diff --git a/.azure-pipelines/rc.yml b/.azure-pipelines/rc.yml index 6ea27b9b..20517a10 100644 --- a/.azure-pipelines/rc.yml +++ b/.azure-pipelines/rc.yml @@ -4,34 +4,28 @@ resources: - repository: self type: git ref: refs/heads/develop - - repository: 1esPipelines + - repository: MicroBuildTemplate type: git - name: 1ESPipelineTemplates/1ESPipelineTemplates - ref: refs/tags/release + name: 1ESPipelineTemplates/MicroBuildTemplate trigger: none pr: none extends: - template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines + template: azure-pipelines/MicroBuild.1ES.Official.yml@MicroBuildTemplate parameters: pool: - name: 1ES_JavaTooling_Pool - image: 1ES_JavaTooling_Windows_2022 - os: windows - sdl: - sourceAnalysisPool: - name: 1ES_JavaTooling_Pool - image: 1ES_JavaTooling_Windows_2022 - os: windows - spotBugs: - enabled: false - customBuildTags: - - MigrationTooling-mseng-VSJava-15024-Tool + name: MSEngSS-MicroBuild2022-1ES stages: - stage: Build jobs: - job: Job_1 displayName: Gradle-Build-Server-RC templateContext: + mb: + signing: + enabled: true + signType: real + zipSources: false + feedSource: 'https://mseng.pkgs.visualstudio.com/DefaultCollection/_packaging/MicroBuildToolset/nuget/v3/index.json' outputs: - output: pipelineArtifact artifactName: build-server @@ -41,48 +35,45 @@ extends: - checkout: self clean: true fetchTags: false + - task: PowerShell@2 + displayName: Download JDK 17 + inputs: + targetType: 'inline' + script: |- + New-Item -ItemType Directory -Path "$env:AGENT_TEMPDIRECTORY\downloadjdk" + Invoke-WebRequest -Uri "https://aka.ms/download-jdk/microsoft-jdk-17-windows-x64.zip" -OutFile "$env:AGENT_TEMPDIRECTORY\downloadjdk\microsoft-jdk-17-windows-x64.zip" - task: JavaToolInstaller@0 displayName: Use Java 17 inputs: versionSpec: "17" jdkArchitectureOption: x64 - jdkSourceOption: PreInstalled + jdkSourceOption: LocalDirectory + jdkFile: $(Agent.TempDirectory)/downloadjdk/microsoft-jdk-17-windows-x64.zip + jdkDestinationDirectory: $(Agent.ToolsDirectory)/ms-jdk17 + - script: java --version + displayName: 'Check Java installation' - task: Gradle@3 - displayName: gradlew build + displayName: gradlew build -x test inputs: + options: '-x test' publishJUnitResults: false - - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5 - displayName: ESRP CodeSigning + - task: PowerShell@2 + displayName: Sign Plugin Jars + inputs: + targetType: 'inline' + script: |- + $files = Get-ChildItem -Path . -Recurse -Filter "plugin-*.jar" + foreach ($file in $files) { + $fileName = $file.Name + & dotnet "$env:MBSIGN_APPFOLDER\DDSignFiles.dll" /file:"$fileName" /certs:100010171 + } + workingDirectory: 'server/build/libs/plugins' + - task: CmdLine@2 + displayName: Sign Server Jars inputs: - ConnectedServiceName: 'ESRP-Release-Test' - AppRegistrationClientId: '1992ee18-e9d2-42d6-ab20-94dd947a44b6' - AppRegistrationTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47' - AuthAKVName: 'vscjavaci' - AuthCertName: 'vscjava-esrprelease-auth' - AuthSignCertName: 'VSCJava-CodeSign' - FolderPath: server/build/libs - Pattern: plugin-*.jar,server.jar - signConfigType: inlineSignParams - inlineOperation: |- - [ - { - "KeyCode" : "CP-447347-Java", - "OperationCode" : "JavaSign", - "Parameters" : { - "SigAlg" : "SHA256withRSA", - "Timestamp" : "-tsa http://sha256timestamp.ws.digicert.com/sha256/timestamp" - }, - "ToolName" : "sign", - "ToolVersion" : "1.0" - }, - { - "KeyCode" : "CP-447347-Java", - "OperationCode" : "JavaVerify", - "Parameters" : {}, - "ToolName" : "sign", - "ToolVersion" : "1.0" - } - ] + targetType: 'inline' + script: dotnet %MBSIGN_APPFOLDER%/ddsignfiles.dll /file:server.jar /certs:100010171 + workingDirectory: 'server/build/libs' ### Copy files for APIScan - task: CopyFiles@2 displayName: "Copy Files for APIScan"