165 lines
4.9 KiB
YAML
165 lines
4.9 KiB
YAML
# Rebuild pipeline for WinGet.
|
|
|
|
# Name of the run
|
|
name: '$(Build.DefinitionName)-$(Build.DefinitionVersion)-$(Date:yyyyMMdd)-$(Rev:r)'
|
|
|
|
trigger: none
|
|
pr: none
|
|
|
|
jobs:
|
|
|
|
# Agent phase.
|
|
- job: 'Rebuild'
|
|
displayName: 'Start Rebuild'
|
|
pool:
|
|
vmImage: 'windows-latest'
|
|
variables:
|
|
skipComponentGovernanceDetection: ${{ true }}
|
|
runCodesignValidationInjection: ${{ false }}
|
|
steps:
|
|
|
|
# Allow scripts to access the system token.
|
|
- checkout: self
|
|
persistCredentials: true
|
|
clean: true
|
|
|
|
# Downloads all the setup files and its dependencies.
|
|
- task: AzureCLI@1
|
|
displayName: 'Azure Setup'
|
|
inputs:
|
|
azureSubscription: '$(WinGet.Subscription)'
|
|
scriptLocation: inlineScript
|
|
inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none'
|
|
env:
|
|
AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString)
|
|
|
|
# WinGet setup
|
|
- script: 'winget_publish_setup.cmd'
|
|
name: 'wingetsetup'
|
|
displayName: 'WinGet Setup'
|
|
workingDirectory: scripts
|
|
env:
|
|
HOST_KEY: $(AzureFunctionHostKey)
|
|
SIGN_ENDPOINT: $(AzFuncSignEndpoint)
|
|
|
|
- task: CmdLine@2
|
|
displayName: 'Validate Manifests'
|
|
inputs:
|
|
script: 'WinGetSvcWrapper.exe rebuild --operationId %BUILD_BUILDNUMBER%'
|
|
failOnStderr: true
|
|
condition: succeeded()
|
|
env:
|
|
AzureWebJobsStorage: $(ValidationStorageAccountConnectionString)
|
|
PackagePublisher: $(PackagePublisher)
|
|
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
|
|
DIApplicationInsightKey: $(DIApplicationInsightKey)
|
|
|
|
# Agentless phase. Depends on previous job.
|
|
- job: 'SignPackage'
|
|
pool: server
|
|
timeoutInMinutes: 1500
|
|
displayName: 'Sign package'
|
|
dependsOn:
|
|
- 'Rebuild'
|
|
variables:
|
|
HostKeySecret: $[ dependencies.Rebuild.outputs['wingetsetup.hostkey']]
|
|
SignEndpointSecret: $[ dependencies.Rebuild.outputs['wingetsetup.signEndpoint']]
|
|
steps:
|
|
|
|
# Sign package.
|
|
- task: AzureFunction@1
|
|
displayName: 'Signing package'
|
|
inputs:
|
|
function: '$(SignEndpointSecret)'
|
|
key: '$(HostKeySecret)'
|
|
body: |
|
|
{
|
|
"operationId": "$(Build.BuildNumber)",
|
|
"PlanUrl": "$(system.CollectionUri)",
|
|
"HubName": "$(system.HostType)",
|
|
"pipelineType": "RebuildPipeline",
|
|
"ProjectId": "$(system.TeamProjectId)",
|
|
"PlanId": "$(system.PlanId)",
|
|
"JobId": "$(system.JobId)",
|
|
"TimelineId": "$(system.TimelineId)",
|
|
"TaskInstanceId": "$(system.TaskInstanceId)",
|
|
"AuthToken": "$(system.AccessToken)"
|
|
}
|
|
waitForCompletion: "true"
|
|
|
|
# Agent phase. Depends on previous job.
|
|
- job: 'Publish'
|
|
displayName: 'Publish'
|
|
pool:
|
|
vmImage: 'windows-latest'
|
|
variables:
|
|
skipComponentGovernanceDetection: ${{ true }}
|
|
runCodesignValidationInjection: ${{ false }}
|
|
dependsOn:
|
|
- 'SignPackage'
|
|
steps:
|
|
|
|
# Downloads all the setup files and its dependencies.
|
|
- task: AzureCLI@1
|
|
displayName: 'Azure Setup'
|
|
inputs:
|
|
azureSubscription: '$(WinGet.Subscription)'
|
|
scriptLocation: inlineScript
|
|
inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none'
|
|
env:
|
|
AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString)
|
|
|
|
# Publish rebuild.
|
|
- task: CmdLine@2
|
|
displayName: 'Publish'
|
|
inputs:
|
|
script: 'WinGetSvcWrapper.exe rebuild-publish --operationId %BUILD_BUILDNUMBER%'
|
|
failOnStderr: true
|
|
condition: succeeded()
|
|
env:
|
|
AzureWebJobsStorage: $(ValidationStorageAccountConnectionString)
|
|
CacheConnectionString: $(CacheStorageAccountConnectionString)
|
|
DIApplicationInsightKey: $(DIApplicationInsightKey)
|
|
AzureServicesAuthConnectionString: $(AzureServicesAuthConnectionString)
|
|
WinGetSubscriptionId: $(WinGetSubscriptionId)
|
|
CdnProfileName: $(CdnProfileName)
|
|
CdnEndpointName: $(CdnEndpointName)
|
|
|
|
# Agent phase. Depends on previous job.
|
|
- job: 'Cleanup'
|
|
displayName: 'Cleanup'
|
|
pool:
|
|
vmImage: 'windows-latest'
|
|
dependsOn:
|
|
- 'Rebuild'
|
|
- 'Publish'
|
|
- 'SignPackage'
|
|
condition: succeededOrFailed()
|
|
variables:
|
|
skipComponentGovernanceDetection: ${{ true }}
|
|
runCodesignValidationInjection: ${{ false }}
|
|
steps:
|
|
|
|
# Don't clone repo.
|
|
- checkout: none
|
|
|
|
- task: AzureCLI@1
|
|
displayName: 'Azure Setup'
|
|
inputs:
|
|
azureSubscription: '$(WinGet.Subscription)'
|
|
scriptLocation: inlineScript
|
|
inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none'
|
|
env:
|
|
AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString)
|
|
|
|
- task: CmdLine@2
|
|
displayName: 'WinGet Cleanup'
|
|
inputs:
|
|
script: 'WinGetSvcWrapper.exe rebuild-cleanup --operationId %BUILD_BUILDNUMBER%'
|
|
failOnStderr: true
|
|
condition: succeeded()
|
|
env:
|
|
AzureWebJobsStorage: $(ValidationStorageAccountConnectionString)
|
|
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
|
|
DIApplicationInsightKey: $(DIApplicationInsightKey)
|