From 64a7ed0cd6312c03c24fee64a81c906aed83e746 Mon Sep 17 00:00:00 2001 From: Andy Jordan <2226434+andyleejordan@users.noreply.github.com> Date: Tue, 10 Sep 2024 17:13:35 -0700 Subject: [PATCH] Setup OneBranch and package build --- .github/workflows/ci-test.yml | 11 ++ .pipelines/PSScriptAnalyzer-Official.yml | 173 +++++++++++++++++++++++ tools/installPSResources.ps1 | 16 +-- 3 files changed, 192 insertions(+), 8 deletions(-) create mode 100644 .pipelines/PSScriptAnalyzer-Official.yml diff --git a/.github/workflows/ci-test.yml b/.github/workflows/ci-test.yml index e3252aae0..d681191c8 100644 --- a/.github/workflows/ci-test.yml +++ b/.github/workflows/ci-test.yml @@ -34,6 +34,10 @@ jobs: run: ./build.ps1 -Configuration Release -All shell: pwsh + - name: Package + run: ./build.ps1 -BuildNupkg + shell: pwsh + - name: Test run: ./build.ps1 -Test shell: pwsh @@ -45,6 +49,13 @@ jobs: if: matrix.os == 'windows-latest' shell: powershell + - name: Upload build artifacts + uses: actions/upload-artifact@v4 + if: always() + with: + name: PSScriptAnalyzer-package-${{ matrix.os }} + path: out/**/*.nupkg + - name: Upload test results uses: actions/upload-artifact@v4 if: always() diff --git a/.pipelines/PSScriptAnalyzer-Official.yml b/.pipelines/PSScriptAnalyzer-Official.yml new file mode 100644 index 000000000..0e2a723a5 --- /dev/null +++ b/.pipelines/PSScriptAnalyzer-Official.yml @@ -0,0 +1,173 @@ +################################################################################# +# OneBranch Pipelines # +# This pipeline was created by EasyStart from a sample located at: # +# https://aka.ms/obpipelines/easystart/samples # +# Documentation: https://aka.ms/obpipelines # +# Yaml Schema: https://aka.ms/obpipelines/yaml/schema # +# Retail Tasks: https://aka.ms/obpipelines/tasks # +# Support: https://aka.ms/onebranchsup # +################################################################################# + +trigger: none + +schedules: +- cron: '20 16 * * 4' + displayName: Weekly CodeQL + branches: + include: + - main + always: true + +parameters: +- name: debug + displayName: Enable debug output + type: boolean + default: false + +variables: + system.debug: ${{ parameters.debug }} + BuildConfiguration: Release + WindowsContainerImage: onebranch.azurecr.io/windows/ltsc2022/vse2022:latest + DOTNET_NOLOGO: true + DOTNET_GENERATE_ASPNET_CERTIFICATE: false + +resources: + repositories: + - repository: templates + type: git + name: OneBranch.Pipelines/GovernedTemplates + ref: refs/heads/main + +extends: + # https://aka.ms/obpipelines/templates + template: v2/OneBranch.Official.CrossPlat.yml@templates + parameters: + globalSdl: # https://aka.ms/obpipelines/sdl + asyncSdl: + enabled: true + forStages: [build] + featureFlags: + EnableCDPxPAT: false + WindowsHostVersion: + Version: 2022 + Network: Netlock + stages: + - stage: build + jobs: + - job: main + displayName: Build package + pool: + type: windows + variables: + ob_outputDirectory: $(Build.SourcesDirectory)/out + steps: + - pwsh: | + [xml]$xml = Get-Content Engine/Engine.csproj + $version = $xml.SelectSingleNode(".//VersionPrefix")."#text" + Write-Output "##vso[task.setvariable variable=version;isOutput=true]$version" + name: package + displayName: Get version from project properties + - task: onebranch.pipeline.version@1 + displayName: Set OneBranch version + inputs: + system: Custom + customVersion: $(package.version) + - task: UseDotNet@2 + displayName: Use .NET SDK + inputs: + packageType: sdk + useGlobalJson: true + - pwsh: | + Register-PSRepository -Name CFS -SourceLocation "https://pkgs.dev.azure.com/powershell/PowerShell/_packaging/powershell/nuget/v2" -InstallationPolicy Trusted + Install-Module -Repository CFS -Name Microsoft.PowerShell.PSResourceGet + ./tools/installPSResources.ps1 -PSRepository CFS + displayName: Install PSResources + - pwsh: ./build.ps1 -Configuration Release -All + displayName: Build + - task: onebranch.pipeline.signing@1 + displayName: Sign 1st-party files + inputs: + command: sign + signing_profile: external_distribution + search_root: $(Build.SourcesDirectory)/out + files_to_sign: | + **/Microsoft.*.dll; + **/*.psd1; + **/*.ps1xml; + - task: onebranch.pipeline.signing@1 + displayName: Sign 3rd-party files + inputs: + command: sign + signing_profile: 135020002 + search_root: $(Build.SourcesDirectory)/out + files_to_sign: | + **/Newtonsoft.Json.dll; + **/Pluralize.NET.dll; + - pwsh: ./build.ps1 -BuildNupkg + displayName: Package module + - task: onebranch.pipeline.signing@1 + displayName: Sign NuGet package + inputs: + command: sign + signing_profile: external_distribution + search_root: $(Build.SourcesDirectory)/out + files_to_sign: | + *.nupkg + - stage: release + dependsOn: build + condition: ne(variables['Build.Reason'], 'Schedule') + variables: + version: $[ stageDependencies.build.main.outputs['package.version'] ] + drop: $(Pipeline.Workspace)/drop_build_main + jobs: + - job: github + displayName: Publish draft to GitHub + pool: + type: windows + variables: + ob_outputDirectory: $(Build.SourcesDirectory)/out + steps: + - download: current + displayName: Download artifacts + - task: GitHubRelease@1 + displayName: Create GitHub release + inputs: + gitHubConnection: GitHub + repositoryName: PowerShell/PSScriptAnalyzer + assets: | + $(drop)/PSScriptAnalyzer.$(version).nupkg + tagSource: userSpecifiedTag + tag: v$(version) + isDraft: true + addChangeLog: false + releaseNotesSource: inline + releaseNotesInline: "" + - job: validation + displayName: Manual validation + pool: + type: agentless + timeoutInMinutes: 1440 + steps: + - task: ManualValidation@0 + displayName: Wait 24 hours for validation + inputs: + notifyUsers: $(Build.RequestedForEmail) + instructions: Please validate the release and then publish it! + timeoutInMinutes: 1440 + - job: publish + dependsOn: validation + displayName: Publish to PowerShell Gallery + pool: + type: windows + variables: + ob_outputDirectory: $(Build.SourcesDirectory)/out + steps: + - download: current + displayName: Download artifacts + - task: NuGetCommand@2 + displayName: Publish module to PowerShell Gallery + inputs: + command: push + packagesToPush: $(drop)/PSScriptAnalyzer.$(version).nupkg + nuGetFeedType: external + publishFeedCredentials: PowerShellGallery diff --git a/tools/installPSResources.ps1 b/tools/installPSResources.ps1 index 08532b8fe..506d93a35 100644 --- a/tools/installPSResources.ps1 +++ b/tools/installPSResources.ps1 @@ -1,13 +1,13 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. +param( + [ValidateSet("PSGallery", "CFS")] + [string]$PSRepository = "PSGallery" +) -$ErrorActionPreference = 'Stop' - -Set-PSRepository -Name PSGallery -InstallationPolicy Trusted | Out-Null -if ($PSVersionTable.PSVersion.Major -lt 6) { - throw "The build script requires PowerShell 7!" +if ($PSRepository -eq "CFS" -and -not (Get-PSResourceRepository -Name CFS -ErrorAction SilentlyContinue)) { + Register-PSResourceRepository -Name CFS -Uri "https://pkgs.dev.azure.com/powershell/PowerShell/_packaging/powershell/nuget/v3/index.json" } -# TODO: Switch to Install-PSResource when CI uses PowerShell 7.4 -Install-Module -Name platyPS -Scope CurrentUser -Install-Module -Name Pester -Scope CurrentUser +Install-PSResource -Repository $PSRepository -TrustRepository -Name platyPS +Install-PSResource -Repository $PSRepository -TrustRepository -Name Pester