelines-1ESPT-ExDShared | |
image: ubuntu-latest | |
os: linux | |
sdl: | |
sourceAnalysisPool: | |
name: Azure-Pipelines-1ESPT-ExDShared | |
image: windows-latest | |
os: windows | |
stages: | |
- stage: validate | |
displayName: Validate | |
jobs: | |
- job: validate | |
displayName: Validate | |
steps: | |
- checkout: self | |
- task: UsePythonVersion@0 | |
displayName: Use Python $(pythonVersion) | |
inputs: | |
versionSpec: $(pythonVersion) | |
- task: Bash@3 | |
inputs: | |
targetType: inline | |
script: | | |
echo ${{ parameters.version }} | python ./bin/version.py | |
- stage: build | |
displayName: Build | |
jobs: | |
- ${{ each config in parameters.buildConfigs }}: | |
- job: build_${{ replace(config.runtime,'-', '_') }} | |
displayName: Building for ${{ config.runtime }} on ${{ config.pool.name }} | |
pool: | |
name: ${{ config.pool.name }} | |
image: ${{ config.pool.image }} | |
os: ${{ config.pool.os }} | |
templateContext: | |
outputs: | |
- output: pipelineArtifact | |
targetPath: dist/${{ config.runtime }} | |
artifactName: azureauth-${{ parameters.version }}-${{ config.runtime }} | |
steps: | |
- checkout: self | |
- task: UseDotNet@2 | |
displayName: Use .NET Core sdk 6.x | |
inputs: | |
version: 6.x | |
- task: NuGetToolInstaller@0 | |
displayName: Use NuGet 6.x | |
inputs: | |
versionSpec: 6.x | |
- task: DotNetCoreCLI@2 | |
displayName: Install dependencies | |
inputs: | |
command: restore | |
feedsToUse: select | |
vstsFeed: $(vstsFeedId) | |
includeNuGetOrg: false | |
arguments: --runtime ${{ config.runtime }} | |
- task: DotNetCoreCLI@2 | |
displayName: Test | |
inputs: | |
command: test | |
arguments: --configuration release --no-restore | |
- task: DotNetCoreCLI@2 | |
displayName: Build artifacts | |
env: | |
ADO_TOKEN: $(System.AccessToken) | |
inputs: | |
command: publish | |
projects: src/AzureAuth/AzureAuth.csproj | |
arguments: -p:Version=${{ parameters.version }} --configuration release --self-contained true --runtime ${{ config.runtime }} --output dist/${{ config.runtime }} | |
publishWebProjects: false | |
zipAfterPublish: false | |
modifyOutputPath: true | |
- stage: sign | |
displayName: Sign | |
dependsOn: build | |
jobs: | |
- ${{ each config in parameters.buildConfigs }}: | |
- job: sign_${{ replace(config.runtime,'-', '_') }} | |
displayName: Signing ${{ config.runtime }} | |
pool: | |
name: Azure-Pipelines-1ESPT-ExDShared | |
# This step has to run on Windows because ESRPClient.exe is currently only available for that platform. | |
image: windows-latest | |
os: windows | |
templateContext: | |
inputs: | |
- input: pipelineArtifact | |
artifactName: azureauth-${{ parameters.version }}-${{ config.runtime }} | |
targetPath: $(Pipeline.Workspace)/azureauth-${{ parameters.version }}-${{ config.runtime }} | |
outputs: | |
- output: pipelineArtifact | |
artifactName: azureauth-${{ parameters.version }}-${{ config.runtime }} | |
targetPath: $(Pipeline.Workspace)/azureauth-${{ parameters.version }}-${{ config.runtime }} | |
steps: | |
- task: EsrpCodeSigning@5 | |
displayName: Sign artifacts with ESRP ADO Task | |
condition: eq('${{ config.runtime }}', 'win10-x64') | |
env: | |
SIGNING_KEY_CODE_AUTHENTICODE: $(SIGNING_KEY_CODE_AUTHENTICODE) | |
inputs: | |
ConnectedServiceName: $(esrpKVServiceConnection) | |
AppRegistrationClientId: $(SIGNING_AAD_ID) | |
AppRegistrationTenantId: $(SIGNING_TENANT_ID) | |
AuthAKVName: $(AZURE_VAULT) | |
AuthCertName: $(AZURE_VAULT_ESRP_AAD_CERT_NAME) | |
AuthSignCertName: $(AZURE_VAULT_ESRP_REQ_CERT_NAME) | |
FolderPath: $(Pipeline.Workspace)/azureauth-${{ parameters.version }}-${{ config.runtime }}/AzureAuth | |
Pattern: '*.dll,*.exe' | |
signConfigType: 'inlineSignParams' | |
inlineOperation: | | |
[ | |
{ | |
"KeyCode": $env:SIGNING_KEY_CODE_AUTHENTICODE, | |
"OperationCode": "SigntoolSign", | |
"ToolName": "sign", | |
"ToolVersion": "1.0", | |
"Parameters": { | |
"OpusName": "Microsoft", | |
"OpusInfo": "https://www.microsoft.com", | |
"FileDigest": "/fd SHA256", | |
"PageHash": "/NPH", | |
"TimeStamp": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" | |
} | |
}, | |
{ | |
"KeyCode": $env:SIGNING_KEY_CODE_AUTHENTICODE, | |
"OperationCode": "SigntoolVerify", | |
"ToolName": "sign", | |
"ToolVersion": "1.0", | |
"Parameters": {} | |
} | |
] | |
SessionTimeout: '60' | |
MaxConcurrency: '50' | |
MaxRetryAttempts: '5' | |
PendingAnalysisWaitTimeoutMinutes: '5' | |
#- download: current | |
# artifact: azureauth-${{ parameters.version }}-${{ config.runtime }} | |
#- checkout: self | |
#- task: UsePythonVersion@0 | |
# displayName: Use Python $(pythonVersion) | |
# inputs: | |
# versionSpec: $(pythonVersion) | |
#- task: NuGetToolInstaller@1 | |
# inputs: | |
# versionSpec: 5.x | |
#- task: PowerShell@2 | |
# displayName: Download ESRPClient.exe | |
# env: | |
# ESRP_VERSION: $(esrpVersion) | |
# NUGET_CREDENTIALS: $(System.AccessToken) | |
# inputs: | |
# targetType: inline | |
# script: | | |
# nuget sources add -Name esrp -Username esrp-downloader -Password $env:NUGET_CREDENTIALS -Source https://pkgs.dev.azure.com/office/_packaging/Office/nuget/v3/index.json | |
# nuget install Microsoft.EsrpClient -Version "$env:ESRP_VERSION" -OutputDirectory .\esrp -Source https://pkgs.dev.azure.com/office/_packaging/Office/nuget/v3/index.json | |
# failOnStderr: true | |
#- task: AzureCLI@2 | |
# displayName: Login to Azure with Service Principal | |
# env: | |
# AZURE_SUBSCRIPTION: $(AZURE_SUBSCRIPTION) | |
# AZURE_VAULT: $(AZURE_VAULT) | |
# ESRP_AAD_CERT_NAME: $(AZURE_VAULT_ESRP_AAD_CERT_NAME) | |
# ESRP_REQ_CERT_NAME: $(AZURE_VAULT_ESRP_REQ_CERT_NAME) | |
# inputs: | |
# azureSubscription: $(esrpKVServiceConnection) | |
# scriptType: ps | |
# scriptLocation: inlineScript | |
# addSpnToEnvironment: true | |
# inlineScript: | | |
# Write-Output "Downloading certs" | |
# az keyvault secret download --subscription "$env:AZURE_SUBSCRIPTION" --vault-name "$env:AZURE_VAULT" --name "$env:ESRP_AAD_CERT_NAME" -f cert.pfx | |
# Write-Output "Downloaded AAD cert" | |
# certutil -f -importpfx cert.pfx | |
# Write-Output "Completed cert util" | |
# Remove-Item cert.pfx | |
# Write-Output "Finished AAD cert" | |
# az keyvault secret download --subscription "$env:AZURE_SUBSCRIPTION" --vault-name "$env:AZURE_VAULT" --name "$env:ESRP_REQ_CERT_NAME" -f cert.pfx | |
# certutil -f -importpfx cert.pfx | |
# Remove-Item cert.pfx | |
# Write-Output "Downloaded REQ cert" | |
# - task: PowerShell@2 | |
# displayName: Sign artifacts | |
# env: | |
# SIGNING_AAD_ID: ${{ secrets.SIGNING_AAD_ID }} | |
# SIGNING_TENANT_ID: ${{ secrets.SIGNING_TENANT_ID }} | |
# SIGNING_KEY_CODE_AUTHENTICODE: ${{ secrets.SIGNING_KEY_CODE_AUTHENTICODE }} | |
# SIGNING_KEY_CODE_MAC: ${{ secrets.SIGNING_KEY_CODE_MAC }} | |
# SIGNING_KEY_CODE_LINUX: ${{ secrets.SIGNING_KEY_CODE_LINUX }} | |
# SIGNING_CUSTOMER_CORRELATION_ID: ${{ secrets.SIGNING_CUSTOMER_CORRELATION_ID }} | |
# ESRP_CLIENT_EXE: ".\\esrp\\Microsoft.EsrpClient.${{ secrets.ESRP_VERSION }}\\tools\\EsrpClient.exe" | |
# inputs: | |
# targetType: inline | |
# script: | | |
# python .\bin\sign.py $env:ESRP_CLIENT_EXE --runtime=${{ config.runtime }} --source=azureauth-${{ parameters.version }}-${{ config.runtime }} | |
# Currently we package artifacts into the most commonly accessible archive format for their respective platforms. | |
- stage: package | |
displayName: Package | |
dependsOn: sign | |
jobs: | |
- job: package | |
displayName: Package | |
pool: | |
name: Azure-Pipelines-1ESPT-ExDShared | |
image: ubuntu-latest | |
os: linux | |
templateContext: | |
inputs: | |
- ${{ each config in parameters.buildConfigs }}: | |
- input: pipelineArtifact | |
artifactName: azureauth-${{ parameters.version }}-${{ config.runtime }} | |
targetPath: $(Pipeline.Workspace)/azureauth-${{ parameters.version }}-${{ config.runtime }} | |
outputs: | |
- ${{ each config in parameters.buildConfigs }}: | |
- output: pipelineArtifact | |
artifactName: azureauth-${{ parameters.version }}-${{ config.runtime }}.${{ config.archiveExt }} | |
targetPath: $(Pipeline.Workspace)/azureauth-${{ parameters.version }}-${{ config.runtime }}.${{ config.archiveExt }} | |
steps: | |
- task: ArchiveFiles@2 | |
displayName: Create win10-x64 archive | |
inputs: | |
rootFolderOrFile: $(Pipeline.Workspace)/azureauth-${{ parameters.version }}-win10-x64 | |
includeRootFolder: false | |
archiveType: zip | |
archiveFile: azureauth-${{ parameters.version }}-win10-x64.zip | |
- task: Bash@3 | |
displayName: Prepare osx-x64 executables | |
inputs: | |
targetType: inline | |
script: | | |
pwd | |
cd ../azureauth-${{ parameters.version }}-osx-x64 | |
pwd | |
chmod +x azureauth createdump *.dylib | |
- task: ArchiveFiles@2 | |
displayName: Create osx-x64 archive | |
inputs: | |
rootFolderOrFile: $(Pipeline.Workspace)/azureauth-${{ parameters.version }}-osx-x64 | |
includeRootFolder: false | |
archiveType: tar | |
archiveFile: azureauth-${{ parameters.version }}-osx-x64.tar | |
- task: Bash@3 | |
displayName: Prepare osx-arm64 executables | |
inputs: | |
targetType: inline | |
script: | | |
cd ../azureauth-${{ parameters.version }}-osx-arm64 | |
chmod +x azureauth createdump *.dylib | |
- task: ArchiveFiles@2 | |
displayName: Create osx-arm64 archive | |
inputs: | |
rootFolderOrFile: $(Pipeline.Workspace)/azureauth-${{ parameters.version }}-osx-arm64 | |
includeRootFolder: false | |
archiveType: tar | |
archiveFile: azureauth-${{ parameters.version }}-osx-arm64.tar | |
# - stage: release | |
# displayName: Release | |
# dependsOn: package | |
# jobs: | |
# - job: release | |
# displayName: Release | |
# pool: | |
# name: Azure-Pipelines-1ESPT-ExDShared | |
# image: ubuntu-latest | |
# os: linux | |
# steps: | |
# - name: Download win10-x64 artifact | |
# uses: actions/download-artifact@v3 | |
# with: | |
# name: azureauth-${{ github.event.inputs.version }}-win10-x64.zip | |
# - name: Download osx-x64 artifact | |
# uses: actions/download-artifact@v3 | |
# with: | |
# name: azureauth-${{ github.event.inputs.version }}-osx-x64.tar.gz | |
# - name: Download osx-arm64 artifact | |
# uses: actions/download-artifact@v3 | |
# with: | |
# name: azureauth-${{ github.event.inputs.version }}-osx-arm64.tar.gz | |
# - name: Create Release | |
# uses: softprops/action-gh-release@v1 | |
# with: | |
# name: ${{ github.event.inputs.version }} | |
# body: "Release ${{ github.event.inputs.version }}. See [`CHANGELOG.md`](https://github.com/AzureAD/microsoft-authentication-cli/blob/${{ github.event.inputs.version }}/CHANGELOG.md) for updates." | |
# tag_name: ${{ github.event.inputs.version }} | |
# prerelease: ${{ github.event.inputs.prerelease }} | |
# files: | | |
# azureauth-${{ github.event.inputs.version }}-win10-x64.zip | |
# azureauth-${{ github.event.inputs.version }}-osx-x64.tar.gz | |
# azureauth-${{ github.event.inputs.version }}-osx-arm64.tar.gz |