diff --git a/DevOpsPipelineDefinitions/publish-pipeline.yaml b/DevOpsPipelineDefinitions/publish-pipeline.yaml index 26c8985fd4b..10010d588f6 100644 --- a/DevOpsPipelineDefinitions/publish-pipeline.yaml +++ b/DevOpsPipelineDefinitions/publish-pipeline.yaml @@ -31,7 +31,7 @@ extends: os: windows customBuildTags: - ES365AIMigrationTooling - + stages: - stage: WinGetSvc_Publish jobs: @@ -42,18 +42,19 @@ extends: skipComponentGovernanceDetection: ${{ true }} runCodesignValidationInjection: ${{ false }} timeoutInMinutes: 0 - + steps: - + # Downloads all the setup files and its dependencies. - - task: AzureCLI@1 + - task: AzureCLI@2 displayName: 'Azure Setup' inputs: - azureSubscription: '$(WinGet.Subscription)' + azureSubscription: '$(WinGetSvc.DataAccess)' + scriptType: batch scriptLocation: inlineScript - inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none' - env: - AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString) + inlineScript: | + az storage blob download-batch --auth-mode login -d . --pattern * -s servicewrapper --output none --account-name $(ValidationStorageAccountName) + addSpnToEnvironment: true # WinGet setup - task: CmdLine@2 @@ -71,20 +72,29 @@ extends: script: 'winget_publish_setup.cmd' workingDirectory: scripts - - task: CmdLine@2 + - task: AzureCLI@2 displayName: 'Validate Commits' inputs: - script: 'WinGetSvcWrapper.exe validate-commits --operationId %BUILD_BUILDNUMBER%' - failOnStderr: true - condition: succeeded() + azureSubscription: '$(WinGetSvc.DataAccess)' + scriptType: batch + scriptLocation: inlineScript + inlineScript: | + WinGetSvcWrapper.exe validate-commits --operationId %BUILD_BUILDNUMBER% + addSpnToEnvironment: true + failOnStandardError: true env: ValidationConnectionString: $(ValidationStorageAccountConnectionString) - ExecutionEnvironment: $(ExecutionEnvironment) CacheConnectionString: $(CacheStorageAccountConnectionString) + ValidationStorageAccountName: $(ValidationStorageAccountName) + CacheStorageAccountName: $(CacheStorageAccountName) + StorageManagedIdentityClientId: $(StorageManagedIdentityClientId) + ExecutionEnvironment: $(ExecutionEnvironment) PackagePublisher: $(PackagePublisher) DIApplicationInsightKey: $(DIApplicationInsightKey) WinGet:AppConfig:Primary: $(AppConfigPrimary) WinGet:AppConfig:Secondary: $(AppConfigSecondary) + WinGet:AppConfig:PrimaryEndpoint: $(AppConfigPrimaryEndpoint) + WinGet:AppConfig:SecondaryEndpoint: $(AppConfigSecondaryEndpoint) SYSTEM_ACCESSTOKEN: $(System.AccessToken) GithubServiceAccountToken: $(GithubServiceAccountToken) diff --git a/DevOpsPipelineDefinitions/rebuild-pipeline.yaml b/DevOpsPipelineDefinitions/rebuild-pipeline.yaml index 06d49b7e5b9..c5fc9283354 100644 --- a/DevOpsPipelineDefinitions/rebuild-pipeline.yaml +++ b/DevOpsPipelineDefinitions/rebuild-pipeline.yaml @@ -38,7 +38,7 @@ extends: skipComponentGovernanceDetection: ${{ true }} runCodesignValidationInjection: ${{ false }} timeoutInMinutes: 0 - + steps: # Allow scripts to access the system token. @@ -47,14 +47,15 @@ extends: clean: true # Downloads all the setup files and its dependencies. - - task: AzureCLI@1 + - task: AzureCLI@2 displayName: 'Azure Setup' inputs: - azureSubscription: '$(WinGet.Subscription)' + azureSubscription: '$(WinGetSvc.DataAccess)' + scriptType: batch scriptLocation: inlineScript - inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none' - env: - AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString) + inlineScript: | + az storage blob download-batch --auth-mode login -d . --pattern * -s servicewrapper --output none --account-name $(ValidationStorageAccountName) + addSpnToEnvironment: true # WinGet setup - task: CmdLine@2 @@ -70,21 +71,30 @@ extends: script: 'winget_rebuild_setup.cmd' workingDirectory: scripts - - task: CmdLine@2 + - task: AzureCLI@2 displayName: 'Validate Manifests' inputs: - script: 'WinGetSvcWrapper.exe rebuild --operationId %BUILD_BUILDNUMBER%' - failOnStderr: true - condition: succeeded() + azureSubscription: '$(WinGetSvc.DataAccess)' + scriptType: batch + scriptLocation: inlineScript + inlineScript: | + WinGetSvcWrapper.exe rebuild --operationId %BUILD_BUILDNUMBER% + addSpnToEnvironment: true + failOnStandardError: true env: ValidationConnectionString: $(ValidationStorageAccountConnectionString) CacheConnectionString: $(CacheStorageAccountConnectionString) + ValidationStorageAccountName: $(ValidationStorageAccountName) + CacheStorageAccountName: $(CacheStorageAccountName) + StorageManagedIdentityClientId: $(StorageManagedIdentityClientId) ExecutionEnvironment: $(ExecutionEnvironment) PackagePublisher: $(PackagePublisher) SYSTEM_ACCESSTOKEN: $(System.AccessToken) DIApplicationInsightKey: $(DIApplicationInsightKey) WinGet:AppConfig:Primary: $(AppConfigPrimary) WinGet:AppConfig:Secondary: $(AppConfigSecondary) + WinGet:AppConfig:PrimaryEndpoint: $(AppConfigPrimaryEndpoint) + WinGet:AppConfig:SecondaryEndpoint: $(AppConfigSecondaryEndpoint) SkipPausePublishPipeline: $(Rebuild.SkipPausePublishPipeline) # Agentless phase. Depends on previous job. diff --git a/DevOpsPipelineDefinitions/validation-pipeline.yaml b/DevOpsPipelineDefinitions/validation-pipeline.yaml index 9f218b85b23..6d21279cc03 100644 --- a/DevOpsPipelineDefinitions/validation-pipeline.yaml +++ b/DevOpsPipelineDefinitions/validation-pipeline.yaml @@ -40,18 +40,19 @@ extends: skipComponentGovernanceDetection: ${{ true }} runCodesignValidationInjection: ${{ false }} timeoutInMinutes: 0 - + steps: # Downloads all the setup files and its dependencies. - - task: AzureCLI@1 + - task: AzureCLI@2 displayName: 'Azure Setup' inputs: - azureSubscription: '$(WinGet.Subscription)' + azureSubscription: '$(WinGetSvc.DataAccess)' + scriptType: batch scriptLocation: inlineScript - inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none' - env: - AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString) + inlineScript: | + az storage blob download-batch --auth-mode login -d . --pattern * -s servicewrapper --output none --account-name $(ValidationStorageAccountName) + addSpnToEnvironment: true - task: CmdLine@2 name: 'wingetsetup' @@ -73,33 +74,51 @@ extends: workingDirectory: scripts # Validates integrity of pull request. - - task: CmdLine@2 + - task: AzureCLI@2 displayName: 'Validate Pull Request' inputs: - script: 'WinGetSvcWrapper.exe process-pr --operationId %BUILD_BUILDNUMBER%' - failOnStderr: true - condition: succeeded() + azureSubscription: '$(WinGetSvc.DataAccess)' + scriptType: batch + scriptLocation: inlineScript + inlineScript: | + WinGetSvcWrapper.exe process-pr --operationId %BUILD_BUILDNUMBER% + addSpnToEnvironment: true + failOnStandardError: true env: ValidationConnectionString: $(ValidationStorageAccountConnectionString) + ValidationStorageAccountName: $(ValidationStorageAccountName) + StorageManagedIdentityClientId: $(StorageManagedIdentityClientId) + GithubRepository: $(GithubRepository) GithubServiceAccountToken: $(GithubServiceAccountToken) ExecutionEnvironment: $(ExecutionEnvironment) DIApplicationInsightKey: $(DIApplicationInsightKey) WinGet:AppConfig:Primary: $(AppConfigPrimary) WinGet:AppConfig:Secondary: $(AppConfigSecondary) + WinGet:AppConfig:PrimaryEndpoint: $(AppConfigPrimaryEndpoint) + WinGet:AppConfig:SecondaryEndpoint: $(AppConfigSecondaryEndpoint) # Validates manifest integrity. - - task: CmdLine@2 + - task: AzureCLI@2 displayName: 'Validate Manifest' inputs: - script: 'WinGetSvcWrapper.exe validate-manifests --operationId %BUILD_BUILDNUMBER%' - failOnStderr: true - condition: succeeded() + azureSubscription: '$(WinGetSvc.DataAccess)' + scriptType: batch + scriptLocation: inlineScript + inlineScript: | + WinGetSvcWrapper.exe validate-manifests --operationId %BUILD_BUILDNUMBER% + addSpnToEnvironment: true + failOnStandardError: true env: ValidationConnectionString: $(ValidationStorageAccountConnectionString) CacheConnectionString: $(CacheStorageAccountConnectionString) + ValidationStorageAccountName: $(ValidationStorageAccountName) + CacheStorageAccountName: $(CacheStorageAccountName) + StorageManagedIdentityClientId: $(StorageManagedIdentityClientId) DIApplicationInsightKey: $(DIApplicationInsightKey) WinGet:AppConfig:Primary: $(AppConfigPrimary) WinGet:AppConfig:Secondary: $(AppConfigSecondary) + WinGet:AppConfig:PrimaryEndpoint: $(AppConfigPrimaryEndpoint) + WinGet:AppConfig:SecondaryEndpoint: $(AppConfigSecondaryEndpoint) # Agentless phase. Depends on previous job. - job: 'ContentValidation'