From 7c6f54efb3d72b574b73d91265f28e18f3b6c61b Mon Sep 17 00:00:00 2001 From: Andrew Wang Date: Wed, 24 Jan 2024 13:43:35 -0800 Subject: [PATCH 1/2] Migrate Release Pipelines to 1ES This PR migrates the VS and VS Code Release Pipelines to use the 1ES template. This extends the existing Microbuild Template and converts the PublishArtifact and NugetPush to the 1ES tasks. --- eng/pipelines/VS-release.yml | 41 ++++++++-- eng/pipelines/VSCode-release.yml | 76 +++++++++++++------ eng/pipelines/jobs/MSHosted-OSX.job.yml | 2 + eng/pipelines/steps/BuildSolution.yml | 10 ++- .../steps/CollectAndPublishBinaries.yml | 6 +- eng/pipelines/steps/CopyAndPublishSymbols.yml | 4 +- .../steps/PackAndPublishVSPackages.yml | 20 ++--- eng/pipelines/steps/PublishOpenDebugAD7.yml | 10 +-- .../tasks/1ES/PublishPipelineArtifact.yml | 15 ++++ .../tasks/MicroBuildLocalizationPlugin.yml | 2 +- .../templates/VS-release.template.yml | 4 - .../VSCode-codesign-osx.template.yml | 4 +- .../VSCode-esrp-sign-osx.template.yml | 4 +- .../templates/VSCode-release.template.yml | 2 - 14 files changed, 135 insertions(+), 65 deletions(-) create mode 100644 eng/pipelines/tasks/1ES/PublishPipelineArtifact.yml diff --git a/eng/pipelines/VS-release.yml b/eng/pipelines/VS-release.yml index 53e45bcee..6cf29c9fc 100644 --- a/eng/pipelines/VS-release.yml +++ b/eng/pipelines/VS-release.yml @@ -2,11 +2,40 @@ name: $(Date:yyyMMdd).$(Rev:r) variables: - group: TSDTUSR -jobs: -- template: ./jobs/VSEngSS-MicroBuild2022-1ES.job.yml - parameters: - DisplayName: 'VS_Release' - JobTemplate: - - template: ../templates/VS-release.template.yml +resources: + repositories: + - repository: MicroBuildTemplate + type: git + name: 1ESPipelineTemplates/MicroBuildTemplate + ref: refs/tags/release + +extends: + template: azure-pipelines/MicroBuild.1ES.Official.yml@MicroBuildTemplate + parameters: + pool: + name: VSEngSS-MicroBuild2022-1ES + os: windows + sdl: + sourceAnalysisPool: + name: VSEngSS-MicroBuild2022-1ES + os: windows + stages: + - stage: stage + displayName: VS_Release + jobs: + - job: Phase_1 + displayName: VS_Release + timeoutInMinutes: 180 + cancelTimeoutInMinutes: 1 + templateContext: + mb: + signing: + enabled: true + signType: real + zipSources: false + localization: + enabled: true + steps: + - template: /eng/pipelines/templates/VS-release.template.yml@self ... \ No newline at end of file diff --git a/eng/pipelines/VSCode-release.yml b/eng/pipelines/VSCode-release.yml index 5cc6cfa31..0ba0e6711 100644 --- a/eng/pipelines/VSCode-release.yml +++ b/eng/pipelines/VSCode-release.yml @@ -2,31 +2,57 @@ name: $(Date:yyyMMdd).$(Rev:r) variables: - group: TSDTUSR -stages: -- stage: Windows - dependsOn: [] - jobs: - - template: ./jobs/VSEngSS-MicroBuild2022-1ES.job.yml - parameters: - DisplayName: 'VSCode_Release' - JobTemplate: - - template: ../templates/VSCode-release.template.yml -- stage: OSX_CodeSign - dependsOn: [Windows] - jobs: - - template: ./jobs/MSHosted-OSX.job.yml - parameters: - DisplayName: 'OSX Sign/Harden' - JobTemplate: - - template: ../templates/VSCode-codesign-osx.template.yml +resources: + repositories: + - repository: MicroBuildTemplate + type: git + name: 1ESPipelineTemplates/MicroBuildTemplate + ref: refs/tags/release -- stage: OSX_ESRPSign - dependsOn: [OSX_CodeSign] - jobs: - - template: ./jobs/VSEngSS-MicroBuild2022-1ES.job.yml - parameters: - DisplayName: 'OSX Sign/Harden' - JobTemplate: - - template: ../templates/VSCode-esrp-sign-osx.template.yml +extends: + template: azure-pipelines/MicroBuild.1ES.Official.yml@MicroBuildTemplate + parameters: + pool: + name: VSEngSS-MicroBuild2022-1ES + os: windows + sdl: + sourceAnalysisPool: + name: VSEngSS-MicroBuild2022-1ES + os: windows + stages: + - stage: Windows + jobs: + - job: + displayName: Windows + timeoutInMinutes: 180 + cancelTimeoutInMinutes: 1 + templateContext: + mb: + signing: + enabled: true + signType: real + zipSources: false + localization: + enabled: true + steps: + - template: /eng/pipelines/templates/VSCode-release.template.yml@self + + - stage: OSX_CodeSign + dependsOn: [Windows] + jobs: + - template: /eng/pipelines/jobs/MSHosted-OSX.job.yml@self + parameters: + DisplayName: 'OSX Sign/Harden' + JobTemplate: + - template: ../templates/VSCode-codesign-osx.template.yml + + - stage: OSX_ESRPSign + dependsOn: [OSX_CodeSign] + jobs: + - template: /eng/pipelines/jobs/VSEngSS-MicroBuild2022-1ES.job.yml@self + parameters: + DisplayName: 'OSX Sign/Harden' + JobTemplate: + - template: ../templates/VSCode-esrp-sign-osx.template.yml ... \ No newline at end of file diff --git a/eng/pipelines/jobs/MSHosted-OSX.job.yml b/eng/pipelines/jobs/MSHosted-OSX.job.yml index 1f9f16d70..464d608a1 100644 --- a/eng/pipelines/jobs/MSHosted-OSX.job.yml +++ b/eng/pipelines/jobs/MSHosted-OSX.job.yml @@ -9,7 +9,9 @@ jobs: - job: displayName: ${{ parameters.DisplayName }} pool: + name: Azure Pipelines vmImage: 'macOS-latest' + os: macOS steps: - ${{ parameters.JobTemplate }} ... \ No newline at end of file diff --git a/eng/pipelines/steps/BuildSolution.yml b/eng/pipelines/steps/BuildSolution.yml index d744aff2c..68758f48a 100644 --- a/eng/pipelines/steps/BuildSolution.yml +++ b/eng/pipelines/steps/BuildSolution.yml @@ -31,15 +31,17 @@ steps: "SIGN_TYPE": "$(SignType)" } -- template: ../tasks/PublishPipelineArtifact.yml +- template: ../tasks/1ES/PublishPipelineArtifact.yml parameters: + displayName: 'Publish binlogs' + targetPath: '$(Build.BinariesDirectory)/build_logs/' artifactName: '${{ parameters.Configuration }}_binlog' - path: '$(Build.BinariesDirectory)/build_logs/' condition: ne(variables['System.Debug'], '') -- template: ../tasks/PublishPipelineArtifact.yml +- template: ../tasks/1ES/PublishPipelineArtifact.yml parameters: + displayName: 'Publish debug binaries' + targetPath: '$(Build.SourcesDirectory)\bin\${{ parameters.Configuration }}' artifactName: '${{ parameters.Configuration }}_debug_bin' - path: '$(Build.SourcesDirectory)\bin\${{ parameters.Configuration }}' condition: ne(variables['System.Debug'], '') ... \ No newline at end of file diff --git a/eng/pipelines/steps/CollectAndPublishBinaries.yml b/eng/pipelines/steps/CollectAndPublishBinaries.yml index 30d66fbf7..164337e9a 100644 --- a/eng/pipelines/steps/CollectAndPublishBinaries.yml +++ b/eng/pipelines/steps/CollectAndPublishBinaries.yml @@ -13,9 +13,9 @@ steps: CleanTargetFolder: true OverWrite: true -- template: ../tasks/PublishPipelineArtifact.yml +- template: ../tasks/1ES/PublishPipelineArtifact.yml parameters: displayName: 'Publish Binaries' - path: ${{ parameters.TargetFolder }} - artifactName: '${{ parameters.ArtifactName }}' + targetPath: ${{ parameters.TargetFolder }} + artifactName: '${{ parameters.ArtifactName }}' ... \ No newline at end of file diff --git a/eng/pipelines/steps/CopyAndPublishSymbols.yml b/eng/pipelines/steps/CopyAndPublishSymbols.yml index 65c5098ee..3d50fd18a 100644 --- a/eng/pipelines/steps/CopyAndPublishSymbols.yml +++ b/eng/pipelines/steps/CopyAndPublishSymbols.yml @@ -27,9 +27,9 @@ steps: SearchPattern: '**\*.pdb' SymbolServerType: TeamServices -- template: ../tasks/PublishPipelineArtifact.yml +- template: ../tasks/1ES/PublishPipelineArtifact.yml parameters: displayName: 'Publish Symbols' - path: '$(Build.ArtifactStagingDirectory)/symbols' + targetPath: '$(Build.ArtifactStagingDirectory)/symbols' artifactName: 'Symbols' ... \ No newline at end of file diff --git a/eng/pipelines/steps/PackAndPublishVSPackages.yml b/eng/pipelines/steps/PackAndPublishVSPackages.yml index 3fd56979c..ff8cce068 100644 --- a/eng/pipelines/steps/PackAndPublishVSPackages.yml +++ b/eng/pipelines/steps/PackAndPublishVSPackages.yml @@ -12,10 +12,10 @@ steps: echo ##vso[task.setvariable variable=NugetPackageVersion;]%NugetPackageVersion% displayName: 'Get NuGet Version' -- template: ../tasks/PublishPipelineArtifact.yml +- template: ../tasks/1ES/PublishPipelineArtifact.yml parameters: displayName: 'Publish File Version' - path: '$(Build.SourcesDirectory)\obj\Lab.Release\NugetPackageVersion.txt' + targetPath: '$(Build.SourcesDirectory)\obj\Lab.Release\NugetPackageVersion.txt' artifactName: 'PackageVersion' - template: ../tasks/NuGetCommand.yml @@ -27,11 +27,13 @@ steps: buildProperties: 'version=$(NugetPackageVersion)' basePath: ${{ parameters.BasePath }} -- template: ../tasks/NuGetCommand.yml - parameters: - displayName: 'NuGet push' - command: push - searchPatternPush: '$(Build.SourcesDirectory)\VS.Redist.Debugger.MDD.MIEngine.*.nupkg;$(Build.SourcesDirectory)\VS.Redist.Debugger.MDD.UnixPortSupplier.*.nupkg' - feedPublish: '97a41293-2972-4f48-8c0e-05493ae82010' # VS - condition: and(succeeded(), eq(variables['SignType'], 'real')) +- task: 1ES.PublishNuget@1 + displayName: Publish Nuget package + condition: and(succeeded(), eq(variables['SignType'], 'real')) + inputs: + useDotNetTask: false # The default is false to use the NuGetCommand task. Set to true to use the DotNetCoreCLI task to publish packages. + packagesToPush: '$(Build.SourcesDirectory)\VS.Redist.Debugger.MDD.MIEngine.*.nupkg;$(Build.SourcesDirectory)\VS.Redist.Debugger.MDD.UnixPortSupplier.*.nupkg' + packageParentPath: '$(Build.SourcesDirectory)' + publishVstsFeed: '97a41293-2972-4f48-8c0e-05493ae82010' # VS + nuGetFeedType: internal # Change to external when publishing to external feed ... \ No newline at end of file diff --git a/eng/pipelines/steps/PublishOpenDebugAD7.yml b/eng/pipelines/steps/PublishOpenDebugAD7.yml index 28be90450..9fd5fde92 100644 --- a/eng/pipelines/steps/PublishOpenDebugAD7.yml +++ b/eng/pipelines/steps/PublishOpenDebugAD7.yml @@ -39,11 +39,11 @@ steps: copy ${{ parameters.SignedBinariesFolder }}\Release\osxlaunchhelper.scpt $(Build.StagingDirectory)\${{ parameters.RuntimeID }}\debugAdapters\bin\. displayName: "Copy osxlaunchhelper.scpt" - - template: ../tasks/PublishPipelineArtifact.yml + - template: ../tasks/1ES/PublishPipelineArtifact.yml parameters: displayName: 'Publish Unsigned ${{ parameters.RuntimeID }}' - path: '$(Build.StagingDirectory)\${{ parameters.RuntimeID }}' - artifactName: 'unsigned_${{ parameters.RuntimeID }}_binaries' + targetPath: '$(Build.StagingDirectory)\${{ parameters.RuntimeID }}' + artifactName: 'unsigned_${{ parameters.RuntimeID }}_binaries' # Publishing for non-macOS - ${{ if not(startsWith(parameters.RuntimeID, 'osx-')) }}: @@ -51,8 +51,8 @@ steps: Compress-Archive -Path $(Build.StagingDirectory)\${{ parameters.RuntimeID }}\debugAdapters -DestinationPath $(Build.StagingDirectory)\zips\${{ parameters.RuntimeID }}.zip displayName: "Create ${{ parameters.RuntimeID}}.zip" - - template: ../tasks/PublishPipelineArtifact.yml + - template: ../tasks/1ES/PublishPipelineArtifact.yml parameters: displayName: 'Publish ${{ parameters.RuntimeID }}' - path: '$(Build.StagingDirectory)\zips\${{ parameters.RuntimeID }}.zip' + targetPath: '$(Build.StagingDirectory)\zips\${{ parameters.RuntimeID }}.zip' artifactName: '${{ parameters.RuntimeID }}_zip' diff --git a/eng/pipelines/tasks/1ES/PublishPipelineArtifact.yml b/eng/pipelines/tasks/1ES/PublishPipelineArtifact.yml new file mode 100644 index 000000000..c8a204a96 --- /dev/null +++ b/eng/pipelines/tasks/1ES/PublishPipelineArtifact.yml @@ -0,0 +1,15 @@ +--- +parameters: + displayName: 'Publish Pipeline Artifact' + targetPath: '$(Build.ArtifactStagingDirectory)' + artifactName: 'drop' + condition: 'succeeded()' + +steps: +- task: 1ES.PublishPipelineArtifact@1 + displayName: ${{ parameters.displayName }} + inputs: + targetPath: ${{ parameters.targetPath }} + artifactName: '${{ parameters.artifactName }}' + condition: ${{ parameters.condition }} +... \ No newline at end of file diff --git a/eng/pipelines/tasks/MicroBuildLocalizationPlugin.yml b/eng/pipelines/tasks/MicroBuildLocalizationPlugin.yml index f420771df..0d5024250 100644 --- a/eng/pipelines/tasks/MicroBuildLocalizationPlugin.yml +++ b/eng/pipelines/tasks/MicroBuildLocalizationPlugin.yml @@ -1,5 +1,5 @@ --- steps: -- task: ms-vseng.MicroBuildTasks.a0262b21-fb8f-46f8-bb9a-60ed560d4a87.MicroBuildLocalizationPlugin@3 +- task: ms-vseng.MicroBuildTasks.a0262b21-fb8f-46f8-bb9a-60ed560d4a87.MicroBuildLocalizationPlugin@4 displayName: 'Install Localization Plugin' ... \ No newline at end of file diff --git a/eng/pipelines/templates/VS-release.template.yml b/eng/pipelines/templates/VS-release.template.yml index 34613364a..e9408071e 100644 --- a/eng/pipelines/templates/VS-release.template.yml +++ b/eng/pipelines/templates/VS-release.template.yml @@ -6,10 +6,6 @@ steps: - template: ../tasks/NuGetToolInstaller.yml -- template: ../tasks/MicroBuildSigningPlugin.yml - -- template: ../tasks/MicroBuildLocalizationPlugin.yml - - template: ../steps/BuildSolution.yml parameters: Configuration: 'Lab.Release' diff --git a/eng/pipelines/templates/VSCode-codesign-osx.template.yml b/eng/pipelines/templates/VSCode-codesign-osx.template.yml index d3b9da477..42033534c 100644 --- a/eng/pipelines/templates/VSCode-codesign-osx.template.yml +++ b/eng/pipelines/templates/VSCode-codesign-osx.template.yml @@ -22,9 +22,9 @@ steps: echo "#[command] zip -r $(Pipeline.Workspace)/${{ rid }}.zip ./debugAdapters" zip -r $(Pipeline.Workspace)/${{ rid }}.zip ./debugAdapters - - template: ../tasks/PublishPipelineArtifact.yml + - template: ../tasks/1ES/PublishPipelineArtifact.yml parameters: displayName: 'Publish Binaries' - path: '$(Pipeline.Workspace)/${{ rid }}.zip' + targetPath: '$(Pipeline.Workspace)/${{ rid }}.zip' artifactName: 'unsigned_${{ rid }}_zip' ... diff --git a/eng/pipelines/templates/VSCode-esrp-sign-osx.template.yml b/eng/pipelines/templates/VSCode-esrp-sign-osx.template.yml index 431a2f9b1..d1822636e 100644 --- a/eng/pipelines/templates/VSCode-esrp-sign-osx.template.yml +++ b/eng/pipelines/templates/VSCode-esrp-sign-osx.template.yml @@ -18,9 +18,9 @@ steps: SigningTarget: '$(Pipeline.Workspace)\Artifacts\${{ rid }}.zip' SigningCert: 8023 - - template: ../tasks/PublishPipelineArtifact.yml + - template: ../tasks/1ES/PublishPipelineArtifact.yml parameters: displayName: 'Publish Binaries' - path: '$(Pipeline.Workspace)\Artifacts\${{ rid }}.zip' + targetPath: '$(Pipeline.Workspace)\Artifacts\${{ rid }}.zip' artifactName: '${{ rid }}_zip' ... \ No newline at end of file diff --git a/eng/pipelines/templates/VSCode-release.template.yml b/eng/pipelines/templates/VSCode-release.template.yml index 1aefc7da6..af2638c3f 100644 --- a/eng/pipelines/templates/VSCode-release.template.yml +++ b/eng/pipelines/templates/VSCode-release.template.yml @@ -8,8 +8,6 @@ steps: - template: ../tasks/NuGetToolInstaller.yml -- template: ../tasks/MicroBuildSigningPlugin.yml - - template: ../tasks/UseDotNet.yml - template: ../steps/BuildSolution.yml From 3391a8862a0a171e23b749ac7511432511c22aa6 Mon Sep 17 00:00:00 2001 From: Andrew Wang Date: Fri, 26 Jan 2024 11:23:55 -0800 Subject: [PATCH 2/2] Address PR comments --- eng/pipelines/steps/CollectAndPublishBinaries.yml | 2 +- eng/pipelines/steps/PackAndPublishVSPackages.yml | 3 +-- eng/pipelines/tasks/1ES/PublishPipelineArtifact.yml | 2 +- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/eng/pipelines/steps/CollectAndPublishBinaries.yml b/eng/pipelines/steps/CollectAndPublishBinaries.yml index 164337e9a..092bb36c8 100644 --- a/eng/pipelines/steps/CollectAndPublishBinaries.yml +++ b/eng/pipelines/steps/CollectAndPublishBinaries.yml @@ -17,5 +17,5 @@ steps: parameters: displayName: 'Publish Binaries' targetPath: ${{ parameters.TargetFolder }} - artifactName: '${{ parameters.ArtifactName }}' + artifactName: '${{ parameters.ArtifactName }}' ... \ No newline at end of file diff --git a/eng/pipelines/steps/PackAndPublishVSPackages.yml b/eng/pipelines/steps/PackAndPublishVSPackages.yml index ff8cce068..365ce5529 100644 --- a/eng/pipelines/steps/PackAndPublishVSPackages.yml +++ b/eng/pipelines/steps/PackAndPublishVSPackages.yml @@ -31,9 +31,8 @@ steps: displayName: Publish Nuget package condition: and(succeeded(), eq(variables['SignType'], 'real')) inputs: - useDotNetTask: false # The default is false to use the NuGetCommand task. Set to true to use the DotNetCoreCLI task to publish packages. packagesToPush: '$(Build.SourcesDirectory)\VS.Redist.Debugger.MDD.MIEngine.*.nupkg;$(Build.SourcesDirectory)\VS.Redist.Debugger.MDD.UnixPortSupplier.*.nupkg' packageParentPath: '$(Build.SourcesDirectory)' publishVstsFeed: '97a41293-2972-4f48-8c0e-05493ae82010' # VS - nuGetFeedType: internal # Change to external when publishing to external feed + nuGetFeedType: internal ... \ No newline at end of file diff --git a/eng/pipelines/tasks/1ES/PublishPipelineArtifact.yml b/eng/pipelines/tasks/1ES/PublishPipelineArtifact.yml index c8a204a96..9feac58e4 100644 --- a/eng/pipelines/tasks/1ES/PublishPipelineArtifact.yml +++ b/eng/pipelines/tasks/1ES/PublishPipelineArtifact.yml @@ -10,6 +10,6 @@ steps: displayName: ${{ parameters.displayName }} inputs: targetPath: ${{ parameters.targetPath }} - artifactName: '${{ parameters.artifactName }}' + artifactName: '${{ parameters.artifactName }}' condition: ${{ parameters.condition }} ... \ No newline at end of file