saret/winget-pkgs
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Files
e47406f348b8c716886bddaa60833ead61d7aead
winget-pkgs/DevOpsPipelineDefinitions/validation-pipeline.yaml
Ruben Guerrero e47406f348 Update pipelines (#6)
2020-04-30 14:26:14 -07:00

174 lines
5.9 KiB
YAML
Raw Blame History

# Validation pipeline for manifest on pull requests.
# Name of the run
name: '$(Build.DefinitionName)-$(Build.DefinitionVersion)-$(System.PullRequest.PullRequestNumber)-$(Date:yyyyMMdd)-$(Rev:r)'
trigger: none
pr: none
jobs:
# Agent phase. Process pull request changes and validate manifests.
- job: 'FileValidation'
displayName: 'Pull Request Validation'
pool:
vmImage: 'windows-latest'
variables:
skipComponentGovernanceDetection: ${{ true }}
runCodesignValidationInjection: ${{ false }}
steps:
# Downloads all the setup files and its dependencies.
- task: AzureCLI@1
displayName: 'Azure Setup'
inputs:
azureSubscription: '$(WinGet.Subscription)'
scriptLocation: inlineScript
inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none'
env:
AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString)
# WinGet setup
- script: 'winget_validation_setup.cmd'
name: 'wingetsetup'
displayName: 'WinGet Setup'
workingDirectory: scripts
env:
HOST_KEY: $(AzureFunctionHostKey)
SMART_SCREEN_ENDPOINT: $(AzFuncSmartScreenEndpoint)
SCAN_ENDPOINT: $(AzFuncScanEndpoint)
LABEL_ENDPOINT: $(AzFuncSetLabelOnPullRequestEndpoint)
CLEANUP_ENDPOINT: $(AzFuncCleanupEndpoint)
# Validates integrity of pull request.
- task: CmdLine@2
displayName: 'Validate Pull Request'
inputs:
script: 'WinGetSvcWrapper.exe process-pr --operationId %BUILD_BUILDNUMBER%'
failOnStderr: true
condition: succeeded()
env:
AzureWebJobsStorage: $(ValidationStorageAccountConnectionString)
DIApplicationInsightKey: $(DIApplicationInsightKey)
# Validates manifest integrity.
- task: CmdLine@2
displayName: 'Validate Manifest'
inputs:
script: 'WinGetSvcWrapper.exe validate-manifests --operationId %BUILD_BUILDNUMBER%'
failOnStderr: true
condition: succeeded()
env:
AzureWebJobsStorage: $(ValidationStorageAccountConnectionString)
DIApplicationInsightKey: $(DIApplicationInsightKey)
# Agentless phase. Depends on previous job.
- job: 'ContentValidation'
pool: server
displayName: 'Manifest Content Validation'
timeoutInMinutes: 1500
dependsOn:
- 'FileValidation'
variables:
HostKeySecret: $[ dependencies.FileValidation.outputs['wingetsetup.hostkey']]
SmartScreenEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.smartScreenEndpoint']]
ScanEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.scanEndpoint']]
steps:
# Scans all the urls from manifest contents.
- task: AzureFunction@1
displayName: 'Validation URLs in manifest files'
inputs:
function: '$(SmartScreenEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Scan installers in manifests.
- task: AzureFunction@1
displayName: 'Installers Scan'
inputs:
function: '$(ScanEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Agentless phase. Runs even if previous jobs failed.
- job: 'postvalidation'
pool: server
displayName: 'Post Validation'
dependsOn:
- 'FileValidation'
- 'ContentValidation'
condition: succeededOrFailed()
variables:
HostKeySecret: $[ dependencies.FileValidation.outputs['wingetsetup.hostkey']]
LabelEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.labelEndpoint']]
RepositoryId: $[ dependencies.FileValidation.outputs['wingetsetup.repoId']]
CleanupEndpointSecret: $[ dependencies.filevalidation.outputs['wingetsetup.cleanupEndpoint']]
steps:
# Set label in GitHub PullRequest.
- task: AzureFunction@1
displayName: 'Set Label'
condition: eq(variables['WinGet.RepositoryType'], 'GitHub')
inputs:
function: '$(LabelEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)",
"BuildRepositoryId": "$(RepositoryId)",
"PullRequestNumber": "$(System.PullRequest.PullRequestNumber)",
}
waitForCompletion: "true"
# Cleanup resources.
- task: AzureFunction@1
displayName: 'Validation cleanup'
inputs:
function: '$(CleanupEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
Reference in New Issue View Git Blame Copy Permalink