From a5b6393474d8492bcffb64f58dbe1feec0db5e39 Mon Sep 17 00:00:00 2001 From: Amber Erickson Date: Tue, 15 Sep 2020 16:37:46 -0700 Subject: [PATCH 01/20] Update version and changelog --- CHANGELOG.md | 3 +++ src/PowerShellGet/PowerShellGet.psd1 | 5 ++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e037091b..36e172c3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,7 @@ # Changelog +### 2.2.5 +- Security patch for code injection bug + ### 2.2.4.1 - Remove catalog file diff --git a/src/PowerShellGet/PowerShellGet.psd1 b/src/PowerShellGet/PowerShellGet.psd1 index 54dd28db..cfbef5ec 100644 --- a/src/PowerShellGet/PowerShellGet.psd1 +++ b/src/PowerShellGet/PowerShellGet.psd1 @@ -1,6 +1,6 @@ @{ RootModule = 'PSModule.psm1' - ModuleVersion = '2.2.4.1' + ModuleVersion = '2.2.5' GUID = '1d73a601-4a6c-43c5-ba3f-619b18bbb404' Author = 'Microsoft Corporation' CompanyName = 'Microsoft Corporation' @@ -55,6 +55,9 @@ ProjectUri = 'https://go.microsoft.com/fwlink/?LinkId=828955' LicenseUri = 'https://go.microsoft.com/fwlink/?LinkId=829061' ReleaseNotes = @' +### 2.2.5 +- Security patch for code injection bug + ### 2.2.4.1 - Remove catalog file From 29e0c9f82ba9f52372b36ae1376830251ce9e7a0 Mon Sep 17 00:00:00 2001 From: Amber Erickson Date: Fri, 8 Jan 2021 13:18:12 -0800 Subject: [PATCH 02/20] Add ci yaml --- .ci/ci.yml | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 .ci/ci.yml diff --git a/.ci/ci.yml b/.ci/ci.yml new file mode 100644 index 00000000..53ec4232 --- /dev/null +++ b/.ci/ci.yml @@ -0,0 +1,69 @@ +name: $(BuildDefinitionName)-$(date:yyMM).$(date:dd)$(rev:rrr) +trigger: + # Batch merge builds together while a merge build is running + batch: true + branches: + include: + #- master + - development +pr: + branches: + include: + #- master + - development + +resources: + repositories: + - repository: ComplianceRepo + type: github + endpoint: ComplianceGHRepo + name: PowerShell/compliance + +stages: +- stage: Build + displayName: Build PowerShellGet Module Package + jobs: + - job: BuildPkg + displayName: Build Package + pool: + vmImage: windows-latest + + steps: + - powershell: | + $powerShellPath = Join-Path -Path $env:AGENT_TEMPDIRECTORY -ChildPath 'powershell' + Invoke-WebRequest -Uri https://raw.githubusercontent.com/PowerShell/PowerShell/master/tools/install-powershell.ps1 -outfile ./install-powershell.ps1 + ./install-powershell.ps1 -Destination $powerShellPath + $vstsCommandString = "vso[task.setvariable variable=PATH]$powerShellPath;$env:PATH" + Write-Host "sending " + $vstsCommandString + Write-Host "##$vstsCommandString" + + + Import-Module $(Build.SourcesDirectory)/tools/build.psm1 -Force + Install-Dependencies + Update-ModuleManifestFunctions + Publish-ModuleArtifacts + displayName: Install PowerShell Core + + - pwsh: | + Get-ChildItem -Path env: + displayName: Capture environment for build + condition: succeededOrFailed() + +- stage: Compliance + displayName: Compliance + dependsOn: Build + jobs: + - job: ComplianceJob + pool: + vmImage: windows-latest + steps: + - checkout: self + clean: true + - checkout: ComplianceRepo + clean: true + - download: current + artifact: 'PowerShellGet' + - template: ci-compliance.yml@ComplianceRepo + parameters: + # credscan + suppressionsFile: '' From 6e991fce242d5d0853cec8189365ee1b34f040c7 Mon Sep 17 00:00:00 2001 From: Amber Erickson Date: Fri, 8 Jan 2021 14:15:46 -0800 Subject: [PATCH 03/20] Add build and publish steps to ci yaml --- .ci/ci.yml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/.ci/ci.yml b/.ci/ci.yml index 53ec4232..8e7b1baf 100644 --- a/.ci/ci.yml +++ b/.ci/ci.yml @@ -36,13 +36,20 @@ stages: $vstsCommandString = "vso[task.setvariable variable=PATH]$powerShellPath;$env:PATH" Write-Host "sending " + $vstsCommandString Write-Host "##$vstsCommandString" + displayName: Install PowerShell Core - + - powershell: | Import-Module $(Build.SourcesDirectory)/tools/build.psm1 -Force Install-Dependencies Update-ModuleManifestFunctions Publish-ModuleArtifacts - displayName: Install PowerShell Core + displayName: Build Package + + - pwsh: | + Get-ChildItem -Path $(Build.SourcesDirectory)\dist\PowerShellGet* | Select-Object -ExpandProperty FullName | ForEach-Object { + Write-Host "##vso[artifact.upload containerfolder=PowerShellGet;artifactname=PowerShellGet]$_" + } + displayName: Publish Artifacts - pwsh: | Get-ChildItem -Path env: From 3dbb55494a70608b34a896fa2728cbbb27e50146 Mon Sep 17 00:00:00 2001 From: Amber Erickson Date: Mon, 25 Jan 2021 19:26:54 -0800 Subject: [PATCH 04/20] Add compliant release build yaml --- .ci/ci.yml | 76 -------------------- .ci/releaseBuild.yml | 167 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 167 insertions(+), 76 deletions(-) delete mode 100644 .ci/ci.yml create mode 100644 .ci/releaseBuild.yml diff --git a/.ci/ci.yml b/.ci/ci.yml deleted file mode 100644 index 8e7b1baf..00000000 --- a/.ci/ci.yml +++ /dev/null @@ -1,76 +0,0 @@ -name: $(BuildDefinitionName)-$(date:yyMM).$(date:dd)$(rev:rrr) -trigger: - # Batch merge builds together while a merge build is running - batch: true - branches: - include: - #- master - - development -pr: - branches: - include: - #- master - - development - -resources: - repositories: - - repository: ComplianceRepo - type: github - endpoint: ComplianceGHRepo - name: PowerShell/compliance - -stages: -- stage: Build - displayName: Build PowerShellGet Module Package - jobs: - - job: BuildPkg - displayName: Build Package - pool: - vmImage: windows-latest - - steps: - - powershell: | - $powerShellPath = Join-Path -Path $env:AGENT_TEMPDIRECTORY -ChildPath 'powershell' - Invoke-WebRequest -Uri https://raw.githubusercontent.com/PowerShell/PowerShell/master/tools/install-powershell.ps1 -outfile ./install-powershell.ps1 - ./install-powershell.ps1 -Destination $powerShellPath - $vstsCommandString = "vso[task.setvariable variable=PATH]$powerShellPath;$env:PATH" - Write-Host "sending " + $vstsCommandString - Write-Host "##$vstsCommandString" - displayName: Install PowerShell Core - - - powershell: | - Import-Module $(Build.SourcesDirectory)/tools/build.psm1 -Force - Install-Dependencies - Update-ModuleManifestFunctions - Publish-ModuleArtifacts - displayName: Build Package - - - pwsh: | - Get-ChildItem -Path $(Build.SourcesDirectory)\dist\PowerShellGet* | Select-Object -ExpandProperty FullName | ForEach-Object { - Write-Host "##vso[artifact.upload containerfolder=PowerShellGet;artifactname=PowerShellGet]$_" - } - displayName: Publish Artifacts - - - pwsh: | - Get-ChildItem -Path env: - displayName: Capture environment for build - condition: succeededOrFailed() - -- stage: Compliance - displayName: Compliance - dependsOn: Build - jobs: - - job: ComplianceJob - pool: - vmImage: windows-latest - steps: - - checkout: self - clean: true - - checkout: ComplianceRepo - clean: true - - download: current - artifact: 'PowerShellGet' - - template: ci-compliance.yml@ComplianceRepo - parameters: - # credscan - suppressionsFile: '' diff --git a/.ci/releaseBuild.yml b/.ci/releaseBuild.yml new file mode 100644 index 00000000..6e2e8ea3 --- /dev/null +++ b/.ci/releaseBuild.yml @@ -0,0 +1,167 @@ +# The name of the build that will be seen in mscodehub +name: PowerShellGetv2-Release-$(Build.BuildId) +# how is the build triggered +# since this is a release build, no trigger as it's a manual release +trigger: none + +pr: + branches: + include: + - master + +# variables to set in the build environment +variables: + DOTNET_CLI_TELEMETRY_OPTOUT: 1 + POWERSHELL_TELEMETRY_OPTOUT: 1 + +# since this build relies on templates, we need access to those +# This needs a service connection in the build to work +# the *name* of the service connection must be the same as the endpoint +resources: + repositories: + - repository: ComplianceRepo + type: github + endpoint: ComplianceGHRepo + name: PowerShell/compliance + # this can be any branch of your choosing + ref: master + +# the stages in this build. There are 2 +# the assumption for PowerShellGetv2 is that test is done as part of +# CI so we needn't do it here +stages: +- stage: Build + displayName: Build + pool: + name: Package ES CodeHub Lab E + jobs: + - job: Build_Job + displayName: Build Microsoft.PowerShell.PowerShellGetv2 + # note the variable reference to ESRP. + # this must be created in Project -> Pipelines -> Library -> VariableGroups + # where it describes the link to the SigningServer + variables: + - group: ESRP + steps: + - checkout: self + + # the steps for building the module go here + - pwsh: | + Set-Location "$(Build.SourcesDirectory)" + Import-Module $(Build.SourcesDirectory)/tools/build.psm1 -Force + Install-Dependencies + Update-ModuleManifestFunctions + Publish-ModuleArtifacts + displayName: Execute build + + # these are setting vso variables which will be persisted between stages + - pwsh: | + $signSrcPath = "$(Build.SourcesDirectory)/dist/PowerShellGet" + # Set signing src path variable + $vstsCommandString = "vso[task.setvariable variable=signSrcPath]${signSrcPath}" + Write-Host "sending " + $vstsCommandString + Write-Host "##$vstsCommandString" + + $signOutPath = "$(Build.SourcesDirectory)/OSS_Microsoft_PowerShellGetv2/signed/PowerShellGet" + $null = New-Item -ItemType Directory -Path $signOutPath + # Set signing out path variable + $vstsCommandString = "vso[task.setvariable variable=signOutPath]${signOutPath}" + Write-Host "sending " + $vstsCommandString + Write-Host "##$vstsCommandString" + + # Set path variable for guardian codesign validation + $vstsCommandString = "vso[task.setvariable variable=GDN_CODESIGN_TARGETDIRECTORY]${signOutPath}" + Write-Host "sending " + $vstsCommandString + Write-Host "##$vstsCommandString" + + # Get version and create a variable + $moduleData = Import-PowerShellDataFile "$(Build.SourcesDirectory)/dist/PowerShellGet/PowerShellGet.psd1" + $moduleVersion = $moduleData.ModuleVersion + $vstsCommandString = "vso[task.setvariable variable=moduleVersion]${moduleVersion}" + Write-Host "sending " + $vstsCommandString + Write-Host "##$vstsCommandString" + + + displayName: Setup variables for signing + + # checkout the Compliance repository so it can be used to do the actual signing + - checkout: ComplianceRepo + + # this the MS authored step This cert covers MS autored items + # note that the buildOutputPath (where we get the files to sign) + # is the same as the signOutputPath in the previous step + # at the end of this step we will have all the files signed that should be + # signOutPath is the location which contains the files we will use to make the module + - template: EsrpSign.yml@ComplianceRepo + parameters: + # the folder which contains the binaries to sign + buildOutputPath: $(signSrcPath) + # the location to put the signed output + signOutputPath: $(signOutPath) + # the certificate ID to use + certificateId: "CP-230012" + # use minimatch because we need to exclude the NewtonSoft assembly + useMinimatch: true + # the file pattern to use - newtonSoft is excluded + pattern: | + **\*.psd1 + **\*.psm1 + **\*.ps1xml + **\*.mof + + # now create the nupkg which we will use to publish the module + # to the powershell gallery (not part of this yaml) + #- pwsh: | + # Set-Location "$(Build.SourcesDirectory)/OSS_Microsoft_PowerShellGetv2" + # publish-module -Path $(signOutPath) + + # ./build -BuildNupkg -signed + 3 displayName: Create nupkg for publishing + + # finally publish the parts of the build which will be used in the next stages + # if it's not published, the subsequent stages will not be able to access it. + # This is the build directory (it contains all of the dll/pdb files) + - publish: "$(Build.SourcesDirectory)/OSS_Microsoft_PowerShellGetv2" + artifact: build + displayName: publish build directory + + # export the nupkg only which will be used in the release pipeline + #- publish: "$(signOutPath)/PowerShellGet.$(moduleVersion).nupkg" + # artifact: nupkg + # displayName: Publish module nupkg + + +# Now on to the compliance stage +- stage: compliance + displayName: Compliance + dependsOn: Build + jobs: + - job: Compliance_Job + pool: + name: Package ES CodeHub Lab E + steps: + - checkout: self + - checkout: ComplianceRepo + - download: current + artifact: build + + # use the templates in the compliance repo + # since script analyzer has modules, we're using the assembly-module-compliance template + # if you don't have assemblies, you should use script-module-compliance template + - template: script-module-compliance.yml@ComplianceRepo + parameters: + # component-governance - the path to sources + sourceScanPath: '$(Build.SourcesDirectory)' + # binskim - this isn't recursive, so you need the path to the assemblies + # AnalyzeTarget: '$(Pipeline.Workspace)\build\bin\PSV7Release\netcoreapp3.1\*.dll' + # credscan - scan the repo for credentials + # you can suppress some files with this. + # suppressionsFile: '$(Build.SourcesDirectory)/OSS_Microsoft_PSSA/tools/ReleaseBuild/CredScan.Suppressions.json' + # TermCheck + optionsRulesDBPath: '' + optionsFTPath: '' + # tsa-upload + # the compliance scanning must be uploaded, which you need to request + codeBaseName: 'PSSA_202004' + # selections + APIScan: false # set to false when not using Windows APIs. From d5f92d126f945f31307886b72927239e020eefd2 Mon Sep 17 00:00:00 2001 From: Amber Erickson Date: Sun, 31 Jan 2021 23:48:05 -0800 Subject: [PATCH 05/20] Add codebasename to release build yam --- .ci/releaseBuild.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.ci/releaseBuild.yml b/.ci/releaseBuild.yml index 6e2e8ea3..17b3fad7 100644 --- a/.ci/releaseBuild.yml +++ b/.ci/releaseBuild.yml @@ -116,7 +116,7 @@ stages: # publish-module -Path $(signOutPath) # ./build -BuildNupkg -signed - 3 displayName: Create nupkg for publishing + # displayName: Create nupkg for publishing # finally publish the parts of the build which will be used in the next stages # if it's not published, the subsequent stages will not be able to access it. @@ -162,6 +162,6 @@ stages: optionsFTPath: '' # tsa-upload # the compliance scanning must be uploaded, which you need to request - codeBaseName: 'PSSA_202004' + codeBaseName: 'PowerShellGetv2_20200129' # selections APIScan: false # set to false when not using Windows APIs. From 7765b72c92906ae56e8e62b83e23754f518ea234 Mon Sep 17 00:00:00 2001 From: alerickson <25858831+alerickson@users.noreply.github.com> Date: Mon, 1 Feb 2021 00:01:38 -0800 Subject: [PATCH 06/20] Update releaseBuild.yml for Azure Pipelines --- .ci/releaseBuild.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.ci/releaseBuild.yml b/.ci/releaseBuild.yml index 17b3fad7..35255056 100644 --- a/.ci/releaseBuild.yml +++ b/.ci/releaseBuild.yml @@ -13,6 +13,7 @@ pr: variables: DOTNET_CLI_TELEMETRY_OPTOUT: 1 POWERSHELL_TELEMETRY_OPTOUT: 1 + BUILD_SOURCESDIRECTORY: 'E:\BA\41\s\PowerShellGetv2' # since this build relies on templates, we need access to those # This needs a service connection in the build to work From 2672b531cf2a19c12c0117306ba7991e94d67fac Mon Sep 17 00:00:00 2001 From: alerickson <25858831+alerickson@users.noreply.github.com> Date: Mon, 1 Feb 2021 00:03:54 -0800 Subject: [PATCH 07/20] Update releaseBuild.yml for Azure Pipelines --- .ci/releaseBuild.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.ci/releaseBuild.yml b/.ci/releaseBuild.yml index 35255056..ac92a077 100644 --- a/.ci/releaseBuild.yml +++ b/.ci/releaseBuild.yml @@ -14,6 +14,7 @@ variables: DOTNET_CLI_TELEMETRY_OPTOUT: 1 POWERSHELL_TELEMETRY_OPTOUT: 1 BUILD_SOURCESDIRECTORY: 'E:\BA\41\s\PowerShellGetv2' + Build.SourcesDirectory: 'E:\BA\41\s\PowerShellGetv2' # since this build relies on templates, we need access to those # This needs a service connection in the build to work From 393e351e94cc0ef22e364b84963f63eede151f8a Mon Sep 17 00:00:00 2001 From: alerickson <25858831+alerickson@users.noreply.github.com> Date: Mon, 1 Feb 2021 00:08:45 -0800 Subject: [PATCH 08/20] Update releaseBuild.yml for Azure Pipelines --- .ci/releaseBuild.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.ci/releaseBuild.yml b/.ci/releaseBuild.yml index ac92a077..22294938 100644 --- a/.ci/releaseBuild.yml +++ b/.ci/releaseBuild.yml @@ -48,6 +48,10 @@ stages: - checkout: self # the steps for building the module go here + - pwsh: | + dir env: + displayName: Capture environment + - pwsh: | Set-Location "$(Build.SourcesDirectory)" Import-Module $(Build.SourcesDirectory)/tools/build.psm1 -Force From 51f5751b5f4364f884a56ada31d9a2f0471fc682 Mon Sep 17 00:00:00 2001 From: alerickson <25858831+alerickson@users.noreply.github.com> Date: Mon, 1 Feb 2021 00:14:34 -0800 Subject: [PATCH 09/20] Update releaseBuild.yml for Azure Pipelines --- .ci/releaseBuild.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.ci/releaseBuild.yml b/.ci/releaseBuild.yml index 22294938..d3601083 100644 --- a/.ci/releaseBuild.yml +++ b/.ci/releaseBuild.yml @@ -13,8 +13,6 @@ pr: variables: DOTNET_CLI_TELEMETRY_OPTOUT: 1 POWERSHELL_TELEMETRY_OPTOUT: 1 - BUILD_SOURCESDIRECTORY: 'E:\BA\41\s\PowerShellGetv2' - Build.SourcesDirectory: 'E:\BA\41\s\PowerShellGetv2' # since this build relies on templates, we need access to those # This needs a service connection in the build to work From a7bf044eaddbe99b034565217fd40ea8790686a1 Mon Sep 17 00:00:00 2001 From: alerickson <25858831+alerickson@users.noreply.github.com> Date: Mon, 1 Feb 2021 00:22:02 -0800 Subject: [PATCH 10/20] Update releaseBuild.yml for Azure Pipelines --- .ci/releaseBuild.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.ci/releaseBuild.yml b/.ci/releaseBuild.yml index d3601083..9be280f5 100644 --- a/.ci/releaseBuild.yml +++ b/.ci/releaseBuild.yml @@ -52,6 +52,10 @@ stages: - pwsh: | Set-Location "$(Build.SourcesDirectory)" + dir + + cd tools + dir Import-Module $(Build.SourcesDirectory)/tools/build.psm1 -Force Install-Dependencies Update-ModuleManifestFunctions From 6a01a7e3395730c106b8264e30c858c2caa897ad Mon Sep 17 00:00:00 2001 From: alerickson <25858831+alerickson@users.noreply.github.com> Date: Mon, 1 Feb 2021 00:24:11 -0800 Subject: [PATCH 11/20] Update releaseBuild.yml for Azure Pipelines --- .ci/releaseBuild.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.ci/releaseBuild.yml b/.ci/releaseBuild.yml index 9be280f5..eaa5f2f2 100644 --- a/.ci/releaseBuild.yml +++ b/.ci/releaseBuild.yml @@ -51,11 +51,7 @@ stages: displayName: Capture environment - pwsh: | - Set-Location "$(Build.SourcesDirectory)" - dir - - cd tools - dir + Set-Location "$(Build.SourcesDirectory)/PowerShellGetv2" Import-Module $(Build.SourcesDirectory)/tools/build.psm1 -Force Install-Dependencies Update-ModuleManifestFunctions From 5c2598d5311858750f70a9f3c9eb52a644d0e428 Mon Sep 17 00:00:00 2001 From: alerickson <25858831+alerickson@users.noreply.github.com> Date: Mon, 1 Feb 2021 00:25:38 -0800 Subject: [PATCH 12/20] Update releaseBuild.yml for Azure Pipelines --- .ci/releaseBuild.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/releaseBuild.yml b/.ci/releaseBuild.yml index eaa5f2f2..ed9bb2e5 100644 --- a/.ci/releaseBuild.yml +++ b/.ci/releaseBuild.yml @@ -52,7 +52,7 @@ stages: - pwsh: | Set-Location "$(Build.SourcesDirectory)/PowerShellGetv2" - Import-Module $(Build.SourcesDirectory)/tools/build.psm1 -Force + Import-Module ./tools/build.psm1 -Force Install-Dependencies Update-ModuleManifestFunctions Publish-ModuleArtifacts From da1672d85fb10f176930a0d257971e218a1cec9c Mon Sep 17 00:00:00 2001 From: alerickson <25858831+alerickson@users.noreply.github.com> Date: Mon, 1 Feb 2021 00:31:22 -0800 Subject: [PATCH 13/20] Update releaseBuild.yml for Azure Pipelines --- .ci/releaseBuild.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.ci/releaseBuild.yml b/.ci/releaseBuild.yml index ed9bb2e5..0d5d5a2a 100644 --- a/.ci/releaseBuild.yml +++ b/.ci/releaseBuild.yml @@ -61,6 +61,7 @@ stages: # these are setting vso variables which will be persisted between stages - pwsh: | $signSrcPath = "$(Build.SourcesDirectory)/dist/PowerShellGet" + dir # Set signing src path variable $vstsCommandString = "vso[task.setvariable variable=signSrcPath]${signSrcPath}" Write-Host "sending " + $vstsCommandString @@ -79,7 +80,8 @@ stages: Write-Host "##$vstsCommandString" # Get version and create a variable - $moduleData = Import-PowerShellDataFile "$(Build.SourcesDirectory)/dist/PowerShellGet/PowerShellGet.psd1" + dir + $moduleData = Import-PowerShellDataFile "$(Build.SourcesDirectory)/PowerShellGet/dist/PowerShellGet/PowerShellGet.psd1" $moduleVersion = $moduleData.ModuleVersion $vstsCommandString = "vso[task.setvariable variable=moduleVersion]${moduleVersion}" Write-Host "sending " + $vstsCommandString From ed5ef933797c73d77471117980da0388266c2f97 Mon Sep 17 00:00:00 2001 From: alerickson <25858831+alerickson@users.noreply.github.com> Date: Mon, 1 Feb 2021 00:38:04 -0800 Subject: [PATCH 14/20] Update releaseBuild.yml for Azure Pipelines --- .ci/releaseBuild.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/releaseBuild.yml b/.ci/releaseBuild.yml index 0d5d5a2a..e8a091c5 100644 --- a/.ci/releaseBuild.yml +++ b/.ci/releaseBuild.yml @@ -67,7 +67,7 @@ stages: Write-Host "sending " + $vstsCommandString Write-Host "##$vstsCommandString" - $signOutPath = "$(Build.SourcesDirectory)/OSS_Microsoft_PowerShellGetv2/signed/PowerShellGet" + $signOutPath = "$(Build.SourcesDirectory)/OSS_Microsoft_PowerShellGetv2new/signed/PowerShellGet" $null = New-Item -ItemType Directory -Path $signOutPath # Set signing out path variable $vstsCommandString = "vso[task.setvariable variable=signOutPath]${signOutPath}" From 69c5782fa9024e67494f4d981cd9a3bc306e63da Mon Sep 17 00:00:00 2001 From: alerickson <25858831+alerickson@users.noreply.github.com> Date: Mon, 1 Feb 2021 14:53:13 -0800 Subject: [PATCH 15/20] Update releaseBuild.yml for Azure Pipelines --- .ci/releaseBuild.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.ci/releaseBuild.yml b/.ci/releaseBuild.yml index e8a091c5..d030db35 100644 --- a/.ci/releaseBuild.yml +++ b/.ci/releaseBuild.yml @@ -81,6 +81,9 @@ stages: # Get version and create a variable dir + dir OSS_Microsoft_PowerShellGetv2new + write-host "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" + dir PowerShellGetv2 $moduleData = Import-PowerShellDataFile "$(Build.SourcesDirectory)/PowerShellGet/dist/PowerShellGet/PowerShellGet.psd1" $moduleVersion = $moduleData.ModuleVersion $vstsCommandString = "vso[task.setvariable variable=moduleVersion]${moduleVersion}" From 9979ac31e1ecf42783ab31f83b7809ab1162fd2a Mon Sep 17 00:00:00 2001 From: alerickson <25858831+alerickson@users.noreply.github.com> Date: Mon, 1 Feb 2021 14:55:37 -0800 Subject: [PATCH 16/20] Update releaseBuild.yml for Azure Pipelines --- .ci/releaseBuild.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/releaseBuild.yml b/.ci/releaseBuild.yml index d030db35..d1cbcc88 100644 --- a/.ci/releaseBuild.yml +++ b/.ci/releaseBuild.yml @@ -84,7 +84,7 @@ stages: dir OSS_Microsoft_PowerShellGetv2new write-host "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" dir PowerShellGetv2 - $moduleData = Import-PowerShellDataFile "$(Build.SourcesDirectory)/PowerShellGet/dist/PowerShellGet/PowerShellGet.psd1" + $moduleData = Import-PowerShellDataFile "$(Build.SourcesDirectory)/PowerShellGetv2/dist/PowerShellGet/PowerShellGet.psd1" $moduleVersion = $moduleData.ModuleVersion $vstsCommandString = "vso[task.setvariable variable=moduleVersion]${moduleVersion}" Write-Host "sending " + $vstsCommandString From bac2ccb6f79b1c770544bb74babdbf402726b0c3 Mon Sep 17 00:00:00 2001 From: alerickson <25858831+alerickson@users.noreply.github.com> Date: Mon, 1 Feb 2021 15:11:49 -0800 Subject: [PATCH 17/20] Update releaseBuild.yml for Azure Pipelines --- .ci/releaseBuild.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/releaseBuild.yml b/.ci/releaseBuild.yml index d1cbcc88..183c1494 100644 --- a/.ci/releaseBuild.yml +++ b/.ci/releaseBuild.yml @@ -60,7 +60,7 @@ stages: # these are setting vso variables which will be persisted between stages - pwsh: | - $signSrcPath = "$(Build.SourcesDirectory)/dist/PowerShellGet" + $signSrcPath = "$(Build.SourcesDirectory)/PowerShellGetv2/dist/PowerShellGet" dir # Set signing src path variable $vstsCommandString = "vso[task.setvariable variable=signSrcPath]${signSrcPath}" From 80587e431b1fd9cc846da7d9490cd361702ab2b0 Mon Sep 17 00:00:00 2001 From: alerickson <25858831+alerickson@users.noreply.github.com> Date: Mon, 1 Feb 2021 15:21:51 -0800 Subject: [PATCH 18/20] Update releaseBuild.yml for Azure Pipelines --- .ci/releaseBuild.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.ci/releaseBuild.yml b/.ci/releaseBuild.yml index 183c1494..57952552 100644 --- a/.ci/releaseBuild.yml +++ b/.ci/releaseBuild.yml @@ -67,8 +67,8 @@ stages: Write-Host "sending " + $vstsCommandString Write-Host "##$vstsCommandString" - $signOutPath = "$(Build.SourcesDirectory)/OSS_Microsoft_PowerShellGetv2new/signed/PowerShellGet" - $null = New-Item -ItemType Directory -Path $signOutPath + $signOutPath = "$(Build.SourcesDirectory)/OSS_Microsoft_PowerShellGetv2/signed/PowerShellGet" + $null = New-Item -ItemType Directory -Path $signOutPath -force # Set signing out path variable $vstsCommandString = "vso[task.setvariable variable=signOutPath]${signOutPath}" Write-Host "sending " + $vstsCommandString From e85364e44af57d00d9e70e5895ad66618e204b1d Mon Sep 17 00:00:00 2001 From: alerickson <25858831+alerickson@users.noreply.github.com> Date: Mon, 1 Feb 2021 16:32:46 -0800 Subject: [PATCH 19/20] Update releaseBuild.yml for Azure Pipelines --- .ci/releaseBuild.yml | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/.ci/releaseBuild.yml b/.ci/releaseBuild.yml index 57952552..275e3abb 100644 --- a/.ci/releaseBuild.yml +++ b/.ci/releaseBuild.yml @@ -80,17 +80,11 @@ stages: Write-Host "##$vstsCommandString" # Get version and create a variable - dir - dir OSS_Microsoft_PowerShellGetv2new - write-host "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" - dir PowerShellGetv2 $moduleData = Import-PowerShellDataFile "$(Build.SourcesDirectory)/PowerShellGetv2/dist/PowerShellGet/PowerShellGet.psd1" $moduleVersion = $moduleData.ModuleVersion $vstsCommandString = "vso[task.setvariable variable=moduleVersion]${moduleVersion}" Write-Host "sending " + $vstsCommandString Write-Host "##$vstsCommandString" - - displayName: Setup variables for signing # checkout the Compliance repository so it can be used to do the actual signing @@ -118,15 +112,6 @@ stages: **\*.ps1xml **\*.mof - # now create the nupkg which we will use to publish the module - # to the powershell gallery (not part of this yaml) - #- pwsh: | - # Set-Location "$(Build.SourcesDirectory)/OSS_Microsoft_PowerShellGetv2" - # publish-module -Path $(signOutPath) - - # ./build -BuildNupkg -signed - # displayName: Create nupkg for publishing - # finally publish the parts of the build which will be used in the next stages # if it's not published, the subsequent stages will not be able to access it. # This is the build directory (it contains all of the dll/pdb files) @@ -134,12 +119,6 @@ stages: artifact: build displayName: publish build directory - # export the nupkg only which will be used in the release pipeline - #- publish: "$(signOutPath)/PowerShellGet.$(moduleVersion).nupkg" - # artifact: nupkg - # displayName: Publish module nupkg - - # Now on to the compliance stage - stage: compliance displayName: Compliance From 03d995c0a94d76825a062f18ba980e5bf40f4fb6 Mon Sep 17 00:00:00 2001 From: Amber Erickson Date: Thu, 4 Feb 2021 22:27:00 -0800 Subject: [PATCH 20/20] Remove debugging statement and unnecessary comments --- .ci/releaseBuild.yml | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/.ci/releaseBuild.yml b/.ci/releaseBuild.yml index 275e3abb..b4fafe68 100644 --- a/.ci/releaseBuild.yml +++ b/.ci/releaseBuild.yml @@ -46,10 +46,6 @@ stages: - checkout: self # the steps for building the module go here - - pwsh: | - dir env: - displayName: Capture environment - - pwsh: | Set-Location "$(Build.SourcesDirectory)/PowerShellGetv2" Import-Module ./tools/build.psm1 -Force @@ -101,11 +97,8 @@ stages: buildOutputPath: $(signSrcPath) # the location to put the signed output signOutputPath: $(signOutPath) - # the certificate ID to use + # the certificate ID to use (Authenticode) certificateId: "CP-230012" - # use minimatch because we need to exclude the NewtonSoft assembly - useMinimatch: true - # the file pattern to use - newtonSoft is excluded pattern: | **\*.psd1 **\*.psm1 @@ -140,11 +133,6 @@ stages: parameters: # component-governance - the path to sources sourceScanPath: '$(Build.SourcesDirectory)' - # binskim - this isn't recursive, so you need the path to the assemblies - # AnalyzeTarget: '$(Pipeline.Workspace)\build\bin\PSV7Release\netcoreapp3.1\*.dll' - # credscan - scan the repo for credentials - # you can suppress some files with this. - # suppressionsFile: '$(Build.SourcesDirectory)/OSS_Microsoft_PSSA/tools/ReleaseBuild/CredScan.Suppressions.json' # TermCheck optionsRulesDBPath: '' optionsFTPath: ''