From 3d462b5d68b63b766d95cf2a63dc04320c9f5672 Mon Sep 17 00:00:00 2001 From: Kirill Komissarov Date: Fri, 6 Sep 2024 18:50:39 -0700 Subject: [PATCH 1/2] feature: onboarding to ESRP v7 signing --- .ado/publish.yml | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/.ado/publish.yml b/.ado/publish.yml index 252d53dce..0ce241d4c 100644 --- a/.ado/publish.yml +++ b/.ado/publish.yml @@ -54,7 +54,8 @@ extends: image: windows-latest os: windows stages: - - stage: stage + - stage: PublishToPyPi + displayName: "\U0001F6EB Build and Publish to PyPi" jobs: - job: "Build_Azure_Quantum_Python" displayName: Build "azure-quantum" package @@ -92,6 +93,10 @@ extends: python setup.py bdist_wheel --dist-dir=target/wheels displayName: Build "azure-quantum" package + - script: | + copy set_version.py $(Build.SourcesDirectory)/azure-quantum/target/wheels + displayName: Copy "set_version.py" to artifacts + - job: "Test_Azure_Quantum_Python" displayName: Test "azure-quantum" package steps: @@ -156,7 +161,7 @@ extends: displayName: Set Python version - script: | - python set_version.py + python $(Pipeline.Workspace)/azure-quantum-wheels/set_version.py env: BUILD_TYPE: ${{ parameters.Build_Type }} RELEASE_TYPE: ${{ parameters.Release_Type }} @@ -194,16 +199,21 @@ extends: assets: | $(Build.ArtifactStagingDirectory)/target/wheels/* - - task: EsrpRelease@4 + - task: EsrpRelease@7 condition: ${{ parameters.Publish_Python_Package_To_PyPi }} - displayName: Publish "azure-quantum" package to PyPi + displayName: Sign and publish "azure-quantum" package to PyPi inputs: - ConnectedServiceName: 'ESRP_Release' + ConnectedServiceName: 'ESRP Signing Connection' + KeyVaultName: 'kv-aqua-esrp-001' + AuthCertName: 'EsrpAuthCert' + SignCertName: 'EsrpSignCert' + ClientId: '832c049d-cd07-4c1c-bfa5-c07250d190cb' Intent: 'PackageDistribution' ContentType: 'PyPi' FolderLocation: '$(Build.ArtifactStagingDirectory)/target/wheels' - Owners: '$(OwnerPersonalAlias)@microsoft.com' # NB: Group email here fails the task with non-actionable output. + WaitForReleaseCompletion: true + Owners: '$(OwnerPersonalAlias)@microsoft.com' # Group email here fails the task with non-actionable output. Approvers: 'billti@microsoft.com' ServiceEndpointUrl: 'https://api.esrp.microsoft.com' - MainPublisher: 'QuantumDevelpmentKit' - DomainTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47' \ No newline at end of file + MainPublisher: 'ESRPRELPACMAN' # Default ESRP v7 publisher. Do not change. + DomainTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47' From 910c42f27f40a16061883c0eda17ed52ace5fb27 Mon Sep 17 00:00:00 2001 From: Kirill Komissarov Date: Mon, 9 Sep 2024 19:35:10 -0700 Subject: [PATCH 2/2] chore: restructure the artifacts folder --- .ado/publish.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.ado/publish.yml b/.ado/publish.yml index 0ce241d4c..0ab642b38 100644 --- a/.ado/publish.yml +++ b/.ado/publish.yml @@ -63,7 +63,7 @@ extends: outputs: - output: pipelineArtifact displayName: 'Upload "azure-quantum" artifacts' - targetPath: $(Build.SourcesDirectory)/azure-quantum/target/wheels/ + targetPath: $(Build.SourcesDirectory)/azure-quantum/artifacts/ artifactName: azure-quantum-wheels steps: @@ -89,12 +89,12 @@ extends: - script: | cd $(Build.SourcesDirectory)/azure-quantum - python setup.py sdist --dist-dir=target/wheels - python setup.py bdist_wheel --dist-dir=target/wheels + python setup.py sdist --dist-dir=artifacts/wheels + python setup.py bdist_wheel --dist-dir=artifacts/wheels displayName: Build "azure-quantum" package - script: | - copy set_version.py $(Build.SourcesDirectory)/azure-quantum/target/wheels + copy set_version.py "$(Build.SourcesDirectory)/azure-quantum/artifacts" displayName: Copy "set_version.py" to artifacts - job: "Test_Azure_Quantum_Python" @@ -175,12 +175,12 @@ extends: ) displayName: Copy built "azure-quantum" package artifacts inputs: - SourceFolder: '$(Pipeline.Workspace)/azure-quantum-wheels' + SourceFolder: '$(Pipeline.Workspace)/azure-quantum-wheels/wheels' Contents: '**' - TargetFolder: '$(Build.ArtifactStagingDirectory)/target/wheels' + TargetFolder: '$(Build.ArtifactStagingDirectory)/artifacts/wheels' - script: | - ls $(Build.ArtifactStagingDirectory)/target/wheels/* + ls $(Build.ArtifactStagingDirectory)/artifacts/wheels/* displayName: List Py Artifacts to publish - task: GitHubRelease@1 @@ -197,7 +197,7 @@ extends: target: $(Build.SourceVersion) addChangeLog: False assets: | - $(Build.ArtifactStagingDirectory)/target/wheels/* + $(Build.ArtifactStagingDirectory)/artifacts/wheels/* - task: EsrpRelease@7 condition: ${{ parameters.Publish_Python_Package_To_PyPi }} @@ -210,7 +210,7 @@ extends: ClientId: '832c049d-cd07-4c1c-bfa5-c07250d190cb' Intent: 'PackageDistribution' ContentType: 'PyPi' - FolderLocation: '$(Build.ArtifactStagingDirectory)/target/wheels' + FolderLocation: '$(Build.ArtifactStagingDirectory)/artifacts/wheels' WaitForReleaseCompletion: true Owners: '$(OwnerPersonalAlias)@microsoft.com' # Group email here fails the task with non-actionable output. Approvers: 'billti@microsoft.com'