From 0558d1d447d0a51c24640ca89b3315e8485377d0 Mon Sep 17 00:00:00 2001 From: Kennedy Kangethe Munga Date: Fri, 27 Sep 2024 16:43:08 +0300 Subject: [PATCH] 1ES CI pipeline --- .../1es-entra-powershell-ci-build.yml | 80 +++++++ .../generate_adapter-migrate-1es.yml | 223 ++++++++++++++++++ 2 files changed, 303 insertions(+) create mode 100644 .azure-pipelines/1es-entra-powershell-ci-build.yml create mode 100644 .azure-pipelines/generation-templates/generate_adapter-migrate-1es.yml diff --git a/.azure-pipelines/1es-entra-powershell-ci-build.yml b/.azure-pipelines/1es-entra-powershell-ci-build.yml new file mode 100644 index 000000000..15fb8cff4 --- /dev/null +++ b/.azure-pipelines/1es-entra-powershell-ci-build.yml @@ -0,0 +1,80 @@ +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. +name: $(BuildDefinitionName)_$(SourceBranchName)_$(Date:yyyyMMdd)$(Rev:.r) +trigger: + branches: + include: + - main +pr: none +# variables: +# WindowsContainerImage: 'onebranch.azurecr.io/windows/ltsc2022/vse2022:latest' +parameters: + - name: Pack + type: boolean + default: true + - name: Sign + type: boolean + default: true +resources: + repositories: + - repository: 1ESPipelineTemplates + type: git + name: 1ESPipelineTemplates/1ESPipelineTemplates + ref: refs/heads/main + +extends: + template: v1/1ES.Unofficial.PipelineTemplate.yml@1ESPipelineTemplates + parameters: + pool: + name: MSSecurity-1ES-Build-Agents-Pool + image: MSSecurity-1ES-Windows-2022 + os: windows + sdl: + sourceAnalysisPool: + name: MSSecurity-1ES-Build-Agents-Pool + image: MSSecurity-1ES-Windows-2022 + os: windows + # featureFlags: + # WindowsHostVersion: 1ESWindows2022 + stages: + - stage: build + jobs: + - job: EntraPowerShellCIBuild + displayName: Entra PowerShell CI Build + timeoutInMinutes: 840 + # variables: + # ob_outputDirectory: '$(Build.SourcesDirectory)/out' + templateContext: + outputs: + - output: pipelineArtifact + targetPath: $(System.DefaultWorkingDirectory)/Samples + artifactName: entraPS + steps: + - template: .azure-pipelines/common-templates/install-tools.yml@self + - template: .azure-pipelines/common-templates/security-pre-checks.yml@self + + - template: .azure-pipelines/generation-templates/generate_adapter-migrate-1es.yml@self + parameters: + Sign: ${{ parameters.Sign }} + + - ${{ if and(eq(parameters.Pack, true), eq(parameters.Sign, true)) }}: + - template: .azure-pipelines/common-templates/esrp/codesign-nuget-migrate.yml@self + parameters: + FolderPath: "$(Build.ArtifactStagingDirectory)" + Pattern: "Microsoft.Graph.Entra.*.nupkg" + - task: 1ES.PublishBuildArtifacts@1 + displayName: Publish Module Artifacts + inputs: + PathtoPublish: $(Build.ArtifactStagingDirectory) + ArtifactName: drop + - task: 1ES.PublishNuget@1 + displayName: Publish NuGet to preview feed + inputs: + useDotNetTask: false + packagesToPush: $(Build.ArtifactStagingDirectory)/**/Microsoft.Graph.Entra.*.nupkg + packageParentPath: '$(Build.ArtifactStagingDirectory)' + publishVstsFeed: $(PROJECT_NAME)/$(PREVIEW_FEED_NAME) + nuGetFeedType: internal + allowPackageConflicts: true + + - template: .azure-pipelines/common-templates/security-post-checks.yml@self \ No newline at end of file diff --git a/.azure-pipelines/generation-templates/generate_adapter-migrate-1es.yml b/.azure-pipelines/generation-templates/generate_adapter-migrate-1es.yml new file mode 100644 index 000000000..fd63e6559 --- /dev/null +++ b/.azure-pipelines/generation-templates/generate_adapter-migrate-1es.yml @@ -0,0 +1,223 @@ +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. +# https://aka.ms/yaml + +parameters: + - name: Sign + type: boolean + default: false + +steps: +- task: powershell@2 + displayName: 'Show current PowerShell version information' + inputs: + targetType: inline + script: 'echo $PSVersionTable' + pwsh: false +- task: powershell@2 + displayName: 'Set maximum function count' + inputs: + targetType: inline + script: '$MaximumFunctionCount=32768' + pwsh: false +- task: powershell@2 + displayName: 'Install Dependencies Entra' + inputs: + targetType: inline + script: | + ./build/Install-Dependencies.ps1 -ModuleName Entra -Verbose + pwsh: false +- task: powershell@2 + displayName: 'Install PlatyPS' + inputs: + targetType: inline + script: Install-Module PlatyPS -scope currentuser -Force + pwsh: false +- task: powershell@2 + displayName: 'Create Module Help Files Entra' + inputs: + targetType: inline + script: | + Import-Module PlatyPS + . ./build/common-functions.ps1 + Create-ModuleHelp -Module Entra + pwsh: false +- task: powershell@2 + displayName: 'Build Entra' + inputs: + targetType: inline + script: ./build/Create-CompatModule.ps1 -Module Entra -Verbose + pwsh: false +- ${{ if eq(parameters.Sign, true) }}: + - template: ../common-templates/esrp/codesign-migrate.yml + parameters: + FolderPath: "bin" + Pattern: "*.psm1, *.psd1, *.format.ps1xml, *.ps1" + - task: PowerShell@2 + displayName: "Validate Authenticode Signature" + inputs: + targetType: "inline" + pwsh: true + script: | + $ModulePsd1 = "bin/Microsoft.Graph.Entra.psd1" + $ModulePsm1 = "bin/Microsoft.Graph.Entra.psm1" + ($ModulePsd1 | Get-AuthenticodeSignature).Status | Should -Be "Valid" + ($ModulePsm1 | Get-AuthenticodeSignature).Status | Should -Be "Valid" +- task: powershell@2 + displayName: 'Create Module Files Entra' + inputs: + targetType: inline + script: | + . ./build/common-functions.ps1 + Create-ModuleFolder + pwsh: false +- task: 1ES.PublishBuildArtifacts@1 + displayName: 'Publish Module Files EntraBeta' + inputs: + PathtoPublish: 'bin' + ArtifactName: 'Module Files' +- task: powershell@2 + displayName: 'Register Local Gallery' + inputs: + targetType: inline + script: | + . ./build/common-functions.ps1 + Register-LocalGallery -Path $(Build.ArtifactStagingDirectory) + pwsh: false +- task: powershell@2 + displayName: 'Publish to Local Gallery Entra' + inputs: + targetType: inline + script: ./build/Publish-LocalCompatModule.ps1 -Install + pwsh: false +- task: 1ES.PublishBuildArtifacts@1 + displayName: 'Publish Module Nuget File Entra' + inputs: + PathtoPublish: '$(Build.ArtifactStagingDirectory)' + ArtifactName: 'Module Nuget' +- task: powershell@2 + displayName: 'Remove Build Folders' + inputs: + targetType: inline + script: | + . ./build/common-functions.ps1 + Remove-BuildDirectories + pwsh: false +- task: powershell@2 + displayName: 'Install Dependencies EntraBeta' + inputs: + targetType: inline + script: | + ./build/Install-Dependencies.ps1 -ModuleName EntraBeta -Verbose + pwsh: false +- task: powershell@2 + displayName: 'Create Module Help Files EntraBeta' + inputs: + targetType: inline + script: | + Import-Module PlatyPS + . ./build/common-functions.ps1 + Create-ModuleHelp -Module EntraBeta + pwsh: false +- task: powershell@2 + displayName: 'Build EntraBeta' + inputs: + targetType: inline + script: | + $MaximumFunctionCount=32768 + ./build/Create-CompatModule.ps1 -Module EntraBeta -Verbose + pwsh: false +- ${{ if eq(parameters.Sign, true) }}: + - template: ../common-templates/esrp/codesign-migrate.yml + parameters: + FolderPath: "bin" + Pattern: "*.psm1, *.psd1, *.format.ps1xml, *.ps1" + - task: PowerShell@2 + displayName: "Validate Authenticode Signature" + inputs: + targetType: "inline" + pwsh: true + script: | + $ModulePsd1 = "bin/Microsoft.Graph.Entra.Beta.psd1" + $ModulePsm1 = "bin/Microsoft.Graph.Entra.Beta.psm1" + ($ModulePsd1 | Get-AuthenticodeSignature).Status | Should -Be "Valid" + ($ModulePsm1 | Get-AuthenticodeSignature).Status | Should -Be "Valid" +- task: powershell@2 + displayName: 'Create Module Files EntraBeta' + inputs: + targetType: inline + script: | + . ./build/common-functions.ps1 + Create-ModuleFolder + pwsh: false +- task: 1ES.PublishBuildArtifacts@1 + displayName: 'Publish Module Files EntraBeta' + inputs: + PathtoPublish: 'bin' + ArtifactName: 'Module Files' +- task: powershell@2 + displayName: 'Publish to Local Gallery EntraBeta' + inputs: + targetType: inline + script: ./build/Publish-LocalCompatModule.ps1 -Install + pwsh: false +- task: 1ES.PublishBuildArtifacts@1 + displayName: 'Publish Module Nuget File EntraBeta' + inputs: + PathtoPublish: '$(Build.ArtifactStagingDirectory)' + ArtifactName: 'Module Nuget' +- task: powershell@2 + displayName: 'Remove Build Folders' + inputs: + targetType: inline + script: | + . ./build/common-functions.ps1 + Remove-BuildDirectories + pwsh: false +- task: powershell@2 + displayName: 'Install Pester' + inputs: + targetType: inline + script: Install-Module Pester -scope currentuser -SkipPublisherCheck -Force + pwsh: false +- task: powershell@2 + displayName: 'Run tests Entra' + inputs: + targetType: inline + pwsh: true + script: | + cd test/module/entra + Invoke-Pester -OutputFile "./test/results/pester-test-results-ad.xml" -OutputFormat NUnitXml +- task: PublishTestResults@2 + inputs: + testResultsFormat: NUnit + testResultsFiles: "./test/results/pester-test-results-ad.xml" + failTaskOnFailedTests: true +- task: powershell@2 + displayName: 'Run tests EntraBeta' + inputs: + targetType: inline + pwsh: true + script: | + cd test/module/entrabeta + Invoke-Pester -OutputFile "./test/results/pester-test-results-preview.xml" -OutputFormat NUnitXml +- task: PublishTestResults@2 + inputs: + testResultsFormat: NUnit + testResultsFiles: "./test/results/pester-test-results-preview.xml" + failTaskOnFailedTests: true +- task: powershell@2 + displayName: 'Remove Local Gallery' + inputs: + targetType: inline + script: | + . ./build/common-functions.ps1 + Unregister-LocalGallery + pwsh: false +- task: PSScriptAnalyzer@1 + displayName: 'Run PSScriptAnalyzer' + inputs: + Path: '$(Build.SourcesDirectory)' + Settings: required + IgnorePattern: .gdn + Recurse: true