Path to correct files to extract #85
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This pipeline will be triggered manually. | |
parameters: | |
- name: version | |
type: string | |
default: 0.8.6 | |
- name: prerelease | |
displayName: Prerelease? | |
type: boolean | |
default: true | |
- name: buildConfigs | |
type: object | |
default: | |
- pool: | |
name: Azure-Pipelines-1ESPT-ExDShared | |
image: windows-latest | |
os: windows | |
runtime: win10-x64 | |
archiveExt: zip | |
- pool: | |
name: Azure Pipelines | |
image: macOS-latest | |
os: macOS | |
runtime: osx-x64 | |
archiveExt: tar.gz | |
- pool: | |
name: Azure Pipelines | |
image: macOS-latest | |
os: macOS | |
runtime: osx-arm64 | |
archiveExt: tar.gz | |
variables: | |
- name: tags | |
value: "nonproduction" | |
readonly: true | |
- name: pythonVersion | |
value: 3.10 | |
readonly: true | |
trigger: none | |
pr: none | |
resources: | |
repositories: | |
- repository: CustomPipelineTemplates | |
type: git | |
name: 1ESPipelineTemplates/OfficePipelineTemplates | |
ref: refs/tags/release | |
extends: | |
template: v1/Office.Unofficial.PipelineTemplate.yml@CustomPipelineTemplates | |
parameters: | |
pool: | |
name: Azure-Pipelines-1ESPT-ExDShared | |
image: ubuntu-latest | |
os: linux | |
sdl: | |
sourceAnalysisPool: | |
name: Azure-Pipelines-1ESPT-ExDShared | |
image: windows-latest | |
os: windows | |
stages: | |
- stage: validate | |
displayName: Validate | |
jobs: | |
- job: validate | |
displayName: Validate | |
steps: | |
- checkout: self | |
- task: UsePythonVersion@0 | |
displayName: Use Python $(pythonVersion) | |
inputs: | |
versionSpec: $(pythonVersion) | |
- task: Bash@3 | |
inputs: | |
targetType: inline | |
script: | | |
echo ${{ parameters.version }} | python ./bin/version.py | |
- stage: build | |
displayName: Build | |
jobs: | |
- ${{ each config in parameters.buildConfigs }}: | |
- job: build_${{ replace(config.runtime,'-', '_') }} | |
displayName: Building for ${{ config.runtime }} on ${{ config.pool.name }} | |
pool: | |
name: ${{ config.pool.name }} | |
image: ${{ config.pool.image }} | |
os: ${{ config.pool.os }} | |
templateContext: | |
outputs: | |
- output: pipelineArtifact | |
targetPath: dist/${{ config.runtime }} | |
artifactName: azureauth-${{ parameters.version }}-${{ config.runtime }} | |
steps: | |
- checkout: self | |
- task: UseDotNet@2 | |
displayName: Use .NET Core sdk 6.x | |
inputs: | |
version: 6.x | |
- task: NuGetToolInstaller@0 | |
displayName: Use NuGet 6.x | |
inputs: | |
versionSpec: 6.x | |
- task: DotNetCoreCLI@2 | |
displayName: Install dependencies | |
inputs: | |
command: restore | |
feedsToUse: select | |
vstsFeed: $(vstsFeedId) | |
includeNuGetOrg: false | |
arguments: --runtime ${{ config.runtime }} | |
- task: DotNetCoreCLI@2 | |
displayName: Test | |
inputs: | |
command: test | |
arguments: --configuration release --no-restore | |
- task: DotNetCoreCLI@2 | |
displayName: Build artifacts | |
env: | |
ADO_TOKEN: $(System.AccessToken) | |
inputs: | |
command: publish | |
projects: src/AzureAuth/AzureAuth.csproj | |
arguments: -p:Version=${{ parameters.version }} --configuration release --self-contained true --runtime ${{ config.runtime }} --output dist/${{ config.runtime }} | |
publishWebProjects: false | |
zipAfterPublish: false | |
modifyOutputPath: true | |
- stage: sign | |
displayName: Sign | |
dependsOn: build | |
jobs: | |
- ${{ each config in parameters.buildConfigs }}: | |
- job: sign_${{ replace(config.runtime,'-', '_') }} | |
displayName: Signing ${{ config.runtime }} | |
pool: | |
name: Azure-Pipelines-1ESPT-ExDShared | |
# This step has to run on Windows because ESRPClient.exe is currently only available for that platform. | |
image: windows-latest | |
os: windows | |
templateContext: | |
inputs: | |
- input: pipelineArtifact | |
artifactName: azureauth-${{ parameters.version }}-${{ config.runtime }} | |
targetPath: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-${{ config.runtime }} | |
outputs: | |
- output: pipelineArtifact | |
artifactName: azureauth-${{ parameters.version }}-${{ config.runtime }}-signed | |
targetPath: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-${{ config.runtime }}-signed | |
steps: | |
- task: EsrpCodeSigning@5 | |
displayName: Sign artifacts win10-x64 | |
condition: eq('${{ config.runtime }}', 'win10-x64') | |
inputs: | |
ConnectedServiceName: $(esrpKVServiceConnection) | |
AppRegistrationClientId: $(SIGNING_AAD_ID) | |
AppRegistrationTenantId: $(SIGNING_TENANT_ID) | |
AuthAKVName: $(AZURE_VAULT) | |
AuthCertName: $(AZURE_VAULT_ESRP_AAD_CERT_NAME) | |
AuthSignCertName: $(AZURE_VAULT_ESRP_REQ_CERT_NAME) | |
FolderPath: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-${{ config.runtime }}/AzureAuth | |
Pattern: '*.dll,*.exe' | |
signConfigType: 'inlineSignParams' | |
inlineOperation: | | |
[ | |
{ | |
"KeyCode": "$(SIGNING_KEY_CODE_AUTHENTICODE)", | |
"OperationCode": "SigntoolSign", | |
"ToolName": "sign", | |
"ToolVersion": "1.0", | |
"Parameters": { | |
"OpusName": "Microsoft", | |
"OpusInfo": "https://www.microsoft.com", | |
"FileDigest": "/fd SHA256", | |
"PageHash": "/NPH", | |
"TimeStamp": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" | |
} | |
}, | |
{ | |
"KeyCode": "$(SIGNING_KEY_CODE_AUTHENTICODE)", | |
"OperationCode": "SigntoolVerify", | |
"ToolName": "sign", | |
"ToolVersion": "1.0", | |
"Parameters": {} | |
} | |
] | |
SessionTimeout: '60' | |
MaxConcurrency: '50' | |
MaxRetryAttempts: '5' | |
PendingAnalysisWaitTimeoutMinutes: '5' | |
- task: ArchiveFiles@2 | |
displayName: Codesigning - zip artifacts to send to ESRP | |
condition: startsWith('${{ config.runtime }}', 'osx') | |
inputs: | |
rootFolderOrFile: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-${{ config.runtime }} | |
includeRootFolder: false | |
archiveType: zip | |
archiveFile: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-${{ config.runtime }}.zip | |
- task: EsrpCodeSigning@5 | |
displayName: Sign artifacts osx | |
condition: startsWith('${{ config.runtime }}', 'osx') | |
inputs: | |
ConnectedServiceName: $(esrpKVServiceConnection) | |
AppRegistrationClientId: $(SIGNING_AAD_ID) | |
AppRegistrationTenantId: $(SIGNING_TENANT_ID) | |
AuthAKVName: $(AZURE_VAULT) | |
AuthCertName: $(AZURE_VAULT_ESRP_AAD_CERT_NAME) | |
AuthSignCertName: $(AZURE_VAULT_ESRP_REQ_CERT_NAME) | |
FolderPath: $(Build.ArtifactStagingDirectory) | |
Pattern: 'azureauth-${{ parameters.version }}-${{ config.runtime }}.zip' | |
signConfigType: 'inlineSignParams' | |
inlineOperation: | | |
[ | |
{ | |
"KeyCode": "$(SIGNING_KEY_CODE_MAC)", | |
"OperationCode": "MacAppDeveloperSign", | |
"ToolName": "sign", | |
"ToolVersion": "1.0", | |
"Parameters": {} | |
}, | |
{ | |
"KeyCode": "$(SIGNING_KEY_CODE_MAC)", | |
"OperationCode": "SigntoolVerify", | |
"ToolName": "sign", | |
"ToolVersion": "1.0", | |
"Parameters": {} | |
} | |
] | |
SessionTimeout: '60' | |
MaxConcurrency: '50' | |
MaxRetryAttempts: '5' | |
PendingAnalysisWaitTimeoutMinutes: '5' | |
- task: ExtractFiles@1 | |
displayName: Extract signed artifacts osx | |
condition: startsWith('${{ config.runtime }}', 'osx') | |
inputs: | |
archiveFilePatterns: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-${{ config.runtime }}.zip | |
destinationFolder: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-${{ config.runtime }} | |
cleanDestinationFolder: true | |
overwriteExistingFiles: true | |
# We rename the signed artifacts to avoid conflicts with the unsigned pipeline artifacts from the previous stage. | |
- task: PowerShell@2 | |
displayName: 'Rename & List files' | |
inputs: | |
workingDirectory: $(Build.ArtifactStagingDirectory) | |
targetType: 'inline' | |
script: | | |
mv "azureauth-${{ parameters.version }}-${{ config.runtime }}" "azureauth-${{ parameters.version }}-${{ config.runtime }}-signed" | |
Get-ChildItem -Path . -Recurse | Select-Object FullName | |
# Currently we package artifacts into the most commonly accessible archive format for their respective platforms. | |
- stage: package | |
displayName: Package | |
dependsOn: sign | |
jobs: | |
- job: package | |
displayName: Package | |
pool: | |
name: Azure-Pipelines-1ESPT-ExDShared | |
image: ubuntu-latest | |
os: linux | |
templateContext: | |
inputs: | |
- ${{ each config in parameters.buildConfigs }}: | |
- input: pipelineArtifact | |
artifactName: azureauth-${{ parameters.version }}-${{ config.runtime }}-signed | |
targetPath: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-${{ config.runtime }}-signed | |
outputs: | |
- ${{ each config in parameters.buildConfigs }}: | |
- output: pipelineArtifact | |
artifactName: azureauth-${{ parameters.version }}-${{ config.runtime }}.${{ config.archiveExt }} | |
targetPath: $(Build.SourcesDirectory)/azureauth-${{ parameters.version }}-${{ config.runtime }}.${{ config.archiveExt }} | |
steps: | |
- task: ArchiveFiles@2 | |
displayName: Create win10-x64 archive | |
inputs: | |
rootFolderOrFile: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-win10-x64-signed/AzureAuth | |
includeRootFolder: false | |
archiveType: zip | |
archiveFile: azureauth-${{ parameters.version }}-win10-x64.zip | |
- task: Bash@3 | |
displayName: Prepare osx-x64 executables | |
inputs: | |
targetType: inline | |
workingDirectory: $(Build.ArtifactStagingDirectory) | |
script: | | |
cd azureauth-${{ parameters.version }}-osx-x64-signed/AzureAuth | |
chmod +x azureauth createdump *.dylib | |
- task: ArchiveFiles@2 | |
displayName: Create osx-x64 archive | |
inputs: | |
rootFolderOrFile: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-osx-x64-signed/AzureAuth | |
includeRootFolder: false | |
archiveType: tar | |
tarCompression: gz | |
archiveFile: azureauth-${{ parameters.version }}-osx-x64.tar.gz | |
- task: Bash@3 | |
displayName: Prepare osx-arm64 executables | |
inputs: | |
workingDirectory: $(Build.ArtifactStagingDirectory) | |
targetType: inline | |
script: | | |
cd azureauth-${{ parameters.version }}-osx-arm64-signed/AzureAuth | |
chmod +x azureauth createdump *.dylib | |
- task: ArchiveFiles@2 | |
displayName: Create osx-arm64 archive | |
inputs: | |
rootFolderOrFile: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-osx-arm64-signed/AzureAuth | |
includeRootFolder: false | |
archiveType: tar | |
tarCompression: gz | |
archiveFile: azureauth-${{ parameters.version }}-osx-arm64.tar.gz | |
- stage: release | |
displayName: Release | |
dependsOn: package | |
jobs: | |
- job: release | |
displayName: Release | |
pool: | |
name: Azure-Pipelines-1ESPT-ExDShared | |
image: ubuntu-latest | |
os: linux | |
templateContext: | |
inputs: | |
- ${{ each config in parameters.buildConfigs }}: | |
- input: pipelineArtifact | |
artifactName: azureauth-${{ parameters.version }}-${{ config.runtime }}.${{ config.archiveExt }} | |
targetPath: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-${{ config.runtime }}.${{ config.archiveExt }} | |
steps: | |
- task: PowerShell@2 | |
displayName: 'List files' | |
inputs: | |
workingDirectory: $(Build.ArtifactStagingDirectory) | |
targetType: 'inline' | |
script: | | |
Get-ChildItem -Path . -Recurse | Select-Object FullName | |
- task: GitHubRelease@1 | |
displayName: 'Create AzureAuth GitHub Release' | |
inputs: | |
gitHubConnection: $(githubReleaseServiceConnection) | |
repositoryName: 'AzureAD/microsoft-authentication-cli' | |
action: 'create' | |
target: $(Build.SourceVersion) | |
tagSource: 'userSpecifiedTag' | |
tag: ${{ parameters.version }} | |
isPrerelease: ${{ parameters.prerelease }} | |
isDraft: true | |
addChangeLog: false | |
releaseNotesSource: 'inline' | |
releaseNotesInline: "Release ${{ parameters.version }}. See [`CHANGELOG.md`](https://github.com/AzureAD/microsoft-authentication-cli/blob/${{ parameters.version }}/CHANGELOG.md) for updates." | |
assets: | | |
$(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-win10-x64.zip/azureauth-${{ parameters.version }}-win10-x64.zip | |
$(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-osx-x64.tar.gz/azureauth-${{ parameters.version }}-osx-x64.tar.gz | |
$(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-osx-arm64.tar.gz/azureauth-${{ parameters.version }}-osx-arm64.tar.gz |