.github/workflows/release-azure-pipelines.yml

fix windows packaging #72

Workflow file for this run

.github/workflows/release-azure-pipelines.yml at f94a5b2

	# This pipeline will be triggered manually.
	parameters:
	- name: version
	type: string
	default: 0.8.6
	- name: prerelease
	displayName: Prerelease?
	type: boolean
	default: true
	- name: buildConfigs
	type: object
	default:
	- pool:
	name: Azure-Pipelines-1ESPT-ExDShared
	image: windows-latest
	os: windows
	runtime: win10-x64
	archiveExt: zip
	- pool:
	name: Azure Pipelines
	image: macOS-latest
	os: macOS
	runtime: osx-x64
	archiveExt: tar.gz
	- pool:
	name: Azure Pipelines
	image: macOS-latest
	os: macOS
	runtime: osx-arm64
	archiveExt: tar.gz

	variables:
	- name: tags
	value: "nonproduction"
	readonly: true
	- name: pythonVersion
	value: 3.10
	readonly: true

	trigger: none

	pr: none

	resources:
	repositories:
	- repository: CustomPipelineTemplates
	type: git
	name: 1ESPipelineTemplates/OfficePipelineTemplates
	ref: refs/tags/release

	extends:
	template: v1/Office.Unofficial.PipelineTemplate.yml@CustomPipelineTemplates
	parameters:
	pool:
	name: Azure-Pipelines-1ESPT-ExDShared
	image: ubuntu-latest
	os: linux
	sdl:
	sourceAnalysisPool:
	name: Azure-Pipelines-1ESPT-ExDShared
	image: windows-latest
	os: windows
	stages:
	- stage: validate
	displayName: Validate
	jobs:
	- job: validate
	displayName: Validate
	steps:
	- checkout: self
	- task: UsePythonVersion@0
	displayName: Use Python $(pythonVersion)
	inputs:
	versionSpec: $(pythonVersion)
	- task: Bash@3
	inputs:
	targetType: inline
	script: \|
	echo ${{ parameters.version }} \| python ./bin/version.py

	- stage: build
	displayName: Build
	jobs:
	- ${{ each config in parameters.buildConfigs }}:
	- job: build_${{ replace(config.runtime,'-', '_') }}
	displayName: Building for ${{ config.runtime }} on ${{ config.pool.name }}
	pool:
	name: ${{ config.pool.name }}
	image: ${{ config.pool.image }}
	os: ${{ config.pool.os }}
	templateContext:
	outputs:
	- output: pipelineArtifact
	targetPath: dist/${{ config.runtime }}
	artifactName: azureauth-${{ parameters.version }}-${{ config.runtime }}
	steps:
	- checkout: self
	- task: UseDotNet@2
	displayName: Use .NET Core sdk 6.x
	inputs:
	version: 6.x

	- task: NuGetToolInstaller@0
	displayName: Use NuGet 6.x
	inputs:
	versionSpec: 6.x

	- task: DotNetCoreCLI@2
	displayName: Install dependencies
	inputs:
	command: restore
	feedsToUse: select
	vstsFeed: $(vstsFeedId)
	includeNuGetOrg: false
	arguments: --runtime ${{ config.runtime }}

	- task: DotNetCoreCLI@2
	displayName: Test
	inputs:
	command: test
	arguments: --configuration release --no-restore

	- task: DotNetCoreCLI@2
	displayName: Build artifacts
	env:
	ADO_TOKEN: $(System.AccessToken)
	inputs:
	command: publish
	projects: src/AzureAuth/AzureAuth.csproj
	arguments: -p:Version=${{ parameters.version }} --configuration release --self-contained true --runtime ${{ config.runtime }} --output dist/${{ config.runtime }}
	publishWebProjects: false
	zipAfterPublish: false
	modifyOutputPath: true

	- stage: sign
	displayName: Sign
	dependsOn: build
	jobs:
	- ${{ each config in parameters.buildConfigs }}:
	- job: sign_${{ replace(config.runtime,'-', '_') }}
	displayName: Signing ${{ config.runtime }}
	pool:
	name: Azure-Pipelines-1ESPT-ExDShared
	# This step has to run on Windows because ESRPClient.exe is currently only available for that platform.
	image: windows-latest
	os: windows
	templateContext:
	inputs:
	- input: pipelineArtifact
	artifactName: azureauth-${{ parameters.version }}-${{ config.runtime }}
	targetPath: $(Pipeline.Workspace)/azureauth-${{ parameters.version }}-${{ config.runtime }}
	outputs:
	- output: pipelineArtifact
	artifactName: azureauth-${{ parameters.version }}-${{ config.runtime }}-signed
	targetPath: $(Pipeline.Workspace)/azureauth-${{ parameters.version }}-${{ config.runtime }}-signed
	steps:
	- task: EsrpCodeSigning@5
	displayName: Sign artifacts win10-x64
	condition: eq('${{ config.runtime }}', 'win10-x64')
	env:
	SIGNING_KEY_CODE_AUTHENTICODE: $(SIGNING_KEY_CODE_AUTHENTICODE)
	inputs:
	ConnectedServiceName: $(esrpKVServiceConnection)
	AppRegistrationClientId: $(SIGNING_AAD_ID)
	AppRegistrationTenantId: $(SIGNING_TENANT_ID)
	AuthAKVName: $(AZURE_VAULT)
	AuthCertName: $(AZURE_VAULT_ESRP_AAD_CERT_NAME)
	AuthSignCertName: $(AZURE_VAULT_ESRP_REQ_CERT_NAME)
	FolderPath: $(Pipeline.Workspace)/azureauth-${{ parameters.version }}-${{ config.runtime }}/AzureAuth
	Pattern: '.dll,.exe'
	signConfigType: 'inlineSignParams'
	inlineOperation: \|
	[
	{
	"KeyCode": "$(SIGNING_KEY_CODE_AUTHENTICODE)",
	"OperationCode": "SigntoolSign",
	"ToolName": "sign",
	"ToolVersion": "1.0",
	"Parameters": {
	"OpusName": "Microsoft",
	"OpusInfo": "https://www.microsoft.com",
	"FileDigest": "/fd SHA256",
	"PageHash": "/NPH",
	"TimeStamp": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
	}
	},
	{
	"KeyCode": "$(SIGNING_KEY_CODE_AUTHENTICODE)",
	"OperationCode": "SigntoolVerify",
	"ToolName": "sign",
	"ToolVersion": "1.0",
	"Parameters": {}
	}
	]
	SessionTimeout: '60'
	MaxConcurrency: '50'
	MaxRetryAttempts: '5'
	PendingAnalysisWaitTimeoutMinutes: '5'
	- task: ArchiveFiles@2
	displayName: Codesigning - zip artifacts to send to ESRP
	condition: startsWith('${{ config.runtime }}', 'osx')
	inputs:
	rootFolderOrFile: $(Pipeline.Workspace)/azureauth-${{ parameters.version }}-${{ config.runtime }}
	includeRootFolder: false
	archiveType: zip
	archiveFile: azureauth-${{ parameters.version }}-${{ config.runtime }}.zip
	- task: EsrpCodeSigning@5
	displayName: Sign artifacts osx
	condition: startsWith('${{ config.runtime }}', 'osx')
	env:
	SIGNING_KEY_CODE_MAC: $(SIGNING_KEY_CODE_MAC)
	inputs:
	ConnectedServiceName: $(esrpKVServiceConnection)
	AppRegistrationClientId: $(SIGNING_AAD_ID)
	AppRegistrationTenantId: $(SIGNING_TENANT_ID)
	AuthAKVName: $(AZURE_VAULT)
	AuthCertName: $(AZURE_VAULT_ESRP_AAD_CERT_NAME)
	AuthSignCertName: $(AZURE_VAULT_ESRP_REQ_CERT_NAME)
	FolderPath: $(Pipeline.Workspace)
	Pattern: 'azureauth-${{ parameters.version }}-${{ config.runtime }}.zip'
	signConfigType: 'inlineSignParams'
	inlineOperation: \|
	[
	{
	"KeyCode": "$(SIGNING_KEY_CODE_MAC)",
	"OperationCode": "MacAppDeveloperSign",
	"ToolName": "sign",
	"ToolVersion": "1.0",
	"Parameters": {}
	},
	{
	"KeyCode": "$(SIGNING_KEY_CODE_MAC)",
	"OperationCode": "SigntoolVerify",
	"ToolName": "sign",
	"ToolVersion": "1.0",
	"Parameters": {}
	}
	]
	SessionTimeout: '60'
	MaxConcurrency: '50'
	MaxRetryAttempts: '5'
	PendingAnalysisWaitTimeoutMinutes: '5'
	- task: PowerShell@2
	displayName: 'List files'
	inputs:
	workingDirectory: $(Pipeline.Workspace)
	targetType: 'inline'
	script: \|
	Get-ChildItem -Path . -Recurse \| Select-Object FullName
	- task: ExtractFiles@1
	displayName: Extract signed artifacts osx
	condition: startsWith('${{ config.runtime }}', 'osx')
	inputs:
	archiveFilePatterns: $(Build.SourcesDirectory)/azureauth-${{ parameters.version }}-${{ config.runtime }}.zip
	destinationFolder: $(Pipeline.Workspace)
	cleanDestinationFolder: false
	overwriteExistingFiles: true
	- task: PowerShell@2
	displayName: 'Rename & List files'
	inputs:
	workingDirectory: $(Pipeline.Workspace)
	targetType: 'inline'
	script: \|
	mv "azureauth-${{ parameters.version }}-${{ config.runtime }}" "azureauth-${{ parameters.version }}-${{ config.runtime }}-signed"
	Get-ChildItem -Path . -Recurse \| Select-Object FullName

	# Currently we package artifacts into the most commonly accessible archive format for their respective platforms.
	- stage: package
	displayName: Package
	dependsOn: sign
	jobs:
	- job: package
	displayName: Package
	pool:
	name: Azure-Pipelines-1ESPT-ExDShared
	image: ubuntu-latest
	os: linux
	templateContext:
	inputs:
	- ${{ each config in parameters.buildConfigs }}:
	- input: pipelineArtifact
	artifactName: azureauth-${{ parameters.version }}-${{ config.runtime }}-signed
	targetPath: $(Pipeline.Workspace)/azureauth-${{ parameters.version }}-${{ config.runtime }}-signed
	outputs:
	- ${{ each config in parameters.buildConfigs }}:
	- output: pipelineArtifact
	artifactName: azureauth-${{ parameters.version }}-${{ config.runtime }}-packaged.${{ config.archiveExt }}
	targetPath: $(Pipeline.Workspace)/azureauth-${{ parameters.version }}-${{ config.runtime }}-packaged.${{ config.archiveExt }}
	steps:
	- task: ArchiveFiles@2
	displayName: Create win10-x64 archive
	inputs:
	rootFolderOrFile: $(Pipeline.Workspace)/azureauth-${{ parameters.version }}-win10-x64-signed
	includeRootFolder: false
	archiveType: zip
	archiveFile: azureauth-${{ parameters.version }}-win10-x64-packaged.zip
	- task: Bash@3
	displayName: Prepare osx-x64 executables
	inputs:
	targetType: inline
	script: \|
	pwd
	cd ../azureauth-${{ parameters.version }}-osx-x64
	pwd
	chmod +x azureauth createdump *.dylib
	- task: ArchiveFiles@2
	displayName: Create osx-x64 archive
	inputs:
	rootFolderOrFile: $(Pipeline.Workspace)/azureauth-${{ parameters.version }}-osx-x64
	includeRootFolder: false
	archiveType: tar
	archiveFile: azureauth-${{ parameters.version }}-osx-x64-packaged.tar
	- task: Bash@3
	displayName: Prepare osx-arm64 executables
	inputs:
	targetType: inline
	script: \|
	cd ../azureauth-${{ parameters.version }}-osx-arm64-packaged
	chmod +x azureauth createdump *.dylib
	- task: ArchiveFiles@2
	displayName: Create osx-arm64 archive
	inputs:
	rootFolderOrFile: $(Pipeline.Workspace)/azureauth-${{ parameters.version }}-osx-arm64
	includeRootFolder: false
	archiveType: tar
	archiveFile: azureauth-${{ parameters.version }}-osx-arm64-packaged.tar

	# - stage: release
	# displayName: Release
	# dependsOn: package
	# jobs:
	# - job: release
	# displayName: Release
	# pool:
	# name: Azure-Pipelines-1ESPT-ExDShared
	# image: ubuntu-latest
	# os: linux
	# steps:
	# - name: Download win10-x64 artifact
	# uses: actions/download-artifact@v3
	# with:
	# name: azureauth-${{ github.event.inputs.version }}-win10-x64.zip
	# - name: Download osx-x64 artifact
	# uses: actions/download-artifact@v3
	# with:
	# name: azureauth-${{ github.event.inputs.version }}-osx-x64.tar.gz
	# - name: Download osx-arm64 artifact
	# uses: actions/download-artifact@v3
	# with:
	# name: azureauth-${{ github.event.inputs.version }}-osx-arm64.tar.gz

	# - name: Create Release
	# uses: softprops/action-gh-release@v1
	# with:
	# name: ${{ github.event.inputs.version }}
	# body: "Release ${{ github.event.inputs.version }}. See [`CHANGELOG.md`](https://github.com/AzureAD/microsoft-authentication-cli/blob/${{ github.event.inputs.version }}/CHANGELOG.md) for updates."
	# tag_name: ${{ github.event.inputs.version }}
	# prerelease: ${{ github.event.inputs.prerelease }}
	# files: \|
	# azureauth-${{ github.event.inputs.version }}-win10-x64.zip
	# azureauth-${{ github.event.inputs.version }}-osx-x64.tar.gz
	# azureauth-${{ github.event.inputs.version }}-osx-arm64.tar.gz

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix windows packaging #72

Workflow file

fix windows packaging #72

Jobs

Run details

Workflow file for this run