From f52ba068fa2b7ac3c3b8ce306c9a0066a66eecd1 Mon Sep 17 00:00:00 2001 From: Juan Sebastian Hoyos Ayala Date: Tue, 19 Jan 2021 21:13:18 -0800 Subject: [PATCH 1/2] Add invocation to NuGet authentication scripts for internal feeds --- eng/pipelines/common/global-build-job.yml | 25 +++++++++++++++++-- eng/pipelines/coreclr/templates/xplat-job.yml | 21 ++++++++++++++++ eng/pipelines/installer/jobs/base-job.yml | 25 +++++++++++++++++-- eng/pipelines/libraries/base-job.yml | 21 ++++++++++++++++ eng/pipelines/mono/templates/xplat-job.yml | 21 ++++++++++++++++ .../jobs/prepare-signed-artifacts.yml | 14 ++++++++++- 6 files changed, 122 insertions(+), 5 deletions(-) diff --git a/eng/pipelines/common/global-build-job.yml b/eng/pipelines/common/global-build-job.yml index 221f8d366262d..c3b1aa8d1a2a2 100644 --- a/eng/pipelines/common/global-build-job.yml +++ b/eng/pipelines/common/global-build-job.yml @@ -33,7 +33,7 @@ jobs: variables: - name: _osParameter value: -os ${{ parameters.osGroup }} - + - ${{ if and(eq(parameters.osGroup, 'Linux'), eq(parameters.osSubGroup, '_musl')) }}: - name: _osParameter value: /p:RuntimeOS=linux-musl /p:OutputRid=linux-musl-${{ parameters.archType }} @@ -54,12 +54,33 @@ jobs: ${{ if ne(parameters.isOfficialBuild, true) }}: value: '' + - ${{ if ne(variables['System.TeamProject'], 'public') }}: + - group: AzureDevOps-Artifact-Feeds-Pats + - ${{ each variable in parameters.variables }}: - ${{ variable }} steps: - template: /eng/pipelines/common/clone-checkout-bundle-step.yml + - ${{ if ne(variables['System.TeamProject'], 'public') }}: + - ${{ if ne(parameters.osGroup, 'Windows_NT') }}: + - task: Bash@3 + displayName: Setup Private Feeds Credentials + inputs: + filePath: $(Build.SourcesDirectory)/eng/common/SetupNugetSources.sh + arguments: $(Build.SourcesDirectory)/NuGet.config $Token + env: + Token: $(dn-bot-dnceng-artifact-feeds-rw) + - ${{ if eq(parameters.osGroup, 'Windows_NT') }}: + - task: PowerShell@2 + displayName: Setup Private Feeds Credentials + inputs: + filePath: $(Build.SourcesDirectory)\eng\common\SetupNugetSources.ps1 + arguments: -ConfigFile $(Build.SourcesDirectory)\NuGet.config -Password $Env:Token + env: + Token: $(dn-bot-dnceng-artifact-feeds-rw) + - ${{ if eq(parameters.isOfficialBuild, true) }}: - template: /eng/pipelines/common/restore-internal-tools.yml @@ -76,7 +97,7 @@ jobs: - script: $(Build.SourcesDirectory)$(dir)build$(scriptExt) -ci -arch ${{ parameters.archType }} $(_osParameter) ${{ parameters.buildArgs }} $(_officialBuildParameter) $(_crossBuildPropertyArg) $(_cxx11Parameter) displayName: Build product - - ${{ if in(parameters.osGroup, 'OSX', 'iOS','tvOS') }}: + - ${{ if in(parameters.osGroup, 'OSX', 'iOS','tvOS') }}: - script: | du -sh $(Build.SourcesDirectory)/* df -h diff --git a/eng/pipelines/coreclr/templates/xplat-job.yml b/eng/pipelines/coreclr/templates/xplat-job.yml index 7f03b78d162f7..b4fb71b4d86cc 100644 --- a/eng/pipelines/coreclr/templates/xplat-job.yml +++ b/eng/pipelines/coreclr/templates/xplat-job.yml @@ -98,10 +98,31 @@ jobs: - name: crossArg value: '' + - ${{ if ne(variables['System.TeamProject'], 'public') }}: + - group: AzureDevOps-Artifact-Feeds-Pats + - ${{ each variable in parameters.variables }}: - ${{insert}}: ${{ variable }} steps: - template: /eng/pipelines/common/clone-checkout-bundle-step.yml + - ${{ if ne(variables['System.TeamProject'], 'public') }}: + - ${{ if ne(parameters.osGroup, 'Windows_NT') }}: + - task: Bash@3 + displayName: Setup Private Feeds Credentials + inputs: + filePath: $(Build.SourcesDirectory)/eng/common/SetupNugetSources.sh + arguments: $(Build.SourcesDirectory)/NuGet.config $Token + env: + Token: $(dn-bot-dnceng-artifact-feeds-rw) + - ${{ if eq(parameters.osGroup, 'Windows_NT') }}: + - task: PowerShell@2 + displayName: Setup Private Feeds Credentials + inputs: + filePath: $(Build.SourcesDirectory)\eng\common\SetupNugetSources.ps1 + arguments: -ConfigFile $(Build.SourcesDirectory)\NuGet.config -Password $Env:Token + env: + Token: $(dn-bot-dnceng-artifact-feeds-rw) + - ${{ parameters.steps }} diff --git a/eng/pipelines/installer/jobs/base-job.yml b/eng/pipelines/installer/jobs/base-job.yml index efbb487ccd427..64c4c71383025 100644 --- a/eng/pipelines/installer/jobs/base-job.yml +++ b/eng/pipelines/installer/jobs/base-job.yml @@ -183,6 +183,9 @@ jobs: - name: MSBuildScript value: /root/runtime/eng/common/msbuild.sh + - ${{ if ne(variables['System.TeamProject'], 'public') }}: + - group: AzureDevOps-Artifact-Feeds-Pats + - ${{ if eq(parameters.isOfficialBuild, true) }}: - name: BuildScript value: ./eng/install-nuget-credprovider-then-build.sh --subset installer @@ -420,6 +423,24 @@ jobs: destinationFolder: $(AllArtifactsDownloadPath)/libraries_bin_${{ platform }}_${{ parameters.liveLibrariesBuildConfig }}/ cleanUnpackFolder: false + - ${{ if ne(variables['System.TeamProject'], 'public') }}: + - ${{ if ne(parameters.osGroup, 'Windows_NT') }}: + - task: Bash@3 + displayName: Setup Private Feeds Credentials + inputs: + filePath: $(Build.SourcesDirectory)/eng/common/SetupNugetSources.sh + arguments: $(Build.SourcesDirectory)/NuGet.config $Token + env: + Token: $(dn-bot-dnceng-artifact-feeds-rw) + - ${{ if eq(parameters.osGroup, 'Windows_NT') }}: + - task: PowerShell@2 + displayName: Setup Private Feeds Credentials + inputs: + filePath: $(Build.SourcesDirectory)\eng\common\SetupNugetSources.ps1 + arguments: -ConfigFile $(Build.SourcesDirectory)\NuGet.config -Password $Env:Token + env: + Token: $(dn-bot-dnceng-artifact-feeds-rw) + - ${{ if ne(parameters.liveRuntimeBuildConfig, '') }}: - template: /eng/pipelines/common/download-artifact-step.yml parameters: @@ -469,7 +490,7 @@ jobs: - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: - template: /eng/pipelines/common/macos-sign-with-entitlements.yml parameters: - filesToSign: + filesToSign: - name: dotnet path: $(Build.SourcesDirectory)/artifacts/bin/osx-${{ parameters.archType }}.$(_BuildConfig)/corehost entitlementsFile: $(Build.SourcesDirectory)/eng/pipelines/common/entitlements.plist @@ -480,7 +501,7 @@ jobs: - script: $(BaseJobBuildCommand) -subset installer.nocorehost displayName: Build and Package - - ${{ if in(parameters.osGroup, 'OSX', 'iOS','tvOS') }}: + - ${{ if in(parameters.osGroup, 'OSX', 'iOS','tvOS') }}: - script: | du -sh $(Build.SourcesDirectory)/* df -h diff --git a/eng/pipelines/libraries/base-job.yml b/eng/pipelines/libraries/base-job.yml index 2ae778e893939..4050681999a69 100644 --- a/eng/pipelines/libraries/base-job.yml +++ b/eng/pipelines/libraries/base-job.yml @@ -84,6 +84,9 @@ jobs: - ${{ if eq(parameters.isOfficialBuild, 'true') }}: - _msbuildCommonParameters: /p:OfficialBuildId=$(Build.BuildNumber) + - ${{ if ne(variables['System.TeamProject'], 'public') }}: + - group: AzureDevOps-Artifact-Feeds-Pats + - _runtimeArtifactName: '' - _runtimeDownloadPath: '' - _runtimeArtifactsPathArg: '' @@ -126,6 +129,24 @@ jobs: steps: - template: /eng/pipelines/common/clone-checkout-bundle-step.yml + - ${{ if ne(variables['System.TeamProject'], 'public') }}: + - ${{ if ne(parameters.osGroup, 'Windows_NT') }}: + - task: Bash@3 + displayName: Setup Private Feeds Credentials + inputs: + filePath: $(Build.SourcesDirectory)/eng/common/SetupNugetSources.sh + arguments: $(Build.SourcesDirectory)/NuGet.config $Token + env: + Token: $(dn-bot-dnceng-artifact-feeds-rw) + - ${{ if eq(parameters.osGroup, 'Windows_NT') }}: + - task: PowerShell@2 + displayName: Setup Private Feeds Credentials + inputs: + filePath: $(Build.SourcesDirectory)\eng\common\SetupNugetSources.ps1 + arguments: -ConfigFile $(Build.SourcesDirectory)\NuGet.config -Password $Env:Token + env: + Token: $(dn-bot-dnceng-artifact-feeds-rw) + - ${{ if and(ne(parameters.liveRuntimeBuildConfig, ''), eq(parameters.runTests, true)) }}: - template: /eng/pipelines/common/download-artifact-step.yml parameters: diff --git a/eng/pipelines/mono/templates/xplat-job.yml b/eng/pipelines/mono/templates/xplat-job.yml index 0cb275692c5c4..b0364b227a0f3 100644 --- a/eng/pipelines/mono/templates/xplat-job.yml +++ b/eng/pipelines/mono/templates/xplat-job.yml @@ -89,10 +89,31 @@ jobs: - name: _HelixSource value: ci/dotnet/runtime/$(Build.SourceBranch) + - ${{ if ne(variables['System.TeamProject'], 'public') }}: + - group: AzureDevOps-Artifact-Feeds-Pats + - ${{ each variable in parameters.variables }}: - ${{insert}}: ${{ variable }} steps: - template: /eng/pipelines/common/clone-checkout-bundle-step.yml + - ${{ if ne(variables['System.TeamProject'], 'public') }}: + - ${{ if ne(parameters.osGroup, 'Windows_NT') }}: + - task: Bash@3 + displayName: Setup Private Feeds Credentials + inputs: + filePath: $(Build.SourcesDirectory)/eng/common/SetupNugetSources.sh + arguments: $(Build.SourcesDirectory)/NuGet.config $Token + env: + Token: $(dn-bot-dnceng-artifact-feeds-rw) + - ${{ if eq(parameters.osGroup, 'Windows_NT') }}: + - task: PowerShell@2 + displayName: Setup Private Feeds Credentials + inputs: + filePath: $(Build.SourcesDirectory)\eng\common\SetupNugetSources.ps1 + arguments: -ConfigFile $(Build.SourcesDirectory)\NuGet.config -Password $Env:Token + env: + Token: $(dn-bot-dnceng-artifact-feeds-rw) + - ${{ parameters.steps }} diff --git a/eng/pipelines/official/jobs/prepare-signed-artifacts.yml b/eng/pipelines/official/jobs/prepare-signed-artifacts.yml index 7b0eba0b5cd02..187871cd32432 100644 --- a/eng/pipelines/official/jobs/prepare-signed-artifacts.yml +++ b/eng/pipelines/official/jobs/prepare-signed-artifacts.yml @@ -20,9 +20,21 @@ jobs: - name: SignType value: $[ coalesce(variables.OfficialSignType, 'real') ] + - ${{ if ne(variables['System.TeamProject'], 'public') }}: + - group: AzureDevOps-Artifact-Feeds-Pats + steps: - template: /eng/pipelines/common/clone-checkout-bundle-step.yml + - ${{ if ne(variables['System.TeamProject'], 'public') }}: + - task: PowerShell@2 + displayName: Setup Private Feeds Credentials + inputs: + filePath: $(Build.SourcesDirectory)\eng\common\SetupNugetSources.ps1 + arguments: -ConfigFile $(Build.SourcesDirectory)\NuGet.config -Password $Env:Token + env: + Token: $(dn-bot-dnceng-artifact-feeds-rw) + - ${{ if eq(parameters.isOfficialBuild, true) }}: - task: NuGetAuthenticate@0 @@ -33,7 +45,7 @@ jobs: zipSources: false feedSource: https://dnceng.pkgs.visualstudio.com/_packaging/MicroBuildToolset/nuget/v3/index.json continueOnError: false - condition: and(succeeded(), + condition: and(succeeded(), in(variables['SignType'], 'real', 'test')) - task: DownloadBuildArtifacts@0 From 15876b57d170d1806ab93704690735e125db609c Mon Sep 17 00:00:00 2001 From: Juan Sebastian Hoyos Ayala Date: Wed, 20 Jan 2021 17:46:33 -0800 Subject: [PATCH 2/2] Fix nesting of the variable group --- eng/pipelines/installer/jobs/base-job.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/eng/pipelines/installer/jobs/base-job.yml b/eng/pipelines/installer/jobs/base-job.yml index 64c4c71383025..8613782091b58 100644 --- a/eng/pipelines/installer/jobs/base-job.yml +++ b/eng/pipelines/installer/jobs/base-job.yml @@ -77,6 +77,9 @@ jobs: - name: SignType value: test + - ${{ if ne(variables['System.TeamProject'], 'public') }}: + - group: AzureDevOps-Artifact-Feeds-Pats + # Set up non-PR build from internal project - ${{ if eq(parameters.isOfficialBuild, true) }}: - name: SignType @@ -183,9 +186,6 @@ jobs: - name: MSBuildScript value: /root/runtime/eng/common/msbuild.sh - - ${{ if ne(variables['System.TeamProject'], 'public') }}: - - group: AzureDevOps-Artifact-Feeds-Pats - - ${{ if eq(parameters.isOfficialBuild, true) }}: - name: BuildScript value: ./eng/install-nuget-credprovider-then-build.sh --subset installer