From 4cd3afdf55b74a90280904e0a37ca70f1c4d2115 Mon Sep 17 00:00:00 2001 From: Tyler Leonhardt Date: Fri, 20 Nov 2020 11:44:47 -0800 Subject: [PATCH 01/21] move to compliance repo --- .vsts-ci/misc-analysis.yml | 17 ++++++++++++++--- .vsts-ci/templates/credscan.yml | 31 ------------------------------- 2 files changed, 14 insertions(+), 34 deletions(-) delete mode 100644 .vsts-ci/templates/credscan.yml diff --git a/.vsts-ci/misc-analysis.yml b/.vsts-ci/misc-analysis.yml index e8ccba8..c9dc67b 100644 --- a/.vsts-ci/misc-analysis.yml +++ b/.vsts-ci/misc-analysis.yml @@ -12,8 +12,19 @@ pr: - master resources: -- repo: self - clean: true + repositories: + - repository: ComplianceRepo + type: github + endpoint: ComplianceGHRepo + name: PowerShell/compliance jobs: -- template: templates/credscan.yml +- job: Compliance_Job + pool: + vmImage: windows-latest + steps: + - checkout: self + clean: true + - checkout: ComplianceRepo + clean: true + - template: ci-compliance.yml@ComplianceRepo diff --git a/.vsts-ci/templates/credscan.yml b/.vsts-ci/templates/credscan.yml deleted file mode 100644 index eb711c8..0000000 --- a/.vsts-ci/templates/credscan.yml +++ /dev/null @@ -1,31 +0,0 @@ -parameters: - pool: 'Hosted VS2017' - jobName: 'credscan' - displayName: Secret Scan - -jobs: -- job: ${{ parameters.jobName }} - pool: - name: ${{ parameters.pool }} - - displayName: ${{ parameters.displayName }} - - steps: - - powershell: Write-Host "##vso[build.updatebuildnumber]$env:BUILD_SOURCEBRANCHNAME-$env:BUILD_SOURCEVERSION-$((get-date).ToString("yyyyMMddhhmmss"))" - displayName: Set Build Name for Non-PR - condition: ne(variables['Build.Reason'], 'PullRequest') - - - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2 - displayName: 'Scan for secrets' - inputs: - debugMode: false - - - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2 - displayName: 'Publish Secret Scan Logs to Build Artifacts' - continueOnError: true - - - task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@1 - displayName: 'Check for failures' - inputs: - CredScan: true - ToolLogsNotFoundAction: Error From d9f229b5d64e5b456f1a3d619e27d1af38f852a0 Mon Sep 17 00:00:00 2001 From: Tyler Leonhardt Date: Fri, 20 Nov 2020 14:58:21 -0800 Subject: [PATCH 02/21] first attempt at release --- .vsts-ci/azure-pipelines-release.yml | 288 +++++++++--------- ...icrosoft.PowerShell.ConsoleGuiTools.csproj | 2 +- .../ModuleLayout.psd1 | 6 +- ...Microsoft.PowerShell.GraphicalTools.csproj | 2 +- .../ModuleLayout.psd1 | 6 +- .../ApplicationData.cs | 0 .../DataTable.cs | 0 .../DataTableColumn.cs | 0 .../DataTableRow.cs | 0 ...soft.PowerShell.OutGridView.Models.csproj} | 0 .../OutputModeOptions.cs | 0 .../Serializers.cs | 0 src/OutGridView.Gui/OutGridView.Gui.csproj | 2 +- 13 files changed, 145 insertions(+), 161 deletions(-) rename src/{OutGridView.Models => Microsoft.PowerShell.OutGridView.Models}/ApplicationData.cs (100%) rename src/{OutGridView.Models => Microsoft.PowerShell.OutGridView.Models}/DataTable.cs (100%) rename src/{OutGridView.Models => Microsoft.PowerShell.OutGridView.Models}/DataTableColumn.cs (100%) rename src/{OutGridView.Models => Microsoft.PowerShell.OutGridView.Models}/DataTableRow.cs (100%) rename src/{OutGridView.Models/OutGridView.Models.csproj => Microsoft.PowerShell.OutGridView.Models/Microsoft.PowerShell.OutGridView.Models.csproj} (100%) rename src/{OutGridView.Models => Microsoft.PowerShell.OutGridView.Models}/OutputModeOptions.cs (100%) rename src/{OutGridView.Models => Microsoft.PowerShell.OutGridView.Models}/Serializers.cs (100%) diff --git a/.vsts-ci/azure-pipelines-release.yml b/.vsts-ci/azure-pipelines-release.yml index 0e5f301..d4913a9 100644 --- a/.vsts-ci/azure-pipelines-release.yml +++ b/.vsts-ci/azure-pipelines-release.yml @@ -1,3 +1,6 @@ +# NOTE: +# We stop signing GraphicalTools now since we aren't doing anymore work on it until MAUI + name: PR-$(System.PullRequest.PullRequestNumber)-$(Date:yyyyMMdd)$(Rev:.rr) variables: @@ -31,155 +34,136 @@ trigger: - /LICENSE.txt - /CODE_OF_CONDUCT.md -jobs: -- job: 'ReleaseBuild' - displayName: Release Build - pool: - vmImage: 'vs2017-win2016' - steps: - - template: templates/ci-general.yml - -- job: 'SignBuild' - displayName: Signing Build - dependsOn: 'ReleaseBuild' - pool: - name: 'Package ES CodeHub Lab E' - demands: DotNetFramework - steps: - - powershell: | - Get-ChildItem -Path env: - displayName: Capture environment - condition: succeededOrFailed() - - - task: PkgESSetupBuild@10 - displayName: 'Package ES - Setup Build' - inputs: - productName: GraphicalTools - - - task: DownloadBuildArtifacts@0 - displayName: 'Download Build Artifacts' - inputs: - downloadType: specific - - - task: PowerShell@1 - displayName: 'Extract build zip' - inputs: - scriptType: inlineScript - inlineScript: | - Expand-Archive -Path "$env:BUILD_ARTIFACTSTAGINGDIRECTORY\GraphicalTools\Microsoft.PowerShell.GraphicalTools-Windows_NT.zip" -DestinationPath "$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.GraphicalTools" - Expand-Archive -Path "$env:BUILD_ARTIFACTSTAGINGDIRECTORY\GraphicalTools\Microsoft.PowerShell.ConsoleGuiTools-Windows_NT.zip" -DestinationPath "$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.ConsoleGuiTools" - - - task: PkgESCodeSign@10 - displayName: 'CodeSign tools/releaseBuild/signing.xml' - env: - SYSTEM_ACCESSTOKEN: $(System.AccessToken) - inputs: - signConfigXml: tools/releaseBuild/signing.xml - inPathRoot: '$(Build.ArtifactStagingDirectory)' - outPathRoot: '$(Build.ArtifactStagingDirectory)\Signed' - - - task: PowerShell@1 - displayName: 'Copy signed files to unsigned folder' - inputs: - scriptType: inlineScript - inlineScript: | - $signed="$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Signed\*" - $notSigned="$env:BUILD_ARTIFACTSTAGINGDIRECTORY" - Copy-Item $signed $notSigned -Recurse -Force - - - task: PowerShell@1 - displayName: 'Create catalog file' - inputs: - scriptType: inlineScript - inlineScript: | - $signedDir = "$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.GraphicalTools\Microsoft.PowerShell.GraphicalTools" - New-FileCatalog -CatalogFilePath "$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.GraphicalTools\Microsoft.PowerShell.GraphicalTools.cat" -Path "$signedDir" - $signedDir = "$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.ConsoleGuiTools\Microsoft.PowerShell.ConsoleGuiTools" - New-FileCatalog -CatalogFilePath "$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.ConsoleGuiTools\Microsoft.PowerShell.ConsoleGuiTools.cat" -Path "$signedDir" - - - task: PkgESCodeSign@10 - displayName: 'CodeSign tools/releaseBuild/FileCatalogSigning.xml' - env: - SYSTEM_ACCESSTOKEN: $(System.AccessToken) - inputs: - signConfigXml: tools/releaseBuild/FileCatalogSigning.xml - inPathRoot: '$(Build.ArtifactStagingDirectory)' - outPathRoot: '$(Build.ArtifactStagingDirectory)' - - - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0 - displayName: 'Component Detection' - - - task: AntiMalware@3 - inputs: - InputType: 'Basic' - ScanType: 'CustomScan' - FileDirPath: '$(Build.ArtifactStagingDirectory)' - EnableServices: false - SupportLogOnError: false - TreatSignatureUpdateFailureAs: 'Warning' - SignatureFreshness: 'UpToDate' - TreatStaleSignatureAs: 'Error' - - - task: PoliCheck@1 - condition: succeededOrFailed() - inputs: - targetType: F - optionsFC: 0 - optionsXS: 0 - optionsPE: '1|2|3|4' - optionsHMENABLE: 0 - optionsFTPATH: '$(Build.SourcesDirectory)\tools\terms\FileTypeSet.xml' - # toolVersion: 5.8.2.1 - - - task: CredScan@2 - condition: succeededOrFailed() - - - task: BinSkim@3 - condition: succeededOrFailed() - inputs: - InputType: 'Basic' - Function: 'analyze' - AnalyzeRecurse: true - AnalyzeTarget: '$(Build.ArtifactStagingDirectory)\Microsoft.PowerShell.*Tools.dll;$(Build.ArtifactStagingDirectory)\OutGridView*.dll' - - # Publish results as artifacts - - task: PublishSecurityAnalysisLogs@3 - condition: succeededOrFailed() - inputs: - ArtifactName: 'CodeAnalysisLogs' - ArtifactType: 'Container' - - # Publish to TSA server - - task: TSAUpload@1 - condition: succeededOrFailed() - continueOnError: true - inputs: - tsaVersion: 'TsaV2' - codebase: 'Existing' - tsaEnvironment: 'PROD' - codeBaseName: 'PowerShell_GraphicalTools_20190809' - uploadAPIScan: false - uploadBinSkim: true - uploadCredScan: true - uploadFortifySCA: false - uploadFxCop: false - uploadModernCop: false - uploadPoliCheck: true - uploadPREfast: false - uploadRoslyn: false - uploadTSLint: false - uploadAsync: true - - - task: PowerShell@1 - displayName: 'Upload Artifacts' - condition: succeededOrFailed() - inputs: - scriptType: inlineScript - inlineScript: 'Write-Host "##vso[artifact.upload containerfolder=Microsoft.PowerShell.GraphicalTools-Signed;artifactname=Microsoft.PowerShell.GraphicalTools-Signed]$(Build.ArtifactStagingDirectory)\Microsoft.PowerShell.GraphicalTools\Microsoft.PowerShell.GraphicalTools"' - - - task: PowerShell@1 - displayName: 'Upload Artifacts' - condition: succeededOrFailed() - inputs: - scriptType: inlineScript - inlineScript: 'Write-Host "##vso[artifact.upload containerfolder=Microsoft.PowerShell.ConsoleGuiTools-Signed;artifactname=Microsoft.PowerShell.ConsoleGuiTools-Signed]$(Build.ArtifactStagingDirectory)\Microsoft.PowerShell.ConsoleGuiTools\Microsoft.PowerShell.ConsoleGuiTools"' +resources: + repositories: + - repository: ComplianceRepo + type: github + endpoint: ComplianceGHRepo + name: PowerShell/compliance + + +- stage: Build + displayName: Build + jobs: + - job: 'ReleaseBuild' + displayName: Release Build + pool: + vmImage: 'vs2017-win2016' + steps: + - template: templates/ci-general.yml + - job: 'SignBuild' + displayName: Signing Build + dependsOn: 'ReleaseBuild' + pool: + name: 'Package ES CodeHub Lab E' + demands: DotNetFramework + steps: + - powershell: | + Get-ChildItem -Path env: + displayName: Capture environment + condition: succeededOrFailed() + + - task: DownloadBuildArtifacts@0 + displayName: 'Download Build Artifacts' + inputs: + downloadType: specific + + - task: PowerShell@1 + displayName: 'Extract build zip' + inputs: + scriptType: inlineScript + inlineScript: | + Expand-Archive -Path "$env:BUILD_ARTIFACTSTAGINGDIRECTORY\GraphicalTools\Microsoft.PowerShell.ConsoleGuiTools-Windows_NT.zip" -DestinationPath "$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.ConsoleGuiTools" + + - task: PkgESCodeSign@10 + displayName: 'CodeSign tools/releaseBuild/signing.xml' + env: + SYSTEM_ACCESSTOKEN: $(System.AccessToken) + inputs: + signConfigXml: tools/releaseBuild/signing.xml + inPathRoot: '$(Build.ArtifactStagingDirectory)' + outPathRoot: '$(Build.ArtifactStagingDirectory)\Signed' + + - template: EsrpSign.yml@ComplianceRepo + parameters: + # the folder which contains the binaries to sign + buildOutputPath: $(Build.ArtifactStagingDirectory) + # the location to put the signed output + signOutputPath: $(Build.ArtifactStagingDirectory)\Signed + # the certificate ID to use + certificateId: "CP-230012" + # The file pattern to use + # If not using minimatch: comma separated, with * supported + # If using minimatch: newline separated, with !, **, and * supported. + # See link in the useMinimatch comments. + pattern: 'Microsoft.PowerShell.*.dll,Microsoft.PowerShell.*.psd1,Microsoft.PowerShell.*.psm1' + # decides if the task should use minimatch for the pattern matching. + # https://github.com/isaacs/minimatch#features + useMinimatch: false + + - template: EsrpSign.yml@ComplianceRepo + parameters: + # the folder which contains the binaries to sign + buildOutputPath: $(Build.ArtifactStagingDirectory) + # the location to put the signed output + signOutputPath: $(Build.ArtifactStagingDirectory)\Signed + # the certificate ID to use + certificateId: "CP-231522" + # The file pattern to use + # If not using minimatch: comma separated, with * supported + # If using minimatch: newline separated, with !, **, and * supported. + # See link in the useMinimatch comments. + pattern: 'NStack.dll,Terminal.Gui.dll' + # decides if the task should use minimatch for the pattern matching. + # https://github.com/isaacs/minimatch#features + useMinimatch: false + + - task: PowerShell@1 + displayName: 'Copy signed files to unsigned folder' + inputs: + scriptType: inlineScript + inlineScript: | + $signed="$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Signed\*" + $notSigned="$env:BUILD_ARTIFACTSTAGINGDIRECTORY" + Copy-Item $signed $notSigned -Recurse -Force + + - task: PowerShell@1 + displayName: 'Upload Artifacts' + condition: succeededOrFailed() + inputs: + scriptType: inlineScript + inlineScript: 'Write-Host "##vso[artifact.upload containerfolder=Microsoft.PowerShell.ConsoleGuiTools-Signed;artifactname=Microsoft.PowerShell.ConsoleGuiTools-Signed]$(Build.ArtifactStagingDirectory)\Microsoft.PowerShell.ConsoleGuiTools\Microsoft.PowerShell.ConsoleGuiTools"' + +- stage: compliance + displayName: Compliance + dependsOn: Build + jobs: + - job: Compliance_Job + pool: + name: Package ES Standard Build + steps: + - checkout: self + - checkout: ComplianceRepo + - download: current + artifact: Microsoft.PowerShell.ConsoleGuiTools-Signed + + - pwsh: | + Get-ChildItem -Path "$(Pipeline.Workspace)\Microsoft.PowerShell.ConsoleGuiTools-Signed" -Recurse + displayName: Capture downloaded artifacts + + - template: assembly-module-compliance.yml@ComplianceRepo + parameters: + # binskim + AnalyzeTarget: '$(Pipeline.Workspace)\*.dll' + AnalyzeSymPath: 'SRV*' + # component-governance + sourceScanPath: '$(Build.SourcesDirectory)' + # credscan + suppressionsFile: '' + # TermCheck + optionsRulesDBPath: '' + optionsFTPath: '' + # tsa-upload + codeBaseName: 'PowerShell_GraphicalTools_20190809' + # selections + APIScan: false # set to false when not using Windows APIs. diff --git a/src/Microsoft.PowerShell.ConsoleGuiTools/Microsoft.PowerShell.ConsoleGuiTools.csproj b/src/Microsoft.PowerShell.ConsoleGuiTools/Microsoft.PowerShell.ConsoleGuiTools.csproj index 897219a..8bedf20 100644 --- a/src/Microsoft.PowerShell.ConsoleGuiTools/Microsoft.PowerShell.ConsoleGuiTools.csproj +++ b/src/Microsoft.PowerShell.ConsoleGuiTools/Microsoft.PowerShell.ConsoleGuiTools.csproj @@ -11,7 +11,7 @@ - + diff --git a/src/Microsoft.PowerShell.ConsoleGuiTools/ModuleLayout.psd1 b/src/Microsoft.PowerShell.ConsoleGuiTools/ModuleLayout.psd1 index 80e976a..48c9432 100644 --- a/src/Microsoft.PowerShell.ConsoleGuiTools/ModuleLayout.psd1 +++ b/src/Microsoft.PowerShell.ConsoleGuiTools/ModuleLayout.psd1 @@ -8,9 +8,9 @@ 'publish/NStack.dll' ) - 'OutGridView.Models' = @( - 'publish/OutGridView.Models.dll', - 'publish/OutGridView.Models.pdb' + 'Microsoft.PowerShell.OutGridView.Models' = @( + 'publish/Microsoft.PowerShell.OutGridView.Models.dll', + 'publish/Microsoft.PowerShell.OutGridView.Models.pdb' ) } diff --git a/src/Microsoft.PowerShell.GraphicalTools/Microsoft.PowerShell.GraphicalTools.csproj b/src/Microsoft.PowerShell.GraphicalTools/Microsoft.PowerShell.GraphicalTools.csproj index 8c3e9e2..45b17d0 100644 --- a/src/Microsoft.PowerShell.GraphicalTools/Microsoft.PowerShell.GraphicalTools.csproj +++ b/src/Microsoft.PowerShell.GraphicalTools/Microsoft.PowerShell.GraphicalTools.csproj @@ -9,7 +9,7 @@ - + diff --git a/src/Microsoft.PowerShell.GraphicalTools/ModuleLayout.psd1 b/src/Microsoft.PowerShell.GraphicalTools/ModuleLayout.psd1 index 2de7f61..dddfb29 100644 --- a/src/Microsoft.PowerShell.GraphicalTools/ModuleLayout.psd1 +++ b/src/Microsoft.PowerShell.GraphicalTools/ModuleLayout.psd1 @@ -7,9 +7,9 @@ "publish/Microsoft.PowerShell.GraphicalTools.psm1" ) - 'OutGridView.Models' = @( - 'publish/OutGridView.Models.dll', - 'publish/OutGridView.Models.pdb' + 'Microsoft.PowerShell.OutGridView.Models' = @( + 'publish/Microsoft.PowerShell.OutGridView.Models.dll', + 'publish/Microsoft.PowerShell.OutGridView.Models.pdb' ) } diff --git a/src/OutGridView.Models/ApplicationData.cs b/src/Microsoft.PowerShell.OutGridView.Models/ApplicationData.cs similarity index 100% rename from src/OutGridView.Models/ApplicationData.cs rename to src/Microsoft.PowerShell.OutGridView.Models/ApplicationData.cs diff --git a/src/OutGridView.Models/DataTable.cs b/src/Microsoft.PowerShell.OutGridView.Models/DataTable.cs similarity index 100% rename from src/OutGridView.Models/DataTable.cs rename to src/Microsoft.PowerShell.OutGridView.Models/DataTable.cs diff --git a/src/OutGridView.Models/DataTableColumn.cs b/src/Microsoft.PowerShell.OutGridView.Models/DataTableColumn.cs similarity index 100% rename from src/OutGridView.Models/DataTableColumn.cs rename to src/Microsoft.PowerShell.OutGridView.Models/DataTableColumn.cs diff --git a/src/OutGridView.Models/DataTableRow.cs b/src/Microsoft.PowerShell.OutGridView.Models/DataTableRow.cs similarity index 100% rename from src/OutGridView.Models/DataTableRow.cs rename to src/Microsoft.PowerShell.OutGridView.Models/DataTableRow.cs diff --git a/src/OutGridView.Models/OutGridView.Models.csproj b/src/Microsoft.PowerShell.OutGridView.Models/Microsoft.PowerShell.OutGridView.Models.csproj similarity index 100% rename from src/OutGridView.Models/OutGridView.Models.csproj rename to src/Microsoft.PowerShell.OutGridView.Models/Microsoft.PowerShell.OutGridView.Models.csproj diff --git a/src/OutGridView.Models/OutputModeOptions.cs b/src/Microsoft.PowerShell.OutGridView.Models/OutputModeOptions.cs similarity index 100% rename from src/OutGridView.Models/OutputModeOptions.cs rename to src/Microsoft.PowerShell.OutGridView.Models/OutputModeOptions.cs diff --git a/src/OutGridView.Models/Serializers.cs b/src/Microsoft.PowerShell.OutGridView.Models/Serializers.cs similarity index 100% rename from src/OutGridView.Models/Serializers.cs rename to src/Microsoft.PowerShell.OutGridView.Models/Serializers.cs diff --git a/src/OutGridView.Gui/OutGridView.Gui.csproj b/src/OutGridView.Gui/OutGridView.Gui.csproj index f17c0c1..e8e8818 100644 --- a/src/OutGridView.Gui/OutGridView.Gui.csproj +++ b/src/OutGridView.Gui/OutGridView.Gui.csproj @@ -24,7 +24,7 @@ - + From 00ad25238a6b37ff9a9a915c744d5b56517e11cd Mon Sep 17 00:00:00 2001 From: Tyler Leonhardt Date: Fri, 20 Nov 2020 15:01:53 -0800 Subject: [PATCH 03/21] add stages --- .vsts-ci/azure-pipelines-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.vsts-ci/azure-pipelines-release.yml b/.vsts-ci/azure-pipelines-release.yml index d4913a9..75d0f87 100644 --- a/.vsts-ci/azure-pipelines-release.yml +++ b/.vsts-ci/azure-pipelines-release.yml @@ -41,7 +41,7 @@ resources: endpoint: ComplianceGHRepo name: PowerShell/compliance - +stages: - stage: Build displayName: Build jobs: From 2357143386feb152c570dc12432d260bb6380cd0 Mon Sep 17 00:00:00 2001 From: Tyler Leonhardt Date: Fri, 20 Nov 2020 15:15:36 -0800 Subject: [PATCH 04/21] move pool --- .vsts-ci/azure-pipelines-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.vsts-ci/azure-pipelines-release.yml b/.vsts-ci/azure-pipelines-release.yml index 75d0f87..dbbd7d4 100644 --- a/.vsts-ci/azure-pipelines-release.yml +++ b/.vsts-ci/azure-pipelines-release.yml @@ -140,7 +140,7 @@ stages: jobs: - job: Compliance_Job pool: - name: Package ES Standard Build + name: Package ES CodeHub Lab E steps: - checkout: self - checkout: ComplianceRepo From c1728bf76304e203389b50cf2ed84faf92b781f3 Mon Sep 17 00:00:00 2001 From: Tyler Leonhardt Date: Fri, 20 Nov 2020 15:23:39 -0800 Subject: [PATCH 05/21] remove pkges task --- .vsts-ci/azure-pipelines-release.yml | 9 --------- 1 file changed, 9 deletions(-) diff --git a/.vsts-ci/azure-pipelines-release.yml b/.vsts-ci/azure-pipelines-release.yml index dbbd7d4..efce80b 100644 --- a/.vsts-ci/azure-pipelines-release.yml +++ b/.vsts-ci/azure-pipelines-release.yml @@ -75,15 +75,6 @@ stages: inlineScript: | Expand-Archive -Path "$env:BUILD_ARTIFACTSTAGINGDIRECTORY\GraphicalTools\Microsoft.PowerShell.ConsoleGuiTools-Windows_NT.zip" -DestinationPath "$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.ConsoleGuiTools" - - task: PkgESCodeSign@10 - displayName: 'CodeSign tools/releaseBuild/signing.xml' - env: - SYSTEM_ACCESSTOKEN: $(System.AccessToken) - inputs: - signConfigXml: tools/releaseBuild/signing.xml - inPathRoot: '$(Build.ArtifactStagingDirectory)' - outPathRoot: '$(Build.ArtifactStagingDirectory)\Signed' - - template: EsrpSign.yml@ComplianceRepo parameters: # the folder which contains the binaries to sign From e195e616ccbc9d50df29305c0e355c48c0ee0b01 Mon Sep 17 00:00:00 2001 From: Tyler Leonhardt Date: Fri, 20 Nov 2020 15:39:25 -0800 Subject: [PATCH 06/21] add variable group --- .vsts-ci/azure-pipelines-release.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.vsts-ci/azure-pipelines-release.yml b/.vsts-ci/azure-pipelines-release.yml index efce80b..77a8af2 100644 --- a/.vsts-ci/azure-pipelines-release.yml +++ b/.vsts-ci/azure-pipelines-release.yml @@ -57,6 +57,8 @@ stages: pool: name: 'Package ES CodeHub Lab E' demands: DotNetFramework + variables: + - group: ESRP steps: - powershell: | Get-ChildItem -Path env: From 96fe3bcbc594c9008ee9969b84a8ae3c4dc3205d Mon Sep 17 00:00:00 2001 From: Tyler Leonhardt Date: Fri, 20 Nov 2020 20:37:15 -0800 Subject: [PATCH 07/21] try copying files --- .vsts-ci/azure-pipelines-release.yml | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/.vsts-ci/azure-pipelines-release.yml b/.vsts-ci/azure-pipelines-release.yml index 77a8af2..4c2a5d6 100644 --- a/.vsts-ci/azure-pipelines-release.yml +++ b/.vsts-ci/azure-pipelines-release.yml @@ -77,10 +77,17 @@ stages: inlineScript: | Expand-Archive -Path "$env:BUILD_ARTIFACTSTAGINGDIRECTORY\GraphicalTools\Microsoft.PowerShell.ConsoleGuiTools-Windows_NT.zip" -DestinationPath "$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.ConsoleGuiTools" + - task: PowerShell@1 + displayName: 'Copy PowerShell' + inputs: + scriptType: inlineScript + inlineScript: | + Expand-Archive -Path "$env:BUILD_ARTIFACTSTAGINGDIRECTORY\GraphicalTools\Microsoft.PowerShell.ConsoleGuiTools-Windows_NT.zip" -DestinationPath "$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.ConsoleGuiTools" + - template: EsrpSign.yml@ComplianceRepo parameters: # the folder which contains the binaries to sign - buildOutputPath: $(Build.ArtifactStagingDirectory) + buildOutputPath: $(Build.ArtifactStagingDirectory)\Microsoft.PowerShell.ConsoleGuiTools # the location to put the signed output signOutputPath: $(Build.ArtifactStagingDirectory)\Signed # the certificate ID to use @@ -94,12 +101,21 @@ stages: # https://github.com/isaacs/minimatch#features useMinimatch: false + - task: PowerShell@1 + displayName: 'Copy signed files to unsigned folder' + inputs: + scriptType: inlineScript + inlineScript: | + $signed="$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.ConsoleGuiTools-Signed\*" + $notSigned="$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.ConsoleGuiTools" + Copy-Item $signed $notSigned -Recurse -Force + - template: EsrpSign.yml@ComplianceRepo parameters: # the folder which contains the binaries to sign - buildOutputPath: $(Build.ArtifactStagingDirectory) + buildOutputPath: $(Build.ArtifactStagingDirectory)\Microsoft.PowerShell.ConsoleGuiTools # the location to put the signed output - signOutputPath: $(Build.ArtifactStagingDirectory)\Signed + signOutputPath: $(Build.ArtifactStagingDirectory)\Microsoft.PowerShell.ConsoleGuiTools-Signed # the certificate ID to use certificateId: "CP-231522" # The file pattern to use @@ -116,8 +132,8 @@ stages: inputs: scriptType: inlineScript inlineScript: | - $signed="$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Signed\*" - $notSigned="$env:BUILD_ARTIFACTSTAGINGDIRECTORY" + $signed="$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.ConsoleGuiTools-Signed\*" + $notSigned="$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.ConsoleGuiTools" Copy-Item $signed $notSigned -Recurse -Force - task: PowerShell@1 From a45f94d24166a944e8d539412d54610566f80c43 Mon Sep 17 00:00:00 2001 From: Tyler Leonhardt Date: Fri, 20 Nov 2020 21:11:50 -0800 Subject: [PATCH 08/21] remove extra extract --- .vsts-ci/azure-pipelines-release.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/.vsts-ci/azure-pipelines-release.yml b/.vsts-ci/azure-pipelines-release.yml index 4c2a5d6..cb1ae18 100644 --- a/.vsts-ci/azure-pipelines-release.yml +++ b/.vsts-ci/azure-pipelines-release.yml @@ -77,13 +77,6 @@ stages: inlineScript: | Expand-Archive -Path "$env:BUILD_ARTIFACTSTAGINGDIRECTORY\GraphicalTools\Microsoft.PowerShell.ConsoleGuiTools-Windows_NT.zip" -DestinationPath "$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.ConsoleGuiTools" - - task: PowerShell@1 - displayName: 'Copy PowerShell' - inputs: - scriptType: inlineScript - inlineScript: | - Expand-Archive -Path "$env:BUILD_ARTIFACTSTAGINGDIRECTORY\GraphicalTools\Microsoft.PowerShell.ConsoleGuiTools-Windows_NT.zip" -DestinationPath "$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.ConsoleGuiTools" - - template: EsrpSign.yml@ComplianceRepo parameters: # the folder which contains the binaries to sign From a4290f8371ab84d4f56463684d7ce2e695c839d8 Mon Sep 17 00:00:00 2001 From: Tyler Leonhardt Date: Fri, 20 Nov 2020 21:22:20 -0800 Subject: [PATCH 09/21] copy to signed dir --- .vsts-ci/azure-pipelines-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.vsts-ci/azure-pipelines-release.yml b/.vsts-ci/azure-pipelines-release.yml index cb1ae18..4718cd5 100644 --- a/.vsts-ci/azure-pipelines-release.yml +++ b/.vsts-ci/azure-pipelines-release.yml @@ -82,7 +82,7 @@ stages: # the folder which contains the binaries to sign buildOutputPath: $(Build.ArtifactStagingDirectory)\Microsoft.PowerShell.ConsoleGuiTools # the location to put the signed output - signOutputPath: $(Build.ArtifactStagingDirectory)\Signed + signOutputPath: $(Build.ArtifactStagingDirectory)\Microsoft.PowerShell.ConsoleGuiTools-Signed # the certificate ID to use certificateId: "CP-230012" # The file pattern to use From b27229f8377300f49cb11232f999b1b4f880bc8f Mon Sep 17 00:00:00 2001 From: Tyler Leonhardt Date: Mon, 23 Nov 2020 14:26:18 -0800 Subject: [PATCH 10/21] change tsa name --- .vsts-ci/azure-pipelines-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.vsts-ci/azure-pipelines-release.yml b/.vsts-ci/azure-pipelines-release.yml index 4718cd5..7d4933a 100644 --- a/.vsts-ci/azure-pipelines-release.yml +++ b/.vsts-ci/azure-pipelines-release.yml @@ -166,6 +166,6 @@ stages: optionsRulesDBPath: '' optionsFTPath: '' # tsa-upload - codeBaseName: 'PowerShell_GraphicalTools_20190809' + codeBaseName: 'PSGraphicalTools_20201123' # selections APIScan: false # set to false when not using Windows APIs. From 78e0e39f27dd77b9d4ec8902d0031b2ce6ca66b7 Mon Sep 17 00:00:00 2001 From: Tyler Leonhardt Date: Mon, 23 Nov 2020 15:04:42 -0800 Subject: [PATCH 11/21] move to PowerShell@2 --- .vsts-ci/azure-pipelines-release.yml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/.vsts-ci/azure-pipelines-release.yml b/.vsts-ci/azure-pipelines-release.yml index 7d4933a..7a5ca29 100644 --- a/.vsts-ci/azure-pipelines-release.yml +++ b/.vsts-ci/azure-pipelines-release.yml @@ -70,11 +70,11 @@ stages: inputs: downloadType: specific - - task: PowerShell@1 + - task: PowerShell@2 displayName: 'Extract build zip' inputs: - scriptType: inlineScript - inlineScript: | + targetType: inline + script: | Expand-Archive -Path "$env:BUILD_ARTIFACTSTAGINGDIRECTORY\GraphicalTools\Microsoft.PowerShell.ConsoleGuiTools-Windows_NT.zip" -DestinationPath "$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.ConsoleGuiTools" - template: EsrpSign.yml@ComplianceRepo @@ -94,11 +94,11 @@ stages: # https://github.com/isaacs/minimatch#features useMinimatch: false - - task: PowerShell@1 + - task: PowerShell@2 displayName: 'Copy signed files to unsigned folder' inputs: - scriptType: inlineScript - inlineScript: | + targetType: inline + script: | $signed="$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.ConsoleGuiTools-Signed\*" $notSigned="$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.ConsoleGuiTools" Copy-Item $signed $notSigned -Recurse -Force @@ -120,21 +120,21 @@ stages: # https://github.com/isaacs/minimatch#features useMinimatch: false - - task: PowerShell@1 + - task: PowerShell@2 displayName: 'Copy signed files to unsigned folder' inputs: - scriptType: inlineScript - inlineScript: | + targetType: inline + script: | $signed="$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.ConsoleGuiTools-Signed\*" $notSigned="$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.ConsoleGuiTools" Copy-Item $signed $notSigned -Recurse -Force - - task: PowerShell@1 + - task: PowerShell@2 displayName: 'Upload Artifacts' condition: succeededOrFailed() inputs: - scriptType: inlineScript - inlineScript: 'Write-Host "##vso[artifact.upload containerfolder=Microsoft.PowerShell.ConsoleGuiTools-Signed;artifactname=Microsoft.PowerShell.ConsoleGuiTools-Signed]$(Build.ArtifactStagingDirectory)\Microsoft.PowerShell.ConsoleGuiTools\Microsoft.PowerShell.ConsoleGuiTools"' + targetType: inline + script: 'Write-Host "##vso[artifact.upload containerfolder=Microsoft.PowerShell.ConsoleGuiTools-Signed;artifactname=Microsoft.PowerShell.ConsoleGuiTools-Signed]$(Build.ArtifactStagingDirectory)\Microsoft.PowerShell.ConsoleGuiTools\Microsoft.PowerShell.ConsoleGuiTools"' - stage: compliance displayName: Compliance From 7d36852dd6ff4d5a366b7187c9d71fea9a3b3e48 Mon Sep 17 00:00:00 2001 From: Tyler Leonhardt Date: Mon, 23 Nov 2020 15:10:03 -0800 Subject: [PATCH 12/21] use new syntax --- .vsts-ci/azure-pipelines-release.yml | 35 ++++++++++------------------ 1 file changed, 12 insertions(+), 23 deletions(-) diff --git a/.vsts-ci/azure-pipelines-release.yml b/.vsts-ci/azure-pipelines-release.yml index 7a5ca29..a30478a 100644 --- a/.vsts-ci/azure-pipelines-release.yml +++ b/.vsts-ci/azure-pipelines-release.yml @@ -70,12 +70,9 @@ stages: inputs: downloadType: specific - - task: PowerShell@2 + - pwsh: | + Expand-Archive -Path "$env:BUILD_ARTIFACTSTAGINGDIRECTORY\GraphicalTools\Microsoft.PowerShell.ConsoleGuiTools-Windows_NT.zip" -DestinationPath "$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.ConsoleGuiTools" displayName: 'Extract build zip' - inputs: - targetType: inline - script: | - Expand-Archive -Path "$env:BUILD_ARTIFACTSTAGINGDIRECTORY\GraphicalTools\Microsoft.PowerShell.ConsoleGuiTools-Windows_NT.zip" -DestinationPath "$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.ConsoleGuiTools" - template: EsrpSign.yml@ComplianceRepo parameters: @@ -94,14 +91,11 @@ stages: # https://github.com/isaacs/minimatch#features useMinimatch: false - - task: PowerShell@2 + - pwsh: | + $signed="$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.ConsoleGuiTools-Signed\*" + $notSigned="$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.ConsoleGuiTools" + Copy-Item $signed $notSigned -Recurse -Force displayName: 'Copy signed files to unsigned folder' - inputs: - targetType: inline - script: | - $signed="$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.ConsoleGuiTools-Signed\*" - $notSigned="$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.ConsoleGuiTools" - Copy-Item $signed $notSigned -Recurse -Force - template: EsrpSign.yml@ComplianceRepo parameters: @@ -120,21 +114,16 @@ stages: # https://github.com/isaacs/minimatch#features useMinimatch: false - - task: PowerShell@2 + - pwsh: | + $signed="$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.ConsoleGuiTools-Signed\*" + $notSigned="$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.ConsoleGuiTools" + Copy-Item $signed $notSigned -Recurse -Force displayName: 'Copy signed files to unsigned folder' - inputs: - targetType: inline - script: | - $signed="$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.ConsoleGuiTools-Signed\*" - $notSigned="$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.ConsoleGuiTools" - Copy-Item $signed $notSigned -Recurse -Force - - task: PowerShell@2 + - pwsh: | + 'Write-Host "##vso[artifact.upload containerfolder=Microsoft.PowerShell.ConsoleGuiTools-Signed;artifactname=Microsoft.PowerShell.ConsoleGuiTools-Signed]$(Build.ArtifactStagingDirectory)\Microsoft.PowerShell.ConsoleGuiTools\Microsoft.PowerShell.ConsoleGuiTools"' displayName: 'Upload Artifacts' condition: succeededOrFailed() - inputs: - targetType: inline - script: 'Write-Host "##vso[artifact.upload containerfolder=Microsoft.PowerShell.ConsoleGuiTools-Signed;artifactname=Microsoft.PowerShell.ConsoleGuiTools-Signed]$(Build.ArtifactStagingDirectory)\Microsoft.PowerShell.ConsoleGuiTools\Microsoft.PowerShell.ConsoleGuiTools"' - stage: compliance displayName: Compliance From 399fc02c5fa73d32f66b84df0594262208b53875 Mon Sep 17 00:00:00 2001 From: Tyler Leonhardt Date: Mon, 23 Nov 2020 15:22:46 -0800 Subject: [PATCH 13/21] change path --- .vsts-ci/azure-pipelines-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.vsts-ci/azure-pipelines-release.yml b/.vsts-ci/azure-pipelines-release.yml index a30478a..5a46761 100644 --- a/.vsts-ci/azure-pipelines-release.yml +++ b/.vsts-ci/azure-pipelines-release.yml @@ -121,7 +121,7 @@ stages: displayName: 'Copy signed files to unsigned folder' - pwsh: | - 'Write-Host "##vso[artifact.upload containerfolder=Microsoft.PowerShell.ConsoleGuiTools-Signed;artifactname=Microsoft.PowerShell.ConsoleGuiTools-Signed]$(Build.ArtifactStagingDirectory)\Microsoft.PowerShell.ConsoleGuiTools\Microsoft.PowerShell.ConsoleGuiTools"' + 'Write-Host "##vso[artifact.upload containerfolder=Microsoft.PowerShell.ConsoleGuiTools-Signed;artifactname=Microsoft.PowerShell.ConsoleGuiTools-Signed]$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.ConsoleGuiTools"' displayName: 'Upload Artifacts' condition: succeededOrFailed() From 8c4ab8f4e313de307955576fd8b47a86c16cf6b0 Mon Sep 17 00:00:00 2001 From: Tyler Leonhardt Date: Mon, 23 Nov 2020 15:37:04 -0800 Subject: [PATCH 14/21] idk --- .vsts-ci/azure-pipelines-release.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.vsts-ci/azure-pipelines-release.yml b/.vsts-ci/azure-pipelines-release.yml index 5a46761..cf0f672 100644 --- a/.vsts-ci/azure-pipelines-release.yml +++ b/.vsts-ci/azure-pipelines-release.yml @@ -115,13 +115,13 @@ stages: useMinimatch: false - pwsh: | - $signed="$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.ConsoleGuiTools-Signed\*" - $notSigned="$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.ConsoleGuiTools" + $signed="$(Build.ArtifactStagingDirectory)\Microsoft.PowerShell.ConsoleGuiTools-Signed\*" + $notSigned="$(Build.ArtifactStagingDirectory)\Microsoft.PowerShell.ConsoleGuiTools" Copy-Item $signed $notSigned -Recurse -Force displayName: 'Copy signed files to unsigned folder' - pwsh: | - 'Write-Host "##vso[artifact.upload containerfolder=Microsoft.PowerShell.ConsoleGuiTools-Signed;artifactname=Microsoft.PowerShell.ConsoleGuiTools-Signed]$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.ConsoleGuiTools"' + 'Write-Host "##vso[artifact.upload containerfolder=Microsoft.PowerShell.ConsoleGuiTools-Signed;artifactname=Microsoft.PowerShell.ConsoleGuiTools-Signed]$(Build.ArtifactStagingDirectory)\Microsoft.PowerShell.ConsoleGuiTools\"' displayName: 'Upload Artifacts' condition: succeededOrFailed() From 2b361677b2a6f03426412a2ee45a8823844eccbb Mon Sep 17 00:00:00 2001 From: Tyler Leonhardt Date: Mon, 23 Nov 2020 15:47:45 -0800 Subject: [PATCH 15/21] idk --- .vsts-ci/azure-pipelines-release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.vsts-ci/azure-pipelines-release.yml b/.vsts-ci/azure-pipelines-release.yml index cf0f672..68c6208 100644 --- a/.vsts-ci/azure-pipelines-release.yml +++ b/.vsts-ci/azure-pipelines-release.yml @@ -94,7 +94,7 @@ stages: - pwsh: | $signed="$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.ConsoleGuiTools-Signed\*" $notSigned="$env:BUILD_ARTIFACTSTAGINGDIRECTORY\Microsoft.PowerShell.ConsoleGuiTools" - Copy-Item $signed $notSigned -Recurse -Force + Copy-Item $signed $notSigned -Recurse -Force -Verbose displayName: 'Copy signed files to unsigned folder' - template: EsrpSign.yml@ComplianceRepo @@ -117,7 +117,7 @@ stages: - pwsh: | $signed="$(Build.ArtifactStagingDirectory)\Microsoft.PowerShell.ConsoleGuiTools-Signed\*" $notSigned="$(Build.ArtifactStagingDirectory)\Microsoft.PowerShell.ConsoleGuiTools" - Copy-Item $signed $notSigned -Recurse -Force + Copy-Item $signed $notSigned -Recurse -Force -Verbose displayName: 'Copy signed files to unsigned folder' - pwsh: | From 8799c1eb90f0f1428deec2083ea45f00f7ae44d8 Mon Sep 17 00:00:00 2001 From: Tyler Leonhardt Date: Mon, 23 Nov 2020 16:23:30 -0800 Subject: [PATCH 16/21] move to publish task --- .vsts-ci/azure-pipelines-release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.vsts-ci/azure-pipelines-release.yml b/.vsts-ci/azure-pipelines-release.yml index 68c6208..30d0076 100644 --- a/.vsts-ci/azure-pipelines-release.yml +++ b/.vsts-ci/azure-pipelines-release.yml @@ -120,8 +120,8 @@ stages: Copy-Item $signed $notSigned -Recurse -Force -Verbose displayName: 'Copy signed files to unsigned folder' - - pwsh: | - 'Write-Host "##vso[artifact.upload containerfolder=Microsoft.PowerShell.ConsoleGuiTools-Signed;artifactname=Microsoft.PowerShell.ConsoleGuiTools-Signed]$(Build.ArtifactStagingDirectory)\Microsoft.PowerShell.ConsoleGuiTools\"' + - publish: $(Build.ArtifactStagingDirectory)\Microsoft.PowerShell.ConsoleGuiTools + artifact: Microsoft.PowerShell.ConsoleGuiTools-Signed displayName: 'Upload Artifacts' condition: succeededOrFailed() From 730c9b7c1f152b6556d9cb3683f70ace139a32ed Mon Sep 17 00:00:00 2001 From: Tyler Leonhardt Date: Mon, 23 Nov 2020 19:36:03 -0800 Subject: [PATCH 17/21] try these agents --- .vsts-ci/azure-pipelines-release.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.vsts-ci/azure-pipelines-release.yml b/.vsts-ci/azure-pipelines-release.yml index 30d0076..ff7fec0 100644 --- a/.vsts-ci/azure-pipelines-release.yml +++ b/.vsts-ci/azure-pipelines-release.yml @@ -48,14 +48,14 @@ stages: - job: 'ReleaseBuild' displayName: Release Build pool: - vmImage: 'vs2017-win2016' + vmImage: 'windows-latest' steps: - template: templates/ci-general.yml - job: 'SignBuild' displayName: Signing Build dependsOn: 'ReleaseBuild' pool: - name: 'Package ES CodeHub Lab E' + name: 'Package ES Standard Build' demands: DotNetFramework variables: - group: ESRP @@ -131,7 +131,7 @@ stages: jobs: - job: Compliance_Job pool: - name: Package ES CodeHub Lab E + name: Package ES Standard Build steps: - checkout: self - checkout: ComplianceRepo From b2b3756688c561997b35fe24abc81df7723c8be9 Mon Sep 17 00:00:00 2001 From: Tyler Leonhardt Date: Tue, 24 Nov 2020 19:06:29 -0800 Subject: [PATCH 18/21] ConsoleGuiTools asset.json --- .vsts-ci/azure-pipelines-release.yml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/.vsts-ci/azure-pipelines-release.yml b/.vsts-ci/azure-pipelines-release.yml index ff7fec0..23d7f52 100644 --- a/.vsts-ci/azure-pipelines-release.yml +++ b/.vsts-ci/azure-pipelines-release.yml @@ -125,6 +125,10 @@ stages: displayName: 'Upload Artifacts' condition: succeededOrFailed() + - publish: '$(Build.SourcesDirectory)\src\Microsoft.PowerShell.ConsoleGuiTools\obj\project.assets.json' + artifact: ConsoleGuiToolsAssetsJson + displayName: Publish ConsoleGuiTools project.assets.json + - stage: compliance displayName: Compliance dependsOn: Build @@ -137,18 +141,20 @@ stages: - checkout: ComplianceRepo - download: current artifact: Microsoft.PowerShell.ConsoleGuiTools-Signed + - download: current + artifact: ConsoleGuiToolsAssetsJson - pwsh: | - Get-ChildItem -Path "$(Pipeline.Workspace)\Microsoft.PowerShell.ConsoleGuiTools-Signed" -Recurse + Get-ChildItem -Recurse '$(Pipeline.Workspace)' displayName: Capture downloaded artifacts - template: assembly-module-compliance.yml@ComplianceRepo parameters: # binskim - AnalyzeTarget: '$(Pipeline.Workspace)\*.dll' + AnalyzeTarget: '$(Pipeline.Workspace)\Microsoft.PowerShell.ConsoleGuiTools-Signed\*.dll' AnalyzeSymPath: 'SRV*' # component-governance - sourceScanPath: '$(Build.SourcesDirectory)' + sourceScanPath: '$(Pipeline.Workspace)\ConsoleGuiToolsAssetsJson' # credscan suppressionsFile: '' # TermCheck From 447dc5a6592d6a30c87d822005e1c4905d2c66f3 Mon Sep 17 00:00:00 2001 From: Tyler Leonhardt Date: Tue, 24 Nov 2020 19:23:18 -0800 Subject: [PATCH 19/21] try different directory --- .vsts-ci/azure-pipelines-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.vsts-ci/azure-pipelines-release.yml b/.vsts-ci/azure-pipelines-release.yml index 23d7f52..2036dec 100644 --- a/.vsts-ci/azure-pipelines-release.yml +++ b/.vsts-ci/azure-pipelines-release.yml @@ -125,7 +125,7 @@ stages: displayName: 'Upload Artifacts' condition: succeededOrFailed() - - publish: '$(Build.SourcesDirectory)\src\Microsoft.PowerShell.ConsoleGuiTools\obj\project.assets.json' + - publish: '$(Build.SourcesDirectory)\GraphicalTools\src\Microsoft.PowerShell.ConsoleGuiTools\obj\project.assets.json' artifact: ConsoleGuiToolsAssetsJson displayName: Publish ConsoleGuiTools project.assets.json From 3462a3c592a5f2064f98b5f2429af44bb3ca4e4c Mon Sep 17 00:00:00 2001 From: Tyler Leonhardt Date: Tue, 24 Nov 2020 19:31:41 -0800 Subject: [PATCH 20/21] stuff --- .vsts-ci/azure-pipelines-release.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.vsts-ci/azure-pipelines-release.yml b/.vsts-ci/azure-pipelines-release.yml index 2036dec..38dedfb 100644 --- a/.vsts-ci/azure-pipelines-release.yml +++ b/.vsts-ci/azure-pipelines-release.yml @@ -125,6 +125,10 @@ stages: displayName: 'Upload Artifacts' condition: succeededOrFailed() + - pwsh: | + Get-ChildItem -Recurse '$(Build.SourcesDirectory)' + displayName: Capture downloaded artifacts + - publish: '$(Build.SourcesDirectory)\GraphicalTools\src\Microsoft.PowerShell.ConsoleGuiTools\obj\project.assets.json' artifact: ConsoleGuiToolsAssetsJson displayName: Publish ConsoleGuiTools project.assets.json From 55a123773f6a29c35d2f0898d0e74ad5724b4de5 Mon Sep 17 00:00:00 2001 From: Tyler Leonhardt Date: Tue, 24 Nov 2020 19:49:35 -0800 Subject: [PATCH 21/21] publish artifacts --- .vsts-ci/azure-pipelines-release.yml | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/.vsts-ci/azure-pipelines-release.yml b/.vsts-ci/azure-pipelines-release.yml index 38dedfb..d330c5b 100644 --- a/.vsts-ci/azure-pipelines-release.yml +++ b/.vsts-ci/azure-pipelines-release.yml @@ -51,6 +51,13 @@ stages: vmImage: 'windows-latest' steps: - template: templates/ci-general.yml + - pwsh: | + Get-ChildItem -Recurse '$(Build.SourcesDirectory)' + displayName: Capture downloaded artifacts + - publish: '$(Build.SourcesDirectory)\src\Microsoft.PowerShell.ConsoleGuiTools\obj\project.assets.json' + artifact: ConsoleGuiToolsAssetsJson + displayName: Publish ConsoleGuiTools project.assets.json + - job: 'SignBuild' displayName: Signing Build dependsOn: 'ReleaseBuild' @@ -125,14 +132,6 @@ stages: displayName: 'Upload Artifacts' condition: succeededOrFailed() - - pwsh: | - Get-ChildItem -Recurse '$(Build.SourcesDirectory)' - displayName: Capture downloaded artifacts - - - publish: '$(Build.SourcesDirectory)\GraphicalTools\src\Microsoft.PowerShell.ConsoleGuiTools\obj\project.assets.json' - artifact: ConsoleGuiToolsAssetsJson - displayName: Publish ConsoleGuiTools project.assets.json - - stage: compliance displayName: Compliance dependsOn: Build