From bcf26739ed7f16a4f036ac13b18005f7c5b3bf50 Mon Sep 17 00:00:00 2001 From: Justin Chung <124807742+jshigetomi@users.noreply.github.com> Date: Fri, 31 Jan 2025 10:42:58 -0600 Subject: [PATCH 1/2] Cherry-pick PR #24900 with conflicts for manual resolution --- .pipelines/PowerShell-Release-Official.yml | 17 +++---- .pipelines/templates/release-create-msix.yml | 46 ++++++++++++++----- .../release-validate-fxdpackages.yml | 29 +++++++++--- .pipelines/templates/uploadToAzure.yml | 4 +- 4 files changed, 66 insertions(+), 30 deletions(-) diff --git a/.pipelines/PowerShell-Release-Official.yml b/.pipelines/PowerShell-Release-Official.yml index 6f7a6b5348a..1d986f872d6 100644 --- a/.pipelines/PowerShell-Release-Official.yml +++ b/.pipelines/PowerShell-Release-Official.yml @@ -204,8 +204,10 @@ extends: displayName: 'Validate Linux ARM64 Fxd Packages' jobtype: 'linux' artifactName: 'drop_linux_package_fxdependent' + # this is really an architecture independent package packageNamePattern: '**/*linux-x64-fxdependent.tar.gz' arm64: 'yes' + enableCredScan: false - stage: validatePackages displayName: 'Validate Packages' @@ -333,25 +335,20 @@ extends: displayName: Publish PMC dependsOn: PushGitTagAndMakeDraftPublic jobs: - - template: /.pipelines/templates/release-publish-pmc.yml@self + - template: /.pipelines/templates/approvalJob.yml@self parameters: - skipPublish: ${{ parameters.SkipPMCPublish }} + displayName: Publish to PMC + jobName: ReleaseToPMC + instructions: | + Run PowerShell-Release-Official-Azure.yml pipeline to publish to PMC - stage: ReleaseDocker dependsOn: PushGitTagAndMakeDraftPublic displayName: 'Docker Release' jobs: - - template: /.pipelines/templates/approvalJob.yml@self - parameters: - displayName: Start Docker Build - jobName: StartDockerBuild - instructions: | - Kick off Docker build - - template: /.pipelines/templates/approvalJob.yml@self parameters: displayName: Start Docker Release - dependsOnJob: StartDockerBuild jobName: StartDockerRelease instructions: | Kickoff docker release diff --git a/.pipelines/templates/release-create-msix.yml b/.pipelines/templates/release-create-msix.yml index 90d2acd493b..e8e658aa9fc 100644 --- a/.pipelines/templates/release-create-msix.yml +++ b/.pipelines/templates/release-create-msix.yml @@ -41,6 +41,7 @@ jobs: Expand-Archive "$toolsDir\makeappx.zip" -DestinationPath "$toolsDir\makeappx" -Force $exePath = "$toolsDir\makeappx\makeappx.exe" +<<<<<<< HEAD Write-Verbose -Verbose 'makeappx was installed:' Get-ChildItem -Path $toolsDir -Recurse } @@ -49,6 +50,39 @@ jobs: Write-Host "sending " + $vstsCommandString Write-Host "##$vstsCommandString" displayName: Install makeappx tool +======= + - pwsh: | + $azureRmModule = Get-InstalledModule AzureRM -ErrorAction SilentlyContinue -Verbose + if ($azureRmModule) { + Write-Host 'AzureRM module exists. Removing it' + Uninstall-AzureRm + Write-Host 'AzureRM module removed' + } + + Install-Module -Name Az.Storage -Force -AllowClobber -Scope CurrentUser -Verbose + displayName: Remove AzRM modules and install Az.Storage + + + # Finds the makeappx tool on the machine with image: 'onebranch.azurecr.io/windows/ltsc2022/vse2022:latest' + - pwsh: | + $cmd = Get-Command makeappx.exe -ErrorAction Ignore + if ($cmd) { + Write-Verbose -Verbose 'makeappx available in PATH' + $exePath = $cmd.Source + } else { + $toolsDir = '$(Pipeline.Workspace)\releasePipeline\tools' + New-Item $toolsDir -Type Directory -Force > $null + $makeappx = Get-ChildItem -Recurse 'C:\Program Files (x86)\Windows Kits\10\makeappx.exe' | + Where-Object { $_.DirectoryName -match 'x64' } | + Select-Object -Last 1 + $exePath = $makeappx.FullName + Write-Verbose -Verbose 'makeappx was found:' + } + $vstsCommandString = "vso[task.setvariable variable=MakeAppxPath]$exePath" + Write-Host "sending " + $vstsCommandString + Write-Host "##$vstsCommandString" + displayName: Find makeappx tool +>>>>>>> 2259f56c0 (Fix MSIX stage in release pipeline (#24900)) retryCountOnTaskFailure: 1 - pwsh: | @@ -77,18 +111,6 @@ jobs: displayName: Create MsixBundle retryCountOnTaskFailure: 1 - - pwsh: | - $azureRmModule = Get-InstalledModule AzureRM -ErrorAction SilentlyContinue -Verbose - if ($azureRmModule) { - Write-Host 'AzureRM module exists. Removing it' - Uninstall-AzureRm - Write-Host 'AzureRM module removed' - } - - Install-Module -Name Az.Storage -Force -AllowClobber -Scope CurrentUser -Verbose - - displayName: Remove AzRM modules and install Az.Storage - - task: AzurePowerShell@5 displayName: Upload msix to blob inputs: diff --git a/.pipelines/templates/release-validate-fxdpackages.yml b/.pipelines/templates/release-validate-fxdpackages.yml index baf6c431787..53657e6414a 100644 --- a/.pipelines/templates/release-validate-fxdpackages.yml +++ b/.pipelines/templates/release-validate-fxdpackages.yml @@ -1,10 +1,25 @@ parameters: - jobName: "" - displayName: "" - jobtype: "" - artifactName: "" - packageNamePattern: "" - arm64: "no" + - name: jobName + type: string + default: "" + - name: displayName + type: string + default: "" + - name: jobtype + type: string + default: "" + - name: artifactName + type: string + default: "" + - name: packageNamePattern + type: string + default: "" + - name: arm64 + type: string + default: "no" + - name: enableCredScan + type: boolean + default: true jobs: - job: ${{ parameters.jobName }} @@ -19,6 +34,8 @@ jobs: value: $(Build.SourcesDirectory)\PowerShell\.config\suppress.json - name: ob_sdl_tsa_configFile value: $(Build.SourcesDirectory)\PowerShell\.config\tsaoptions.json + - name: ob_sdl_credscan_enabled + value: ${{ parameters.enableCredScan }} pool: type: ${{ parameters.jobtype }} diff --git a/.pipelines/templates/uploadToAzure.yml b/.pipelines/templates/uploadToAzure.yml index 5c0d80ec10f..0994c7ef2b0 100644 --- a/.pipelines/templates/uploadToAzure.yml +++ b/.pipelines/templates/uploadToAzure.yml @@ -6,7 +6,7 @@ jobs: type: windows variables: - name: ob_sdl_sbom_enabled - value: false + value: true - name: runCodesignValidationInjection value: false - name: NugetSecurityAnalysisWarningLevel @@ -241,7 +241,7 @@ jobs: Write-Verbose -Verbose "Creating output directory for GitHub Release files: $(ob_outputDirectory)/GitHubPackages" New-Item -Path $(ob_outputDirectory)/GitHubPackages -ItemType Directory -Force Get-ChildItem -Path "$(Build.ArtifactStagingDirectory)/downloads/*" -Recurse | - Where-Object { $_.Extension -notin '.msix', '.nupkg' } | + Where-Object { $_.Extension -notin '.msix', '.nupkg' -and $_.Name -notmatch '-gc'} | Copy-Item -Destination $(ob_outputDirectory)/GitHubPackages -Recurse -Verbose Write-Verbose -Verbose "Creating output directory for NuGet packages: $(ob_outputDirectory)/NuGetPackages" From 8f7cd3659408823bb765f56b73103951a7c88cf5 Mon Sep 17 00:00:00 2001 From: Travis Plunk Date: Fri, 11 Apr 2025 15:34:54 -0700 Subject: [PATCH 2/2] Fix MSIX stage in release pipeline --- .pipelines/templates/release-create-msix.yml | 36 -------------------- 1 file changed, 36 deletions(-) diff --git a/.pipelines/templates/release-create-msix.yml b/.pipelines/templates/release-create-msix.yml index e8e658aa9fc..3714e623b5e 100644 --- a/.pipelines/templates/release-create-msix.yml +++ b/.pipelines/templates/release-create-msix.yml @@ -28,41 +28,6 @@ jobs: displayName: Download x86 msix patterns: '**/*.msix' - # Finds the makeappx tool on the machine with image: 'onebranch.azurecr.io/windows/ltsc2022/vse2022:latest' - - pwsh: | - $cmd = Get-Command makeappx.exe -ErrorAction Ignore - if ($cmd) { - Write-Verbose -Verbose 'makeappx available in PATH' - $exePath = $cmd.Source - } else { - $toolsDir = '$(Pipeline.Workspace)\releasePipeline\tools' - New-Item $toolsDir -Type Directory -Force > $null - Invoke-RestMethod -Uri '$(makeappUrl)' -OutFile "$toolsDir\makeappx.zip" - Expand-Archive "$toolsDir\makeappx.zip" -DestinationPath "$toolsDir\makeappx" -Force - $exePath = "$toolsDir\makeappx\makeappx.exe" - -<<<<<<< HEAD - Write-Verbose -Verbose 'makeappx was installed:' - Get-ChildItem -Path $toolsDir -Recurse - } - - $vstsCommandString = "vso[task.setvariable variable=MakeAppxPath]$exePath" - Write-Host "sending " + $vstsCommandString - Write-Host "##$vstsCommandString" - displayName: Install makeappx tool -======= - - pwsh: | - $azureRmModule = Get-InstalledModule AzureRM -ErrorAction SilentlyContinue -Verbose - if ($azureRmModule) { - Write-Host 'AzureRM module exists. Removing it' - Uninstall-AzureRm - Write-Host 'AzureRM module removed' - } - - Install-Module -Name Az.Storage -Force -AllowClobber -Scope CurrentUser -Verbose - displayName: Remove AzRM modules and install Az.Storage - - # Finds the makeappx tool on the machine with image: 'onebranch.azurecr.io/windows/ltsc2022/vse2022:latest' - pwsh: | $cmd = Get-Command makeappx.exe -ErrorAction Ignore @@ -82,7 +47,6 @@ jobs: Write-Host "sending " + $vstsCommandString Write-Host "##$vstsCommandString" displayName: Find makeappx tool ->>>>>>> 2259f56c0 (Fix MSIX stage in release pipeline (#24900)) retryCountOnTaskFailure: 1 - pwsh: |