From 6c690673c2835314f1e2f9ba6b0f36140ca0f9e1 Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL HE/HIM) (from Dev Box)" Date: Thu, 29 Aug 2024 14:13:38 -0700 Subject: [PATCH 01/13] add path to tsa config file in msixbundle job --- .pipelines/DSC-Official.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index 8ba2c670..2226233a 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -201,16 +201,20 @@ extends: dependsOn: BuildWin variables: ob_outputDirectory: '$(Build.ArtifactStagingDirectory)' + ob_sdl_tsa_configFile: '$(Build.SourcesDirectory)\DSC\.config\tsaoptions.json' + ob_sdl_sbom_enabled: true + ob_signing_setup_enabled: true + ob_sdl_codeql_compiled_enabled: true pool: type: windows steps: + - checkout: self - download: current artifact: drop_BuildAndSign_BuildWinx64 patterns: '*.msix' - download: current artifact: drop_BuildAndSign_BuildWinarm64 patterns: '*.msix' - - checkout: self - pwsh: | Set-Location "$(Build.SourcesDirectory)/DSC" $null = New-Item -ItemType Directory -Path "./bin/msix" -Force -ErrorAction Ignore From f7ccdf906f19864630610c45069be291436f0b29 Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL HE/HIM) (from Dev Box)" Date: Thu, 29 Aug 2024 14:14:52 -0700 Subject: [PATCH 02/13] fix formatting of network --- .pipelines/DSC-Official.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index 2226233a..718b2ea2 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -36,7 +36,7 @@ extends: WindowsHostVersion: Disk: Large Version: 2022 - Network: KS3 # this retricts network access to public upstream repositories + Network: KS3 # this retricts network access to public upstream repositories # Currently can't be used as some NPM pkgs like tree-sitter-cli reach out to GitHub to get the actual zip pkg # Network: NetLock customTags: 'ES365AIMigrationTooling' From 59a4a25d31ea540789eec61394833c4386514b76 Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL HE/HIM) (from Dev Box)" Date: Thu, 29 Aug 2024 15:45:09 -0700 Subject: [PATCH 03/13] checkout self added --- .pipelines/DSC-Official.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index 718b2ea2..9e38652f 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -237,6 +237,7 @@ extends: pool: type: windows steps: + - checkout: self - task: CopyFiles@2 displayName: "Copy Files for 'PublishPipelineArtifact@1' publish task" inputs: From bebc65359f8c1d7d904e1a47b80190a8b72000dd Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL HE/HIM) (from Dev Box)" Date: Thu, 29 Aug 2024 17:51:39 -0700 Subject: [PATCH 04/13] set to restore phase --- .pipelines/DSC-Official.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index 9e38652f..20f72857 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -240,6 +240,8 @@ extends: - checkout: self - task: CopyFiles@2 displayName: "Copy Files for 'PublishPipelineArtifact@1' publish task" + env: + ob_restore_phase: true inputs: SourceFolder: $(signOutPath) Contents: '**' From 4a4e03796e06ab06ad411098494d8592d56441af Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL HE/HIM) (from Dev Box)" Date: Fri, 30 Aug 2024 10:26:56 -0700 Subject: [PATCH 05/13] remove unused stage --- .pipelines/DSC-Official.yml | 22 ---------------------- 1 file changed, 22 deletions(-) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index 20f72857..871a4970 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -225,28 +225,6 @@ extends: displayName: 'Create msixbundle' condition: succeeded() - - job: PublishSigned - dependsOn: BuildWin - variables: - signOutPath: $[ dependencies.BuildWin.outputs['signOutPath.signOutPath'] ] - ob_sdl_tsa_configFile: $(Build.SourcesDirectory)\DSC\.config\tsaoptions.json - ob_outputDirectory: '$(Build.ArtifactStagingDirectory)' - ob_sdl_sbom_enabled: false - ob_signing_setup_enabled: false - ob_sdl_codeql_compiled_enabled: false - pool: - type: windows - steps: - - checkout: self - - task: CopyFiles@2 - displayName: "Copy Files for 'PublishPipelineArtifact@1' publish task" - env: - ob_restore_phase: true - inputs: - SourceFolder: $(signOutPath) - Contents: '**' - TargetFolder: $(Build.ArtifactStagingDirectory)/signed - - job: BuildLinux dependsOn: SetPackageVersion variables: From 7ac3aa087657c1dd8234af7a0e661bdc2f9637f0 Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL HE/HIM) (from Dev Box)" Date: Fri, 30 Aug 2024 11:27:19 -0700 Subject: [PATCH 06/13] update packages --- tree-sitter-dscexpression/build.ps1 | 7 +++--- tree-sitter-dscexpression/package-lock.json | 24 ++++++++++----------- tree-sitter-dscexpression/package.json | 10 ++++----- 3 files changed, 21 insertions(+), 20 deletions(-) diff --git a/tree-sitter-dscexpression/build.ps1 b/tree-sitter-dscexpression/build.ps1 index b08eb1ce..7aadc5d0 100644 --- a/tree-sitter-dscexpression/build.ps1 +++ b/tree-sitter-dscexpression/build.ps1 @@ -46,10 +46,11 @@ if ($UpdatePackages) { rm ./package-lock.json rm -r ./node_modules npm cache clean --force - npm logout - vsts-npm-auth -config .npmrc -F -V - npm install --force --verbose --registry https://pkgs.dev.azure.com/mseng/_packaging/OneESD-DevOps/npm/registry/ + # npm logout + # vsts-npm-auth -config .npmrc -F -V + npm install --omit:optional --force --verbose #--registry https://pkgs.dev.azure.com/mseng/_packaging/OneESD-DevOps/npm/registry/ } +Invoke-NativeCommand 'npx node-gyp configure' Invoke-NativeCommand 'npx tree-sitter generate --build' Invoke-NativeCommand 'npx tree-sitter test' diff --git a/tree-sitter-dscexpression/package-lock.json b/tree-sitter-dscexpression/package-lock.json index 2720235c..26b14954 100644 --- a/tree-sitter-dscexpression/package-lock.json +++ b/tree-sitter-dscexpression/package-lock.json @@ -11,13 +11,13 @@ "license": "MIT", "dependencies": { "gyp": "^0.3.0", - "node-addon-api": "^7.1.0", + "node-addon-api": "^7.1.1", "node-gyp": "^10.2.0", - "node-gyp-build": "^4.8.0" + "node-gyp-build": "^4.8.2" }, "devDependencies": { - "prebuildify": "^6.0.0", - "tree-sitter-cli": "^0.22.2" + "prebuildify": "^6.0.1", + "tree-sitter-cli": "^0.22.6" }, "peerDependencies": { "tree-sitter": "^0.21.0" @@ -360,8 +360,8 @@ "license": "Apache-2.0" }, "node_modules/foreground-child": { - "version": "3.2.1", - "integrity": "sha1-dnAEzPOlsw3zm+2QcYurQ/4KWfc=", + "version": "3.3.0", + "integrity": "sha1-CshkTAbkMUOfhWHbjs8pp7VRnHc=", "license": "ISC", "dependencies": { "cross-spawn": "^7.0.0", @@ -789,8 +789,8 @@ } }, "node_modules/node-abi": { - "version": "3.65.0", - "integrity": "sha1-ypLVWTiOHpyrFoChjBoYdXzaydM=", + "version": "3.67.0", + "integrity": "sha1-HRWZB/GNGOGICdu7XfR+0kJqCN8=", "dev": true, "license": "MIT", "dependencies": { @@ -829,8 +829,8 @@ } }, "node_modules/node-gyp-build": { - "version": "4.8.1", - "integrity": "sha1-l2062QXnG3YIb08LDTY3/nm2zaU=", + "version": "4.8.2", + "integrity": "sha1-T4ArccGrLKFq+DDmwep90a2Ulvo=", "license": "MIT", "bin": { "node-gyp-build": "bin.js", @@ -866,7 +866,7 @@ }, "node_modules/ometajs": { "version": "3.2.4", - "integrity": "sha512-Usw3SnzRqklgU2kFJNrO+8npseWuywNyTL5LC0q47IM/7AS0AEWzeNRmLf8I77xTeU3y88gwY8eTApQ0oCjcGg==", + "integrity": "sha1-gHzfTA6N8XJ/Ikym2x+qxD6L2rE=", "optional": true, "dependencies": { "coa": "0.3.x", @@ -1316,7 +1316,7 @@ }, "node_modules/uglify-js": { "version": "1.3.5", - "integrity": "sha512-YPX1DjKtom8l9XslmPFQnqWzTBkvI4N0pbkzLuPZZ4QTyig0uQqvZz9NgUdfEV+qccJzi7fVcGWdESvRIjWptQ==", + "integrity": "sha1-S1v/+Rhu/7qoiOTJ6UvZ/EyUkp0=", "optional": true, "bin": { "uglifyjs": "bin/uglifyjs" diff --git a/tree-sitter-dscexpression/package.json b/tree-sitter-dscexpression/package.json index 1cbfc846..0ac4663d 100644 --- a/tree-sitter-dscexpression/package.json +++ b/tree-sitter-dscexpression/package.json @@ -22,13 +22,13 @@ ], "dependencies": { "gyp": "^0.3.0", - "node-gyp-build": "^4.8.0", - "node-addon-api": "^7.1.0", - "node-gyp": "^10.2.0" + "node-addon-api": "^7.1.1", + "node-gyp": "^10.2.0", + "node-gyp-build": "^4.8.2" }, "devDependencies": { - "prebuildify": "^6.0.0", - "tree-sitter-cli": "^0.22.2" + "prebuildify": "^6.0.1", + "tree-sitter-cli": "^0.22.6" }, "peerDependencies": { "tree-sitter": "^0.21.0" From a758eaecd7fce6ecd56628df3710f4df7c4d343a Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL HE/HIM) (from Dev Box)" Date: Fri, 30 Aug 2024 11:29:44 -0700 Subject: [PATCH 07/13] update npm install to omit optional --- tree-sitter-dscexpression/build.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tree-sitter-dscexpression/build.ps1 b/tree-sitter-dscexpression/build.ps1 index 7aadc5d0..d3800da5 100644 --- a/tree-sitter-dscexpression/build.ps1 +++ b/tree-sitter-dscexpression/build.ps1 @@ -29,7 +29,7 @@ if ($null -eq (Get-Command npm -ErrorAction Ignore)) { } } -npm install +npm install --omit:optional --registry https://pkgs.dev.azure.com/mseng/_packaging/OneESD-DevOps/npm/registry/ #npm list tree-sitter-cli #if ($LASTEXITCODE -ne 0) { From 43d05df67d308bf29cad56073ae5c10dbc84193a Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL HE/HIM) (from Dev Box)" Date: Fri, 30 Aug 2024 12:03:59 -0700 Subject: [PATCH 08/13] remove ometajs dependency --- tree-sitter-dscexpression/package-lock.json | 49 +-------------------- 1 file changed, 1 insertion(+), 48 deletions(-) diff --git a/tree-sitter-dscexpression/package-lock.json b/tree-sitter-dscexpression/package-lock.json index 26b14954..12d33117 100644 --- a/tree-sitter-dscexpression/package-lock.json +++ b/tree-sitter-dscexpression/package-lock.json @@ -238,17 +238,6 @@ "node": ">=6" } }, - "node_modules/coa": { - "version": "0.3.9", - "integrity": "sha1-fj0g0wr3C4CGLpXU1JtxUYO+lgQ=", - "optional": true, - "dependencies": { - "q": "~0.8.10" - }, - "engines": { - "node": ">= 0.6.0" - } - }, "node_modules/color-convert": { "version": "2.0.1", "integrity": "sha1-ctOmjVmMm9s68q0ehPIdiWq9TeM=", @@ -428,10 +417,7 @@ "node_modules/gyp-expansions": { "version": "0.0.2", "integrity": "sha1-5mQhpmpGGg0s84T4cA8X6xR4NnI=", - "license": "BSD", - "optionalDependencies": { - "ometajs": "~3.2.4" - } + "license": "BSD" }, "node_modules/gyp-load": { "version": "0.0.1", @@ -864,22 +850,6 @@ "node": ">=8" } }, - "node_modules/ometajs": { - "version": "3.2.4", - "integrity": "sha1-gHzfTA6N8XJ/Ikym2x+qxD6L2rE=", - "optional": true, - "dependencies": { - "coa": "0.3.x", - "q": "0.8.x", - "uglify-js": "1.3.x" - }, - "bin": { - "ometajs2js": "bin/ometajs2js" - }, - "engines": { - "node": ">=0.4.0" - } - }, "node_modules/once": { "version": "1.4.0", "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=", @@ -978,15 +948,6 @@ "once": "^1.3.1" } }, - "node_modules/q": { - "version": "0.8.12", - "integrity": "sha1-kWKpHhGBnEvNp9oVz1/vqtB3iCM=", - "optional": true, - "engines": { - "node": ">=0.6.0", - "teleport": ">=0.2.0" - } - }, "node_modules/readable-stream": { "version": "3.6.2", "integrity": "sha1-VqmzbqllwAxak+8x6xEaDxEFaWc=", @@ -1314,14 +1275,6 @@ "tree-sitter": "cli.js" } }, - "node_modules/uglify-js": { - "version": "1.3.5", - "integrity": "sha1-S1v/+Rhu/7qoiOTJ6UvZ/EyUkp0=", - "optional": true, - "bin": { - "uglifyjs": "bin/uglifyjs" - } - }, "node_modules/unique-filename": { "version": "3.0.0", "integrity": "sha1-SLp6WhaEn1CA0mx2DIbPXPBXcOo=", From 483f65999345f20e11cd78a596d70895c566ed5e Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL HE/HIM) (from Dev Box)" Date: Fri, 30 Aug 2024 12:17:51 -0700 Subject: [PATCH 09/13] update registry to be used --- tree-sitter-dscexpression/build.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tree-sitter-dscexpression/build.ps1 b/tree-sitter-dscexpression/build.ps1 index d3800da5..11928d72 100644 --- a/tree-sitter-dscexpression/build.ps1 +++ b/tree-sitter-dscexpression/build.ps1 @@ -29,7 +29,7 @@ if ($null -eq (Get-Command npm -ErrorAction Ignore)) { } } -npm install --omit:optional --registry https://pkgs.dev.azure.com/mseng/_packaging/OneESD-DevOps/npm/registry/ +npm ci --omit:optional --force --registry https://pkgs.dev.azure.com/powershell/PowerShell/_packaging/powershell/npm/registry/ #npm list tree-sitter-cli #if ($LASTEXITCODE -ne 0) { @@ -48,7 +48,7 @@ if ($UpdatePackages) { npm cache clean --force # npm logout # vsts-npm-auth -config .npmrc -F -V - npm install --omit:optional --force --verbose #--registry https://pkgs.dev.azure.com/mseng/_packaging/OneESD-DevOps/npm/registry/ + npm install --omit:optional --force --verbose #--registry https://pkgs.dev.azure.com/powershell/PowerShell/_packaging/powershell/npm/registry/ } Invoke-NativeCommand 'npx node-gyp configure' From ed52a99143de0dfe84fa78ba0b83082d5e464bb3 Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL HE/HIM) (from Dev Box)" Date: Fri, 30 Aug 2024 15:48:25 -0700 Subject: [PATCH 10/13] set to ks1 --- .pipelines/DSC-Official.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index 871a4970..4e094512 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -36,7 +36,7 @@ extends: WindowsHostVersion: Disk: Large Version: 2022 - Network: KS3 # this retricts network access to public upstream repositories + Network: KS1 # note that this property is sticky so commenting out will use the previous set one # Currently can't be used as some NPM pkgs like tree-sitter-cli reach out to GitHub to get the actual zip pkg # Network: NetLock customTags: 'ES365AIMigrationTooling' From d9d44e6ded538499af7a7b6c7b10ee5565e843dc Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL HE/HIM) (from Dev Box)" Date: Tue, 3 Sep 2024 14:31:45 -0700 Subject: [PATCH 11/13] fix github publish task --- .pipelines/DSC-Official.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index 4e094512..cc48d282 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -367,8 +367,10 @@ extends: - stage: Release dependsOn: BuildAndSign + condition: ne(variables['Build.Reason'], 'Schedule') variables: PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] + ob_outputDirectory: '$(Build.ArtifactStagingDirectory)' ob_sdl_sbom_enabled: false ob_signing_setup_enabled: false ob_sdl_codeql_compiled_enabled: false @@ -391,11 +393,12 @@ extends: displayName: Publish draft to GitHub pool: type: windows - variables: - ob_outputDirectory: '$(Build.SourcesDirectory)' steps: - download: current displayName: Download artifacts + patterns: | + '**/*.zip' + '**/*.tar.gz' - task: GitHubRelease@1 displayName: Create GitHub release inputs: From 9e4a39474512019f5e7cee2c1e5be3cfe67544d3 Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL HE/HIM) (from Dev Box)" Date: Tue, 3 Sep 2024 14:33:35 -0700 Subject: [PATCH 12/13] move outputdir var back --- .pipelines/DSC-Official.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index cc48d282..9d6d0f95 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -370,7 +370,6 @@ extends: condition: ne(variables['Build.Reason'], 'Schedule') variables: PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] - ob_outputDirectory: '$(Build.ArtifactStagingDirectory)' ob_sdl_sbom_enabled: false ob_signing_setup_enabled: false ob_sdl_codeql_compiled_enabled: false @@ -393,6 +392,8 @@ extends: displayName: Publish draft to GitHub pool: type: windows + variables: + ob_outputDirectory: '$(Build.ArtifactStagingDirectory)' steps: - download: current displayName: Download artifacts From b896cd0c25d312d88aa946905795e0672749c66e Mon Sep 17 00:00:00 2001 From: "Steve Lee (POWERSHELL HE/HIM) (from Dev Box)" Date: Tue, 3 Sep 2024 15:59:31 -0700 Subject: [PATCH 13/13] move variables --- .pipelines/DSC-Official.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml index 9d6d0f95..b80afbdc 100644 --- a/.pipelines/DSC-Official.yml +++ b/.pipelines/DSC-Official.yml @@ -370,10 +370,6 @@ extends: condition: ne(variables['Build.Reason'], 'Schedule') variables: PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ] - ob_sdl_sbom_enabled: false - ob_signing_setup_enabled: false - ob_sdl_codeql_compiled_enabled: false - drop: $(Pipeline.Workspace)/drop_build_main jobs: - job: Validation displayName: Manual validation @@ -394,6 +390,10 @@ extends: type: windows variables: ob_outputDirectory: '$(Build.ArtifactStagingDirectory)' + ob_sdl_sbom_enabled: false + ob_signing_setup_enabled: false + ob_sdl_codeql_compiled_enabled: false + drop: $(Pipeline.Workspace)/drop_build_main steps: - download: current displayName: Download artifacts