From d685fda39eaf8a9eda3feaed3fe3fd0a38dbfa15 Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Fri, 5 Jul 2024 16:58:09 -0400 Subject: [PATCH 01/12] Test release drop creation --- build-tools/automation/azure-pipelines.yaml | 129 +++++++++++++++----- 1 file changed, 99 insertions(+), 30 deletions(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index ca669345f15..a89617a86c9 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -97,11 +97,11 @@ extends: settings: skipBuildTagsForGitHubPullRequests: true stages: - - template: /build-tools/automation/yaml-templates/build-macos.yaml@self + #- template: /build-tools/automation/yaml-templates/build-macos.yaml@self - - template: /build-tools/automation/yaml-templates/build-windows.yaml@self + #- template: /build-tools/automation/yaml-templates/build-windows.yaml@self - - template: /build-tools/automation/yaml-templates/build-linux.yaml@self + #- template: /build-tools/automation/yaml-templates/build-linux.yaml@self - stage: smoke_tests displayName: Package Tests @@ -459,36 +459,95 @@ extends: - stage: dotnet_prepare_release displayName: Prepare .NET Release - dependsOn: - - mac_build - - linux_build - condition: and(eq(dependencies.mac_build.result, 'Succeeded'), eq(dependencies.linux_build.result, 'Succeeded'), eq(variables['MicroBuildSignType'], 'Real')) + dependsOn: [] + #- mac_build + #- linux_build + # condition: and(eq(dependencies.mac_build.result, 'Succeeded'), eq(dependencies.linux_build.result, 'Succeeded'), eq(variables['MicroBuildSignType'], 'Real')) jobs: + - job: sign_net_mac_win + displayName: test artifact setup + pool: + name: Azure Pipelines + vmImage: $(HostedMacImage) + os: macOS + timeoutInMinutes: 180 + workspace: + clean: all + templateContext: + outputs: + - output: pipelineArtifact + artifactName: nuget-unsigned + targetPath: $(Build.StagingDirectory)\nuget-unsigned + sbomEnabled: false + - output: pipelineArtifact + artifactName: nuget-signed + targetPath: $(Build.StagingDirectory)\nuget-signed + sbomEnabled: false + - output: pipelineArtifact + artifactName: nuget-linux-signed + targetPath: $(Build.StagingDirectory)\nuget-linux-signed + sbomEnabled: false + steps: + - task: DownloadPipelineArtifact@2 + inputs: + buildType: specific + project: DevDiv + definition: 11410 + buildVersionToDownload: latestFromBranch + branchName: refs/heads/main + allowPartiallySucceededBuilds: true + allowFailedBuilds: true + artifactName: nuget-unsigned + downloadPath: $(Build.StagingDirectory)\nuget-unsigned + - task: DownloadPipelineArtifact@2 + inputs: + buildType: specific + project: DevDiv + definition: 11410 + buildVersionToDownload: latestFromBranch + branchName: refs/heads/main + allowPartiallySucceededBuilds: true + allowFailedBuilds: true + artifactName: nuget-signed + downloadPath: $(Build.StagingDirectory)\nuget-signed + - task: DownloadPipelineArtifact@2 + inputs: + buildType: specific + project: DevDiv + definition: 11410 + buildVersionToDownload: latestFromBranch + branchName: refs/heads/main + allowPartiallySucceededBuilds: true + allowFailedBuilds: true + artifactName: nuget-linux-signed + downloadPath: $(Build.StagingDirectory)\nuget-linux-signed + + # Check - "Xamarin.Android (Prepare .NET Release Sign Archives)" - - template: sign-artifacts/jobs/v2.yml@yaml-templates - parameters: - name: sign_net_mac_win - poolName: $(VSEngMicroBuildPool) - artifactName: $(NuGetArtifactName) - signType: $(MicroBuildSignType) - signedArtifactName: nuget-signed - usePipelineArtifactTasks: true - use1ESTemplate: true + #- template: sign-artifacts/jobs/v2.yml@yaml-templates + # parameters: + # name: sign_net_mac_win + # poolName: $(VSEngMicroBuildPool) + # artifactName: $(NuGetArtifactName) + # signType: $(MicroBuildSignType) + # signedArtifactName: nuget-signed + # usePipelineArtifactTasks: true + # use1ESTemplate: true # Check - "Xamarin.Android (Prepare .NET Release Sign Linux Archive)" - - template: sign-artifacts/jobs/v2.yml@yaml-templates - parameters: - name: sign_net_linux - displayName: Sign Linux Archive - poolName: $(VSEngMicroBuildPool) - artifactName: $(LinuxNuGetArtifactName) - signType: $(MicroBuildSignType) - signedArtifactName: nuget-linux-signed - usePipelineArtifactTasks: true - use1ESTemplate: true + #- template: sign-artifacts/jobs/v2.yml@yaml-templates + # parameters: + # name: sign_net_linux + # displayName: Sign Linux Archive + # poolName: $(VSEngMicroBuildPool) + # artifactName: $(LinuxNuGetArtifactName) + # signType: $(MicroBuildSignType) + # signedArtifactName: nuget-linux-signed + # usePipelineArtifactTasks: true + # use1ESTemplate: true # Check - "Xamarin.Android (Prepare .NET Release Convert NuGet to MSI)" - - template: nuget-msi-convert/job/v3.yml@yaml-templates + - template: nuget-msi-convert/job/v4.yml@yaml-templates parameters: yamlResourceName: yaml-templates dependsOn: sign_net_mac_win @@ -497,7 +556,17 @@ extends: !*Darwin* propsArtifactName: $(NuGetArtifactName) signType: $(MicroBuildSignType) - use1ESTemplate: true + preConvertSteps: + - task: DownloadPipelineArtifact@2 + inputs: + artifactName: nuget-signed + artifactPatterns: | + *Darwin* + downloadPath: $(Build.StagingDirectory)\drop\nugets + - task: DownloadPipelineArtifact@2 + inputs: + artifactName: nuget-linux-signed + downloadPath: $(Build.StagingDirectory)\drop\nugets postConvertSteps: - task: DownloadPipelineArtifact@2 inputs: @@ -505,7 +574,6 @@ extends: downloadPath: $(Build.StagingDirectory)\sign-verify patterns: | **/SignVerifyIgnore.txt - - task: MicroBuildCodesignVerify@3 displayName: verify signed msi content inputs: @@ -521,7 +589,8 @@ extends: dependsOn: - nuget_convert - sign_net_linux - condition: and(eq(dependencies.nuget_convert.result, 'Succeeded'), eq(dependencies.sign_net_linux.result, 'Succeeded')) + #condition: and(eq(dependencies.nuget_convert.result, 'Succeeded'), eq(dependencies.sign_net_linux.result, 'Succeeded')) + condition: false timeoutInMinutes: 60 pool: name: AzurePipelines-EO From b77be296556cd0ada6fb6f09e5962f61b14ade00 Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Fri, 5 Jul 2024 17:00:21 -0400 Subject: [PATCH 02/12] Update yaml templates branch name --- build-tools/automation/azure-pipelines.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index a89617a86c9..8c637c4c1e1 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -18,7 +18,7 @@ resources: - repository: yaml-templates type: github name: xamarin/yaml-templates - ref: refs/heads/main + ref: refs/heads/dev/pjc/reldrop endpoint: xamarin - repository: sdk-insertions type: github @@ -97,11 +97,11 @@ extends: settings: skipBuildTagsForGitHubPullRequests: true stages: - #- template: /build-tools/automation/yaml-templates/build-macos.yaml@self + - template: /build-tools/automation/yaml-templates/build-macos.yaml@self - #- template: /build-tools/automation/yaml-templates/build-windows.yaml@self + - template: /build-tools/automation/yaml-templates/build-windows.yaml@self - #- template: /build-tools/automation/yaml-templates/build-linux.yaml@self + - template: /build-tools/automation/yaml-templates/build-linux.yaml@self - stage: smoke_tests displayName: Package Tests From 81e124893808335c339c0051fb4579e32cc0fd23 Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Fri, 5 Jul 2024 17:04:17 -0400 Subject: [PATCH 03/12] Disable push internal --- build-tools/automation/azure-pipelines.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index 8c637c4c1e1..c91e7176070 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -586,9 +586,9 @@ extends: # Check - "Xamarin.Android (Prepare .NET Release Push Internal)" - job: push_signed_nugets displayName: Push Internal - dependsOn: - - nuget_convert - - sign_net_linux + #dependsOn: + #- nuget_convert + #- sign_net_linux #condition: and(eq(dependencies.nuget_convert.result, 'Succeeded'), eq(dependencies.sign_net_linux.result, 'Succeeded')) condition: false timeoutInMinutes: 60 From c735801d3deeac91e4e536640f0313a1fc75b998 Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Fri, 5 Jul 2024 17:14:57 -0400 Subject: [PATCH 04/12] Download specific build id --- build-tools/automation/azure-pipelines.yaml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index c91e7176070..b08cbcf9a87 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -75,6 +75,7 @@ extends: scanOutputDirectoryOnly: true codeql: runSourceLanguagesInSourceAnalysis: true + enabledOnNonDefaultBranches: false policheck: enabled: false justification: Built in task does not support multi-language scanning @@ -493,8 +494,8 @@ extends: buildType: specific project: DevDiv definition: 11410 - buildVersionToDownload: latestFromBranch - branchName: refs/heads/main + buildVersionToDownload: specific + pipelineId: 9807028 allowPartiallySucceededBuilds: true allowFailedBuilds: true artifactName: nuget-unsigned @@ -504,8 +505,8 @@ extends: buildType: specific project: DevDiv definition: 11410 - buildVersionToDownload: latestFromBranch - branchName: refs/heads/main + buildVersionToDownload: specific + pipelineId: 9807028 allowPartiallySucceededBuilds: true allowFailedBuilds: true artifactName: nuget-signed @@ -515,8 +516,8 @@ extends: buildType: specific project: DevDiv definition: 11410 - buildVersionToDownload: latestFromBranch - branchName: refs/heads/main + buildVersionToDownload: specific + pipelineId: 9807028 allowPartiallySucceededBuilds: true allowFailedBuilds: true artifactName: nuget-linux-signed From 6df41dd941e9deba3fdff122a9c5f7b2604db35d Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Fri, 5 Jul 2024 18:07:37 -0400 Subject: [PATCH 05/12] More testing changes --- build-tools/automation/azure-pipelines.yaml | 30 ++++++++++----------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index b08cbcf9a87..4445354073f 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -568,21 +568,21 @@ extends: inputs: artifactName: nuget-linux-signed downloadPath: $(Build.StagingDirectory)\drop\nugets - postConvertSteps: - - task: DownloadPipelineArtifact@2 - inputs: - artifactName: $(NuGetArtifactName) - downloadPath: $(Build.StagingDirectory)\sign-verify - patterns: | - **/SignVerifyIgnore.txt - - task: MicroBuildCodesignVerify@3 - displayName: verify signed msi content - inputs: - TargetFolders: | - $(Build.ArtifactStagingDirectory)\bin\manifests - $(Build.ArtifactStagingDirectory)\bin\manifests-multitarget - ExcludeSNVerify: true - ApprovalListPathForCerts: $(Build.StagingDirectory)\sign-verify\SignVerifyIgnore.txt + #postConvertSteps: + #- task: DownloadPipelineArtifact@2 + # inputs: + # artifactName: $(NuGetArtifactName) + # downloadPath: $(Build.StagingDirectory)\sign-verify + # patterns: | + # **/SignVerifyIgnore.txt + #- task: MicroBuildCodesignVerify@3 + # displayName: verify signed msi content + # inputs: + # TargetFolders: | + # $(Build.ArtifactStagingDirectory)\bin\manifests + # $(Build.ArtifactStagingDirectory)\bin\manifests-multitarget + # ExcludeSNVerify: true + # ApprovalListPathForCerts: $(Build.StagingDirectory)\sign-verify\SignVerifyIgnore.txt # Check - "Xamarin.Android (Prepare .NET Release Push Internal)" - job: push_signed_nugets From 8e28ffea5c5913e943fce43925c4143567a60dc2 Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Fri, 5 Jul 2024 18:09:34 -0400 Subject: [PATCH 06/12] Use test signing --- build-tools/automation/azure-pipelines.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index 4445354073f..012dfe33738 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -556,7 +556,7 @@ extends: artifactPatterns: | !*Darwin* propsArtifactName: $(NuGetArtifactName) - signType: $(MicroBuildSignType) + #signType: $(MicroBuildSignType) preConvertSteps: - task: DownloadPipelineArtifact@2 inputs: From 01457ede897f7f991b122060753163ef30add16d Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Mon, 8 Jul 2024 10:11:24 -0400 Subject: [PATCH 07/12] Update test build --- build-tools/automation/azure-pipelines.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index 012dfe33738..0d88fb678e5 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -495,7 +495,7 @@ extends: project: DevDiv definition: 11410 buildVersionToDownload: specific - pipelineId: 9807028 + pipelineId: 9791931 allowPartiallySucceededBuilds: true allowFailedBuilds: true artifactName: nuget-unsigned @@ -506,7 +506,7 @@ extends: project: DevDiv definition: 11410 buildVersionToDownload: specific - pipelineId: 9807028 + pipelineId: 9791931 allowPartiallySucceededBuilds: true allowFailedBuilds: true artifactName: nuget-signed @@ -517,7 +517,7 @@ extends: project: DevDiv definition: 11410 buildVersionToDownload: specific - pipelineId: 9807028 + pipelineId: 9791931 allowPartiallySucceededBuilds: true allowFailedBuilds: true artifactName: nuget-linux-signed From 0366520f1d874afff9d883dc59725f817e17c6a2 Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Tue, 16 Jul 2024 14:53:09 -0400 Subject: [PATCH 08/12] Update test build id --- build-tools/automation/azure-pipelines.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index 0d88fb678e5..87a276809cd 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -495,7 +495,7 @@ extends: project: DevDiv definition: 11410 buildVersionToDownload: specific - pipelineId: 9791931 + pipelineId: 9889091 allowPartiallySucceededBuilds: true allowFailedBuilds: true artifactName: nuget-unsigned @@ -506,7 +506,7 @@ extends: project: DevDiv definition: 11410 buildVersionToDownload: specific - pipelineId: 9791931 + pipelineId: 9889091 allowPartiallySucceededBuilds: true allowFailedBuilds: true artifactName: nuget-signed @@ -517,7 +517,7 @@ extends: project: DevDiv definition: 11410 buildVersionToDownload: specific - pipelineId: 9791931 + pipelineId: 9889091 allowPartiallySucceededBuilds: true allowFailedBuilds: true artifactName: nuget-linux-signed From d4949ea5ee3d1f2b260f8f4718d79c83792755ce Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Wed, 17 Jul 2024 12:25:19 -0400 Subject: [PATCH 09/12] Revert testing changes, publish symbols --- build-tools/automation/azure-pipelines.yaml | 231 +++++++------------- 1 file changed, 74 insertions(+), 157 deletions(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index 82a8bbef176..243e51fd637 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -18,7 +18,7 @@ resources: - repository: yaml-templates type: github name: xamarin/yaml-templates - ref: refs/heads/dev/pjc/reldrop + ref: refs/heads/dev/pjc/v4drop-metadata endpoint: xamarin - repository: sdk-insertions type: github @@ -462,92 +462,33 @@ extends: - stage: dotnet_prepare_release displayName: Prepare .NET Release - dependsOn: [] - #- mac_build - #- linux_build - # condition: and(eq(dependencies.mac_build.result, 'Succeeded'), eq(dependencies.linux_build.result, 'Succeeded'), eq(variables['MicroBuildSignType'], 'Real')) + dependsOn: + - mac_build + - linux_build + condition: and(eq(dependencies.mac_build.result, 'Succeeded'), eq(dependencies.linux_build.result, 'Succeeded'), eq(variables['MicroBuildSignType'], 'Real')) jobs: - - job: sign_net_mac_win - displayName: test artifact setup - pool: - name: Azure Pipelines - vmImage: $(HostedMacImage) - os: macOS - timeoutInMinutes: 180 - workspace: - clean: all - templateContext: - outputs: - - output: pipelineArtifact - artifactName: nuget-unsigned - targetPath: $(Build.StagingDirectory)\nuget-unsigned - sbomEnabled: false - - output: pipelineArtifact - artifactName: nuget-signed - targetPath: $(Build.StagingDirectory)\nuget-signed - sbomEnabled: false - - output: pipelineArtifact - artifactName: nuget-linux-signed - targetPath: $(Build.StagingDirectory)\nuget-linux-signed - sbomEnabled: false - steps: - - task: DownloadPipelineArtifact@2 - inputs: - buildType: specific - project: DevDiv - definition: 11410 - buildVersionToDownload: specific - pipelineId: 9889091 - allowPartiallySucceededBuilds: true - allowFailedBuilds: true - artifactName: nuget-unsigned - downloadPath: $(Build.StagingDirectory)\nuget-unsigned - - task: DownloadPipelineArtifact@2 - inputs: - buildType: specific - project: DevDiv - definition: 11410 - buildVersionToDownload: specific - pipelineId: 9889091 - allowPartiallySucceededBuilds: true - allowFailedBuilds: true - artifactName: nuget-signed - downloadPath: $(Build.StagingDirectory)\nuget-signed - - task: DownloadPipelineArtifact@2 - inputs: - buildType: specific - project: DevDiv - definition: 11410 - buildVersionToDownload: specific - pipelineId: 9889091 - allowPartiallySucceededBuilds: true - allowFailedBuilds: true - artifactName: nuget-linux-signed - downloadPath: $(Build.StagingDirectory)\nuget-linux-signed - - # Check - "Xamarin.Android (Prepare .NET Release Sign Archives)" - #- template: sign-artifacts/jobs/v2.yml@yaml-templates - # parameters: - # name: sign_net_mac_win - # poolName: $(VSEngMicroBuildPool) - # artifactName: $(NuGetArtifactName) - # signType: $(MicroBuildSignType) - # signedArtifactName: nuget-signed - # usePipelineArtifactTasks: true - # use1ESTemplate: true + - template: sign-artifacts/jobs/v2.yml@yaml-templates + parameters: + name: sign_net_mac_win + poolName: $(VSEngMicroBuildPool) + artifactName: $(NuGetArtifactName) + signType: $(MicroBuildSignType) + signedArtifactName: nuget-signed + usePipelineArtifactTasks: true + use1ESTemplate: true # Check - "Xamarin.Android (Prepare .NET Release Sign Linux Archive)" - #- template: sign-artifacts/jobs/v2.yml@yaml-templates - # parameters: - # name: sign_net_linux - # displayName: Sign Linux Archive - # poolName: $(VSEngMicroBuildPool) - # artifactName: $(LinuxNuGetArtifactName) - # signType: $(MicroBuildSignType) - # signedArtifactName: nuget-linux-signed - # usePipelineArtifactTasks: true - # use1ESTemplate: true + - template: sign-artifacts/jobs/v2.yml@yaml-templates + parameters: + name: sign_net_linux + displayName: Sign Linux Archive + poolName: $(VSEngMicroBuildPool) + artifactName: $(LinuxNuGetArtifactName) + signType: $(MicroBuildSignType) + signedArtifactName: nuget-linux-signed + usePipelineArtifactTasks: true + use1ESTemplate: true # Check - "Xamarin.Android (Prepare .NET Release Convert NuGet to MSI)" - template: nuget-msi-convert/job/v4.yml@yaml-templates @@ -558,7 +499,7 @@ extends: artifactPatterns: | !*Darwin* propsArtifactName: $(NuGetArtifactName) - #signType: $(MicroBuildSignType) + signType: $(MicroBuildSignType) preConvertSteps: - task: DownloadPipelineArtifact@2 inputs: @@ -570,31 +511,30 @@ extends: inputs: artifactName: nuget-linux-signed downloadPath: $(Build.StagingDirectory)\drop\nugets - #postConvertSteps: - #- task: DownloadPipelineArtifact@2 - # inputs: - # artifactName: $(NuGetArtifactName) - # downloadPath: $(Build.StagingDirectory)\sign-verify - # patterns: | - # **/SignVerifyIgnore.txt - #- task: MicroBuildCodesignVerify@3 - # displayName: verify signed msi content - # inputs: - # TargetFolders: | - # $(Build.ArtifactStagingDirectory)\bin\manifests - # $(Build.ArtifactStagingDirectory)\bin\manifests-multitarget - # ExcludeSNVerify: true - # ApprovalListPathForCerts: $(Build.StagingDirectory)\sign-verify\SignVerifyIgnore.txt - - # Check - "Xamarin.Android (Prepare .NET Release Push Internal)" + postConvertSteps: + - task: DownloadPipelineArtifact@2 + inputs: + artifactName: $(NuGetArtifactName) + downloadPath: $(Build.StagingDirectory)\sign-verify + patterns: | + **/SignVerifyIgnore.txt + - task: MicroBuildCodesignVerify@3 + displayName: verify signed msi content + inputs: + TargetFolders: | + $(Build.ArtifactStagingDirectory)\bin\manifests + $(Build.ArtifactStagingDirectory)\bin\manifests-multitarget + ExcludeSNVerify: true + ApprovalListPathForCerts: $(Build.StagingDirectory)\sign-verify\SignVerifyIgnore.txt + + # Check - "Xamarin.Android (Prepare .NET Release Publish symbols and Push to Maestro)" - job: push_signed_nugets - displayName: Push Internal - #dependsOn: - #- nuget_convert - #- sign_net_linux - #condition: and(eq(dependencies.nuget_convert.result, 'Succeeded'), eq(dependencies.sign_net_linux.result, 'Succeeded')) - condition: false - timeoutInMinutes: 60 + displayName: Publish symbols and Push to Maestro + dependsOn: + - nuget_convert + - sign_net_linux + condition: and(eq(dependencies.nuget_convert.result, 'Succeeded'), eq(dependencies.sign_net_linux.result, 'Succeeded')) + timeoutInMinutes: 90 pool: name: AzurePipelines-EO image: $(WindowsPoolImage1ESPT) @@ -604,6 +544,15 @@ extends: variables: - ${{ if eq(variables['MicroBuildSignType'], 'Real') }}: - group: Publish-Build-Assets + templateContext: + outputs: + - output: artifactsDrop + dropServiceURI: https://devdiv.artifacts.visualstudio.com/DefaultCollection + buildNumber: $(ReleaseDropPrefix)/symbols + dropMetadataContainerName: DropMetadata-$(Build.BuildId)-symbols-$(System.JobAttempt) + sourcePath: $(Build.StagingDirectory)\symbols + retentionDays: 120 + toLowerCase: false steps: - checkout: self clean: true @@ -611,60 +560,28 @@ extends: - task: DownloadPipelineArtifact@2 inputs: - artifactName: nuget-signed - downloadPath: $(Build.StagingDirectory)\nuget-signed - - - task: DownloadPipelineArtifact@2 - inputs: - artifactName: nuget-linux-signed - downloadPath: $(Build.StagingDirectory)\nuget-signed + artifactName: $(WindowsToolchainPdbArtifactName) + downloadPath: $(Build.StagingDirectory)\symbols - task: DownloadPipelineArtifact@2 inputs: - artifactName: vs-msi-nugets - downloadPath: $(Build.StagingDirectory)\nuget-signed + artifactName: DropMetadata-$(Build.BuildId)-nugets-$(System.JobAttempt) + downloadPath: $(Build.StagingDirectory)\metadata + displayName: Download nugets drop metadata - - task: DownloadPipelineArtifact@2 + - powershell: | + $jsonContent = Get-Content -Path "$(Build.StagingDirectory)\metadata\VSTSDrop.json" -Raw | ConvertFrom-Json + $dropPrefix = $jsonContent.VstsDropBuildArtifact.VstsDropUrl -replace 'https://devdiv.artifacts.visualstudio.com/DefaultCollection/_apis/drop/drops/' -replace '/nugets' + Write-Host "##vso[task.setvariable variable=ReleaseDropPrefix]$dropPrefix" + displayName: Set variable ReleaseDropPrefix + + # Download nugets drop created by nuget-msi-convert/job/v4.yml and publish to maestro + - task: ms-vscs-artifact.build-tasks.artifactDropDownloadTask-1.artifactDropDownloadTask@1 + displayName: Download $(ReleaseDropPrefix)/nugets inputs: - artifactName: $(WindowsToolchainPdbArtifactName) - downloadPath: $(Build.StagingDirectory)\nuget-signed - - - template: templates\common\upload-vs-insertion-artifacts.yml@sdk-insertions - parameters: - githubToken: $(GitHub.Token) - githubContext: $(NupkgCommitStatusName) - blobName: $(NupkgCommitStatusName) - packagePrefix: xamarin-android - artifactsPath: $(Build.StagingDirectory)\nuget-signed - yamlResourceName: yaml-templates - - - template: templates\common\upload-vs-insertion-artifacts.yml@sdk-insertions - parameters: - githubToken: $(GitHub.Token) - githubContext: $(VSDropCommitStatusName) - blobName: $(VSDropCommitStatusName) - packagePrefix: xamarin-android - artifactsPath: $(Build.StagingDirectory)\$(VSDropCommitStatusName) - yamlResourceName: yaml-templates - downloadSteps: - - task: DownloadPipelineArtifact@2 - inputs: - artifactName: vsdrop-signed - downloadPath: $(Build.StagingDirectory)\$(VSDropCommitStatusName) - - - template: templates\common\upload-vs-insertion-artifacts.yml@sdk-insertions - parameters: - githubToken: $(GitHub.Token) - githubContext: $(MultiTargetVSDropCommitStatusName) - blobName: $(MultiTargetVSDropCommitStatusName) - packagePrefix: xamarin-android - artifactsPath: $(Build.StagingDirectory)\$(MultiTargetVSDropCommitStatusName) - yamlResourceName: yaml-templates - downloadSteps: - - task: DownloadPipelineArtifact@2 - inputs: - artifactName: vsdrop-multitarget-signed - downloadPath: $(Build.StagingDirectory)\$(MultiTargetVSDropCommitStatusName) + dropServiceURI: https://devdiv.artifacts.visualstudio.com/DefaultCollection + buildNumber: $(ReleaseDropPrefix)/nugets + destinationPath: $(Build.StagingDirectory)\nuget-signed - task: DotNetCoreCLI@2 displayName: build Xamarin.Android.Tools.BootstrapTasks.sln From 119ace5826314276b9ef48c4a85b61055eb5a55e Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Wed, 17 Jul 2024 14:39:44 -0400 Subject: [PATCH 10/12] Fix sign verify paths --- build-tools/automation/azure-pipelines.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index 8f4dfc4219d..490c1e48f61 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -529,7 +529,7 @@ extends: inputs: TargetFolders: | $(Build.ArtifactStagingDirectory)\bin\manifests - $(Build.ArtifactStagingDirectory)\bin\manifests-multitarget + $(Build.ArtifactStagingDirectory)\bin\manifests-packs ExcludeSNVerify: true ApprovalListPathForCerts: $(Build.StagingDirectory)\sign-verify\SignVerifyIgnore.txt @@ -564,6 +564,7 @@ extends: clean: true submodules: recursive + # Download symbols to be published to the symbols artifact drop declared above - task: DownloadPipelineArtifact@2 inputs: artifactName: $(WindowsToolchainPdbArtifactName) From 956cfe7fdb87d5dbae2e612828df6e9df8acb8d5 Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Wed, 17 Jul 2024 14:42:27 -0400 Subject: [PATCH 11/12] Fix sign verify paths --- build-tools/automation/azure-pipelines.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index 490c1e48f61..09a44651d75 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -530,6 +530,7 @@ extends: TargetFolders: | $(Build.ArtifactStagingDirectory)\bin\manifests $(Build.ArtifactStagingDirectory)\bin\manifests-packs + $(Build.ArtifactStagingDirectory)\bin\msi-nupkgs ExcludeSNVerify: true ApprovalListPathForCerts: $(Build.StagingDirectory)\sign-verify\SignVerifyIgnore.txt From b30763d9c53be49787125aef89504e6f34a26f73 Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Thu, 18 Jul 2024 16:30:34 -0400 Subject: [PATCH 12/12] Use main yaml-templates branch --- build-tools/automation/azure-pipelines.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index 09a44651d75..24e51edfe55 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -18,7 +18,7 @@ resources: - repository: yaml-templates type: github name: xamarin/yaml-templates - ref: refs/heads/dev/pjc/v4drop-metadata + ref: refs/heads/main endpoint: xamarin - repository: sdk-insertions type: github