diff --git a/DevOpsPipelineDefinitions/publish-pipeline.yaml b/DevOpsPipelineDefinitions/publish-pipeline.yaml index 0d1773d1274..3cbeb710362 100644 --- a/DevOpsPipelineDefinitions/publish-pipeline.yaml +++ b/DevOpsPipelineDefinitions/publish-pipeline.yaml @@ -13,271 +13,256 @@ trigger: pr: none -resources: - repositories: - - repository: 1ESPipelineTemplates - type: git - name: 1ESPipelineTemplates/1ESPipelineTemplates - ref: refs/tags/release -extends: - template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates - parameters: - pool: - name: Azure-Pipelines-1ESPT-ExDShared - image: windows-2022 - os: windows - customBuildTags: - - ES365AIMigrationTooling - - stages: - - stage: WinGetSvc_Publish - jobs: - # Agent phase. - - job: 'CommitProcessing' - displayName: 'Commit Processing' - variables: - skipComponentGovernanceDetection: ${{ true }} - runCodesignValidationInjection: ${{ false }} - timeoutInMinutes: 0 - - steps: - - # Downloads all the setup files and its dependencies. - - task: AzureCLI@1 - displayName: 'Azure Setup' - inputs: - azureSubscription: '$(WinGet.Subscription)' - scriptLocation: inlineScript - inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none' - env: - AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString) +jobs: - # WinGet setup - - task: CmdLine@2 - name: 'wingetsetup' - displayName: 'WinGet Setup' - env: - HOST_KEY: $(AzureFunctionHostKey) - SIGN_ENDPOINT: $(AzFuncSignEndpoint) - CLEANUP_ENDPOINT: $(AzFuncPublishCleanupEndpoint) - MANIFEST_PUBLISH_COMPLETION_ENDPOINT: $(AzFuncManifestPublishCompletionEndpoint) - PIPELINE_TASK_MESSAGE_QUEUE_ENDPOINT: $(AzFuncPipelineTaskMessageQueueEndPoint) - RESTSOURCE_UPDATE_ENDPOINT: $(AzFuncRestSourceUpdateEndpoint) - inputs: - script: 'winget_publish_setup.cmd' - workingDirectory: scripts +# Agent phase. +- job: 'CommitProcessing' + displayName: 'Commit Processing' + pool: + vmImage: 'windows-latest' + variables: + skipComponentGovernanceDetection: ${{ true }} + runCodesignValidationInjection: ${{ false }} + timeoutInMinutes: 0 + + steps: + + # Downloads all the setup files and its dependencies. + - task: AzureCLI@1 + displayName: 'Azure Setup' + inputs: + azureSubscription: '$(WinGet.Subscription)' + scriptLocation: inlineScript + inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none' + env: + AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString) - - task: CmdLine@2 - displayName: 'Validate Commits' - inputs: - script: 'WinGetSvcWrapper.exe validate-commits --operationId %BUILD_BUILDNUMBER%' - failOnStderr: true - condition: succeeded() - env: - ValidationConnectionString: $(ValidationStorageAccountConnectionString) - ExecutionEnvironment: $(ExecutionEnvironment) - CacheConnectionString: $(CacheStorageAccountConnectionString) - PackagePublisher: $(PackagePublisher) - DIApplicationInsightKey: $(DIApplicationInsightKey) - WinGet:AppConfig:Primary: $(AppConfigPrimary) - WinGet:AppConfig:Secondary: $(AppConfigSecondary) + # WinGet setup + - script: 'winget_publish_setup.cmd' + name: 'wingetsetup' + displayName: 'WinGet Setup' + workingDirectory: scripts + env: + HOST_KEY: $(AzureFunctionHostKey) + SIGN_ENDPOINT: $(AzFuncSignEndpoint) + CLEANUP_ENDPOINT: $(AzFuncPublishCleanupEndpoint) + MANIFEST_PUBLISH_COMPLETION_ENDPOINT: $(AzFuncManifestPublishCompletionEndpoint) + PIPELINE_TASK_MESSAGE_QUEUE_ENDPOINT: $(AzFuncPipelineTaskMessageQueueEndPoint) + RESTSOURCE_UPDATE_ENDPOINT: $(AzFuncRestSourceUpdateEndpoint) - # Agentless phase. Depends on previous job. - - job: 'SignPackage' - pool: server - timeoutInMinutes: 1500 - displayName: 'Sign package' - dependsOn: - - 'CommitProcessing' - variables: - HostKeySecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.hostkey']] - SignEndpointSecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.signEndpoint']] - steps: + - task: CmdLine@2 + displayName: 'Validate Commits' + inputs: + script: 'WinGetSvcWrapper.exe validate-commits --operationId %BUILD_BUILDNUMBER%' + failOnStderr: true + condition: succeeded() + env: + ValidationConnectionString: $(ValidationStorageAccountConnectionString) + ExecutionEnvironment: $(ExecutionEnvironment) + CacheConnectionString: $(CacheStorageAccountConnectionString) + PackagePublisher: $(PackagePublisher) + DIApplicationInsightKey: $(DIApplicationInsightKey) + WinGet:AppConfig:Primary: $(AppConfigPrimary) + WinGet:AppConfig:Secondary: $(AppConfigSecondary) - # Sign package. - - task: AzureFunction@1 - displayName: 'Signing package' - inputs: - function: '$(SignEndpointSecret)' - key: '$(HostKeySecret)' - body: | - { - "operationId": "$(Build.BuildNumber)", - "BuildId": "$(Build.BuildId)", - "PlanUrl": "$(system.CollectionUri)", - "HubName": "$(system.HostType)", - "pipelineType": "CommitPipeline", - "ProjectId": "$(system.TeamProjectId)", - "PlanId": "$(system.PlanId)", - "JobId": "$(system.JobId)", - "TimelineId": "$(system.TimelineId)", - "TaskInstanceId": "$(system.TaskInstanceId)", - "AuthToken": "$(system.AccessToken)" - } - waitForCompletion: "true" +# Agentless phase. Depends on previous job. +- job: 'SignPackage' + pool: server + timeoutInMinutes: 1500 + displayName: 'Sign package' + dependsOn: + - 'CommitProcessing' + variables: + HostKeySecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.hostkey']] + SignEndpointSecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.signEndpoint']] + steps: - # Agent phase. Depends on previous job. - - job: 'Publish' - displayName: 'Publish' - variables: - skipComponentGovernanceDetection: ${{ true }} - runCodesignValidationInjection: ${{ false }} - dependsOn: - - 'SignPackage' - timeoutInMinutes: 0 - - steps: + # Sign package. + - task: AzureFunction@1 + displayName: 'Signing package' + inputs: + function: '$(SignEndpointSecret)' + key: '$(HostKeySecret)' + body: | + { + "operationId": "$(Build.BuildNumber)", + "BuildId": "$(Build.BuildId)", + "PlanUrl": "$(system.CollectionUri)", + "HubName": "$(system.HostType)", + "pipelineType": "CommitPipeline", + "ProjectId": "$(system.TeamProjectId)", + "PlanId": "$(system.PlanId)", + "JobId": "$(system.JobId)", + "TimelineId": "$(system.TimelineId)", + "TaskInstanceId": "$(system.TaskInstanceId)", + "AuthToken": "$(system.AccessToken)" + } + waitForCompletion: "true" - # Downloads all the setup files and its dependencies. - - task: AzureCLI@1 - displayName: 'Azure Setup' - inputs: - azureSubscription: '$(WinGet.Subscription)' - scriptLocation: inlineScript - inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none' - env: - AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString) +# Agent phase. Depends on previous job. +- job: 'Publish' + displayName: 'Publish' + pool: + vmImage: 'windows-latest' + variables: + skipComponentGovernanceDetection: ${{ true }} + runCodesignValidationInjection: ${{ false }} + dependsOn: + - 'SignPackage' + timeoutInMinutes: 0 + + steps: - # Validates integrity of pull request. - - task: CmdLine@2 - displayName: 'Publish' - inputs: - script: 'WinGetSvcWrapper.exe publish --operationId %BUILD_BUILDNUMBER%' - failOnStderr: true - condition: succeeded() - env: - ValidationConnectionString: $(ValidationStorageAccountConnectionString) - ExecutionEnvironment: $(ExecutionEnvironment) - CacheConnectionString: $(CacheStorageAccountConnectionString) - DIApplicationInsightKey: $(DIApplicationInsightKey) - WinGet:AppConfig:Primary: $(AppConfigPrimary) - WinGet:AppConfig:Secondary: $(AppConfigSecondary) - CdnProfileName: $(CdnProfileName) - CdnEndpointName: $(CdnEndpointName) - CdnResourceGroup: $(CdnResourceGroup) - CdnAzureServicesAuthConnectionString: $(AzureServicesAuthConnectionString) - FdCdnProfileName: $(FdCdnProfileName) - FdCdnEndpointName: $(FdCdnEndpointName) - FdCdnResourceGroup: $(FdCdnResourceGroup) - CacheContainerName: $(CacheContainerName) - WinGet::SubscriptionId: $(WinGet.SubscriptionId) + # Downloads all the setup files and its dependencies. + - task: AzureCLI@1 + displayName: 'Azure Setup' + inputs: + azureSubscription: '$(WinGet.Subscription)' + scriptLocation: inlineScript + inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none' + env: + AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString) - # Agentless phase. Depends on previous job. - - job: 'PublishToRestSource' - pool: server - timeoutInMinutes: 1500 - displayName: 'Publish to rest source' - dependsOn: - - 'CommitProcessing' - - 'Publish' - variables: - HostKeySecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.hostkey']] - RestSourceUpdateEndpointSecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.restsourceUpdateEndpoint']] - steps: + # Validates integrity of pull request. + - task: CmdLine@2 + displayName: 'Publish' + inputs: + script: 'WinGetSvcWrapper.exe publish --operationId %BUILD_BUILDNUMBER%' + failOnStderr: true + condition: succeeded() + env: + ValidationConnectionString: $(ValidationStorageAccountConnectionString) + ExecutionEnvironment: $(ExecutionEnvironment) + CacheConnectionString: $(CacheStorageAccountConnectionString) + DIApplicationInsightKey: $(DIApplicationInsightKey) + WinGet:AppConfig:Primary: $(AppConfigPrimary) + WinGet:AppConfig:Secondary: $(AppConfigSecondary) + CdnProfileName: $(CdnProfileName) + CdnEndpointName: $(CdnEndpointName) + CdnResourceGroup: $(CdnResourceGroup) + CdnAzureServicesAuthConnectionString: $(AzureServicesAuthConnectionString) + FdCdnProfileName: $(FdCdnProfileName) + FdCdnEndpointName: $(FdCdnEndpointName) + FdCdnResourceGroup: $(FdCdnResourceGroup) + CacheContainerName: $(CacheContainerName) + WinGet::SubscriptionId: $(WinGet.SubscriptionId) - # Publish updates to rest source - - task: AzureFunction@1 - displayName: 'Publishing to rest source' - inputs: - function: '$(RestSourceUpdateEndpointSecret)' - key: '$(HostKeySecret)' - body: | - { - "operationId": "$(Build.BuildNumber)", - "BuildId": "$(Build.BuildId)", - "PlanUrl": "$(system.CollectionUri)", - "HubName": "$(system.HostType)", - "pipelineType": "CommitPipeline", - "ProjectId": "$(system.TeamProjectId)", - "PlanId": "$(system.PlanId)", - "JobId": "$(system.JobId)", - "TimelineId": "$(system.TimelineId)", - "TaskInstanceId": "$(system.TaskInstanceId)", - "AuthToken": "$(system.AccessToken)" - } - waitForCompletion: "true" +# Agentless phase. Depends on previous job. +- job: 'PublishToRestSource' + pool: server + timeoutInMinutes: 1500 + displayName: 'Publish to rest source' + dependsOn: + - 'CommitProcessing' + - 'Publish' + variables: + HostKeySecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.hostkey']] + RestSourceUpdateEndpointSecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.restsourceUpdateEndpoint']] + steps: - # Agentless phase. Depends on previous job. - - job: 'PostPublish' - pool: server - timeoutInMinutes: 1500 - displayName: 'Post publish' - dependsOn: - - 'CommitProcessing' - - 'Publish' - - 'PublishToRestSource' - condition: and(succeeded(), ne(variables['Source.SkipPostPublish'], 'true')) - variables: - HostKeySecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.hostkey']] - CleanEndpointSecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.cleanupEndpoint']] - ManifestPublishCompletionEndPoint: $[ dependencies.CommitProcessing.outputs['wingetsetup.manifestPublishCompletionEndPoint']] - PipelineTaskMessageQueueEndPoint: $[ dependencies.CommitProcessing.outputs['wingetsetup.PipelineTaskMessageQueueEndPoint']] - steps: + # Publish updates to rest source + - task: AzureFunction@1 + displayName: 'Publishing to rest source' + inputs: + function: '$(RestSourceUpdateEndpointSecret)' + key: '$(HostKeySecret)' + body: | + { + "operationId": "$(Build.BuildNumber)", + "BuildId": "$(Build.BuildId)", + "PlanUrl": "$(system.CollectionUri)", + "HubName": "$(system.HostType)", + "pipelineType": "CommitPipeline", + "ProjectId": "$(system.TeamProjectId)", + "PlanId": "$(system.PlanId)", + "JobId": "$(system.JobId)", + "TimelineId": "$(system.TimelineId)", + "TaskInstanceId": "$(system.TaskInstanceId)", + "AuthToken": "$(system.AccessToken)" + } + waitForCompletion: "true" - - task: AzureFunction@1 - displayName: 'Waiver Commit' - inputs: - function: '$(PipelineTaskMessageQueueEndPoint)' - key: '$(HostKeySecret)' - body: | - { - "operationId": "$(Build.BuildNumber)", - "BuildId": "$(Build.BuildId)", - "PlanUrl": "$(system.CollectionUri)", - "HubName": "$(system.HostType)", - "pipelineType": "CommitPipeline", - "ProjectId": "$(system.TeamProjectId)", - "PlanId": "$(system.PlanId)", - "JobId": "$(system.JobId)", - "TimelineId": "$(system.TimelineId)", - "TaskInstanceId": "$(system.TaskInstanceId)", - "AuthToken": "$(system.AccessToken)", - "BuildRepositoryId": "$(build.repository.id)", - "TaskIdentifier": "WaiverCommit" - } - waitForCompletion: "true" +# Agentless phase. Depends on previous job. +- job: 'PostPublish' + pool: server + timeoutInMinutes: 1500 + displayName: 'Post publish' + dependsOn: + - 'CommitProcessing' + - 'Publish' + - 'PublishToRestSource' + condition: and(succeeded(), ne(variables['Source.SkipPostPublish'], 'true')) + variables: + HostKeySecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.hostkey']] + CleanEndpointSecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.cleanupEndpoint']] + ManifestPublishCompletionEndPoint: $[ dependencies.CommitProcessing.outputs['wingetsetup.manifestPublishCompletionEndPoint']] + PipelineTaskMessageQueueEndPoint: $[ dependencies.CommitProcessing.outputs['wingetsetup.PipelineTaskMessageQueueEndPoint']] + steps: - - task: AzureFunction@1 - displayName: 'Pull Request Notification' - inputs: - function: '$(ManifestPublishCompletionEndPoint)' - key: '$(HostKeySecret)' - body: | - { - "operationId": "$(Build.BuildNumber)", - "BuildId": "$(Build.BuildId)", - "PlanUrl": "$(system.CollectionUri)", - "HubName": "$(system.HostType)", - "pipelineType": "CommitPipeline", - "ProjectId": "$(system.TeamProjectId)", - "PlanId": "$(system.PlanId)", - "JobId": "$(system.JobId)", - "TimelineId": "$(system.TimelineId)", - "TaskInstanceId": "$(system.TaskInstanceId)", - "AuthToken": "$(system.AccessToken)", - "BuildRepositoryId": "$(build.repository.id)" - } - waitForCompletion: "true" + - task: AzureFunction@1 + displayName: 'Waiver Commit' + inputs: + function: '$(PipelineTaskMessageQueueEndPoint)' + key: '$(HostKeySecret)' + body: | + { + "operationId": "$(Build.BuildNumber)", + "BuildId": "$(Build.BuildId)", + "PlanUrl": "$(system.CollectionUri)", + "HubName": "$(system.HostType)", + "pipelineType": "CommitPipeline", + "ProjectId": "$(system.TeamProjectId)", + "PlanId": "$(system.PlanId)", + "JobId": "$(system.JobId)", + "TimelineId": "$(system.TimelineId)", + "TaskInstanceId": "$(system.TaskInstanceId)", + "AuthToken": "$(system.AccessToken)", + "BuildRepositoryId": "$(build.repository.id)", + "TaskIdentifier": "WaiverCommit" + } + waitForCompletion: "true" - # Close issues. - - task: AzureFunction@1 - displayName: 'Cleanup Issues' - inputs: - function: '$(CleanEndpointSecret)' - key: '$(HostKeySecret)' - body: | - { - "operationId": "$(Build.BuildNumber)", - "BuildId": "$(Build.BuildId)", - "PlanUrl": "$(system.CollectionUri)", - "HubName": "$(system.HostType)", - "pipelineType": "CommitPipeline", - "ProjectId": "$(system.TeamProjectId)", - "PlanId": "$(system.PlanId)", - "JobId": "$(system.JobId)", - "TimelineId": "$(system.TimelineId)", - "TaskInstanceId": "$(system.TaskInstanceId)", - "AuthToken": "$(system.AccessToken)", - "BuildRepositoryId": "$(build.repository.id)" - } - waitForCompletion: "true" + - task: AzureFunction@1 + displayName: 'Pull Request Notification' + inputs: + function: '$(ManifestPublishCompletionEndPoint)' + key: '$(HostKeySecret)' + body: | + { + "operationId": "$(Build.BuildNumber)", + "BuildId": "$(Build.BuildId)", + "PlanUrl": "$(system.CollectionUri)", + "HubName": "$(system.HostType)", + "pipelineType": "CommitPipeline", + "ProjectId": "$(system.TeamProjectId)", + "PlanId": "$(system.PlanId)", + "JobId": "$(system.JobId)", + "TimelineId": "$(system.TimelineId)", + "TaskInstanceId": "$(system.TaskInstanceId)", + "AuthToken": "$(system.AccessToken)", + "BuildRepositoryId": "$(build.repository.id)" + } + waitForCompletion: "true" + + # Close issues. + - task: AzureFunction@1 + displayName: 'Cleanup Issues' + inputs: + function: '$(CleanEndpointSecret)' + key: '$(HostKeySecret)' + body: | + { + "operationId": "$(Build.BuildNumber)", + "BuildId": "$(Build.BuildId)", + "PlanUrl": "$(system.CollectionUri)", + "HubName": "$(system.HostType)", + "pipelineType": "CommitPipeline", + "ProjectId": "$(system.TeamProjectId)", + "PlanId": "$(system.PlanId)", + "JobId": "$(system.JobId)", + "TimelineId": "$(system.TimelineId)", + "TaskInstanceId": "$(system.TaskInstanceId)", + "AuthToken": "$(system.AccessToken)", + "BuildRepositoryId": "$(build.repository.id)" + } + waitForCompletion: "true" \ No newline at end of file diff --git a/DevOpsPipelineDefinitions/rebuild-pipeline.yaml b/DevOpsPipelineDefinitions/rebuild-pipeline.yaml index b2d0c816437..644668046e4 100644 --- a/DevOpsPipelineDefinitions/rebuild-pipeline.yaml +++ b/DevOpsPipelineDefinitions/rebuild-pipeline.yaml @@ -12,190 +12,173 @@ variables: Rebuild.EnableContainerBackup: $[coalesce(variables.EnableContainerBackup, 'False')] Rebuild.ClearContainer: $[coalesce(variables.ClearContainer, 'False')] -resources: - repositories: - - repository: 1ESPipelineTemplates - type: git - name: 1ESPipelineTemplates/1ESPipelineTemplates - ref: refs/tags/release -extends: - template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates - parameters: - pool: - name: Azure-Pipelines-1ESPT-ExDShared - image: windows-2022 - os: windows - customBuildTags: - - ES365AIMigrationTooling +jobs: - stages: - - stage: WinGetSvc_Rebuild - jobs: - # Agent phase. - - job: 'Rebuild' - displayName: 'Start Rebuild' - variables: - skipComponentGovernanceDetection: ${{ true }} - runCodesignValidationInjection: ${{ false }} - timeoutInMinutes: 0 - - steps: +# Agent phase. +- job: 'Rebuild' + displayName: 'Start Rebuild' + pool: + vmImage: 'windows-latest' + variables: + skipComponentGovernanceDetection: ${{ true }} + runCodesignValidationInjection: ${{ false }} + timeoutInMinutes: 0 + + steps: - # Allow scripts to access the system token. - - checkout: self - persistCredentials: true - clean: true + # Allow scripts to access the system token. + - checkout: self + persistCredentials: true + clean: true - # Downloads all the setup files and its dependencies. - - task: AzureCLI@1 - displayName: 'Azure Setup' - inputs: - azureSubscription: '$(WinGet.Subscription)' - scriptLocation: inlineScript - inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none' - env: - AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString) + # Downloads all the setup files and its dependencies. + - task: AzureCLI@1 + displayName: 'Azure Setup' + inputs: + azureSubscription: '$(WinGet.Subscription)' + scriptLocation: inlineScript + inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none' + env: + AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString) - # WinGet setup - - task: CmdLine@2 - name: 'wingetsetup' - displayName: 'WinGet Setup' - env: - HOST_KEY: $(AzureFunctionHostKey) - SIGN_ENDPOINT: $(AzFuncSignEndpoint) - PUBLISH_ENDPOINT: $(AzFuncRebuildPublishEndpoint) - CLEANUP_ENDPOINT: $(AzFuncRebuildCleanupEndpoint) - RESTSOURCE_REBUILD_ENDPOINT: $(AzFuncRestSourceRebuildEndpoint) - inputs: - script: 'winget_rebuild_setup.cmd' - workingDirectory: scripts + # WinGet setup + - script: 'winget_rebuild_setup.cmd' + name: 'wingetsetup' + displayName: 'WinGet Setup' + workingDirectory: scripts + env: + HOST_KEY: $(AzureFunctionHostKey) + SIGN_ENDPOINT: $(AzFuncSignEndpoint) + PUBLISH_ENDPOINT: $(AzFuncRebuildPublishEndpoint) + CLEANUP_ENDPOINT: $(AzFuncRebuildCleanupEndpoint) + RESTSOURCE_REBUILD_ENDPOINT: $(AzFuncRestSourceRebuildEndpoint) - - task: CmdLine@2 - displayName: 'Validate Manifests' - inputs: - script: 'WinGetSvcWrapper.exe rebuild --operationId %BUILD_BUILDNUMBER%' - failOnStderr: true - condition: succeeded() - env: - ValidationConnectionString: $(ValidationStorageAccountConnectionString) - ExecutionEnvironment: $(ExecutionEnvironment) - PackagePublisher: $(PackagePublisher) - SYSTEM_ACCESSTOKEN: $(System.AccessToken) - DIApplicationInsightKey: $(DIApplicationInsightKey) - WinGet:AppConfig:Primary: $(AppConfigPrimary) - WinGet:AppConfig:Secondary: $(AppConfigSecondary) - DevOpsOrganization: $(DevOpsOrganization) - DevOpsProjectName: $(DevOpsProjectName) - DevOpsPublishPipelineDefinitionId: $(DevOpsPublishPipelineDefinitionId) + - task: CmdLine@2 + displayName: 'Validate Manifests' + inputs: + script: 'WinGetSvcWrapper.exe rebuild --operationId %BUILD_BUILDNUMBER%' + failOnStderr: true + condition: succeeded() + env: + ValidationConnectionString: $(ValidationStorageAccountConnectionString) + ExecutionEnvironment: $(ExecutionEnvironment) + PackagePublisher: $(PackagePublisher) + SYSTEM_ACCESSTOKEN: $(System.AccessToken) + DIApplicationInsightKey: $(DIApplicationInsightKey) + WinGet:AppConfig:Primary: $(AppConfigPrimary) + WinGet:AppConfig:Secondary: $(AppConfigSecondary) + DevOpsOrganization: $(DevOpsOrganization) + DevOpsProjectName: $(DevOpsProjectName) + DevOpsPublishPipelineDefinitionId: $(DevOpsPublishPipelineDefinitionId) - # Agentless phase. Depends on previous job. - - job: 'SignPackage' - pool: server - timeoutInMinutes: 1500 - displayName: 'Sign package' - dependsOn: - - 'Rebuild' - variables: - HostKeySecret: $[ dependencies.Rebuild.outputs['wingetsetup.hostkey']] - SignEndpointSecret: $[ dependencies.Rebuild.outputs['wingetsetup.signEndpoint']] - steps: +# Agentless phase. Depends on previous job. +- job: 'SignPackage' + pool: server + timeoutInMinutes: 1500 + displayName: 'Sign package' + dependsOn: + - 'Rebuild' + variables: + HostKeySecret: $[ dependencies.Rebuild.outputs['wingetsetup.hostkey']] + SignEndpointSecret: $[ dependencies.Rebuild.outputs['wingetsetup.signEndpoint']] + steps: - # Sign package. - - task: AzureFunction@1 - displayName: 'Signing package' - inputs: - function: '$(SignEndpointSecret)' - key: '$(HostKeySecret)' - body: | - { - "operationId": "$(Build.BuildNumber)", - "BuildId": "$(Build.BuildId)", - "PlanUrl": "$(system.CollectionUri)", - "HubName": "$(system.HostType)", - "pipelineType": "RebuildPipeline", - "ProjectId": "$(system.TeamProjectId)", - "PlanId": "$(system.PlanId)", - "JobId": "$(system.JobId)", - "TimelineId": "$(system.TimelineId)", - "TaskInstanceId": "$(system.TaskInstanceId)", - "AuthToken": "$(system.AccessToken)" - } - waitForCompletion: "true" + # Sign package. + - task: AzureFunction@1 + displayName: 'Signing package' + inputs: + function: '$(SignEndpointSecret)' + key: '$(HostKeySecret)' + body: | + { + "operationId": "$(Build.BuildNumber)", + "BuildId": "$(Build.BuildId)", + "PlanUrl": "$(system.CollectionUri)", + "HubName": "$(system.HostType)", + "pipelineType": "RebuildPipeline", + "ProjectId": "$(system.TeamProjectId)", + "PlanId": "$(system.PlanId)", + "JobId": "$(system.JobId)", + "TimelineId": "$(system.TimelineId)", + "TaskInstanceId": "$(system.TaskInstanceId)", + "AuthToken": "$(system.AccessToken)" + } + waitForCompletion: "true" - # Agentless phase. Depends on previous job. - - job: 'Publish' - pool: server - timeoutInMinutes: 1500 - displayName: 'Publish' - dependsOn: - - 'Rebuild' - - 'SignPackage' - variables: - HostKeySecret: $[ dependencies.Rebuild.outputs['wingetsetup.hostkey']] - PublishEndpointSecret: $[ dependencies.Rebuild.outputs['wingetsetup.publishEndpoint']] - steps: +# Agentless phase. Depends on previous job. +- job: 'Publish' + pool: server + timeoutInMinutes: 1500 + displayName: 'Publish' + dependsOn: + - 'Rebuild' + - 'SignPackage' + variables: + HostKeySecret: $[ dependencies.Rebuild.outputs['wingetsetup.hostkey']] + PublishEndpointSecret: $[ dependencies.Rebuild.outputs['wingetsetup.publishEndpoint']] + steps: - # Rebuild Publish. - - task: AzureFunction@1 - displayName: 'Publish' - inputs: - function: '$(PublishEndpointSecret)' - key: '$(HostKeySecret)' - body: | - { - "operationId": "$(Build.BuildNumber)", - "BuildId": "$(Build.BuildId)", - "PlanUrl": "$(system.CollectionUri)", - "HubName": "$(system.HostType)", - "pipelineType": "RebuildPipeline", - "ProjectId": "$(system.TeamProjectId)", - "PlanId": "$(system.PlanId)", - "JobId": "$(system.JobId)", - "TimelineId": "$(system.TimelineId)", - "TaskInstanceId": "$(system.TaskInstanceId)", - "AuthToken": "$(system.AccessToken)", - "ContainerName": "$(CacheContainerName)", - "CommitTablePartitionKey": "$(CommitTablePartitionKey)", - "CommitTableRowKey": "$(CommitTableRowKey)", - "EnableContainerBackup": "$(Rebuild.EnableContainerBackup)", - "SkipManifestIndexUpdate": "$(Rebuild.SkipManifestIndexUpdate)", - "ClearContainer": "$(Rebuild.ClearContainer)", - } - waitForCompletion: "true" + # Rebuild Publish. + - task: AzureFunction@1 + displayName: 'Publish' + inputs: + function: '$(PublishEndpointSecret)' + key: '$(HostKeySecret)' + body: | + { + "operationId": "$(Build.BuildNumber)", + "BuildId": "$(Build.BuildId)", + "PlanUrl": "$(system.CollectionUri)", + "HubName": "$(system.HostType)", + "pipelineType": "RebuildPipeline", + "ProjectId": "$(system.TeamProjectId)", + "PlanId": "$(system.PlanId)", + "JobId": "$(system.JobId)", + "TimelineId": "$(system.TimelineId)", + "TaskInstanceId": "$(system.TaskInstanceId)", + "AuthToken": "$(system.AccessToken)", + "ContainerName": "$(CacheContainerName)", + "CommitTablePartitionKey": "$(CommitTablePartitionKey)", + "CommitTableRowKey": "$(CommitTableRowKey)", + "EnableContainerBackup": "$(Rebuild.EnableContainerBackup)", + "SkipManifestIndexUpdate": "$(Rebuild.SkipManifestIndexUpdate)", + "ClearContainer": "$(Rebuild.ClearContainer)", + } + waitForCompletion: "true" - # Agentless phase. Depends on previous job. - - job: 'Cleanup' - pool: server - timeoutInMinutes: 1500 - displayName: 'Cleanup' - dependsOn: - - 'Rebuild' - - 'SignPackage' - - 'Publish' - condition: and(succeededOrFailed(), ne(variables['Rebuild.SkipPausePublishPipeline'], 'True')) - variables: - HostKeySecret: $[ dependencies.Rebuild.outputs['wingetsetup.hostkey']] - CleanupEndpointSecret: $[ dependencies.Rebuild.outputs['wingetsetup.cleanupEndpoint']] - steps: +# Agentless phase. Depends on previous job. +- job: 'Cleanup' + pool: server + timeoutInMinutes: 1500 + displayName: 'Cleanup' + dependsOn: + - 'Rebuild' + - 'SignPackage' + - 'Publish' + condition: and(succeededOrFailed(), ne(variables['Rebuild.SkipPausePublishPipeline'], 'True')) + variables: + HostKeySecret: $[ dependencies.Rebuild.outputs['wingetsetup.hostkey']] + CleanupEndpointSecret: $[ dependencies.Rebuild.outputs['wingetsetup.cleanupEndpoint']] + steps: - # Rebuild cleanup. - - task: AzureFunction@1 - displayName: 'Cleanup' - inputs: - function: '$(CleanupEndpointSecret)' - key: '$(HostKeySecret)' - body: | - { - "operationId": "$(Build.BuildNumber)", - "BuildId": "$(Build.BuildId)", - "PlanUrl": "$(system.CollectionUri)", - "HubName": "$(system.HostType)", - "pipelineType": "RebuildPipeline", - "ProjectId": "$(system.TeamProjectId)", - "PlanId": "$(system.PlanId)", - "JobId": "$(system.JobId)", - "TimelineId": "$(system.TimelineId)", - "TaskInstanceId": "$(system.TaskInstanceId)", - "AuthToken": "$(system.AccessToken)", - } - waitForCompletion: "true" + # Rebuild cleanup. + - task: AzureFunction@1 + displayName: 'Cleanup' + inputs: + function: '$(CleanupEndpointSecret)' + key: '$(HostKeySecret)' + body: | + { + "operationId": "$(Build.BuildNumber)", + "BuildId": "$(Build.BuildId)", + "PlanUrl": "$(system.CollectionUri)", + "HubName": "$(system.HostType)", + "pipelineType": "RebuildPipeline", + "ProjectId": "$(system.TeamProjectId)", + "PlanId": "$(system.PlanId)", + "JobId": "$(system.JobId)", + "TimelineId": "$(system.TimelineId)", + "TaskInstanceId": "$(system.TaskInstanceId)", + "AuthToken": "$(system.AccessToken)", + } + waitForCompletion: "true" \ No newline at end of file diff --git a/DevOpsPipelineDefinitions/rebuild-rest-pipeline.yaml b/DevOpsPipelineDefinitions/rebuild-rest-pipeline.yaml index f480043d3f9..f4c257a51d7 100644 --- a/DevOpsPipelineDefinitions/rebuild-rest-pipeline.yaml +++ b/DevOpsPipelineDefinitions/rebuild-rest-pipeline.yaml @@ -6,89 +6,72 @@ name: '$(Build.DefinitionName)-$(Build.DefinitionVersion)-$(Date:yyyyMMdd)-$(Rev trigger: none pr: none -resources: - repositories: - - repository: 1ESPipelineTemplates - type: git - name: 1ESPipelineTemplates/1ESPipelineTemplates - ref: refs/tags/release -extends: - template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates - parameters: - pool: - name: Azure-Pipelines-1ESPT-ExDShared - image: windows-2022 - os: windows - customBuildTags: - - ES365AIMigrationTooling +jobs: - stages: - - stage: WinGetSvc_Rest_Rebuild - jobs: - # Agent phase. - - job: 'Rebuild' - displayName: 'Start Rebuild' - variables: - skipComponentGovernanceDetection: ${{ true }} - runCodesignValidationInjection: ${{ false }} - timeoutInMinutes: 0 - steps: +# Agent phase. +- job: 'Rebuild' + displayName: 'Start Rebuild' + pool: + vmImage: 'windows-latest' + variables: + skipComponentGovernanceDetection: ${{ true }} + runCodesignValidationInjection: ${{ false }} + timeoutInMinutes: 0 + steps: - # Allow scripts to access the system token. - - checkout: none - persistCredentials: true + # Allow scripts to access the system token. + - checkout: none + persistCredentials: true - # Downloads all the setup files and its dependencies. - - task: AzureCLI@1 - displayName: 'Azure Setup' - inputs: - azureSubscription: '$(WinGet.Subscription)' - scriptLocation: inlineScript - inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none' - env: - AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString) + # Downloads all the setup files and its dependencies. + - task: AzureCLI@1 + displayName: 'Azure Setup' + inputs: + azureSubscription: '$(WinGet.Subscription)' + scriptLocation: inlineScript + inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none' + env: + AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString) - # WinGet setup - - task: CmdLine@2 - name: 'wingetsetup' - displayName: 'WinGet Setup' - env: - HOST_KEY: $(AzureFunctionHostKey) - RESTSOURCE_REBUILD_ENDPOINT: $(AzFuncRestSourceRebuildEndpoint) - inputs: - script: 'winget_rebuild_setup.cmd' - workingDirectory: scripts + # WinGet setup + - script: 'winget_rebuild_setup.cmd' + name: 'wingetsetup' + displayName: 'WinGet Setup' + workingDirectory: scripts + env: + HOST_KEY: $(AzureFunctionHostKey) + RESTSOURCE_REBUILD_ENDPOINT: $(AzFuncRestSourceRebuildEndpoint) - # Agentless phase. Depends on previous job. - - job: 'PublishToRestSource' - pool: server - timeoutInMinutes: 1500 - displayName: 'Publish to rest source' - dependsOn: - - 'Rebuild' - variables: - HostKeySecret: $[ dependencies.Rebuild.outputs['wingetsetup.hostkey']] - RestSourceRebuildEndpointSecret: $[ dependencies.Rebuild.outputs['wingetsetup.restsourceRebuildEndpoint']] - steps: +# Agentless phase. Depends on previous job. +- job: 'PublishToRestSource' + pool: server + timeoutInMinutes: 1500 + displayName: 'Publish to rest source' + dependsOn: + - 'Rebuild' + variables: + HostKeySecret: $[ dependencies.Rebuild.outputs['wingetsetup.hostkey']] + RestSourceRebuildEndpointSecret: $[ dependencies.Rebuild.outputs['wingetsetup.restsourceRebuildEndpoint']] + steps: - # Rebuild Rest source. - - task: AzureFunction@1 - displayName: 'Publish to rest source' - inputs: - function: '$(RestSourceRebuildEndpointSecret)' - key: '$(HostKeySecret)' - body: | - { - "operationId": "$(Build.BuildNumber)", - "BuildId": "$(Build.BuildId)", - "PlanUrl": "$(system.CollectionUri)", - "HubName": "$(system.HostType)", - "pipelineType": "RebuildPipeline", - "ProjectId": "$(system.TeamProjectId)", - "PlanId": "$(system.PlanId)", - "JobId": "$(system.JobId)", - "TimelineId": "$(system.TimelineId)", - "TaskInstanceId": "$(system.TaskInstanceId)", - "AuthToken": "$(system.AccessToken)" - } - waitForCompletion: "true" + # Rebuild Rest source. + - task: AzureFunction@1 + displayName: 'Publish to rest source' + inputs: + function: '$(RestSourceRebuildEndpointSecret)' + key: '$(HostKeySecret)' + body: | + { + "operationId": "$(Build.BuildNumber)", + "BuildId": "$(Build.BuildId)", + "PlanUrl": "$(system.CollectionUri)", + "HubName": "$(system.HostType)", + "pipelineType": "RebuildPipeline", + "ProjectId": "$(system.TeamProjectId)", + "PlanId": "$(system.PlanId)", + "JobId": "$(system.JobId)", + "TimelineId": "$(system.TimelineId)", + "TaskInstanceId": "$(system.TaskInstanceId)", + "AuthToken": "$(system.AccessToken)" + } + waitForCompletion: "true" diff --git a/DevOpsPipelineDefinitions/validation-pipeline.yaml b/DevOpsPipelineDefinitions/validation-pipeline.yaml index 2b8a2bdf334..914f025b960 100644 --- a/DevOpsPipelineDefinitions/validation-pipeline.yaml +++ b/DevOpsPipelineDefinitions/validation-pipeline.yaml @@ -12,320 +12,304 @@ pr: include: - manifests -resources: - repositories: - - repository: 1ESPipelineTemplates - type: git - name: 1ESPipelineTemplates/1ESPipelineTemplates - ref: refs/tags/release -extends: - template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates - parameters: - pool: - name: Azure-Pipelines-1ESPT-ExDShared - image: windows-2022 - os: windows - customBuildTags: - - ES365AIMigrationTooling - stages: - - stage: WinGetSvc_Validation - jobs: +jobs: - # Agent phase. Process pull request changes and validate manifests. - - job: 'FileValidation' - displayName: 'Pull Request Validation' - variables: - skipComponentGovernanceDetection: ${{ true }} - runCodesignValidationInjection: ${{ false }} - timeoutInMinutes: 0 - - steps: +# Agent phase. Process pull request changes and validate manifests. +- job: 'FileValidation' + displayName: 'Pull Request Validation' + pool: + vmImage: 'windows-latest' + variables: + skipComponentGovernanceDetection: ${{ true }} + runCodesignValidationInjection: ${{ false }} + timeoutInMinutes: 0 + + steps: - # Downloads all the setup files and its dependencies. - - task: AzureCLI@1 - displayName: 'Azure Setup' - inputs: - azureSubscription: '$(WinGet.Subscription)' - scriptLocation: inlineScript - inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none' - env: - AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString) + # Downloads all the setup files and its dependencies. + - task: AzureCLI@1 + displayName: 'Azure Setup' + inputs: + azureSubscription: '$(WinGet.Subscription)' + scriptLocation: inlineScript + inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none' + env: + AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString) - - task: CmdLine@2 - name: 'wingetsetup' - displayName: 'WinGet Setup' - env: - HOST_KEY: $(AzureFunctionHostKey) - SMART_SCREEN_ENDPOINT: $(AzFuncSmartScreenEndpoint) - DOMAIN_URLS_VALIDATION_ENDPOINT: $(AzFuncDomainUrlValEndpoint) - MANIFEST_POLICY_ENDPOINT: $(AzFuncManifestPolicyEndpoint) - SCAN_ENDPOINT: $(AzFuncScanEndpoint) - INSTALLATION_ENDPOINT: $(AzFuncInstallationVerificationEndpoint) - LABEL_ENDPOINT: $(AzFuncSetLabelOnPullRequestEndpoint) - CLEANUP_ENDPOINT: $(AzFuncCleanupEndpoint) - LABEL_KEY: $(AzureFunctionLabelKey) - CATALOG_CONTENT_VERIFICATION_ENDPOINT: $(AzFuncCatalogContentVerificationEndpoint) - inputs: - script: 'winget_validation_setup.cmd' - workingDirectory: scripts + # WinGet setup + - script: 'winget_validation_setup.cmd' + name: 'wingetsetup' + displayName: 'WinGet Setup' + workingDirectory: scripts + env: + HOST_KEY: $(AzureFunctionHostKey) + SMART_SCREEN_ENDPOINT: $(AzFuncSmartScreenEndpoint) + DOMAIN_URLS_VALIDATION_ENDPOINT: $(AzFuncDomainUrlValEndpoint) + MANIFEST_POLICY_ENDPOINT: $(AzFuncManifestPolicyEndpoint) + SCAN_ENDPOINT: $(AzFuncScanEndpoint) + INSTALLATION_ENDPOINT: $(AzFuncInstallationVerificationEndpoint) + LABEL_ENDPOINT: $(AzFuncSetLabelOnPullRequestEndpoint) + CLEANUP_ENDPOINT: $(AzFuncCleanupEndpoint) + LABEL_KEY: $(AzureFunctionLabelKey) + CATALOG_CONTENT_VERIFICATION_ENDPOINT: $(AzFuncCatalogContentVerificationEndpoint) - # Validates integrity of pull request. - - task: CmdLine@2 - displayName: 'Validate Pull Request' - inputs: - script: 'WinGetSvcWrapper.exe process-pr --operationId %BUILD_BUILDNUMBER%' - failOnStderr: true - condition: succeeded() - env: - ValidationConnectionString: $(ValidationStorageAccountConnectionString) - GithubRepository: $(GithubRepository) - GithubServiceAccountToken: $(GithubServiceAccountToken) - ExecutionEnvironment: $(ExecutionEnvironment) - DIApplicationInsightKey: $(DIApplicationInsightKey) - WinGet:AppConfig:Primary: $(AppConfigPrimary) - WinGet:AppConfig:Secondary: $(AppConfigSecondary) + # Validates integrity of pull request. + - task: CmdLine@2 + displayName: 'Validate Pull Request' + inputs: + script: 'WinGetSvcWrapper.exe process-pr --operationId %BUILD_BUILDNUMBER%' + failOnStderr: true + condition: succeeded() + env: + ValidationConnectionString: $(ValidationStorageAccountConnectionString) + GithubRepository: $(GithubRepository) + GithubServiceAccountToken: $(GithubServiceAccountToken) + ExecutionEnvironment: $(ExecutionEnvironment) + DIApplicationInsightKey: $(DIApplicationInsightKey) + WinGet:AppConfig:Primary: $(AppConfigPrimary) + WinGet:AppConfig:Secondary: $(AppConfigSecondary) - # Validates manifest integrity. - - task: CmdLine@2 - displayName: 'Validate Manifest' - inputs: - script: 'WinGetSvcWrapper.exe validate-manifests --operationId %BUILD_BUILDNUMBER%' - failOnStderr: true - condition: succeeded() - env: - ValidationConnectionString: $(ValidationStorageAccountConnectionString) - CacheConnectionString: $(CacheStorageAccountConnectionString) - DIApplicationInsightKey: $(DIApplicationInsightKey) - WinGet:AppConfig:Primary: $(AppConfigPrimary) - WinGet:AppConfig:Secondary: $(AppConfigSecondary) + # Validates manifest integrity. + - task: CmdLine@2 + displayName: 'Validate Manifest' + inputs: + script: 'WinGetSvcWrapper.exe validate-manifests --operationId %BUILD_BUILDNUMBER%' + failOnStderr: true + condition: succeeded() + env: + ValidationConnectionString: $(ValidationStorageAccountConnectionString) + CacheConnectionString: $(CacheStorageAccountConnectionString) + DIApplicationInsightKey: $(DIApplicationInsightKey) + WinGet:AppConfig:Primary: $(AppConfigPrimary) + WinGet:AppConfig:Secondary: $(AppConfigSecondary) - # Agentless phase. Depends on previous job. - - job: 'ContentValidation' - pool: server - displayName: 'Manifest Content Validation' - timeoutInMinutes: 1500 - dependsOn: - - 'FileValidation' - variables: - HostKeySecret: $[ dependencies.FileValidation.outputs['wingetsetup.hostkey']] - SmartScreenEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.smartScreenEndpoint']] - DomainUrlValidationEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.domainUrlValidationEndpoint']] - ManiestPolicyEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.manifestPolicyEndpoint']] - steps: +# Agentless phase. Depends on previous job. +- job: 'ContentValidation' + pool: server + displayName: 'Manifest Content Validation' + timeoutInMinutes: 1500 + dependsOn: + - 'FileValidation' + variables: + HostKeySecret: $[ dependencies.FileValidation.outputs['wingetsetup.hostkey']] + SmartScreenEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.smartScreenEndpoint']] + DomainUrlValidationEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.domainUrlValidationEndpoint']] + ManiestPolicyEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.manifestPolicyEndpoint']] + steps: - # Scans all the urls from manifest contents. - - task: AzureFunction@1 - displayName: 'URLs Validation' - inputs: - function: '$(SmartScreenEndpointSecret)' - key: '$(HostKeySecret)' - body: | - { - "operationId": "$(Build.BuildNumber)", - "BuildId": "$(Build.BuildId)", - "PlanUrl": "$(system.CollectionUri)", - "HubName": "$(system.HostType)", - "ProjectId": "$(system.TeamProjectId)", - "PlanId": "$(system.PlanId)", - "JobId": "$(system.JobId)", - "TimelineId": "$(system.TimelineId)", - "TaskInstanceId": "$(system.TaskInstanceId)", - "AuthToken": "$(system.AccessToken)" - } - waitForCompletion: "true" + # Scans all the urls from manifest contents. + - task: AzureFunction@1 + displayName: 'URLs Validation' + inputs: + function: '$(SmartScreenEndpointSecret)' + key: '$(HostKeySecret)' + body: | + { + "operationId": "$(Build.BuildNumber)", + "BuildId": "$(Build.BuildId)", + "PlanUrl": "$(system.CollectionUri)", + "HubName": "$(system.HostType)", + "ProjectId": "$(system.TeamProjectId)", + "PlanId": "$(system.PlanId)", + "JobId": "$(system.JobId)", + "TimelineId": "$(system.TimelineId)", + "TaskInstanceId": "$(system.TaskInstanceId)", + "AuthToken": "$(system.AccessToken)" + } + waitForCompletion: "true" - # Domain url validations. - - task: AzureFunction@1 - displayName: 'URL Domain validation' - inputs: - function: '$(DomainUrlValidationEndpointSecret)' - key: '$(HostKeySecret)' - body: | - { - "operationId": "$(Build.BuildNumber)", - "BuildId": "$(Build.BuildId)", - "PlanUrl": "$(system.CollectionUri)", - "HubName": "$(system.HostType)", - "ProjectId": "$(system.TeamProjectId)", - "PlanId": "$(system.PlanId)", - "JobId": "$(system.JobId)", - "TimelineId": "$(system.TimelineId)", - "TaskInstanceId": "$(system.TaskInstanceId)", - "AuthToken": "$(system.AccessToken)" - } - waitForCompletion: "true" + # Domain url validations. + - task: AzureFunction@1 + displayName: 'URL Domain validation' + inputs: + function: '$(DomainUrlValidationEndpointSecret)' + key: '$(HostKeySecret)' + body: | + { + "operationId": "$(Build.BuildNumber)", + "BuildId": "$(Build.BuildId)", + "PlanUrl": "$(system.CollectionUri)", + "HubName": "$(system.HostType)", + "ProjectId": "$(system.TeamProjectId)", + "PlanId": "$(system.PlanId)", + "JobId": "$(system.JobId)", + "TimelineId": "$(system.TimelineId)", + "TaskInstanceId": "$(system.TaskInstanceId)", + "AuthToken": "$(system.AccessToken)" + } + waitForCompletion: "true" - # Manifest policy checks. - - task: AzureFunction@1 - displayName: 'Manifest Policy Validation' - inputs: - function: '$(ManiestPolicyEndpointSecret)' - key: '$(HostKeySecret)' - body: | - { - "operationId": "$(Build.BuildNumber)", - "BuildId": "$(Build.BuildId)", - "PlanUrl": "$(system.CollectionUri)", - "HubName": "$(system.HostType)", - "ProjectId": "$(system.TeamProjectId)", - "PlanId": "$(system.PlanId)", - "JobId": "$(system.JobId)", - "TimelineId": "$(system.TimelineId)", - "TaskInstanceId": "$(system.TaskInstanceId)", - "AuthToken": "$(system.AccessToken)" - } - waitForCompletion: "true" + # Manifest policy checks. + - task: AzureFunction@1 + displayName: 'Manifest Policy Validation' + inputs: + function: '$(ManiestPolicyEndpointSecret)' + key: '$(HostKeySecret)' + body: | + { + "operationId": "$(Build.BuildNumber)", + "BuildId": "$(Build.BuildId)", + "PlanUrl": "$(system.CollectionUri)", + "HubName": "$(system.HostType)", + "ProjectId": "$(system.TeamProjectId)", + "PlanId": "$(system.PlanId)", + "JobId": "$(system.JobId)", + "TimelineId": "$(system.TimelineId)", + "TaskInstanceId": "$(system.TaskInstanceId)", + "AuthToken": "$(system.AccessToken)" + } + waitForCompletion: "true" - # Agentless phase. Depends on previous job. - - job: 'InstallerValidation' - pool: server - displayName: 'Installer Validation' - timeoutInMinutes: 1500 - dependsOn: - - 'FileValidation' - - 'ContentValidation' - variables: - HostKeySecret: $[ dependencies.FileValidation.outputs['wingetsetup.hostkey']] - ScanEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.scanEndpoint']] - InstallationEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.installationEndpoint']] - steps: +# Agentless phase. Depends on previous job. +- job: 'InstallerValidation' + pool: server + displayName: 'Installer Validation' + timeoutInMinutes: 1500 + dependsOn: + - 'FileValidation' + - 'ContentValidation' + variables: + HostKeySecret: $[ dependencies.FileValidation.outputs['wingetsetup.hostkey']] + ScanEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.scanEndpoint']] + InstallationEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.installationEndpoint']] + steps: - # Scan installers in manifests. - - task: AzureFunction@1 - displayName: 'Installers Scan' - inputs: - function: '$(ScanEndpointSecret)' - key: '$(HostKeySecret)' - body: | - { - "operationId": "$(Build.BuildNumber)", - "BuildId": "$(Build.BuildId)", - "PlanUrl": "$(system.CollectionUri)", - "HubName": "$(system.HostType)", - "ProjectId": "$(system.TeamProjectId)", - "PlanId": "$(system.PlanId)", - "JobId": "$(system.JobId)", - "TimelineId": "$(system.TimelineId)", - "TaskInstanceId": "$(system.TaskInstanceId)", - "AuthToken": "$(system.AccessToken)" - } - waitForCompletion: "true" + # Scan installers in manifests. + - task: AzureFunction@1 + displayName: 'Installers Scan' + inputs: + function: '$(ScanEndpointSecret)' + key: '$(HostKeySecret)' + body: | + { + "operationId": "$(Build.BuildNumber)", + "BuildId": "$(Build.BuildId)", + "PlanUrl": "$(system.CollectionUri)", + "HubName": "$(system.HostType)", + "ProjectId": "$(system.TeamProjectId)", + "PlanId": "$(system.PlanId)", + "JobId": "$(system.JobId)", + "TimelineId": "$(system.TimelineId)", + "TaskInstanceId": "$(system.TaskInstanceId)", + "AuthToken": "$(system.AccessToken)" + } + waitForCompletion: "true" - # Validates installation. - - task: AzureFunction@1 - displayName: 'Installation Validation' - inputs: - function: '$(InstallationEndpointSecret)' - key: '$(HostKeySecret)' - body: | - { - "operationId": "$(Build.BuildNumber)", - "BuildId": "$(Build.BuildId)", - "PlanUrl": "$(system.CollectionUri)", - "HubName": "$(system.HostType)", - "ProjectId": "$(system.TeamProjectId)", - "PlanId": "$(system.PlanId)", - "JobId": "$(system.JobId)", - "TimelineId": "$(system.TimelineId)", - "TaskInstanceId": "$(system.TaskInstanceId)", - "AuthToken": "$(system.AccessToken)" - } - waitForCompletion: "true" + # Validates installation. + - task: AzureFunction@1 + displayName: 'Installation Validation' + inputs: + function: '$(InstallationEndpointSecret)' + key: '$(HostKeySecret)' + body: | + { + "operationId": "$(Build.BuildNumber)", + "BuildId": "$(Build.BuildId)", + "PlanUrl": "$(system.CollectionUri)", + "HubName": "$(system.HostType)", + "ProjectId": "$(system.TeamProjectId)", + "PlanId": "$(system.PlanId)", + "JobId": "$(system.JobId)", + "TimelineId": "$(system.TimelineId)", + "TaskInstanceId": "$(system.TaskInstanceId)", + "AuthToken": "$(system.AccessToken)" + } + waitForCompletion: "true" - # Agentless phase. Depends on previous job. - - job: 'CatalogContentVerification' - pool: server - displayName: 'Catalog Content Verification' - timeoutInMinutes: 1500 - dependsOn: - - 'FileValidation' - - 'ContentValidation' - - 'InstallerValidation' - variables: - HostKeySecret: $[ dependencies.FileValidation.outputs['wingetsetup.hostkey']] - CatalogContentVerificationEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.catalogContentVerificationEndpoint']] - steps: +# Agentless phase. Depends on previous job. +- job: 'CatalogContentVerification' + pool: server + displayName: 'Catalog Content Verification' + timeoutInMinutes: 1500 + dependsOn: + - 'FileValidation' + - 'ContentValidation' + - 'InstallerValidation' + variables: + HostKeySecret: $[ dependencies.FileValidation.outputs['wingetsetup.hostkey']] + CatalogContentVerificationEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.catalogContentVerificationEndpoint']] + steps: - # Catalog content verification - - task: AzureFunction@1 - displayName: 'Catalog Content Verification' - inputs: - function: '$(CatalogContentVerificationEndpointSecret)' - key: '$(HostKeySecret)' - body: | - { - "operationId": "$(Build.BuildNumber)", - "BuildId": "$(Build.BuildId)", - "PlanUrl": "$(system.CollectionUri)", - "HubName": "$(system.HostType)", - "ProjectId": "$(system.TeamProjectId)", - "PlanId": "$(system.PlanId)", - "JobId": "$(system.JobId)", - "TimelineId": "$(system.TimelineId)", - "TaskInstanceId": "$(system.TaskInstanceId)", - "AuthToken": "$(system.AccessToken)" - } - waitForCompletion: "true" + # Catalog content verification + - task: AzureFunction@1 + displayName: 'Catalog Content Verification' + inputs: + function: '$(CatalogContentVerificationEndpointSecret)' + key: '$(HostKeySecret)' + body: | + { + "operationId": "$(Build.BuildNumber)", + "BuildId": "$(Build.BuildId)", + "PlanUrl": "$(system.CollectionUri)", + "HubName": "$(system.HostType)", + "ProjectId": "$(system.TeamProjectId)", + "PlanId": "$(system.PlanId)", + "JobId": "$(system.JobId)", + "TimelineId": "$(system.TimelineId)", + "TaskInstanceId": "$(system.TaskInstanceId)", + "AuthToken": "$(system.AccessToken)" + } + waitForCompletion: "true" - # Agentless phase. Runs even if previous jobs failed. - - job: 'postvalidation' - pool: server - displayName: 'Post Validation' - dependsOn: - - 'FileValidation' - - 'ContentValidation' - - 'InstallerValidation' - - 'CatalogContentVerification' - condition: succeededOrFailed() - variables: - HostKeySecret: $[ dependencies.FileValidation.outputs['wingetsetup.hostkey']] - LabelKeySecret : $[ dependencies.FileValidation.outputs['wingetsetup.labelkey']] - LabelEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.labelEndpoint']] - RepositoryId: $[ dependencies.FileValidation.outputs['wingetsetup.repoId']] - CleanupEndpointSecret: $[ dependencies.filevalidation.outputs['wingetsetup.cleanupEndpoint']] - steps: +# Agentless phase. Runs even if previous jobs failed. +- job: 'postvalidation' + pool: server + displayName: 'Post Validation' + dependsOn: + - 'FileValidation' + - 'ContentValidation' + - 'InstallerValidation' + - 'CatalogContentVerification' + condition: succeededOrFailed() + variables: + HostKeySecret: $[ dependencies.FileValidation.outputs['wingetsetup.hostkey']] + LabelKeySecret : $[ dependencies.FileValidation.outputs['wingetsetup.labelkey']] + LabelEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.labelEndpoint']] + RepositoryId: $[ dependencies.FileValidation.outputs['wingetsetup.repoId']] + CleanupEndpointSecret: $[ dependencies.filevalidation.outputs['wingetsetup.cleanupEndpoint']] + steps: - # Set label in GitHub PullRequest. - - task: AzureFunction@1 - displayName: 'Set Label' - condition: eq(variables['WinGet.RepositoryType'], 'GitHub') - inputs: - function: '$(LabelEndpointSecret)' - key: '$(LabelKeySecret)' - body: | - { - "operationId": "$(Build.BuildNumber)", - "PlanUrl": "$(system.CollectionUri)", - "BuildId": "$(Build.BuildId)", - "HubName": "$(system.HostType)", - "ProjectId": "$(system.TeamProjectId)", - "PlanId": "$(system.PlanId)", - "JobId": "$(system.JobId)", - "TimelineId": "$(system.TimelineId)", - "TaskInstanceId": "$(system.TaskInstanceId)", - "AuthToken": "$(system.AccessToken)", - "BuildRepositoryId": "$(RepositoryId)", - "PullRequestNumber": "$(System.PullRequest.PullRequestNumber)", - } - waitForCompletion: "true" + # Set label in GitHub PullRequest. + - task: AzureFunction@1 + displayName: 'Set Label' + condition: eq(variables['WinGet.RepositoryType'], 'GitHub') + inputs: + function: '$(LabelEndpointSecret)' + key: '$(LabelKeySecret)' + body: | + { + "operationId": "$(Build.BuildNumber)", + "PlanUrl": "$(system.CollectionUri)", + "BuildId": "$(Build.BuildId)", + "HubName": "$(system.HostType)", + "ProjectId": "$(system.TeamProjectId)", + "PlanId": "$(system.PlanId)", + "JobId": "$(system.JobId)", + "TimelineId": "$(system.TimelineId)", + "TaskInstanceId": "$(system.TaskInstanceId)", + "AuthToken": "$(system.AccessToken)", + "BuildRepositoryId": "$(RepositoryId)", + "PullRequestNumber": "$(System.PullRequest.PullRequestNumber)", + } + waitForCompletion: "true" - # Cleanup resources. - - task: AzureFunction@1 - displayName: 'Validation cleanup' - inputs: - function: '$(CleanupEndpointSecret)' - key: '$(HostKeySecret)' - body: | - { - "operationId": "$(Build.BuildNumber)", - "PlanUrl": "$(system.CollectionUri)", - "BuildId": "$(Build.BuildId)", - "HubName": "$(system.HostType)", - "ProjectId": "$(system.TeamProjectId)", - "PlanId": "$(system.PlanId)", - "JobId": "$(system.JobId)", - "TimelineId": "$(system.TimelineId)", - "TaskInstanceId": "$(system.TaskInstanceId)", - "AuthToken": "$(system.AccessToken)" - } - waitForCompletion: "true" \ No newline at end of file + # Cleanup resources. + - task: AzureFunction@1 + displayName: 'Validation cleanup' + inputs: + function: '$(CleanupEndpointSecret)' + key: '$(HostKeySecret)' + body: | + { + "operationId": "$(Build.BuildNumber)", + "PlanUrl": "$(system.CollectionUri)", + "BuildId": "$(Build.BuildId)", + "HubName": "$(system.HostType)", + "ProjectId": "$(system.TeamProjectId)", + "PlanId": "$(system.PlanId)", + "JobId": "$(system.JobId)", + "TimelineId": "$(system.TimelineId)", + "TaskInstanceId": "$(system.TaskInstanceId)", + "AuthToken": "$(system.AccessToken)" + } + waitForCompletion: "true" \ No newline at end of file