From de00ffd6550f9fc2c31fdcf84c91fc6f33c176e3 Mon Sep 17 00:00:00 2001 From: "Scott Beddall (from Dev Box)" Date: Wed, 29 May 2024 18:06:46 -0700 Subject: [PATCH 1/8] getting the general shape of the yml into a place where we can get rid of our releases for this repository --- azure-pipelines/prod-release-pipelines.yml | 7 +++- azure-pipelines/release-stage.yml | 40 +++++++++++++++++++ azure-pipelines/staging-release-pipelines.yml | 7 +++- 3 files changed, 52 insertions(+), 2 deletions(-) create mode 100644 azure-pipelines/release-stage.yml diff --git a/azure-pipelines/prod-release-pipelines.yml b/azure-pipelines/prod-release-pipelines.yml index 25237a664..da8c2e8d2 100644 --- a/azure-pipelines/prod-release-pipelines.yml +++ b/azure-pipelines/prod-release-pipelines.yml @@ -2,7 +2,7 @@ extends: template: /azure-pipelines/1es-redirect.yml parameters: stages: - - stage: Prod_Release + - stage: Build displayName: Prod Release variables: @@ -35,3 +35,8 @@ extends: parameters: ArtifactName: drop ArtifactPath: $(Build.SourcesDirectory)/dist + + - ${{ if and(in(variables['Build.Reason'], 'Manual', ''), eq(variables['System.TeamProject'], 'internal'))}}: + - template: /.azure-pipelines/release-stage.yml + parameters: + Version: prod diff --git a/azure-pipelines/release-stage.yml b/azure-pipelines/release-stage.yml new file mode 100644 index 000000000..8802fc112 --- /dev/null +++ b/azure-pipelines/release-stage.yml @@ -0,0 +1,40 @@ +parameters: + - name: Version + type: string + default: 'staging' + values: + - 'staging' + - 'prod' + +stages: + - stage: Release + displayName: Release ${{ parameters.Version }} + dependsOn: Build + + variables: + - template: /eng/templates/variables/image.yml + + # todo: add an environment for user approval prior to release + # todo: grab the ESRP config from azure-sdk-for-js + jobs: + - job: Publish + + pool: + name: $(LINUXPOOL) + image: $(LINUXVMIMAGE) + os: linux + + steps: + - checkout: self + submodules: true + + - download: current + artifact: oav + timeoutInMinutes: 5 + + - pwsh: | + Get-ChildItem $(Build.ArtifactStagingDirectory) -Recurse | % { Write-Host $_.FullName } + + + + diff --git a/azure-pipelines/staging-release-pipelines.yml b/azure-pipelines/staging-release-pipelines.yml index 8a907667f..a48157215 100644 --- a/azure-pipelines/staging-release-pipelines.yml +++ b/azure-pipelines/staging-release-pipelines.yml @@ -2,7 +2,7 @@ extends: template: /azure-pipelines/1es-redirect.yml parameters: stages: - - stage: Staging_Release + - stage: Build displayName: Staging Release variables: @@ -39,3 +39,8 @@ extends: parameters: ArtifactName: drop ArtifactPath: $(Build.SourcesDirectory)/dist + + - ${{ if and(in(variables['Build.Reason'], 'Manual', ''), eq(variables['System.TeamProject'], 'internal'))}}: + - template: /.azure-pipelines/release-stage.yml + parameters: + Version: staging From b038d7cd59e2df3e5561136ed727fc009ac1d75f Mon Sep 17 00:00:00 2001 From: "Scott Beddall (from Dev Box)" Date: Fri, 31 May 2024 14:11:20 -0700 Subject: [PATCH 2/8] correct typo --- azure-pipelines/release-stage.yml | 49 ++++++++++++++++++------------- 1 file changed, 29 insertions(+), 20 deletions(-) diff --git a/azure-pipelines/release-stage.yml b/azure-pipelines/release-stage.yml index 8802fc112..0bafe8c4e 100644 --- a/azure-pipelines/release-stage.yml +++ b/azure-pipelines/release-stage.yml @@ -14,27 +14,36 @@ stages: variables: - template: /eng/templates/variables/image.yml - # todo: add an environment for user approval prior to release - # todo: grab the ESRP config from azure-sdk-for-js jobs: - - job: Publish - + - deployment: Publish + environment: 'package-publish' pool: - name: $(LINUXPOOL) - image: $(LINUXVMIMAGE) + name: azsdk-pool-mms-ubuntu-2004-general + image: azsdk-pool-mms-ubuntu-2004-1espt os: linux - steps: - - checkout: self - submodules: true - - - download: current - artifact: oav - timeoutInMinutes: 5 - - - pwsh: | - Get-ChildItem $(Build.ArtifactStagingDirectory) -Recurse | % { Write-Host $_.FullName } - - - - + strategy: + runOnce: + deploy: + steps: + - checkout: self + submodules: false + + - download: current + artifact: oav + timeoutInMinutes: 5 + + - task: PowerShell@2 + inputs: + filePath: '$(Build.SourcesDirectory)/eng/scripts/determine-release-tag.ps1' + failOnStderr: true + pwsh: true + + - pwsh: | + Write-Host "Will deploy with tag of $(Tag)" + Get-ChildItem "$(Pipeline.Workspace)/oav" -Recurse -Force ` + | Where-Object { $_.Name -like "*.tgz" } ` + | Copy-Item -Destination "$(Build.ArtifactStagingDirectory)" + + Get-ChildItem "$(Build.ArtifactStagingDirectory)" -Recurse -Force | % { Write-Host $_.FullName } + displayName: Move artifact to $(Build.ArtifactStagingDirectory) From 8cede8687922e86efe44646e303f5e1c94c1af3c Mon Sep 17 00:00:00 2001 From: "Scott Beddall (from Dev Box)" Date: Fri, 31 May 2024 14:24:35 -0700 Subject: [PATCH 3/8] update the publish phase to one that works / compatible with the rest of the build. leave the final esrp publish out while we make certain the artifacts we're publishing are what we expect --- azure-pipelines/1es-redirect.yml | 1 - azure-pipelines/prod-release-pipelines.yml | 2 +- azure-pipelines/release-stage.yml | 17 ++++------------- azure-pipelines/staging-release-pipelines.yml | 2 +- 4 files changed, 6 insertions(+), 16 deletions(-) diff --git a/azure-pipelines/1es-redirect.yml b/azure-pipelines/1es-redirect.yml index 0e806d4ed..afa3f5ea7 100644 --- a/azure-pipelines/1es-redirect.yml +++ b/azure-pipelines/1es-redirect.yml @@ -28,7 +28,6 @@ extends: sdl: git: longpaths: true - submodules: false sourceAnalysisPool: name: azsdk-pool-mms-win-2022-general image: azsdk-pool-mms-win-2022-1espt diff --git a/azure-pipelines/prod-release-pipelines.yml b/azure-pipelines/prod-release-pipelines.yml index da8c2e8d2..f5efac327 100644 --- a/azure-pipelines/prod-release-pipelines.yml +++ b/azure-pipelines/prod-release-pipelines.yml @@ -39,4 +39,4 @@ extends: - ${{ if and(in(variables['Build.Reason'], 'Manual', ''), eq(variables['System.TeamProject'], 'internal'))}}: - template: /.azure-pipelines/release-stage.yml parameters: - Version: prod + Version: latest diff --git a/azure-pipelines/release-stage.yml b/azure-pipelines/release-stage.yml index 0bafe8c4e..a5b619a2b 100644 --- a/azure-pipelines/release-stage.yml +++ b/azure-pipelines/release-stage.yml @@ -3,17 +3,14 @@ parameters: type: string default: 'staging' values: - - 'staging' - - 'prod' + - 'beta' + - 'latest' stages: - stage: Release displayName: Release ${{ parameters.Version }} dependsOn: Build - variables: - - template: /eng/templates/variables/image.yml - jobs: - deployment: Publish environment: 'package-publish' @@ -30,18 +27,12 @@ stages: submodules: false - download: current - artifact: oav + artifact: drop timeoutInMinutes: 5 - - task: PowerShell@2 - inputs: - filePath: '$(Build.SourcesDirectory)/eng/scripts/determine-release-tag.ps1' - failOnStderr: true - pwsh: true - - pwsh: | Write-Host "Will deploy with tag of $(Tag)" - Get-ChildItem "$(Pipeline.Workspace)/oav" -Recurse -Force ` + Get-ChildItem "$(Pipeline.Workspace)/drop" -Recurse -Force ` | Where-Object { $_.Name -like "*.tgz" } ` | Copy-Item -Destination "$(Build.ArtifactStagingDirectory)" diff --git a/azure-pipelines/staging-release-pipelines.yml b/azure-pipelines/staging-release-pipelines.yml index a48157215..6c156bd0b 100644 --- a/azure-pipelines/staging-release-pipelines.yml +++ b/azure-pipelines/staging-release-pipelines.yml @@ -43,4 +43,4 @@ extends: - ${{ if and(in(variables['Build.Reason'], 'Manual', ''), eq(variables['System.TeamProject'], 'internal'))}}: - template: /.azure-pipelines/release-stage.yml parameters: - Version: staging + Version: beta From c60989be79681b8f38e26a7175b15b3bf984a405 Mon Sep 17 00:00:00 2001 From: "Scott Beddall (from Dev Box)" Date: Fri, 31 May 2024 14:27:31 -0700 Subject: [PATCH 4/8] this repo is azure-pipelines, not .azure-pipelines --- azure-pipelines/prod-release-pipelines.yml | 2 +- azure-pipelines/staging-release-pipelines.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/azure-pipelines/prod-release-pipelines.yml b/azure-pipelines/prod-release-pipelines.yml index f5efac327..e3772f84a 100644 --- a/azure-pipelines/prod-release-pipelines.yml +++ b/azure-pipelines/prod-release-pipelines.yml @@ -37,6 +37,6 @@ extends: ArtifactPath: $(Build.SourcesDirectory)/dist - ${{ if and(in(variables['Build.Reason'], 'Manual', ''), eq(variables['System.TeamProject'], 'internal'))}}: - - template: /.azure-pipelines/release-stage.yml + - template: /azure-pipelines/release-stage.yml parameters: Version: latest diff --git a/azure-pipelines/staging-release-pipelines.yml b/azure-pipelines/staging-release-pipelines.yml index 6c156bd0b..281947833 100644 --- a/azure-pipelines/staging-release-pipelines.yml +++ b/azure-pipelines/staging-release-pipelines.yml @@ -41,6 +41,6 @@ extends: ArtifactPath: $(Build.SourcesDirectory)/dist - ${{ if and(in(variables['Build.Reason'], 'Manual', ''), eq(variables['System.TeamProject'], 'internal'))}}: - - template: /.azure-pipelines/release-stage.yml + - template: /azure-pipelines/release-stage.yml parameters: Version: beta From 05a0d50fff076c9fd9e63491a886ae98faaa7314 Mon Sep 17 00:00:00 2001 From: "Scott Beddall (from Dev Box)" Date: Fri, 31 May 2024 14:48:51 -0700 Subject: [PATCH 5/8] TAg -> parameters.Version --- azure-pipelines/release-stage.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure-pipelines/release-stage.yml b/azure-pipelines/release-stage.yml index a5b619a2b..f8b45d9b4 100644 --- a/azure-pipelines/release-stage.yml +++ b/azure-pipelines/release-stage.yml @@ -31,7 +31,7 @@ stages: timeoutInMinutes: 5 - pwsh: | - Write-Host "Will deploy with tag of $(Tag)" + Write-Host "Will deploy with tag of ${{ parameters.Version }}" Get-ChildItem "$(Pipeline.Workspace)/drop" -Recurse -Force ` | Where-Object { $_.Name -like "*.tgz" } ` | Copy-Item -Destination "$(Build.ArtifactStagingDirectory)" From 340452c836eec6466bec1589162009548fb71354 Mon Sep 17 00:00:00 2001 From: "Scott Beddall (from Dev Box)" Date: Fri, 31 May 2024 16:32:06 -0700 Subject: [PATCH 6/8] ensure the SDL job doesn't go off the rails --- azure-pipelines/1es-redirect.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/azure-pipelines/1es-redirect.yml b/azure-pipelines/1es-redirect.yml index afa3f5ea7..38fe976a3 100644 --- a/azure-pipelines/1es-redirect.yml +++ b/azure-pipelines/1es-redirect.yml @@ -28,11 +28,15 @@ extends: sdl: git: longpaths: true + submodules: false sourceAnalysisPool: name: azsdk-pool-mms-win-2022-general image: azsdk-pool-mms-win-2022-1espt os: windows sourceRepositoriesToScan: + include: + - repository: self + submodule: false exclude: - repository: azure-sdk-build-tools eslint: From ce22b96b108d0ff6c53c8d29c51b9009364f2c8b Mon Sep 17 00:00:00 2001 From: "Scott Beddall (from Dev Box)" Date: Fri, 31 May 2024 16:33:04 -0700 Subject: [PATCH 7/8] add runsinglejob --- azure-pipelines/1es-redirect.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/azure-pipelines/1es-redirect.yml b/azure-pipelines/1es-redirect.yml index 38fe976a3..3f0d9e46a 100644 --- a/azure-pipelines/1es-redirect.yml +++ b/azure-pipelines/1es-redirect.yml @@ -39,6 +39,7 @@ extends: submodule: false exclude: - repository: azure-sdk-build-tools + runInSingleJob: true eslint: enabled: false justificationForDisabling: 'ESLint injected task has failures because it uses an old version of mkdirp. We should not fail for tools not controlled by the repo. See: https://dev.azure.com/azure-sdk/internal/_build/results?buildId=3499746' From c5ca5302357cbba926877e9147ce59019a4bb6a2 Mon Sep 17 00:00:00 2001 From: "Scott Beddall (from Dev Box)" Date: Fri, 31 May 2024 16:40:28 -0700 Subject: [PATCH 8/8] add ESRP publish --- azure-pipelines/release-stage.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/azure-pipelines/release-stage.yml b/azure-pipelines/release-stage.yml index f8b45d9b4..859b21c35 100644 --- a/azure-pipelines/release-stage.yml +++ b/azure-pipelines/release-stage.yml @@ -38,3 +38,21 @@ stages: Get-ChildItem "$(Build.ArtifactStagingDirectory)" -Recurse -Force | % { Write-Host $_.FullName } displayName: Move artifact to $(Build.ArtifactStagingDirectory) + + - task: EsrpRelease@7 + inputs: + displayName: 'Publish to ESRP' + ConnectedServiceName: 'Azure SDK Engineering System' + ClientId: '5f81938c-2544-4f1f-9251-dd9de5b8a81b' + KeyVaultName: 'AzureSDKEngKeyVault' + AuthCertName: 'azure-sdk-esrp-release-auth-certificate' + SignCertName: 'azure-sdk-esrp-release-sign-certificate' + Intent: 'PackageDistribution' + ContentType: 'npm' + FolderLocation: $(Build.ArtifactStagingDirectory) + Owners: ${{ coalesce(variables['Build.RequestedForEmail'], 'azuresdk@microsoft.com') }} + Approvers: 'azuresdk@microsoft.com' + ServiceEndpointUrl: 'https://api.esrp.microsoft.com' + MainPublisher: 'ESRPRELPACMANTEST' + DomainTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47' + productstate: ${{ parameters.Version }} \ No newline at end of file