PowerShell · SteveL-MSFT · Mar 5, 2025 · Feb 18, 2025 · Feb 18, 2025 · Feb 25, 2025
diff --git a/.pipelines/DSC-Official.yml b/.pipelines/DSC-Official.yml
@@ -18,7 +18,6 @@ schedules:
 variables:
   BuildConfiguration: 'release'
   PackageRoot: '$(System.ArtifactsDirectory)/Packages'
-#  LinuxContainerImage: 'mcr.microsoft.com/onebranch/cbl-mariner/build:2.0'
   WindowsContainerImage: 'onebranch.azurecr.io/windows/ltsc2022/vse2022:latest'
   Codeql.TSAEnabled: true
 
@@ -85,120 +84,46 @@ extends:
             Write-Host "##$vstsCommandString"
           name: Package
 
-      - job: BuildWin
+      - job: BuildWin_x64
         dependsOn: SetPackageVersion
-        strategy:
-          matrix:
-            Windows x64:
-              Suffix: x64
-              buildName: x86_64-pc-windows-msvc
-            Windows x64_arm64:
-              Suffix: arm64
-              buildName: aarch64-pc-windows-msvc
         variables:
-          PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ]
           ob_sdl_tsa_configFile: '$(Build.SourcesDirectory)\DSC\.config\tsaoptions.json'
           ob_outputDirectory: '$(Build.ArtifactStagingDirectory)'
-          ob_artifactSuffix: $(Suffix)
-          repoRoot: '$(Build.SourcesDirectory)\DSC'
           signSrcPath: '$(Build.SourcesDirectory)\out'
           ob_sdl_sbom_enabled: true
           ob_signing_setup_enabled: true
           ob_sdl_codeql_compiled_enabled: true
         pool:
           type: windows
-        displayName: BuildWin
         steps:
-        - checkout: self
-          env:
-            ob_restore_phase: true
-        - task: CodeQL3000Init@0 # Add CodeQL Init task right before your 'Build' step.
-          inputs:
-            Enabled: true
-            AnalyzeInPipeline: true
-            Language: rust
-          env:
-            ob_restore_phase: true
-        - pwsh: |
-            $tmpdir = "$(Agent.TempDirectory)"
-            Write-Host "##vso[task.setvariable variable=CARGO_TARGET_DIR;]$tmpdir"
-          displayName: 🛠️ Workaround for the LoadLibrary ACCESS_VIOLATION OneBranch issue
-          env:
-            ob_restore_phase: true
-        - task: RustInstaller@1
-          inputs:
-            rustVersion: ms-stable
-            toolchainFeed: https://pkgs.dev.azure.com/mscodehub/Rust/_packaging/Rust/nuget/v3/index.json
-            additionalTargets: $(buildName)
-          displayName: Install Rust
-          env:
-            ob_restore_phase: true
-        - pwsh: |
-            Set-Location "$(Build.SourcesDirectory)/DSC"
-            $LLVMBIN = "$($env:PROGRAMFILES)\Microsoft Visual Studio\2022\Enterprise\VC\Tools\Llvm\bin"
-            if (!(Test-Path $LLVMBIN)) {
-              throw "LLVM path '$LLVMBIN' does not exist"
-            }
-            $env:PATH += ";$LLVMBIN"
-            write-verbose -verbose (gcm clang.exe | out-string)
-            ./build.ps1 -Release -Architecture $(buildName) -SkipLinkCheck
-          displayName: 'Build $(buildName)'
-          env:
-            ob_restore_phase: true
-          condition: succeeded()
-        - task: CodeQL3000Finalize@0 # Add CodeQL Finalize task right after your 'Build' step.
-          condition: always()
-          env:
-            ob_restore_phase: true
-        - pwsh: |
-            $null = New-Item -ItemType Directory -Path "$(PackageRoot)" -ErrorAction Ignore
-            $null = New-Item -ItemType Directory -Path "$(PackageRoot)/out" -ErrorAction Ignore
-            $null = New-Item -ItemType Directory -Path "$(signSrcPath)" -ErrorAction Ignore
-            # workaround known issue of building in OneBranch copying from TMP folder
-            $null = New-Item -ItemType Directory -Path "$(signSrcPath)" -ErrorAction Ignore
-            # copy only the exes from the TMP folder since it contains intermediately built files we don't want to sign
-            write-host 'Binaries in $(env:CARGO_TARGET_DIR)'
-            Copy-Item -Path "$env:CARGO_TARGET_DIR/$(buildName)/$(BuildConfiguration)/*.exe" -Destination "$(signSrcPath)" -Verbose
-            Copy-Item -Path "$(Build.SourcesDirectory)/DSC/bin/$(buildName)/$(BuildConfiguration)/*" -Recurse -Destination "$(signSrcPath)" -Verbose -Force
-            write-host 'Binaries in $(signSrcPath)'
-            dir -r "$(signSrcPath)"
-          displayName: Copy built binaries
-          env:
-            ob_restore_phase: true
-          condition: succeeded()
-        - task: onebranch.pipeline.signing@1
-          displayName: Sign 1st party files
-          inputs:
-            command: 'sign'
-            signing_profile: external_distribution
-            files_to_sign: |
-              **\*.exe;
-              **\*.ps1;
-              **\*.psd1;
-              **\*.psm1;
-            search_root: $(signSrcPath)
-        - task: CopyFiles@2
-          displayName: "Copy signed files to build target dir"
-          inputs:
-            SourceFolder: "$(signSrcPath)"
-            Contents: '**'
-            TargetFolder: $(Build.SourcesDirectory)/DSC/bin/$(buildName)/$(BuildConfiguration)
-            OverWrite: true
-        - pwsh: |
-            Set-Location "$(Build.SourcesDirectory)/DSC"
-            ./build.ps1 -PackageType zip -Architecture $(buildName) -Release
-            Copy-Item ./bin/*.zip "$(ob_outputDirectory)"
-          displayName: 'Zip $(buildName)'
-          condition: succeeded()
-        - pwsh: |
-            Set-Location "$(Build.SourcesDirectory)/DSC"
-            ./build.ps1 -PackageType msix -Architecture $(buildName) -Release -UseX64MakeAppx
-            Copy-Item ./bin/msix/*.msix "$(ob_outputDirectory)" -Verbose
-          displayName: 'Create msix for $(buildName)'
-          condition: succeeded()
+        - template: .pipelines/DSC-Windows.yml@self
+          parameters:
+            buildName: x86_64-pc-windows-msvc
+            signSrcPath: '$(signSrcPath)'
+            PackageRoot: '$(PackageRoot)'
+
+      - job: BuildWin_arm64
+        dependsOn: SetPackageVersion
+        variables:
+          ob_sdl_tsa_configFile: '$(Build.SourcesDirectory)\DSC\.config\tsaoptions.json'
+          ob_outputDirectory: '$(Build.ArtifactStagingDirectory)'
+          signSrcPath: '$(Build.SourcesDirectory)\out'
+          ob_sdl_sbom_enabled: true
+          ob_signing_setup_enabled: true
+          ob_sdl_codeql_compiled_enabled: true
+        pool:
+          type: windows
+        steps:
+        - template: .pipelines/DSC-Windows.yml@self
+          parameters:
+            buildName: aarch64-pc-windows-msvc
+            signSrcPath: '$(signSrcPath)'
+            PackageRoot: '$(PackageRoot)'
 
       - job: CreateMsixBundle
-        dependsOn: BuildWin
+        dependsOn:
+          - BuildWin_x64
+          - BuildWin_arm64
         variables:
           ob_outputDirectory: '$(Build.ArtifactStagingDirectory)'
           ob_sdl_tsa_configFile: '$(Build.SourcesDirectory)\DSC\.config\tsaoptions.json'
@@ -210,77 +135,21 @@ extends:
         steps:
         - checkout: self
         - download: current
-          artifact: drop_BuildAndSign_BuildWinx64
+          artifact: drop_BuildAndSign_BuildWin_x64
           patterns: '*.msix'
         - download: current
-          artifact: drop_BuildAndSign_BuildWinarm64
+          artifact: drop_BuildAndSign_BuildWin_arm64
           patterns: '*.msix'
         - pwsh: |
             Set-Location "$(Build.SourcesDirectory)/DSC"
             $null = New-Item -ItemType Directory -Path "./bin/msix" -Force -ErrorAction Ignore
-            Copy-Item "$(Pipeline.Workspace)/drop_BuildAndSign_BuildWinx64/*.msix" ./bin/msix -Verbose
-            Copy-Item "$(Pipeline.Workspace)/drop_BuildAndSign_BuildWinarm64/*.msix" ./bin/msix -Verbose
+            Copy-Item "$(Pipeline.Workspace)/drop_BuildAndSign_BuildWin_x64/*.msix" ./bin/msix -Verbose
+            Copy-Item "$(Pipeline.Workspace)/drop_BuildAndSign_BuildWin_arm64/*.msix" ./bin/msix -Verbose
             ./build.ps1 -PackageType msixbundle
             Copy-Item ./bin/*.msixbundle "$(ob_outputDirectory)"
           displayName: 'Create msixbundle'
           condition: succeeded()
 
-      # - job: BuildLinux
-      #   dependsOn: SetPackageVersion
-      #   variables:
-      #     LinuxContainerImage: 'onebranch.azurecr.io/linux/ubuntu-2204:latest'
-      #     PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ]
-      #     ob_outputDirectory: '$(Build.ArtifactStagingDirectory)'
-      #   displayName: Linux-x64-gnu
-      #   pool:
-      #     type: linux
-      #   steps:
-      #   - task: RustInstaller@1
-      #     inputs:
-      #       rustVersion: ms-stable
-      #       toolchainFeed: https://pkgs.dev.azure.com/mscodehub/Rust/_packaging/Rust/nuget/v3/index.json
-      #       additionalTargets: x86_64-unknown-linux-gnu
-      #     displayName: Install Rust
-      #     env:
-      #       ob_restore_phase: true
-      #   - pwsh: |
-      #       ./build.ps1 -Release -Architecture x86_64-unknown-linux-gnu
-      #       ./build.ps1 -PackageType tgz -Architecture x86_64-unknown-linux-gnu -Release
-      #       Copy-Item ./bin/*.tar.gz "$(ob_outputDirectory)"
-      #     displayName: 'Build x86_64-unknown-linux-gnu'
-      #     condition: succeeded()
-
-      # - job: BuildLinuxArm64
-      #   dependsOn: SetPackageVersion
-      #   variables:
-      #     LinuxContainerImage: 'onebranch.azurecr.io/linux/ubuntu-2004-arm64:latest'
-      #     PackageVersion: $[ dependencies.SetPackageVersion.outputs['Package.Version'] ]
-      #     ob_outputDirectory: '$(Build.ArtifactStagingDirectory)'
-      #   displayName: Linux-ARM64-gnu
-      #   pool:
-      #     type: linux
-      #     hostArchitecture: arm64
-      #   steps:
-      #   - task: RustInstaller@1
-      #     inputs:
-      #       rustVersion: ms-stable
-      #       toolchainFeed: https://pkgs.dev.azure.com/mscodehub/Rust/_packaging/Rust/nuget/v3/index.json
-      #       additionalTargets: aarch64-unknown-linux-gnu
-      #     displayName: Install Rust
-      #     env:
-      #       ob_restore_phase: true
-      #   - pwsh: |
-      #       apt update
-      #       apt -y install gcc-aarch64-linux-gnu
-      #       if ((openssl version -d) -match 'OPENSSLDIR: "(?<dir>.*?)"') {
-      #         $env:OPENSSL_LIB_DIR = $matches['dir']
-      #       }
-      #       ./build.ps1 -Release -Architecture aarch64-unknown-linux-gnu
-      #       ./build.ps1 -PackageType tgz -Architecture aarch64-unknown-linux-gnu -Release
-      #       Copy-Item ./bin/*.tar.gz "$(ob_outputDirectory)"
-      #     displayName: 'Build aarch64-unknown-linux-gnu'
-      #     condition: succeeded()
-
       - job: BuildLinuxMusl
         dependsOn: SetPackageVersion
         variables:

diff --git a/.pipelines/DSC-Windows.yml b/.pipelines/DSC-Windows.yml
@@ -0,0 +1,99 @@
+parameters:
+  - name: buildName
+    type: string
+  - name: signSrcPath
+    type: string
+  - name: PackageRoot
+    type: string
+  - name: BuildConfiguration
+    type: string
+    default: Release
+
+steps:
+- checkout: self
+  env:
+    ob_restore_phase: true
+- task: CodeQL3000Init@0 # Add CodeQL Init task right before your 'Build' step.
+  inputs:
+    Enabled: true
+    AnalyzeInPipeline: true
+    Language: rust
+  env:
+    ob_restore_phase: true
+- pwsh: |
+    $tmpdir = "$(Agent.TempDirectory)"
+    Write-Host "##vso[task.setvariable variable=CARGO_TARGET_DIR;]$tmpdir"
+  displayName: 🛠️ Workaround for the LoadLibrary ACCESS_VIOLATION OneBranch issue
+  env:
+    ob_restore_phase: true
+- task: RustInstaller@1
+  inputs:
+    rustVersion: ms-stable
+    toolchainFeed: https://pkgs.dev.azure.com/mscodehub/Rust/_packaging/Rust/nuget/v3/index.json
+    additionalTargets: ${{ parameters.buildName }}
+  displayName: Install Rust
+  env:
+    ob_restore_phase: true
+- pwsh: |
+    Set-Location "$(Build.SourcesDirectory)/DSC"
+    $LLVMBIN = "$($env:PROGRAMFILES)\Microsoft Visual Studio\2022\Enterprise\VC\Tools\Llvm\bin"
+    if (!(Test-Path $LLVMBIN)) {
+      throw "LLVM path '$LLVMBIN' does not exist"
+    }
+    $env:PATH += ";$LLVMBIN"
+    write-verbose -verbose (gcm clang.exe | out-string)
+    ./build.ps1 -Release -Architecture ${{ parameters.buildName }} -SkipLinkCheck
+  displayName: 'Build ${{ parameters.buildName }}'
+  env:
+    ob_restore_phase: true
+  condition: succeeded()
+- task: CodeQL3000Finalize@0 # Add CodeQL Finalize task right after your 'Build' step.
+  condition: always()
+  env:
+    ob_restore_phase: true
+- pwsh: |
+    $null = New-Item -ItemType Directory -Path "${{ parameters.PackageRoot }}" -ErrorAction Ignore
+    $null = New-Item -ItemType Directory -Path "${{ parameters.PackageRoot }}/out" -ErrorAction Ignore
+    $null = New-Item -ItemType Directory -Path "${{ parameters.signSrcPath }}" -ErrorAction Ignore
+    # workaround known issue of building in OneBranch copying from TMP folder
+    $null = New-Item -ItemType Directory -Path "${{ parameters.signSrcPath }}" -ErrorAction Ignore
+    # copy only the exes from the TMP folder since it contains intermediately built files we don't want to sign
+    write-host 'Binaries in $(env:CARGO_TARGET_DIR)'
+    Copy-Item -Path "$env:CARGO_TARGET_DIR/${{ parameters.buildName }}/${{ parameters.BuildConfiguration }}/*.exe" -Destination "${{ parameters.signSrcPath }}" -Verbose
+    Copy-Item -Path "$(Build.SourcesDirectory)/DSC/bin/${{ parameters.buildName }}/${{ parameters.BuildConfiguration }}/*" -Recurse -Destination "${{ parameters.signSrcPath }}" -Verbose -Force
+    write-host 'Binaries in ${{ parameters.signSrcPath }}'
+    dir -r "${{ parameters.signSrcPath }}"
+  displayName: Copy built binaries
+  env:
+    ob_restore_phase: true
+  condition: succeeded()
+- task: onebranch.pipeline.signing@1
+  displayName: Sign 1st party files
+  inputs:
+    command: 'sign'
+    signing_profile: external_distribution
+    files_to_sign: |
+      **\*.exe;
+      **\*.ps1;
+      **\*.psd1;
+      **\*.psm1;
+    search_root: ${{ parameters.signSrcPath }}
+- task: CopyFiles@2
+  displayName: "Copy signed files to build target dir"
+  inputs:
+    SourceFolder: "${{ parameters.signSrcPath }}"
+    Contents: '**'
+    TargetFolder: $(Build.SourcesDirectory)/DSC/bin/${{ parameters.buildName }}/${{ parameters.BuildConfiguration }}
+    OverWrite: true
+- pwsh: |
+    Set-Location "$(Build.SourcesDirectory)/DSC"
+    ./build.ps1 -PackageType zip -Architecture ${{ parameters.buildName }} -Release
+    Copy-Item ./bin/*.zip "$(Build.ArtifactStagingDirectory)" -Verbose
+  displayName: 'Zip ${{ parameters.buildName }}'
+  condition: succeeded()
+- pwsh: |
+    Set-Location "$(Build.SourcesDirectory)/DSC"
+    ./build.ps1 -PackageType msix -Architecture ${{ parameters.buildName }} -Release -UseX64MakeAppx
+    Copy-Item ./bin/msix/*.msix "$(Build.ArtifactStagingDirectory)" -Verbose
+  displayName: 'Create msix for ${{ parameters.buildName }}'
+  condition: succeeded()