From 4c631f41cdefd2f30c81ab1f2987c403608f3f0e Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 11 Feb 2020 18:16:07 -0800 Subject: [PATCH 01/10] Update CI to use hosted agent --- .vsts-ci/windows.yml | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-) diff --git a/.vsts-ci/windows.yml b/.vsts-ci/windows.yml index 5d34caa..b5da8f4 100644 --- a/.vsts-ci/windows.yml +++ b/.vsts-ci/windows.yml @@ -9,12 +9,14 @@ variables: resources: - repo: self clean: true -phases: -- phase: Build - queue: - name: Hosted Windows Container - parallel: 4 +jobs: +- job: Build + + pool: + vmImage: vs2017-win2016 + + strategy: matrix: Windows x86: buildName: x86 @@ -31,17 +33,9 @@ phases: displayName: Install cmake condition: succeeded() - powershell: | - choco install windows-sdk-10.1 - displayName: Install Windows SDK 10.1 - condition: succeeded() - - powershell: | - Invoke-WebRequest "https://aka.ms/vs/15/release/vs_BuildTools.exe" -OutFile vs_BuildTools.exe -UseBasicParsing - Start-Process -FilePath 'vs_BuildTools.exe' -ArgumentList '--quiet', '--norestart', '--locale en-US', '--add Microsoft.VisualStudio.Component.VC.Tools.ARM', '--add Microsoft.VisualStudio.Component.VC.Tools.ARM64', '--includeRecommended', '--add Microsoft.VisualStudio.Workload.VCTools', '--add Microsoft.VisualStudio.Component.Windows10SDK.16299.Desktop.arm', '--add Microsoft.VisualStudio.Component.VC.ATL.Spectre', '--add Microsoft.VisualStudio.Component.VC.ATLMFC.Spectre', '--add Microsoft.VisualStudio.Component.VC.ATL.ARM.Spectre', '--add Microsoft.VisualStudio.Component.VC.ATL.ARM64.Spectre', '--add Microsoft.VisualStudio.Component.VC.Runtimes.ARM.Spectre', '--add Microsoft.VisualStudio.Component.VC.Runtimes.ARM64.Spectre', '--add Microsoft.VisualStudio.Component.VC.Runtimes.x86.x64.Spectre' -Wait - Remove-Item .\vs_BuildTools.exe - Remove-Item -Force -Recurse 'C:\Program Files (x86)\Microsoft Visual Studio\Installer' $vsPath = ${Env:ProgramFiles(x86)} + '\Microsoft Visual Studio\2017\BuildTools\MSBuild\15.0\Bin' Write-Host "##vso[task.prependpath]$vsPath" - displayName: Install Visual Studio 2017 + displayName: Set Visual Studio Path condition: succeeded() - powershell: | $cmakeBinPath = "$env:ProgramFiles\CMake\bin\" From 2803cc7f905865fa53cf197277b3b7329118fac3 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 11 Feb 2020 18:42:44 -0800 Subject: [PATCH 02/10] Remove docker dependency from release build --- tools/releaseBuild/yaml/releaseBuild.yml | 22 ++++++- tools/releaseBuild/yaml/windows-build.yml | 20 +++++++ tools/releaseBuild/yaml/windows-sign.yml | 70 +++++++++++++++++++++++ 3 files changed, 110 insertions(+), 2 deletions(-) create mode 100644 tools/releaseBuild/yaml/windows-build.yml create mode 100644 tools/releaseBuild/yaml/windows-sign.yml diff --git a/tools/releaseBuild/yaml/releaseBuild.yml b/tools/releaseBuild/yaml/releaseBuild.yml index 2330cf2..16fe56e 100644 --- a/tools/releaseBuild/yaml/releaseBuild.yml +++ b/tools/releaseBuild/yaml/releaseBuild.yml @@ -10,12 +10,30 @@ stages: dependsOn: [] jobs: - job: BuildWin + pool: + vmImage: vs2017-win2016 + displayName: Windows + strategy: + matrix: + x64: + ARCHITECTURE: x64 + x86: + ARCHITECTURE: x86 + x64ARM: + ARCHITECTURE: x64_arm + x64ARM64: + ARCHITECTURE: x64_arm64 + steps: + - template: windows-build.yml + + - job: SignWin pool: name: PowerShell demands: - DotNetFramework - Agent.Image displayName: Windows + dependsOn: BuildWin strategy: matrix: x64: @@ -27,7 +45,7 @@ stages: x64ARM64: ARCHITECTURE: x64_arm64 steps: - - template: windows.yml + - template: windows-sign.yml - job: BuildLinux displayName: Linux @@ -55,7 +73,7 @@ stages: - job: BuildNuGetPkg displayName: Build NuGet Package dependsOn: - - BuildWin + - BuildSign - BuildLinux - BuildMac pool: diff --git a/tools/releaseBuild/yaml/windows-build.yml b/tools/releaseBuild/yaml/windows-build.yml new file mode 100644 index 0000000..f79715d --- /dev/null +++ b/tools/releaseBuild/yaml/windows-build.yml @@ -0,0 +1,20 @@ +steps: + - powershell: | + choco install cmake.install --installargs 'ADD_CMAKE_TO_PATH=System' + displayName: Install cmake + condition: succeeded() + - powershell: | + $vsPath = ${Env:ProgramFiles(x86)} + '\Microsoft Visual Studio\2017\BuildTools\MSBuild\15.0\Bin' + Write-Host "##vso[task.prependpath]$vsPath" + displayName: Set Visual Studio Path + condition: succeeded() + - powershell: | + $cmakeBinPath = "$env:ProgramFiles\CMake\bin\" + if(Test-Path $cmakeBinPath) { $env:Path = "$cmakeBinPath;$env:PATH" } else { throw "CMake not installed under $cmakeBinPath" } + $(Build.SourcesDirectory)\tools\releaseBuild\PowerShellNative.ps1 -RepoRoot $(Build.SourcesDirectory) -TargetLocation "$(System.ArtifactsDirectory)\Packages" -Arch $(ARCHITECTURE) -Configuration Release -Symbols + displayName: Start build - $(buildName) + condition: succeeded() + - powershell: | + Write-Host "##vso[artifact.upload containerfolder=artifacts;artifactname=artifacts]$(System.ArtifactsDirectory)\Packages\$(buildName)-symbols.zip" + displayName: Upload artifacts + condition: succeeded() \ No newline at end of file diff --git a/tools/releaseBuild/yaml/windows-sign.yml b/tools/releaseBuild/yaml/windows-sign.yml new file mode 100644 index 0000000..bec3357 --- /dev/null +++ b/tools/releaseBuild/yaml/windows-sign.yml @@ -0,0 +1,70 @@ +steps: +- task: PkgESSetupBuild@10 + displayName: 'Initialize build' + env: + SYSTEM_ACCESSTOKEN: $(System.AccessToken) + inputs: + useDfs: false + productName: PowerShellCore + branchVersion: true + disableWorkspace: true + disableBuildTools: true + disableNugetPack: true + condition: and(succeeded(), eq(variables['Build.Reason'], 'Manual')) + +- task: DownloadBuildArtifacts@0 + inputs: + buildType: current + artifactName: artifacts + +- powershell: + $zipFilePath = Join-Path '$(System.ArtifactsDirectory)' 'artifacts\$(ARCHITECTURE)-symbols.zip' + Get-ChildItem $zipFilePath -Verbose + + $expandedPath = Join-Path '$(System.ArtifactsDirectory)' 'Expanded' + Expand-Archive $zipFilePath -Destination $expandedPath -Force + + $vstsCommandString = "vso[task.setvariable variable=Symbols]$expandedPath" + Write-Host "sending " + $vstsCommandString + Write-Host "##$vstsCommandString" + displayName: Expand artifact $(ARCHITECTURE)-symbols.zip + +- task: PowerShell@2 + displayName: 'Update Signing Xml' + inputs: + targetType: filePath + filePath: $(Build.SourcesDirectory)/tools/releaseBuild/updateSigning.ps1 + +- task: PkgESCodeSign@10 + displayName: 'CodeSign $(ARCHITECTURE)' + env: + SYSTEM_ACCESSTOKEN: $(System.AccessToken) + inputs: + signConfigXml: '$(Build.SourcesDirectory)\tools\releaseBuild\signing.xml' + inPathRoot: '$(Symbols)' + outPathRoot: '$(Symbols)\Signed' + condition: ne(variables['SKIP_SIGNING'], 'True') + +- powershell: | + Compress-Archive -Path '$(Symbols)\Signed\*' -DestinationPath '$(Symbols)\Signed\win-$(ARCHITECTURE).zip' + displayName: Compress signed binaries + condition: ne(variables['SKIP_SIGNING'], 'True') + +- powershell: | + Get-ChildItem -Path '$(Symbols)\*' -Recurse | Copy-Item -Destination '$(Symbols)\Signed' -Force -Verbose + displayName: Copy unsigned binaries as signing is skipped + condition: eq(variables['SKIP_SIGNING'], 'True') + +- template: uploadArtifact.yml + parameters: + artifactPath: '$(Symbols)\Signed' + artifactFilter: 'win-*.zip' + artifactName: 'signed' + +- task: securedevelopmentteam.vss-secure-development-tools.build-task-antimalware.AntiMalware@3 + displayName: 'Run MpCmdRun.exe' + +- task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0 + displayName: 'Component Detection' + inputs: + sourceScanPath: '$(Build.SourcesDirectory)' From c7bd8bb918198a412cba4630e13c0deb478703bf Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 11 Feb 2020 18:45:09 -0800 Subject: [PATCH 03/10] Yaml fixes --- tools/releaseBuild/yaml/releaseBuild.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tools/releaseBuild/yaml/releaseBuild.yml b/tools/releaseBuild/yaml/releaseBuild.yml index 16fe56e..7ad4dd2 100644 --- a/tools/releaseBuild/yaml/releaseBuild.yml +++ b/tools/releaseBuild/yaml/releaseBuild.yml @@ -1,3 +1,5 @@ +trigger: none + variables: AuthenticodeSignType: '400' BuildConfiguration: 'Release' @@ -73,7 +75,7 @@ stages: - job: BuildNuGetPkg displayName: Build NuGet Package dependsOn: - - BuildSign + - SignWin - BuildLinux - BuildMac pool: From c06bb0b5eaac9a371f4edf5c822ec4e578e7ce4d Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 11 Feb 2020 18:47:13 -0800 Subject: [PATCH 04/10] Fix typos --- tools/releaseBuild/yaml/windows-build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/releaseBuild/yaml/windows-build.yml b/tools/releaseBuild/yaml/windows-build.yml index f79715d..45c59b7 100644 --- a/tools/releaseBuild/yaml/windows-build.yml +++ b/tools/releaseBuild/yaml/windows-build.yml @@ -12,9 +12,9 @@ steps: $cmakeBinPath = "$env:ProgramFiles\CMake\bin\" if(Test-Path $cmakeBinPath) { $env:Path = "$cmakeBinPath;$env:PATH" } else { throw "CMake not installed under $cmakeBinPath" } $(Build.SourcesDirectory)\tools\releaseBuild\PowerShellNative.ps1 -RepoRoot $(Build.SourcesDirectory) -TargetLocation "$(System.ArtifactsDirectory)\Packages" -Arch $(ARCHITECTURE) -Configuration Release -Symbols - displayName: Start build - $(buildName) + displayName: Start build - $(ARCHITECTURE) condition: succeeded() - powershell: | - Write-Host "##vso[artifact.upload containerfolder=artifacts;artifactname=artifacts]$(System.ArtifactsDirectory)\Packages\$(buildName)-symbols.zip" + Write-Host "##vso[artifact.upload containerfolder=artifacts;artifactname=artifacts]$(System.ArtifactsDirectory)\Packages\$(ARCHITECTURE)-symbols.zip" displayName: Upload artifacts condition: succeeded() \ No newline at end of file From 63c976fcdfc5cae30220a8aebd62e069b99731f5 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 11 Feb 2020 22:38:12 -0800 Subject: [PATCH 05/10] Yaml fixes --- tools/releaseBuild/yaml/releaseBuild.yml | 2 +- tools/releaseBuild/yaml/windows-sign.yml | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/tools/releaseBuild/yaml/releaseBuild.yml b/tools/releaseBuild/yaml/releaseBuild.yml index 7ad4dd2..21a389b 100644 --- a/tools/releaseBuild/yaml/releaseBuild.yml +++ b/tools/releaseBuild/yaml/releaseBuild.yml @@ -34,7 +34,7 @@ stages: demands: - DotNetFramework - Agent.Image - displayName: Windows + displayName: Sign Windows dependsOn: BuildWin strategy: matrix: diff --git a/tools/releaseBuild/yaml/windows-sign.yml b/tools/releaseBuild/yaml/windows-sign.yml index bec3357..b62e428 100644 --- a/tools/releaseBuild/yaml/windows-sign.yml +++ b/tools/releaseBuild/yaml/windows-sign.yml @@ -21,10 +21,9 @@ steps: $zipFilePath = Join-Path '$(System.ArtifactsDirectory)' 'artifacts\$(ARCHITECTURE)-symbols.zip' Get-ChildItem $zipFilePath -Verbose - $expandedPath = Join-Path '$(System.ArtifactsDirectory)' 'Expanded' - Expand-Archive $zipFilePath -Destination $expandedPath -Force + Expand-Archive $zipFilePath -Destination '$(System.ArtifactsDirectory)\Expanded' -Force - $vstsCommandString = "vso[task.setvariable variable=Symbols]$expandedPath" + $vstsCommandString = "vso[task.setvariable variable=Symbols]$(System.ArtifactsDirectory)\Expanded" Write-Host "sending " + $vstsCommandString Write-Host "##$vstsCommandString" displayName: Expand artifact $(ARCHITECTURE)-symbols.zip From 67919d362ad09fe998889aabcb672f8e93d9786c Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 11 Feb 2020 22:49:09 -0800 Subject: [PATCH 06/10] Try fixing yaml --- tools/releaseBuild/yaml/windows-sign.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/releaseBuild/yaml/windows-sign.yml b/tools/releaseBuild/yaml/windows-sign.yml index b62e428..c47cfca 100644 --- a/tools/releaseBuild/yaml/windows-sign.yml +++ b/tools/releaseBuild/yaml/windows-sign.yml @@ -18,7 +18,7 @@ steps: artifactName: artifacts - powershell: - $zipFilePath = Join-Path '$(System.ArtifactsDirectory)' 'artifacts\$(ARCHITECTURE)-symbols.zip' + $zipFilePath = '$(System.ArtifactsDirectory)\artifacts\$(ARCHITECTURE)-symbols.zip' Get-ChildItem $zipFilePath -Verbose Expand-Archive $zipFilePath -Destination '$(System.ArtifactsDirectory)\Expanded' -Force From a25fcad4c2f3617b37d9ffe215d57422726cb5b4 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 11 Feb 2020 23:00:19 -0800 Subject: [PATCH 07/10] Fix yaml multiline block --- tools/releaseBuild/yaml/windows-sign.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/releaseBuild/yaml/windows-sign.yml b/tools/releaseBuild/yaml/windows-sign.yml index c47cfca..ed7fdd8 100644 --- a/tools/releaseBuild/yaml/windows-sign.yml +++ b/tools/releaseBuild/yaml/windows-sign.yml @@ -17,7 +17,7 @@ steps: buildType: current artifactName: artifacts -- powershell: +- powershell: | $zipFilePath = '$(System.ArtifactsDirectory)\artifacts\$(ARCHITECTURE)-symbols.zip' Get-ChildItem $zipFilePath -Verbose From f780c80118cc90f58b209224fe6f4250770338b4 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 11 Feb 2020 23:29:39 -0800 Subject: [PATCH 08/10] Fix artifact container name --- tools/releaseBuild/yaml/windows-build.yml | 2 +- tools/releaseBuild/yaml/windows-sign.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/releaseBuild/yaml/windows-build.yml b/tools/releaseBuild/yaml/windows-build.yml index 45c59b7..c7696cc 100644 --- a/tools/releaseBuild/yaml/windows-build.yml +++ b/tools/releaseBuild/yaml/windows-build.yml @@ -15,6 +15,6 @@ steps: displayName: Start build - $(ARCHITECTURE) condition: succeeded() - powershell: | - Write-Host "##vso[artifact.upload containerfolder=artifacts;artifactname=artifacts]$(System.ArtifactsDirectory)\Packages\$(ARCHITECTURE)-symbols.zip" + Write-Host "##vso[artifact.upload containerfolder=artifacts;artifactname=release]$(System.ArtifactsDirectory)\Packages\$(ARCHITECTURE)-symbols.zip" displayName: Upload artifacts condition: succeeded() \ No newline at end of file diff --git a/tools/releaseBuild/yaml/windows-sign.yml b/tools/releaseBuild/yaml/windows-sign.yml index ed7fdd8..bf227b9 100644 --- a/tools/releaseBuild/yaml/windows-sign.yml +++ b/tools/releaseBuild/yaml/windows-sign.yml @@ -15,10 +15,10 @@ steps: - task: DownloadBuildArtifacts@0 inputs: buildType: current - artifactName: artifacts + artifactName: release - powershell: | - $zipFilePath = '$(System.ArtifactsDirectory)\artifacts\$(ARCHITECTURE)-symbols.zip' + $zipFilePath = '$(System.ArtifactsDirectory)\release\$(ARCHITECTURE)-symbols.zip' Get-ChildItem $zipFilePath -Verbose Expand-Archive $zipFilePath -Destination '$(System.ArtifactsDirectory)\Expanded' -Force From a19bfb172070a5f75a74223fca249e3080ef5966 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 11 Feb 2020 23:39:44 -0800 Subject: [PATCH 09/10] Fix artifact container name to match artifact name --- tools/releaseBuild/yaml/windows-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/releaseBuild/yaml/windows-build.yml b/tools/releaseBuild/yaml/windows-build.yml index c7696cc..be72726 100644 --- a/tools/releaseBuild/yaml/windows-build.yml +++ b/tools/releaseBuild/yaml/windows-build.yml @@ -15,6 +15,6 @@ steps: displayName: Start build - $(ARCHITECTURE) condition: succeeded() - powershell: | - Write-Host "##vso[artifact.upload containerfolder=artifacts;artifactname=release]$(System.ArtifactsDirectory)\Packages\$(ARCHITECTURE)-symbols.zip" + Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(System.ArtifactsDirectory)\Packages\$(ARCHITECTURE)-symbols.zip" displayName: Upload artifacts condition: succeeded() \ No newline at end of file From 284debc5b9383a23e3057f7f6b3c27dc8c08f5e4 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 12 Feb 2020 11:49:29 -0800 Subject: [PATCH 10/10] Address comments --- tools/releaseBuild/yaml/windows-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/releaseBuild/yaml/windows-build.yml b/tools/releaseBuild/yaml/windows-build.yml index be72726..a5c9cd2 100644 --- a/tools/releaseBuild/yaml/windows-build.yml +++ b/tools/releaseBuild/yaml/windows-build.yml @@ -17,4 +17,4 @@ steps: - powershell: | Write-Host "##vso[artifact.upload containerfolder=release;artifactname=release]$(System.ArtifactsDirectory)\Packages\$(ARCHITECTURE)-symbols.zip" displayName: Upload artifacts - condition: succeeded() \ No newline at end of file + condition: succeeded()