diff --git a/.github/workflows/release-azure-pipelines.yml b/.github/workflows/release-azure-pipelines.yml index 42189ff0..2b393026 100644 --- a/.github/workflows/release-azure-pipelines.yml +++ b/.github/workflows/release-azure-pipelines.yml @@ -30,11 +30,14 @@ parameters: variables: - name: tags - value: "nonproduction" + value: "production" readonly: true - name: pythonVersion value: 3.10 readonly: true +- name: artifactsPath + value: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }} + readonly: true trigger: none @@ -42,13 +45,13 @@ pr: none resources: repositories: - - repository: CustomPipelineTemplates + - repository: OfficePipelineTemplates type: git name: 1ESPipelineTemplates/OfficePipelineTemplates ref: refs/tags/release extends: - template: v1/Office.Unofficial.PipelineTemplate.yml@CustomPipelineTemplates + template: v1/Office.Official.PipelineTemplate.yml@OfficePipelineTemplates parameters: pool: name: Azure-Pipelines-1ESPT-ExDShared @@ -59,6 +62,9 @@ extends: name: Azure-Pipelines-1ESPT-ExDShared image: windows-latest os: windows + # This prevents auto-injected Roslyn task from running the build again. + roslyn: + copyLogsOnly: true stages: - stage: validate displayName: Validate @@ -110,12 +116,17 @@ extends: vstsFeed: $(VSTS_FEED_ID) includeNuGetOrg: false arguments: --runtime ${{ config.runtime }} + # 1ES PT requires explicit build task for Roslyn analysis. Auto-injected Roslyn task will use build logs from this build. + - task: DotNetCoreCLI@2 + displayName: Build projects + inputs: + command: 'build' + projects: '**/*.csproj' - task: DotNetCoreCLI@2 displayName: Test inputs: command: test - arguments: --configuration release --no-restore - + arguments: --configuration release --no-restore - task: DotNetCoreCLI@2 displayName: Build artifacts env: @@ -143,11 +154,11 @@ extends: inputs: - input: pipelineArtifact artifactName: azureauth-${{ parameters.version }}-${{ config.runtime }} - targetPath: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-${{ config.runtime }} + targetPath: $(artifactsPath)-${{ config.runtime }} outputs: - output: pipelineArtifact artifactName: azureauth-${{ parameters.version }}-${{ config.runtime }}-signed - targetPath: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-${{ config.runtime }}-signed + targetPath: $(artifactsPath)-${{ config.runtime }}-signed steps: - task: EsrpCodeSigning@5 displayName: Sign artifacts win10-x64 @@ -159,7 +170,7 @@ extends: AuthAKVName: $(AZURE_VAULT) AuthCertName: $(AZURE_VAULT_ESRP_AAD_CERT_NAME) AuthSignCertName: $(AZURE_VAULT_ESRP_REQ_CERT_NAME) - FolderPath: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-${{ config.runtime }}/AzureAuth + FolderPath: $(artifactsPath)-${{ config.runtime }}/AzureAuth Pattern: '*.dll,*.exe' signConfigType: 'inlineSignParams' inlineOperation: | @@ -194,10 +205,10 @@ extends: displayName: Codesigning - zip artifacts to send to ESRP condition: startsWith('${{ config.runtime }}', 'osx') inputs: - rootFolderOrFile: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-${{ config.runtime }} + rootFolderOrFile: $(artifactsPath)-${{ config.runtime }} includeRootFolder: false archiveType: zip - archiveFile: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-${{ config.runtime }}.zip + archiveFile: $(artifactsPath)-${{ config.runtime }}.zip - task: EsrpCodeSigning@5 displayName: Sign artifacts osx condition: startsWith('${{ config.runtime }}', 'osx') @@ -236,8 +247,8 @@ extends: displayName: Extract signed artifacts osx condition: startsWith('${{ config.runtime }}', 'osx') inputs: - archiveFilePatterns: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-${{ config.runtime }}.zip - destinationFolder: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-${{ config.runtime }} + archiveFilePatterns: $(artifactsPath)-${{ config.runtime }}.zip + destinationFolder: $(artifactsPath)-${{ config.runtime }} cleanDestinationFolder: true overwriteExistingFiles: true # We rename the signed artifacts to avoid conflicts with the unsigned pipeline artifacts from the previous stage. @@ -265,20 +276,26 @@ extends: - ${{ each config in parameters.buildConfigs }}: - input: pipelineArtifact artifactName: azureauth-${{ parameters.version }}-${{ config.runtime }}-signed - targetPath: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-${{ config.runtime }}-signed + targetPath: $(artifactsPath)-${{ config.runtime }}-signed outputs: - - ${{ each config in parameters.buildConfigs }}: - - output: pipelineArtifact - artifactName: azureauth-${{ parameters.version }}-${{ config.runtime }}.${{ config.archiveExt }} - targetPath: $(Build.SourcesDirectory)/azureauth-${{ parameters.version }}-${{ config.runtime }}.${{ config.archiveExt }} + - output: pipelineArtifact + artifactName: azureauth-${{ parameters.version }}-packaged + targetPath: $(artifactsPath)-packaged steps: + - task: PowerShell@2 + displayName: Create directory to place packaged artifacts + inputs: + workingDirectory: $(Build.ArtifactStagingDirectory) + targetType: 'inline' + script: | + mkdir azureauth-${{ parameters.version }}-packaged - task: ArchiveFiles@2 displayName: Create win10-x64 archive inputs: - rootFolderOrFile: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-win10-x64-signed/AzureAuth + rootFolderOrFile: $(artifactsPath)-win10-x64-signed/AzureAuth includeRootFolder: false archiveType: zip - archiveFile: azureauth-${{ parameters.version }}-win10-x64.zip + archiveFile: $(artifactsPath)-packaged/azureauth-${{ parameters.version }}-win10-x64.zip - task: Bash@3 displayName: Prepare osx-x64 executables inputs: @@ -290,11 +307,11 @@ extends: - task: ArchiveFiles@2 displayName: Create osx-x64 archive inputs: - rootFolderOrFile: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-osx-x64-signed/AzureAuth + rootFolderOrFile: $(artifactsPath)-osx-x64-signed/AzureAuth includeRootFolder: false archiveType: tar tarCompression: gz - archiveFile: azureauth-${{ parameters.version }}-osx-x64.tar.gz + archiveFile: $(artifactsPath)-packaged/azureauth-${{ parameters.version }}-osx-x64.tar.gz - task: Bash@3 displayName: Prepare osx-arm64 executables inputs: @@ -306,11 +323,11 @@ extends: - task: ArchiveFiles@2 displayName: Create osx-arm64 archive inputs: - rootFolderOrFile: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-osx-arm64-signed/AzureAuth + rootFolderOrFile: $(artifactsPath)-osx-arm64-signed/AzureAuth includeRootFolder: false archiveType: tar tarCompression: gz - archiveFile: azureauth-${{ parameters.version }}-osx-arm64.tar.gz + archiveFile: $(artifactsPath)-packaged/azureauth-${{ parameters.version }}-osx-arm64.tar.gz - stage: release displayName: Release @@ -335,10 +352,9 @@ extends: os: linux templateContext: inputs: - - ${{ each config in parameters.buildConfigs }}: - - input: pipelineArtifact - artifactName: azureauth-${{ parameters.version }}-${{ config.runtime }}.${{ config.archiveExt }} - targetPath: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-${{ config.runtime }}.${{ config.archiveExt }} + - input: pipelineArtifact + artifactName: azureauth-${{ parameters.version }}-packaged + targetPath: $(artifactsPath)-packaged steps: - task: GitHubRelease@1 displayName: Create AzureAuth GitHub Release @@ -350,11 +366,11 @@ extends: tagSource: 'userSpecifiedTag' tag: ${{ parameters.version }} isPrerelease: ${{ parameters.prerelease }} - isDraft: true + isDraft: false addChangeLog: false releaseNotesSource: 'inline' releaseNotesInline: "Release ${{ parameters.version }}. See [`CHANGELOG.md`](https://github.com/AzureAD/microsoft-authentication-cli/blob/${{ parameters.version }}/CHANGELOG.md) for updates." assets: | - $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-win10-x64.zip/azureauth-${{ parameters.version }}-win10-x64.zip - $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-osx-x64.tar.gz/azureauth-${{ parameters.version }}-osx-x64.tar.gz - $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-osx-arm64.tar.gz/azureauth-${{ parameters.version }}-osx-arm64.tar.gz \ No newline at end of file + $(artifactsPath)-packaged/azureauth-${{ parameters.version }}-win10-x64.zip + $(artifactsPath)-packaged/azureauth-${{ parameters.version }}-osx-x64.tar.gz + $(artifactsPath)-packaged/azureauth-${{ parameters.version }}-osx-arm64.tar.gz \ No newline at end of file