125 lines
3.8 KiB
YAML
125 lines
3.8 KiB
YAML
# Publish pipeline for WinGet.
|
|
|
|
# Name of the run
|
|
name: '$(Build.DefinitionName)-$(Build.DefinitionVersion)-$(Date:yyyyMMdd)-$(Rev:r)'
|
|
|
|
# Batch CI run. when a pipeline is running, the system waits until the run is completed,
|
|
# then starts another run with all changes that have not yet been built.
|
|
trigger:
|
|
batch: true
|
|
branches:
|
|
include:
|
|
- master
|
|
|
|
pr: none
|
|
|
|
jobs:
|
|
|
|
# Agent phase.
|
|
- job: 'CommitProcessing'
|
|
displayName: 'Commit Processing'
|
|
pool:
|
|
vmImage: 'windows-latest'
|
|
variables:
|
|
skipComponentGovernanceDetection: ${{ true }}
|
|
runCodesignValidationInjection: ${{ false }}
|
|
steps:
|
|
|
|
# Downloads all the setup files and its dependencies.
|
|
- task: AzureCLI@1
|
|
displayName: 'Azure Setup'
|
|
inputs:
|
|
azureSubscription: '$(WinGet.Subscription)'
|
|
scriptLocation: inlineScript
|
|
inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none'
|
|
env:
|
|
AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString)
|
|
|
|
# WinGet setup
|
|
- script: 'winget_publish_setup.cmd'
|
|
name: 'wingetsetup'
|
|
displayName: 'WinGet Setup'
|
|
workingDirectory: scripts
|
|
env:
|
|
HOST_KEY: $(AzureFunctionHostKey)
|
|
SIGN_ENDPOINT: $(AzFuncSignEndpoint)
|
|
|
|
- task: CmdLine@2
|
|
displayName: 'Validate Commits'
|
|
inputs:
|
|
script: 'WinGetSvcWrapper.exe validate-commits --operationId %BUILD_BUILDNUMBER%'
|
|
failOnStderr: true
|
|
condition: succeeded()
|
|
env:
|
|
AzureWebJobsStorage: $(ValidationStorageAccountConnectionString)
|
|
CacheConnectionString: $(CacheStorageAccountConnectionString)
|
|
PackagePublisher: $(PackagePublisher)
|
|
DIApplicationInsightKey: $(DIApplicationInsightKey)
|
|
|
|
# Agentless phase. Depends on previous job.
|
|
- job: 'SignPackage'
|
|
pool: server
|
|
timeoutInMinutes: 1500
|
|
displayName: 'Sign package'
|
|
dependsOn:
|
|
- 'CommitProcessing'
|
|
variables:
|
|
HostKeySecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.hostkey']]
|
|
SignEndpointSecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.signEndpoint']]
|
|
steps:
|
|
|
|
# Sign package.
|
|
- task: AzureFunction@1
|
|
displayName: 'Signing package'
|
|
inputs:
|
|
function: '$(SignEndpointSecret)'
|
|
key: '$(HostKeySecret)'
|
|
body: |
|
|
{
|
|
"operationId": "$(Build.BuildNumber)",
|
|
"PlanUrl": "$(system.CollectionUri)",
|
|
"HubName": "$(system.HostType)",
|
|
"pipelineType": "CommitPipeline",
|
|
"ProjectId": "$(system.TeamProjectId)",
|
|
"PlanId": "$(system.PlanId)",
|
|
"JobId": "$(system.JobId)",
|
|
"TimelineId": "$(system.TimelineId)",
|
|
"TaskInstanceId": "$(system.TaskInstanceId)",
|
|
"AuthToken": "$(system.AccessToken)"
|
|
}
|
|
waitForCompletion: "true"
|
|
|
|
# Agent phase. Depends on previous job.
|
|
- job: 'Publish'
|
|
displayName: 'Publish'
|
|
pool:
|
|
vmImage: 'windows-latest'
|
|
variables:
|
|
skipComponentGovernanceDetection: ${{ true }}
|
|
runCodesignValidationInjection: ${{ false }}
|
|
dependsOn:
|
|
- 'SignPackage'
|
|
steps:
|
|
|
|
# Downloads all the setup files and its dependencies.
|
|
- task: AzureCLI@1
|
|
displayName: 'Azure Setup'
|
|
inputs:
|
|
azureSubscription: '$(WinGet.Subscription)'
|
|
scriptLocation: inlineScript
|
|
inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none'
|
|
env:
|
|
AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString)
|
|
|
|
# Validates integrity of pull request.
|
|
- task: CmdLine@2
|
|
displayName: 'Publish'
|
|
inputs:
|
|
script: 'WinGetSvcWrapper.exe publish --operationId %BUILD_BUILDNUMBER%'
|
|
failOnStderr: true
|
|
condition: succeeded()
|
|
env:
|
|
AzureWebJobsStorage: $(ValidationStorageAccountConnectionString)
|
|
CacheConnectionString: $(CacheStorageAccountConnectionString)
|
|
DIApplicationInsightKey: $(DIApplicationInsightKey)
|