Revert "Migrate WinGetSVC pipeline to 1ES (#128720)" (#128792)

This reverts commit 8cabb7a606.
This commit is contained in:
Madhusudhan-MSFT
2023-12-01 11:30:26 -08:00
committed by GitHub
parent e1f19e6c66
commit 4c21969ad2
4 changed files with 746 additions and 811 deletions
+240 -255
View File
@@ -13,271 +13,256 @@ trigger:
pr: none
resources:
repositories:
- repository: 1ESPipelineTemplates
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release
extends:
template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
parameters:
pool:
name: Azure-Pipelines-1ESPT-ExDShared
image: windows-2022
os: windows
customBuildTags:
- ES365AIMigrationTooling
stages:
- stage: WinGetSvc_Publish
jobs:
# Agent phase.
- job: 'CommitProcessing'
displayName: 'Commit Processing'
variables:
skipComponentGovernanceDetection: ${{ true }}
runCodesignValidationInjection: ${{ false }}
timeoutInMinutes: 0
steps:
# Downloads all the setup files and its dependencies.
- task: AzureCLI@1
displayName: 'Azure Setup'
inputs:
azureSubscription: '$(WinGet.Subscription)'
scriptLocation: inlineScript
inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none'
env:
AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString)
jobs:
# WinGet setup
- task: CmdLine@2
name: 'wingetsetup'
displayName: 'WinGet Setup'
env:
HOST_KEY: $(AzureFunctionHostKey)
SIGN_ENDPOINT: $(AzFuncSignEndpoint)
CLEANUP_ENDPOINT: $(AzFuncPublishCleanupEndpoint)
MANIFEST_PUBLISH_COMPLETION_ENDPOINT: $(AzFuncManifestPublishCompletionEndpoint)
PIPELINE_TASK_MESSAGE_QUEUE_ENDPOINT: $(AzFuncPipelineTaskMessageQueueEndPoint)
RESTSOURCE_UPDATE_ENDPOINT: $(AzFuncRestSourceUpdateEndpoint)
inputs:
script: 'winget_publish_setup.cmd'
workingDirectory: scripts
# Agent phase.
- job: 'CommitProcessing'
displayName: 'Commit Processing'
pool:
vmImage: 'windows-latest'
variables:
skipComponentGovernanceDetection: ${{ true }}
runCodesignValidationInjection: ${{ false }}
timeoutInMinutes: 0
steps:
# Downloads all the setup files and its dependencies.
- task: AzureCLI@1
displayName: 'Azure Setup'
inputs:
azureSubscription: '$(WinGet.Subscription)'
scriptLocation: inlineScript
inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none'
env:
AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString)
- task: CmdLine@2
displayName: 'Validate Commits'
inputs:
script: 'WinGetSvcWrapper.exe validate-commits --operationId %BUILD_BUILDNUMBER%'
failOnStderr: true
condition: succeeded()
env:
ValidationConnectionString: $(ValidationStorageAccountConnectionString)
ExecutionEnvironment: $(ExecutionEnvironment)
CacheConnectionString: $(CacheStorageAccountConnectionString)
PackagePublisher: $(PackagePublisher)
DIApplicationInsightKey: $(DIApplicationInsightKey)
WinGet:AppConfig:Primary: $(AppConfigPrimary)
WinGet:AppConfig:Secondary: $(AppConfigSecondary)
# WinGet setup
- script: 'winget_publish_setup.cmd'
name: 'wingetsetup'
displayName: 'WinGet Setup'
workingDirectory: scripts
env:
HOST_KEY: $(AzureFunctionHostKey)
SIGN_ENDPOINT: $(AzFuncSignEndpoint)
CLEANUP_ENDPOINT: $(AzFuncPublishCleanupEndpoint)
MANIFEST_PUBLISH_COMPLETION_ENDPOINT: $(AzFuncManifestPublishCompletionEndpoint)
PIPELINE_TASK_MESSAGE_QUEUE_ENDPOINT: $(AzFuncPipelineTaskMessageQueueEndPoint)
RESTSOURCE_UPDATE_ENDPOINT: $(AzFuncRestSourceUpdateEndpoint)
# Agentless phase. Depends on previous job.
- job: 'SignPackage'
pool: server
timeoutInMinutes: 1500
displayName: 'Sign package'
dependsOn:
- 'CommitProcessing'
variables:
HostKeySecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.hostkey']]
SignEndpointSecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.signEndpoint']]
steps:
- task: CmdLine@2
displayName: 'Validate Commits'
inputs:
script: 'WinGetSvcWrapper.exe validate-commits --operationId %BUILD_BUILDNUMBER%'
failOnStderr: true
condition: succeeded()
env:
ValidationConnectionString: $(ValidationStorageAccountConnectionString)
ExecutionEnvironment: $(ExecutionEnvironment)
CacheConnectionString: $(CacheStorageAccountConnectionString)
PackagePublisher: $(PackagePublisher)
DIApplicationInsightKey: $(DIApplicationInsightKey)
WinGet:AppConfig:Primary: $(AppConfigPrimary)
WinGet:AppConfig:Secondary: $(AppConfigSecondary)
# Sign package.
- task: AzureFunction@1
displayName: 'Signing package'
inputs:
function: '$(SignEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "CommitPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Agentless phase. Depends on previous job.
- job: 'SignPackage'
pool: server
timeoutInMinutes: 1500
displayName: 'Sign package'
dependsOn:
- 'CommitProcessing'
variables:
HostKeySecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.hostkey']]
SignEndpointSecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.signEndpoint']]
steps:
# Agent phase. Depends on previous job.
- job: 'Publish'
displayName: 'Publish'
variables:
skipComponentGovernanceDetection: ${{ true }}
runCodesignValidationInjection: ${{ false }}
dependsOn:
- 'SignPackage'
timeoutInMinutes: 0
steps:
# Sign package.
- task: AzureFunction@1
displayName: 'Signing package'
inputs:
function: '$(SignEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "CommitPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Downloads all the setup files and its dependencies.
- task: AzureCLI@1
displayName: 'Azure Setup'
inputs:
azureSubscription: '$(WinGet.Subscription)'
scriptLocation: inlineScript
inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none'
env:
AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString)
# Agent phase. Depends on previous job.
- job: 'Publish'
displayName: 'Publish'
pool:
vmImage: 'windows-latest'
variables:
skipComponentGovernanceDetection: ${{ true }}
runCodesignValidationInjection: ${{ false }}
dependsOn:
- 'SignPackage'
timeoutInMinutes: 0
steps:
# Validates integrity of pull request.
- task: CmdLine@2
displayName: 'Publish'
inputs:
script: 'WinGetSvcWrapper.exe publish --operationId %BUILD_BUILDNUMBER%'
failOnStderr: true
condition: succeeded()
env:
ValidationConnectionString: $(ValidationStorageAccountConnectionString)
ExecutionEnvironment: $(ExecutionEnvironment)
CacheConnectionString: $(CacheStorageAccountConnectionString)
DIApplicationInsightKey: $(DIApplicationInsightKey)
WinGet:AppConfig:Primary: $(AppConfigPrimary)
WinGet:AppConfig:Secondary: $(AppConfigSecondary)
CdnProfileName: $(CdnProfileName)
CdnEndpointName: $(CdnEndpointName)
CdnResourceGroup: $(CdnResourceGroup)
CdnAzureServicesAuthConnectionString: $(AzureServicesAuthConnectionString)
FdCdnProfileName: $(FdCdnProfileName)
FdCdnEndpointName: $(FdCdnEndpointName)
FdCdnResourceGroup: $(FdCdnResourceGroup)
CacheContainerName: $(CacheContainerName)
WinGet::SubscriptionId: $(WinGet.SubscriptionId)
# Downloads all the setup files and its dependencies.
- task: AzureCLI@1
displayName: 'Azure Setup'
inputs:
azureSubscription: '$(WinGet.Subscription)'
scriptLocation: inlineScript
inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none'
env:
AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString)
# Agentless phase. Depends on previous job.
- job: 'PublishToRestSource'
pool: server
timeoutInMinutes: 1500
displayName: 'Publish to rest source'
dependsOn:
- 'CommitProcessing'
- 'Publish'
variables:
HostKeySecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.hostkey']]
RestSourceUpdateEndpointSecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.restsourceUpdateEndpoint']]
steps:
# Validates integrity of pull request.
- task: CmdLine@2
displayName: 'Publish'
inputs:
script: 'WinGetSvcWrapper.exe publish --operationId %BUILD_BUILDNUMBER%'
failOnStderr: true
condition: succeeded()
env:
ValidationConnectionString: $(ValidationStorageAccountConnectionString)
ExecutionEnvironment: $(ExecutionEnvironment)
CacheConnectionString: $(CacheStorageAccountConnectionString)
DIApplicationInsightKey: $(DIApplicationInsightKey)
WinGet:AppConfig:Primary: $(AppConfigPrimary)
WinGet:AppConfig:Secondary: $(AppConfigSecondary)
CdnProfileName: $(CdnProfileName)
CdnEndpointName: $(CdnEndpointName)
CdnResourceGroup: $(CdnResourceGroup)
CdnAzureServicesAuthConnectionString: $(AzureServicesAuthConnectionString)
FdCdnProfileName: $(FdCdnProfileName)
FdCdnEndpointName: $(FdCdnEndpointName)
FdCdnResourceGroup: $(FdCdnResourceGroup)
CacheContainerName: $(CacheContainerName)
WinGet::SubscriptionId: $(WinGet.SubscriptionId)
# Publish updates to rest source
- task: AzureFunction@1
displayName: 'Publishing to rest source'
inputs:
function: '$(RestSourceUpdateEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "CommitPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Agentless phase. Depends on previous job.
- job: 'PublishToRestSource'
pool: server
timeoutInMinutes: 1500
displayName: 'Publish to rest source'
dependsOn:
- 'CommitProcessing'
- 'Publish'
variables:
HostKeySecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.hostkey']]
RestSourceUpdateEndpointSecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.restsourceUpdateEndpoint']]
steps:
# Agentless phase. Depends on previous job.
- job: 'PostPublish'
pool: server
timeoutInMinutes: 1500
displayName: 'Post publish'
dependsOn:
- 'CommitProcessing'
- 'Publish'
- 'PublishToRestSource'
condition: and(succeeded(), ne(variables['Source.SkipPostPublish'], 'true'))
variables:
HostKeySecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.hostkey']]
CleanEndpointSecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.cleanupEndpoint']]
ManifestPublishCompletionEndPoint: $[ dependencies.CommitProcessing.outputs['wingetsetup.manifestPublishCompletionEndPoint']]
PipelineTaskMessageQueueEndPoint: $[ dependencies.CommitProcessing.outputs['wingetsetup.PipelineTaskMessageQueueEndPoint']]
steps:
# Publish updates to rest source
- task: AzureFunction@1
displayName: 'Publishing to rest source'
inputs:
function: '$(RestSourceUpdateEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "CommitPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
- task: AzureFunction@1
displayName: 'Waiver Commit'
inputs:
function: '$(PipelineTaskMessageQueueEndPoint)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "CommitPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)",
"BuildRepositoryId": "$(build.repository.id)",
"TaskIdentifier": "WaiverCommit"
}
waitForCompletion: "true"
# Agentless phase. Depends on previous job.
- job: 'PostPublish'
pool: server
timeoutInMinutes: 1500
displayName: 'Post publish'
dependsOn:
- 'CommitProcessing'
- 'Publish'
- 'PublishToRestSource'
condition: and(succeeded(), ne(variables['Source.SkipPostPublish'], 'true'))
variables:
HostKeySecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.hostkey']]
CleanEndpointSecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.cleanupEndpoint']]
ManifestPublishCompletionEndPoint: $[ dependencies.CommitProcessing.outputs['wingetsetup.manifestPublishCompletionEndPoint']]
PipelineTaskMessageQueueEndPoint: $[ dependencies.CommitProcessing.outputs['wingetsetup.PipelineTaskMessageQueueEndPoint']]
steps:
- task: AzureFunction@1
displayName: 'Pull Request Notification'
inputs:
function: '$(ManifestPublishCompletionEndPoint)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "CommitPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)",
"BuildRepositoryId": "$(build.repository.id)"
}
waitForCompletion: "true"
- task: AzureFunction@1
displayName: 'Waiver Commit'
inputs:
function: '$(PipelineTaskMessageQueueEndPoint)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "CommitPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)",
"BuildRepositoryId": "$(build.repository.id)",
"TaskIdentifier": "WaiverCommit"
}
waitForCompletion: "true"
# Close issues.
- task: AzureFunction@1
displayName: 'Cleanup Issues'
inputs:
function: '$(CleanEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "CommitPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)",
"BuildRepositoryId": "$(build.repository.id)"
}
waitForCompletion: "true"
- task: AzureFunction@1
displayName: 'Pull Request Notification'
inputs:
function: '$(ManifestPublishCompletionEndPoint)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "CommitPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)",
"BuildRepositoryId": "$(build.repository.id)"
}
waitForCompletion: "true"
# Close issues.
- task: AzureFunction@1
displayName: 'Cleanup Issues'
inputs:
function: '$(CleanEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "CommitPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)",
"BuildRepositoryId": "$(build.repository.id)"
}
waitForCompletion: "true"
+159 -176
View File
@@ -12,190 +12,173 @@ variables:
Rebuild.EnableContainerBackup: $[coalesce(variables.EnableContainerBackup, 'False')]
Rebuild.ClearContainer: $[coalesce(variables.ClearContainer, 'False')]
resources:
repositories:
- repository: 1ESPipelineTemplates
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release
extends:
template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
parameters:
pool:
name: Azure-Pipelines-1ESPT-ExDShared
image: windows-2022
os: windows
customBuildTags:
- ES365AIMigrationTooling
jobs:
stages:
- stage: WinGetSvc_Rebuild
jobs:
# Agent phase.
- job: 'Rebuild'
displayName: 'Start Rebuild'
variables:
skipComponentGovernanceDetection: ${{ true }}
runCodesignValidationInjection: ${{ false }}
timeoutInMinutes: 0
steps:
# Agent phase.
- job: 'Rebuild'
displayName: 'Start Rebuild'
pool:
vmImage: 'windows-latest'
variables:
skipComponentGovernanceDetection: ${{ true }}
runCodesignValidationInjection: ${{ false }}
timeoutInMinutes: 0
steps:
# Allow scripts to access the system token.
- checkout: self
persistCredentials: true
clean: true
# Allow scripts to access the system token.
- checkout: self
persistCredentials: true
clean: true
# Downloads all the setup files and its dependencies.
- task: AzureCLI@1
displayName: 'Azure Setup'
inputs:
azureSubscription: '$(WinGet.Subscription)'
scriptLocation: inlineScript
inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none'
env:
AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString)
# Downloads all the setup files and its dependencies.
- task: AzureCLI@1
displayName: 'Azure Setup'
inputs:
azureSubscription: '$(WinGet.Subscription)'
scriptLocation: inlineScript
inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none'
env:
AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString)
# WinGet setup
- task: CmdLine@2
name: 'wingetsetup'
displayName: 'WinGet Setup'
env:
HOST_KEY: $(AzureFunctionHostKey)
SIGN_ENDPOINT: $(AzFuncSignEndpoint)
PUBLISH_ENDPOINT: $(AzFuncRebuildPublishEndpoint)
CLEANUP_ENDPOINT: $(AzFuncRebuildCleanupEndpoint)
RESTSOURCE_REBUILD_ENDPOINT: $(AzFuncRestSourceRebuildEndpoint)
inputs:
script: 'winget_rebuild_setup.cmd'
workingDirectory: scripts
# WinGet setup
- script: 'winget_rebuild_setup.cmd'
name: 'wingetsetup'
displayName: 'WinGet Setup'
workingDirectory: scripts
env:
HOST_KEY: $(AzureFunctionHostKey)
SIGN_ENDPOINT: $(AzFuncSignEndpoint)
PUBLISH_ENDPOINT: $(AzFuncRebuildPublishEndpoint)
CLEANUP_ENDPOINT: $(AzFuncRebuildCleanupEndpoint)
RESTSOURCE_REBUILD_ENDPOINT: $(AzFuncRestSourceRebuildEndpoint)
- task: CmdLine@2
displayName: 'Validate Manifests'
inputs:
script: 'WinGetSvcWrapper.exe rebuild --operationId %BUILD_BUILDNUMBER%'
failOnStderr: true
condition: succeeded()
env:
ValidationConnectionString: $(ValidationStorageAccountConnectionString)
ExecutionEnvironment: $(ExecutionEnvironment)
PackagePublisher: $(PackagePublisher)
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
DIApplicationInsightKey: $(DIApplicationInsightKey)
WinGet:AppConfig:Primary: $(AppConfigPrimary)
WinGet:AppConfig:Secondary: $(AppConfigSecondary)
DevOpsOrganization: $(DevOpsOrganization)
DevOpsProjectName: $(DevOpsProjectName)
DevOpsPublishPipelineDefinitionId: $(DevOpsPublishPipelineDefinitionId)
- task: CmdLine@2
displayName: 'Validate Manifests'
inputs:
script: 'WinGetSvcWrapper.exe rebuild --operationId %BUILD_BUILDNUMBER%'
failOnStderr: true
condition: succeeded()
env:
ValidationConnectionString: $(ValidationStorageAccountConnectionString)
ExecutionEnvironment: $(ExecutionEnvironment)
PackagePublisher: $(PackagePublisher)
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
DIApplicationInsightKey: $(DIApplicationInsightKey)
WinGet:AppConfig:Primary: $(AppConfigPrimary)
WinGet:AppConfig:Secondary: $(AppConfigSecondary)
DevOpsOrganization: $(DevOpsOrganization)
DevOpsProjectName: $(DevOpsProjectName)
DevOpsPublishPipelineDefinitionId: $(DevOpsPublishPipelineDefinitionId)
# Agentless phase. Depends on previous job.
- job: 'SignPackage'
pool: server
timeoutInMinutes: 1500
displayName: 'Sign package'
dependsOn:
- 'Rebuild'
variables:
HostKeySecret: $[ dependencies.Rebuild.outputs['wingetsetup.hostkey']]
SignEndpointSecret: $[ dependencies.Rebuild.outputs['wingetsetup.signEndpoint']]
steps:
# Agentless phase. Depends on previous job.
- job: 'SignPackage'
pool: server
timeoutInMinutes: 1500
displayName: 'Sign package'
dependsOn:
- 'Rebuild'
variables:
HostKeySecret: $[ dependencies.Rebuild.outputs['wingetsetup.hostkey']]
SignEndpointSecret: $[ dependencies.Rebuild.outputs['wingetsetup.signEndpoint']]
steps:
# Sign package.
- task: AzureFunction@1
displayName: 'Signing package'
inputs:
function: '$(SignEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "RebuildPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Sign package.
- task: AzureFunction@1
displayName: 'Signing package'
inputs:
function: '$(SignEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "RebuildPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Agentless phase. Depends on previous job.
- job: 'Publish'
pool: server
timeoutInMinutes: 1500
displayName: 'Publish'
dependsOn:
- 'Rebuild'
- 'SignPackage'
variables:
HostKeySecret: $[ dependencies.Rebuild.outputs['wingetsetup.hostkey']]
PublishEndpointSecret: $[ dependencies.Rebuild.outputs['wingetsetup.publishEndpoint']]
steps:
# Agentless phase. Depends on previous job.
- job: 'Publish'
pool: server
timeoutInMinutes: 1500
displayName: 'Publish'
dependsOn:
- 'Rebuild'
- 'SignPackage'
variables:
HostKeySecret: $[ dependencies.Rebuild.outputs['wingetsetup.hostkey']]
PublishEndpointSecret: $[ dependencies.Rebuild.outputs['wingetsetup.publishEndpoint']]
steps:
# Rebuild Publish.
- task: AzureFunction@1
displayName: 'Publish'
inputs:
function: '$(PublishEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "RebuildPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)",
"ContainerName": "$(CacheContainerName)",
"CommitTablePartitionKey": "$(CommitTablePartitionKey)",
"CommitTableRowKey": "$(CommitTableRowKey)",
"EnableContainerBackup": "$(Rebuild.EnableContainerBackup)",
"SkipManifestIndexUpdate": "$(Rebuild.SkipManifestIndexUpdate)",
"ClearContainer": "$(Rebuild.ClearContainer)",
}
waitForCompletion: "true"
# Rebuild Publish.
- task: AzureFunction@1
displayName: 'Publish'
inputs:
function: '$(PublishEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "RebuildPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)",
"ContainerName": "$(CacheContainerName)",
"CommitTablePartitionKey": "$(CommitTablePartitionKey)",
"CommitTableRowKey": "$(CommitTableRowKey)",
"EnableContainerBackup": "$(Rebuild.EnableContainerBackup)",
"SkipManifestIndexUpdate": "$(Rebuild.SkipManifestIndexUpdate)",
"ClearContainer": "$(Rebuild.ClearContainer)",
}
waitForCompletion: "true"
# Agentless phase. Depends on previous job.
- job: 'Cleanup'
pool: server
timeoutInMinutes: 1500
displayName: 'Cleanup'
dependsOn:
- 'Rebuild'
- 'SignPackage'
- 'Publish'
condition: and(succeededOrFailed(), ne(variables['Rebuild.SkipPausePublishPipeline'], 'True'))
variables:
HostKeySecret: $[ dependencies.Rebuild.outputs['wingetsetup.hostkey']]
CleanupEndpointSecret: $[ dependencies.Rebuild.outputs['wingetsetup.cleanupEndpoint']]
steps:
# Agentless phase. Depends on previous job.
- job: 'Cleanup'
pool: server
timeoutInMinutes: 1500
displayName: 'Cleanup'
dependsOn:
- 'Rebuild'
- 'SignPackage'
- 'Publish'
condition: and(succeededOrFailed(), ne(variables['Rebuild.SkipPausePublishPipeline'], 'True'))
variables:
HostKeySecret: $[ dependencies.Rebuild.outputs['wingetsetup.hostkey']]
CleanupEndpointSecret: $[ dependencies.Rebuild.outputs['wingetsetup.cleanupEndpoint']]
steps:
# Rebuild cleanup.
- task: AzureFunction@1
displayName: 'Cleanup'
inputs:
function: '$(CleanupEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "RebuildPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)",
}
waitForCompletion: "true"
# Rebuild cleanup.
- task: AzureFunction@1
displayName: 'Cleanup'
inputs:
function: '$(CleanupEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "RebuildPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)",
}
waitForCompletion: "true"
@@ -6,89 +6,72 @@ name: '$(Build.DefinitionName)-$(Build.DefinitionVersion)-$(Date:yyyyMMdd)-$(Rev
trigger: none
pr: none
resources:
repositories:
- repository: 1ESPipelineTemplates
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release
extends:
template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
parameters:
pool:
name: Azure-Pipelines-1ESPT-ExDShared
image: windows-2022
os: windows
customBuildTags:
- ES365AIMigrationTooling
jobs:
stages:
- stage: WinGetSvc_Rest_Rebuild
jobs:
# Agent phase.
- job: 'Rebuild'
displayName: 'Start Rebuild'
variables:
skipComponentGovernanceDetection: ${{ true }}
runCodesignValidationInjection: ${{ false }}
timeoutInMinutes: 0
steps:
# Agent phase.
- job: 'Rebuild'
displayName: 'Start Rebuild'
pool:
vmImage: 'windows-latest'
variables:
skipComponentGovernanceDetection: ${{ true }}
runCodesignValidationInjection: ${{ false }}
timeoutInMinutes: 0
steps:
# Allow scripts to access the system token.
- checkout: none
persistCredentials: true
# Allow scripts to access the system token.
- checkout: none
persistCredentials: true
# Downloads all the setup files and its dependencies.
- task: AzureCLI@1
displayName: 'Azure Setup'
inputs:
azureSubscription: '$(WinGet.Subscription)'
scriptLocation: inlineScript
inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none'
env:
AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString)
# Downloads all the setup files and its dependencies.
- task: AzureCLI@1
displayName: 'Azure Setup'
inputs:
azureSubscription: '$(WinGet.Subscription)'
scriptLocation: inlineScript
inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none'
env:
AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString)
# WinGet setup
- task: CmdLine@2
name: 'wingetsetup'
displayName: 'WinGet Setup'
env:
HOST_KEY: $(AzureFunctionHostKey)
RESTSOURCE_REBUILD_ENDPOINT: $(AzFuncRestSourceRebuildEndpoint)
inputs:
script: 'winget_rebuild_setup.cmd'
workingDirectory: scripts
# WinGet setup
- script: 'winget_rebuild_setup.cmd'
name: 'wingetsetup'
displayName: 'WinGet Setup'
workingDirectory: scripts
env:
HOST_KEY: $(AzureFunctionHostKey)
RESTSOURCE_REBUILD_ENDPOINT: $(AzFuncRestSourceRebuildEndpoint)
# Agentless phase. Depends on previous job.
- job: 'PublishToRestSource'
pool: server
timeoutInMinutes: 1500
displayName: 'Publish to rest source'
dependsOn:
- 'Rebuild'
variables:
HostKeySecret: $[ dependencies.Rebuild.outputs['wingetsetup.hostkey']]
RestSourceRebuildEndpointSecret: $[ dependencies.Rebuild.outputs['wingetsetup.restsourceRebuildEndpoint']]
steps:
# Agentless phase. Depends on previous job.
- job: 'PublishToRestSource'
pool: server
timeoutInMinutes: 1500
displayName: 'Publish to rest source'
dependsOn:
- 'Rebuild'
variables:
HostKeySecret: $[ dependencies.Rebuild.outputs['wingetsetup.hostkey']]
RestSourceRebuildEndpointSecret: $[ dependencies.Rebuild.outputs['wingetsetup.restsourceRebuildEndpoint']]
steps:
# Rebuild Rest source.
- task: AzureFunction@1
displayName: 'Publish to rest source'
inputs:
function: '$(RestSourceRebuildEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "RebuildPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Rebuild Rest source.
- task: AzureFunction@1
displayName: 'Publish to rest source'
inputs:
function: '$(RestSourceRebuildEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "RebuildPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
+284 -300
View File
@@ -12,320 +12,304 @@ pr:
include:
- manifests
resources:
repositories:
- repository: 1ESPipelineTemplates
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release
extends:
template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
parameters:
pool:
name: Azure-Pipelines-1ESPT-ExDShared
image: windows-2022
os: windows
customBuildTags:
- ES365AIMigrationTooling
stages:
- stage: WinGetSvc_Validation
jobs:
jobs:
# Agent phase. Process pull request changes and validate manifests.
- job: 'FileValidation'
displayName: 'Pull Request Validation'
variables:
skipComponentGovernanceDetection: ${{ true }}
runCodesignValidationInjection: ${{ false }}
timeoutInMinutes: 0
steps:
# Agent phase. Process pull request changes and validate manifests.
- job: 'FileValidation'
displayName: 'Pull Request Validation'
pool:
vmImage: 'windows-latest'
variables:
skipComponentGovernanceDetection: ${{ true }}
runCodesignValidationInjection: ${{ false }}
timeoutInMinutes: 0
steps:
# Downloads all the setup files and its dependencies.
- task: AzureCLI@1
displayName: 'Azure Setup'
inputs:
azureSubscription: '$(WinGet.Subscription)'
scriptLocation: inlineScript
inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none'
env:
AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString)
# Downloads all the setup files and its dependencies.
- task: AzureCLI@1
displayName: 'Azure Setup'
inputs:
azureSubscription: '$(WinGet.Subscription)'
scriptLocation: inlineScript
inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none'
env:
AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString)
- task: CmdLine@2
name: 'wingetsetup'
displayName: 'WinGet Setup'
env:
HOST_KEY: $(AzureFunctionHostKey)
SMART_SCREEN_ENDPOINT: $(AzFuncSmartScreenEndpoint)
DOMAIN_URLS_VALIDATION_ENDPOINT: $(AzFuncDomainUrlValEndpoint)
MANIFEST_POLICY_ENDPOINT: $(AzFuncManifestPolicyEndpoint)
SCAN_ENDPOINT: $(AzFuncScanEndpoint)
INSTALLATION_ENDPOINT: $(AzFuncInstallationVerificationEndpoint)
LABEL_ENDPOINT: $(AzFuncSetLabelOnPullRequestEndpoint)
CLEANUP_ENDPOINT: $(AzFuncCleanupEndpoint)
LABEL_KEY: $(AzureFunctionLabelKey)
CATALOG_CONTENT_VERIFICATION_ENDPOINT: $(AzFuncCatalogContentVerificationEndpoint)
inputs:
script: 'winget_validation_setup.cmd'
workingDirectory: scripts
# WinGet setup
- script: 'winget_validation_setup.cmd'
name: 'wingetsetup'
displayName: 'WinGet Setup'
workingDirectory: scripts
env:
HOST_KEY: $(AzureFunctionHostKey)
SMART_SCREEN_ENDPOINT: $(AzFuncSmartScreenEndpoint)
DOMAIN_URLS_VALIDATION_ENDPOINT: $(AzFuncDomainUrlValEndpoint)
MANIFEST_POLICY_ENDPOINT: $(AzFuncManifestPolicyEndpoint)
SCAN_ENDPOINT: $(AzFuncScanEndpoint)
INSTALLATION_ENDPOINT: $(AzFuncInstallationVerificationEndpoint)
LABEL_ENDPOINT: $(AzFuncSetLabelOnPullRequestEndpoint)
CLEANUP_ENDPOINT: $(AzFuncCleanupEndpoint)
LABEL_KEY: $(AzureFunctionLabelKey)
CATALOG_CONTENT_VERIFICATION_ENDPOINT: $(AzFuncCatalogContentVerificationEndpoint)
# Validates integrity of pull request.
- task: CmdLine@2
displayName: 'Validate Pull Request'
inputs:
script: 'WinGetSvcWrapper.exe process-pr --operationId %BUILD_BUILDNUMBER%'
failOnStderr: true
condition: succeeded()
env:
ValidationConnectionString: $(ValidationStorageAccountConnectionString)
GithubRepository: $(GithubRepository)
GithubServiceAccountToken: $(GithubServiceAccountToken)
ExecutionEnvironment: $(ExecutionEnvironment)
DIApplicationInsightKey: $(DIApplicationInsightKey)
WinGet:AppConfig:Primary: $(AppConfigPrimary)
WinGet:AppConfig:Secondary: $(AppConfigSecondary)
# Validates integrity of pull request.
- task: CmdLine@2
displayName: 'Validate Pull Request'
inputs:
script: 'WinGetSvcWrapper.exe process-pr --operationId %BUILD_BUILDNUMBER%'
failOnStderr: true
condition: succeeded()
env:
ValidationConnectionString: $(ValidationStorageAccountConnectionString)
GithubRepository: $(GithubRepository)
GithubServiceAccountToken: $(GithubServiceAccountToken)
ExecutionEnvironment: $(ExecutionEnvironment)
DIApplicationInsightKey: $(DIApplicationInsightKey)
WinGet:AppConfig:Primary: $(AppConfigPrimary)
WinGet:AppConfig:Secondary: $(AppConfigSecondary)
# Validates manifest integrity.
- task: CmdLine@2
displayName: 'Validate Manifest'
inputs:
script: 'WinGetSvcWrapper.exe validate-manifests --operationId %BUILD_BUILDNUMBER%'
failOnStderr: true
condition: succeeded()
env:
ValidationConnectionString: $(ValidationStorageAccountConnectionString)
CacheConnectionString: $(CacheStorageAccountConnectionString)
DIApplicationInsightKey: $(DIApplicationInsightKey)
WinGet:AppConfig:Primary: $(AppConfigPrimary)
WinGet:AppConfig:Secondary: $(AppConfigSecondary)
# Validates manifest integrity.
- task: CmdLine@2
displayName: 'Validate Manifest'
inputs:
script: 'WinGetSvcWrapper.exe validate-manifests --operationId %BUILD_BUILDNUMBER%'
failOnStderr: true
condition: succeeded()
env:
ValidationConnectionString: $(ValidationStorageAccountConnectionString)
CacheConnectionString: $(CacheStorageAccountConnectionString)
DIApplicationInsightKey: $(DIApplicationInsightKey)
WinGet:AppConfig:Primary: $(AppConfigPrimary)
WinGet:AppConfig:Secondary: $(AppConfigSecondary)
# Agentless phase. Depends on previous job.
- job: 'ContentValidation'
pool: server
displayName: 'Manifest Content Validation'
timeoutInMinutes: 1500
dependsOn:
- 'FileValidation'
variables:
HostKeySecret: $[ dependencies.FileValidation.outputs['wingetsetup.hostkey']]
SmartScreenEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.smartScreenEndpoint']]
DomainUrlValidationEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.domainUrlValidationEndpoint']]
ManiestPolicyEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.manifestPolicyEndpoint']]
steps:
# Agentless phase. Depends on previous job.
- job: 'ContentValidation'
pool: server
displayName: 'Manifest Content Validation'
timeoutInMinutes: 1500
dependsOn:
- 'FileValidation'
variables:
HostKeySecret: $[ dependencies.FileValidation.outputs['wingetsetup.hostkey']]
SmartScreenEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.smartScreenEndpoint']]
DomainUrlValidationEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.domainUrlValidationEndpoint']]
ManiestPolicyEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.manifestPolicyEndpoint']]
steps:
# Scans all the urls from manifest contents.
- task: AzureFunction@1
displayName: 'URLs Validation'
inputs:
function: '$(SmartScreenEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Scans all the urls from manifest contents.
- task: AzureFunction@1
displayName: 'URLs Validation'
inputs:
function: '$(SmartScreenEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Domain url validations.
- task: AzureFunction@1
displayName: 'URL Domain validation'
inputs:
function: '$(DomainUrlValidationEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Domain url validations.
- task: AzureFunction@1
displayName: 'URL Domain validation'
inputs:
function: '$(DomainUrlValidationEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Manifest policy checks.
- task: AzureFunction@1
displayName: 'Manifest Policy Validation'
inputs:
function: '$(ManiestPolicyEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Manifest policy checks.
- task: AzureFunction@1
displayName: 'Manifest Policy Validation'
inputs:
function: '$(ManiestPolicyEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Agentless phase. Depends on previous job.
- job: 'InstallerValidation'
pool: server
displayName: 'Installer Validation'
timeoutInMinutes: 1500
dependsOn:
- 'FileValidation'
- 'ContentValidation'
variables:
HostKeySecret: $[ dependencies.FileValidation.outputs['wingetsetup.hostkey']]
ScanEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.scanEndpoint']]
InstallationEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.installationEndpoint']]
steps:
# Agentless phase. Depends on previous job.
- job: 'InstallerValidation'
pool: server
displayName: 'Installer Validation'
timeoutInMinutes: 1500
dependsOn:
- 'FileValidation'
- 'ContentValidation'
variables:
HostKeySecret: $[ dependencies.FileValidation.outputs['wingetsetup.hostkey']]
ScanEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.scanEndpoint']]
InstallationEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.installationEndpoint']]
steps:
# Scan installers in manifests.
- task: AzureFunction@1
displayName: 'Installers Scan'
inputs:
function: '$(ScanEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Scan installers in manifests.
- task: AzureFunction@1
displayName: 'Installers Scan'
inputs:
function: '$(ScanEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Validates installation.
- task: AzureFunction@1
displayName: 'Installation Validation'
inputs:
function: '$(InstallationEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Validates installation.
- task: AzureFunction@1
displayName: 'Installation Validation'
inputs:
function: '$(InstallationEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Agentless phase. Depends on previous job.
- job: 'CatalogContentVerification'
pool: server
displayName: 'Catalog Content Verification'
timeoutInMinutes: 1500
dependsOn:
- 'FileValidation'
- 'ContentValidation'
- 'InstallerValidation'
variables:
HostKeySecret: $[ dependencies.FileValidation.outputs['wingetsetup.hostkey']]
CatalogContentVerificationEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.catalogContentVerificationEndpoint']]
steps:
# Agentless phase. Depends on previous job.
- job: 'CatalogContentVerification'
pool: server
displayName: 'Catalog Content Verification'
timeoutInMinutes: 1500
dependsOn:
- 'FileValidation'
- 'ContentValidation'
- 'InstallerValidation'
variables:
HostKeySecret: $[ dependencies.FileValidation.outputs['wingetsetup.hostkey']]
CatalogContentVerificationEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.catalogContentVerificationEndpoint']]
steps:
# Catalog content verification
- task: AzureFunction@1
displayName: 'Catalog Content Verification'
inputs:
function: '$(CatalogContentVerificationEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Catalog content verification
- task: AzureFunction@1
displayName: 'Catalog Content Verification'
inputs:
function: '$(CatalogContentVerificationEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Agentless phase. Runs even if previous jobs failed.
- job: 'postvalidation'
pool: server
displayName: 'Post Validation'
dependsOn:
- 'FileValidation'
- 'ContentValidation'
- 'InstallerValidation'
- 'CatalogContentVerification'
condition: succeededOrFailed()
variables:
HostKeySecret: $[ dependencies.FileValidation.outputs['wingetsetup.hostkey']]
LabelKeySecret : $[ dependencies.FileValidation.outputs['wingetsetup.labelkey']]
LabelEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.labelEndpoint']]
RepositoryId: $[ dependencies.FileValidation.outputs['wingetsetup.repoId']]
CleanupEndpointSecret: $[ dependencies.filevalidation.outputs['wingetsetup.cleanupEndpoint']]
steps:
# Agentless phase. Runs even if previous jobs failed.
- job: 'postvalidation'
pool: server
displayName: 'Post Validation'
dependsOn:
- 'FileValidation'
- 'ContentValidation'
- 'InstallerValidation'
- 'CatalogContentVerification'
condition: succeededOrFailed()
variables:
HostKeySecret: $[ dependencies.FileValidation.outputs['wingetsetup.hostkey']]
LabelKeySecret : $[ dependencies.FileValidation.outputs['wingetsetup.labelkey']]
LabelEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.labelEndpoint']]
RepositoryId: $[ dependencies.FileValidation.outputs['wingetsetup.repoId']]
CleanupEndpointSecret: $[ dependencies.filevalidation.outputs['wingetsetup.cleanupEndpoint']]
steps:
# Set label in GitHub PullRequest.
- task: AzureFunction@1
displayName: 'Set Label'
condition: eq(variables['WinGet.RepositoryType'], 'GitHub')
inputs:
function: '$(LabelEndpointSecret)'
key: '$(LabelKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"PlanUrl": "$(system.CollectionUri)",
"BuildId": "$(Build.BuildId)",
"HubName": "$(system.HostType)",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)",
"BuildRepositoryId": "$(RepositoryId)",
"PullRequestNumber": "$(System.PullRequest.PullRequestNumber)",
}
waitForCompletion: "true"
# Set label in GitHub PullRequest.
- task: AzureFunction@1
displayName: 'Set Label'
condition: eq(variables['WinGet.RepositoryType'], 'GitHub')
inputs:
function: '$(LabelEndpointSecret)'
key: '$(LabelKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"PlanUrl": "$(system.CollectionUri)",
"BuildId": "$(Build.BuildId)",
"HubName": "$(system.HostType)",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)",
"BuildRepositoryId": "$(RepositoryId)",
"PullRequestNumber": "$(System.PullRequest.PullRequestNumber)",
}
waitForCompletion: "true"
# Cleanup resources.
- task: AzureFunction@1
displayName: 'Validation cleanup'
inputs:
function: '$(CleanupEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"PlanUrl": "$(system.CollectionUri)",
"BuildId": "$(Build.BuildId)",
"HubName": "$(system.HostType)",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Cleanup resources.
- task: AzureFunction@1
displayName: 'Validation cleanup'
inputs:
function: '$(CleanupEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"PlanUrl": "$(system.CollectionUri)",
"BuildId": "$(Build.BuildId)",
"HubName": "$(system.HostType)",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"