Skip to content

Commit

Permalink
add ado release pipeline
Browse files Browse the repository at this point in the history
  • Loading branch information
@Haard30
Haard30 committed Jun 25, 2024
1 parent ea5bf2c commit ea59cef
Showing 1 changed file with 262 additions and 45 deletions.
307 changes: 262 additions & 45 deletions .github/workflows/release-azure-pipelines.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@
parameters:
- name: version
type: string
default: 0.8.6
- name: prerelease
displayName: Prerelease?
type: boolean
Expand Down Expand Up @@ -38,6 +37,7 @@ variables:
readonly: true

trigger: none

pr: none

resources:
Expand Down Expand Up @@ -66,16 +66,16 @@ extends:
- job: validate
displayName: Validate
steps:
- checkout: self
- task: UsePythonVersion@0
displayName: Use Python $(pythonVersion)
inputs:
versionSpec: $(pythonVersion)
- task: Bash@3
inputs:
targetType: inline
script: |
echo ${{ parameters.version }} | python ./bin/version.py
- checkout: self
- task: UsePythonVersion@0
displayName: Use Python $(pythonVersion)
inputs:
versionSpec: $(pythonVersion)
- task: Bash@3
inputs:
targetType: inline
script: |
echo ${{ parameters.version }} | python ./bin/version.py
- stage: build
displayName: Build
Expand All @@ -93,40 +93,257 @@ extends:
targetPath: dist/${{ config.runtime }}
artifactName: azureauth-${{ parameters.version }}-${{ config.runtime }}
steps:
- checkout: self
- task: UseDotNet@2
displayName: Use .NET Core sdk 6.x
inputs:
version: 6.x
- checkout: self
- task: UseDotNet@2
displayName: Use .NET Core sdk 6.x
inputs:
version: 6.x
- task: NuGetToolInstaller@0
displayName: Use NuGet 6.x
inputs:
versionSpec: 6.x
- task: DotNetCoreCLI@2
displayName: Install dependencies
inputs:
command: restore
feedsToUse: select
vstsFeed: $(vstsFeedId)
includeNuGetOrg: false
arguments: --runtime ${{ config.runtime }}
- task: DotNetCoreCLI@2
displayName: Test
inputs:
command: test
arguments: --configuration release --no-restore

- task: DotNetCoreCLI@2
displayName: Build artifacts
env:
ADO_TOKEN: $(System.AccessToken)
inputs:
command: publish
projects: src/AzureAuth/AzureAuth.csproj
arguments: -p:Version=${{ parameters.version }} --configuration release --self-contained true --runtime ${{ config.runtime }} --output dist/${{ config.runtime }}
publishWebProjects: false
zipAfterPublish: false
modifyOutputPath: true

- task: NuGetToolInstaller@0
displayName: Use NuGet 6.x
inputs:
versionSpec: 6.x
- stage: sign
displayName: Sign
dependsOn: build
jobs:
- ${{ each config in parameters.buildConfigs }}:
- job: sign_${{ replace(config.runtime,'-', '_') }}
displayName: Signing ${{ config.runtime }}
pool:
name: Azure-Pipelines-1ESPT-ExDShared
# This step has to run on Windows because ESRPClient.exe is currently only available for that platform.
image: windows-latest
os: windows
templateContext:
inputs:
- input: pipelineArtifact
artifactName: azureauth-${{ parameters.version }}-${{ config.runtime }}
targetPath: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-${{ config.runtime }}
outputs:
- output: pipelineArtifact
artifactName: azureauth-${{ parameters.version }}-${{ config.runtime }}-signed
targetPath: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-${{ config.runtime }}-signed
steps:
- task: EsrpCodeSigning@5
displayName: Sign artifacts win10-x64
condition: eq('${{ config.runtime }}', 'win10-x64')
inputs:
ConnectedServiceName: $(esrpKVServiceConnection)
AppRegistrationClientId: $(SIGNING_AAD_ID)
AppRegistrationTenantId: $(SIGNING_TENANT_ID)
AuthAKVName: $(AZURE_VAULT)
AuthCertName: $(AZURE_VAULT_ESRP_AAD_CERT_NAME)
AuthSignCertName: $(AZURE_VAULT_ESRP_REQ_CERT_NAME)
FolderPath: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-${{ config.runtime }}/AzureAuth
Pattern: '*.dll,*.exe'
signConfigType: 'inlineSignParams'
inlineOperation: |
[
{
"KeyCode": "$(SIGNING_KEY_CODE_AUTHENTICODE)",
"OperationCode": "SigntoolSign",
"ToolName": "sign",
"ToolVersion": "1.0",
"Parameters": {
"OpusName": "Microsoft",
"OpusInfo": "https://www.microsoft.com",
"FileDigest": "/fd SHA256",
"PageHash": "/NPH",
"TimeStamp": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
}
},
{
"KeyCode": "$(SIGNING_KEY_CODE_AUTHENTICODE)",
"OperationCode": "SigntoolVerify",
"ToolName": "sign",
"ToolVersion": "1.0",
"Parameters": {}
}
]
SessionTimeout: '60'
MaxConcurrency: '50'
MaxRetryAttempts: '5'
PendingAnalysisWaitTimeoutMinutes: '5'
- task: ArchiveFiles@2
displayName: Codesigning - zip artifacts to send to ESRP
condition: startsWith('${{ config.runtime }}', 'osx')
inputs:
rootFolderOrFile: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-${{ config.runtime }}
includeRootFolder: false
archiveType: zip
archiveFile: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-${{ config.runtime }}.zip
- task: EsrpCodeSigning@5
displayName: Sign artifacts osx
condition: startsWith('${{ config.runtime }}', 'osx')
inputs:
ConnectedServiceName: $(esrpKVServiceConnection)
AppRegistrationClientId: $(SIGNING_AAD_ID)
AppRegistrationTenantId: $(SIGNING_TENANT_ID)
AuthAKVName: $(AZURE_VAULT)
AuthCertName: $(AZURE_VAULT_ESRP_AAD_CERT_NAME)
AuthSignCertName: $(AZURE_VAULT_ESRP_REQ_CERT_NAME)
FolderPath: $(Build.ArtifactStagingDirectory)
Pattern: 'azureauth-${{ parameters.version }}-${{ config.runtime }}.zip'
signConfigType: 'inlineSignParams'
inlineOperation: |
[
{
"KeyCode": "$(SIGNING_KEY_CODE_MAC)",
"OperationCode": "MacAppDeveloperSign",
"ToolName": "sign",
"ToolVersion": "1.0",
"Parameters": {}
},
{
"KeyCode": "$(SIGNING_KEY_CODE_MAC)",
"OperationCode": "SigntoolVerify",
"ToolName": "sign",
"ToolVersion": "1.0",
"Parameters": {}
}
]
SessionTimeout: '60'
MaxConcurrency: '50'
MaxRetryAttempts: '5'
PendingAnalysisWaitTimeoutMinutes: '5'
- task: ExtractFiles@1
displayName: Extract signed artifacts osx
condition: startsWith('${{ config.runtime }}', 'osx')
inputs:
archiveFilePatterns: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-${{ config.runtime }}.zip
destinationFolder: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-${{ config.runtime }}
cleanDestinationFolder: true
overwriteExistingFiles: true
# We rename the signed artifacts to avoid conflicts with the unsigned pipeline artifacts from the previous stage.
- task: PowerShell@2
displayName: Rename signed artifacts
inputs:
workingDirectory: $(Build.ArtifactStagingDirectory)
targetType: 'inline'
script: |
mv "azureauth-${{ parameters.version }}-${{ config.runtime }}" "azureauth-${{ parameters.version }}-${{ config.runtime }}-signed"
- task: DotNetCoreCLI@2
displayName: Install dependencies
inputs:
command: restore
feedsToUse: select
vstsFeed: $(vstsFeedId)
includeNuGetOrg: false
arguments: --runtime ${{ config.runtime }}
# Currently we package artifacts into the most commonly accessible archive format for their respective platforms.
- stage: package
displayName: Package
dependsOn: sign
jobs:
- job: package
displayName: Package
pool:
name: Azure-Pipelines-1ESPT-ExDShared
image: ubuntu-latest
os: linux
templateContext:
inputs:
- ${{ each config in parameters.buildConfigs }}:
- input: pipelineArtifact
artifactName: azureauth-${{ parameters.version }}-${{ config.runtime }}-signed
targetPath: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-${{ config.runtime }}-signed
outputs:
- ${{ each config in parameters.buildConfigs }}:
- output: pipelineArtifact
artifactName: azureauth-${{ parameters.version }}-${{ config.runtime }}.${{ config.archiveExt }}
targetPath: $(Build.SourcesDirectory)/azureauth-${{ parameters.version }}-${{ config.runtime }}.${{ config.archiveExt }}
steps:
- task: ArchiveFiles@2
displayName: Create win10-x64 archive
inputs:
rootFolderOrFile: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-win10-x64-signed/AzureAuth
includeRootFolder: false
archiveType: zip
archiveFile: azureauth-${{ parameters.version }}-win10-x64.zip
- task: Bash@3
displayName: Prepare osx-x64 executables
inputs:
targetType: inline
workingDirectory: $(Build.ArtifactStagingDirectory)
script: |
cd azureauth-${{ parameters.version }}-osx-x64-signed/AzureAuth
chmod +x azureauth createdump *.dylib
- task: ArchiveFiles@2
displayName: Create osx-x64 archive
inputs:
rootFolderOrFile: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-osx-x64-signed/AzureAuth
includeRootFolder: false
archiveType: tar
tarCompression: gz
archiveFile: azureauth-${{ parameters.version }}-osx-x64.tar.gz
- task: Bash@3
displayName: Prepare osx-arm64 executables
inputs:
workingDirectory: $(Build.ArtifactStagingDirectory)
targetType: inline
script: |
cd azureauth-${{ parameters.version }}-osx-arm64-signed/AzureAuth
chmod +x azureauth createdump *.dylib
- task: ArchiveFiles@2
displayName: Create osx-arm64 archive
inputs:
rootFolderOrFile: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-osx-arm64-signed/AzureAuth
includeRootFolder: false
archiveType: tar
tarCompression: gz
archiveFile: azureauth-${{ parameters.version }}-osx-arm64.tar.gz

- task: DotNetCoreCLI@2
displayName: Test
inputs:
command: test
arguments: --configuration release --no-restore

- task: DotNetCoreCLI@2
displayName: Build artifacts
env:
ADO_TOKEN: $(System.AccessToken)
inputs:
command: publish
projects: src/AzureAuth/AzureAuth.csproj
arguments: -p:Version=${{ parameters.version }} --configuration release --self-contained true --runtime ${{ config.runtime }} --output dist/${{ config.runtime }}
publishWebProjects: false
zipAfterPublish: false
modifyOutputPath: true
- stage: release
displayName: Release
dependsOn: package
jobs:
- job: release
displayName: Release
pool:
name: Azure-Pipelines-1ESPT-ExDShared
image: ubuntu-latest
os: linux
templateContext:
inputs:
- ${{ each config in parameters.buildConfigs }}:
- input: pipelineArtifact
artifactName: azureauth-${{ parameters.version }}-${{ config.runtime }}.${{ config.archiveExt }}
targetPath: $(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-${{ config.runtime }}.${{ config.archiveExt }}
steps:
- task: GitHubRelease@1
displayName: Create AzureAuth GitHub Release
inputs:
gitHubConnection: $(githubReleaseServiceConnection)
repositoryName: 'AzureAD/microsoft-authentication-cli'
action: 'create'
target: $(Build.SourceVersion)
tagSource: 'userSpecifiedTag'
tag: ${{ parameters.version }}
isPrerelease: ${{ parameters.prerelease }}
isDraft: true
addChangeLog: false
releaseNotesSource: 'inline'
releaseNotesInline: "Release ${{ parameters.version }}. See [`CHANGELOG.md`](https://github.com/AzureAD/microsoft-authentication-cli/blob/${{ parameters.version }}/CHANGELOG.md) for updates."
assets: |
$(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-win10-x64.zip/azureauth-${{ parameters.version }}-win10-x64.zip
$(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-osx-x64.tar.gz/azureauth-${{ parameters.version }}-osx-x64.tar.gz
$(Build.ArtifactStagingDirectory)/azureauth-${{ parameters.version }}-osx-arm64.tar.gz/azureauth-${{ parameters.version }}-osx-arm64.tar.gz

0 comments on commit ea59cef

Please sign in to comment.