Migrate WinGetSVC pipeline to 1ES (#128720)

* Migrate WinGetSVC pipeline to 1ES

This commit includes all the 1ES pipeline migration changes that are working in winget-pkgs-preprod
manually copied to winget-pkgs repo as some issue in automatic deployment didn't bring this changes
automatically.

This commit migrates the WinGetSVC pipeline to 1ES, including changes to the following files:
- publish-pipeline.yaml
- rebuild-pipeline.yaml
- rebuild-rest-pipeline.yaml
- validation-pipeline.yaml

The changes were manually copied from the winget-pkgs-preprod repo to the winget-pkgs repo due to an issue with automatic deployment.

[How Validated:]
- The changes have been validated against the preprod environment by manually triggering the pipeline and ensuring successful runs.

* Improve consistency of pipeline stage names

This commit updates the pipeline stage names to be more consistent across all pipelines. This change improves the readability of the pipeline code.
This commit is contained in:
Madhusudhan-MSFT
2023-12-01 10:40:38 -08:00
committed by GitHub
parent 054a81a033
commit 8cabb7a606
4 changed files with 811 additions and 746 deletions
+255 -240
View File
@@ -13,256 +13,271 @@ trigger:
pr: none
jobs:
resources:
repositories:
- repository: 1ESPipelineTemplates
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release
extends:
template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
parameters:
pool:
name: Azure-Pipelines-1ESPT-ExDShared
image: windows-2022
os: windows
customBuildTags:
- ES365AIMigrationTooling
stages:
- stage: WinGetSvc_Publish
jobs:
# Agent phase.
- job: 'CommitProcessing'
displayName: 'Commit Processing'
variables:
skipComponentGovernanceDetection: ${{ true }}
runCodesignValidationInjection: ${{ false }}
timeoutInMinutes: 0
steps:
# Downloads all the setup files and its dependencies.
- task: AzureCLI@1
displayName: 'Azure Setup'
inputs:
azureSubscription: '$(WinGet.Subscription)'
scriptLocation: inlineScript
inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none'
env:
AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString)
# Agent phase.
- job: 'CommitProcessing'
displayName: 'Commit Processing'
pool:
vmImage: 'windows-latest'
variables:
skipComponentGovernanceDetection: ${{ true }}
runCodesignValidationInjection: ${{ false }}
timeoutInMinutes: 0
steps:
# Downloads all the setup files and its dependencies.
- task: AzureCLI@1
displayName: 'Azure Setup'
inputs:
azureSubscription: '$(WinGet.Subscription)'
scriptLocation: inlineScript
inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none'
env:
AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString)
# WinGet setup
- task: CmdLine@2
name: 'wingetsetup'
displayName: 'WinGet Setup'
env:
HOST_KEY: $(AzureFunctionHostKey)
SIGN_ENDPOINT: $(AzFuncSignEndpoint)
CLEANUP_ENDPOINT: $(AzFuncPublishCleanupEndpoint)
MANIFEST_PUBLISH_COMPLETION_ENDPOINT: $(AzFuncManifestPublishCompletionEndpoint)
PIPELINE_TASK_MESSAGE_QUEUE_ENDPOINT: $(AzFuncPipelineTaskMessageQueueEndPoint)
RESTSOURCE_UPDATE_ENDPOINT: $(AzFuncRestSourceUpdateEndpoint)
inputs:
script: 'winget_publish_setup.cmd'
workingDirectory: scripts
# WinGet setup
- script: 'winget_publish_setup.cmd'
name: 'wingetsetup'
displayName: 'WinGet Setup'
workingDirectory: scripts
env:
HOST_KEY: $(AzureFunctionHostKey)
SIGN_ENDPOINT: $(AzFuncSignEndpoint)
CLEANUP_ENDPOINT: $(AzFuncPublishCleanupEndpoint)
MANIFEST_PUBLISH_COMPLETION_ENDPOINT: $(AzFuncManifestPublishCompletionEndpoint)
PIPELINE_TASK_MESSAGE_QUEUE_ENDPOINT: $(AzFuncPipelineTaskMessageQueueEndPoint)
RESTSOURCE_UPDATE_ENDPOINT: $(AzFuncRestSourceUpdateEndpoint)
- task: CmdLine@2
displayName: 'Validate Commits'
inputs:
script: 'WinGetSvcWrapper.exe validate-commits --operationId %BUILD_BUILDNUMBER%'
failOnStderr: true
condition: succeeded()
env:
ValidationConnectionString: $(ValidationStorageAccountConnectionString)
ExecutionEnvironment: $(ExecutionEnvironment)
CacheConnectionString: $(CacheStorageAccountConnectionString)
PackagePublisher: $(PackagePublisher)
DIApplicationInsightKey: $(DIApplicationInsightKey)
WinGet:AppConfig:Primary: $(AppConfigPrimary)
WinGet:AppConfig:Secondary: $(AppConfigSecondary)
- task: CmdLine@2
displayName: 'Validate Commits'
inputs:
script: 'WinGetSvcWrapper.exe validate-commits --operationId %BUILD_BUILDNUMBER%'
failOnStderr: true
condition: succeeded()
env:
ValidationConnectionString: $(ValidationStorageAccountConnectionString)
ExecutionEnvironment: $(ExecutionEnvironment)
CacheConnectionString: $(CacheStorageAccountConnectionString)
PackagePublisher: $(PackagePublisher)
DIApplicationInsightKey: $(DIApplicationInsightKey)
WinGet:AppConfig:Primary: $(AppConfigPrimary)
WinGet:AppConfig:Secondary: $(AppConfigSecondary)
# Agentless phase. Depends on previous job.
- job: 'SignPackage'
pool: server
timeoutInMinutes: 1500
displayName: 'Sign package'
dependsOn:
- 'CommitProcessing'
variables:
HostKeySecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.hostkey']]
SignEndpointSecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.signEndpoint']]
steps:
# Agentless phase. Depends on previous job.
- job: 'SignPackage'
pool: server
timeoutInMinutes: 1500
displayName: 'Sign package'
dependsOn:
- 'CommitProcessing'
variables:
HostKeySecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.hostkey']]
SignEndpointSecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.signEndpoint']]
steps:
# Sign package.
- task: AzureFunction@1
displayName: 'Signing package'
inputs:
function: '$(SignEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "CommitPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Sign package.
- task: AzureFunction@1
displayName: 'Signing package'
inputs:
function: '$(SignEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "CommitPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Agent phase. Depends on previous job.
- job: 'Publish'
displayName: 'Publish'
variables:
skipComponentGovernanceDetection: ${{ true }}
runCodesignValidationInjection: ${{ false }}
dependsOn:
- 'SignPackage'
timeoutInMinutes: 0
steps:
# Agent phase. Depends on previous job.
- job: 'Publish'
displayName: 'Publish'
pool:
vmImage: 'windows-latest'
variables:
skipComponentGovernanceDetection: ${{ true }}
runCodesignValidationInjection: ${{ false }}
dependsOn:
- 'SignPackage'
timeoutInMinutes: 0
steps:
# Downloads all the setup files and its dependencies.
- task: AzureCLI@1
displayName: 'Azure Setup'
inputs:
azureSubscription: '$(WinGet.Subscription)'
scriptLocation: inlineScript
inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none'
env:
AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString)
# Downloads all the setup files and its dependencies.
- task: AzureCLI@1
displayName: 'Azure Setup'
inputs:
azureSubscription: '$(WinGet.Subscription)'
scriptLocation: inlineScript
inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none'
env:
AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString)
# Validates integrity of pull request.
- task: CmdLine@2
displayName: 'Publish'
inputs:
script: 'WinGetSvcWrapper.exe publish --operationId %BUILD_BUILDNUMBER%'
failOnStderr: true
condition: succeeded()
env:
ValidationConnectionString: $(ValidationStorageAccountConnectionString)
ExecutionEnvironment: $(ExecutionEnvironment)
CacheConnectionString: $(CacheStorageAccountConnectionString)
DIApplicationInsightKey: $(DIApplicationInsightKey)
WinGet:AppConfig:Primary: $(AppConfigPrimary)
WinGet:AppConfig:Secondary: $(AppConfigSecondary)
CdnProfileName: $(CdnProfileName)
CdnEndpointName: $(CdnEndpointName)
CdnResourceGroup: $(CdnResourceGroup)
CdnAzureServicesAuthConnectionString: $(AzureServicesAuthConnectionString)
FdCdnProfileName: $(FdCdnProfileName)
FdCdnEndpointName: $(FdCdnEndpointName)
FdCdnResourceGroup: $(FdCdnResourceGroup)
CacheContainerName: $(CacheContainerName)
WinGet::SubscriptionId: $(WinGet.SubscriptionId)
# Validates integrity of pull request.
- task: CmdLine@2
displayName: 'Publish'
inputs:
script: 'WinGetSvcWrapper.exe publish --operationId %BUILD_BUILDNUMBER%'
failOnStderr: true
condition: succeeded()
env:
ValidationConnectionString: $(ValidationStorageAccountConnectionString)
ExecutionEnvironment: $(ExecutionEnvironment)
CacheConnectionString: $(CacheStorageAccountConnectionString)
DIApplicationInsightKey: $(DIApplicationInsightKey)
WinGet:AppConfig:Primary: $(AppConfigPrimary)
WinGet:AppConfig:Secondary: $(AppConfigSecondary)
CdnProfileName: $(CdnProfileName)
CdnEndpointName: $(CdnEndpointName)
CdnResourceGroup: $(CdnResourceGroup)
CdnAzureServicesAuthConnectionString: $(AzureServicesAuthConnectionString)
FdCdnProfileName: $(FdCdnProfileName)
FdCdnEndpointName: $(FdCdnEndpointName)
FdCdnResourceGroup: $(FdCdnResourceGroup)
CacheContainerName: $(CacheContainerName)
WinGet::SubscriptionId: $(WinGet.SubscriptionId)
# Agentless phase. Depends on previous job.
- job: 'PublishToRestSource'
pool: server
timeoutInMinutes: 1500
displayName: 'Publish to rest source'
dependsOn:
- 'CommitProcessing'
- 'Publish'
variables:
HostKeySecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.hostkey']]
RestSourceUpdateEndpointSecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.restsourceUpdateEndpoint']]
steps:
# Agentless phase. Depends on previous job.
- job: 'PublishToRestSource'
pool: server
timeoutInMinutes: 1500
displayName: 'Publish to rest source'
dependsOn:
- 'CommitProcessing'
- 'Publish'
variables:
HostKeySecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.hostkey']]
RestSourceUpdateEndpointSecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.restsourceUpdateEndpoint']]
steps:
# Publish updates to rest source
- task: AzureFunction@1
displayName: 'Publishing to rest source'
inputs:
function: '$(RestSourceUpdateEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "CommitPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Publish updates to rest source
- task: AzureFunction@1
displayName: 'Publishing to rest source'
inputs:
function: '$(RestSourceUpdateEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "CommitPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Agentless phase. Depends on previous job.
- job: 'PostPublish'
pool: server
timeoutInMinutes: 1500
displayName: 'Post publish'
dependsOn:
- 'CommitProcessing'
- 'Publish'
- 'PublishToRestSource'
condition: and(succeeded(), ne(variables['Source.SkipPostPublish'], 'true'))
variables:
HostKeySecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.hostkey']]
CleanEndpointSecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.cleanupEndpoint']]
ManifestPublishCompletionEndPoint: $[ dependencies.CommitProcessing.outputs['wingetsetup.manifestPublishCompletionEndPoint']]
PipelineTaskMessageQueueEndPoint: $[ dependencies.CommitProcessing.outputs['wingetsetup.PipelineTaskMessageQueueEndPoint']]
steps:
# Agentless phase. Depends on previous job.
- job: 'PostPublish'
pool: server
timeoutInMinutes: 1500
displayName: 'Post publish'
dependsOn:
- 'CommitProcessing'
- 'Publish'
- 'PublishToRestSource'
condition: and(succeeded(), ne(variables['Source.SkipPostPublish'], 'true'))
variables:
HostKeySecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.hostkey']]
CleanEndpointSecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.cleanupEndpoint']]
ManifestPublishCompletionEndPoint: $[ dependencies.CommitProcessing.outputs['wingetsetup.manifestPublishCompletionEndPoint']]
PipelineTaskMessageQueueEndPoint: $[ dependencies.CommitProcessing.outputs['wingetsetup.PipelineTaskMessageQueueEndPoint']]
steps:
- task: AzureFunction@1
displayName: 'Waiver Commit'
inputs:
function: '$(PipelineTaskMessageQueueEndPoint)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "CommitPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)",
"BuildRepositoryId": "$(build.repository.id)",
"TaskIdentifier": "WaiverCommit"
}
waitForCompletion: "true"
- task: AzureFunction@1
displayName: 'Waiver Commit'
inputs:
function: '$(PipelineTaskMessageQueueEndPoint)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "CommitPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)",
"BuildRepositoryId": "$(build.repository.id)",
"TaskIdentifier": "WaiverCommit"
}
waitForCompletion: "true"
- task: AzureFunction@1
displayName: 'Pull Request Notification'
inputs:
function: '$(ManifestPublishCompletionEndPoint)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "CommitPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)",
"BuildRepositoryId": "$(build.repository.id)"
}
waitForCompletion: "true"
- task: AzureFunction@1
displayName: 'Pull Request Notification'
inputs:
function: '$(ManifestPublishCompletionEndPoint)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "CommitPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)",
"BuildRepositoryId": "$(build.repository.id)"
}
waitForCompletion: "true"
# Close issues.
- task: AzureFunction@1
displayName: 'Cleanup Issues'
inputs:
function: '$(CleanEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "CommitPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)",
"BuildRepositoryId": "$(build.repository.id)"
}
waitForCompletion: "true"
# Close issues.
- task: AzureFunction@1
displayName: 'Cleanup Issues'
inputs:
function: '$(CleanEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "CommitPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)",
"BuildRepositoryId": "$(build.repository.id)"
}
waitForCompletion: "true"
+176 -159
View File
@@ -12,173 +12,190 @@ variables:
Rebuild.EnableContainerBackup: $[coalesce(variables.EnableContainerBackup, 'False')]
Rebuild.ClearContainer: $[coalesce(variables.ClearContainer, 'False')]
jobs:
resources:
repositories:
- repository: 1ESPipelineTemplates
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release
extends:
template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
parameters:
pool:
name: Azure-Pipelines-1ESPT-ExDShared
image: windows-2022
os: windows
customBuildTags:
- ES365AIMigrationTooling
# Agent phase.
- job: 'Rebuild'
displayName: 'Start Rebuild'
pool:
vmImage: 'windows-latest'
variables:
skipComponentGovernanceDetection: ${{ true }}
runCodesignValidationInjection: ${{ false }}
timeoutInMinutes: 0
steps:
stages:
- stage: WinGetSvc_Rebuild
jobs:
# Agent phase.
- job: 'Rebuild'
displayName: 'Start Rebuild'
variables:
skipComponentGovernanceDetection: ${{ true }}
runCodesignValidationInjection: ${{ false }}
timeoutInMinutes: 0
steps:
# Allow scripts to access the system token.
- checkout: self
persistCredentials: true
clean: true
# Allow scripts to access the system token.
- checkout: self
persistCredentials: true
clean: true
# Downloads all the setup files and its dependencies.
- task: AzureCLI@1
displayName: 'Azure Setup'
inputs:
azureSubscription: '$(WinGet.Subscription)'
scriptLocation: inlineScript
inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none'
env:
AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString)
# Downloads all the setup files and its dependencies.
- task: AzureCLI@1
displayName: 'Azure Setup'
inputs:
azureSubscription: '$(WinGet.Subscription)'
scriptLocation: inlineScript
inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none'
env:
AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString)
# WinGet setup
- script: 'winget_rebuild_setup.cmd'
name: 'wingetsetup'
displayName: 'WinGet Setup'
workingDirectory: scripts
env:
HOST_KEY: $(AzureFunctionHostKey)
SIGN_ENDPOINT: $(AzFuncSignEndpoint)
PUBLISH_ENDPOINT: $(AzFuncRebuildPublishEndpoint)
CLEANUP_ENDPOINT: $(AzFuncRebuildCleanupEndpoint)
RESTSOURCE_REBUILD_ENDPOINT: $(AzFuncRestSourceRebuildEndpoint)
# WinGet setup
- task: CmdLine@2
name: 'wingetsetup'
displayName: 'WinGet Setup'
env:
HOST_KEY: $(AzureFunctionHostKey)
SIGN_ENDPOINT: $(AzFuncSignEndpoint)
PUBLISH_ENDPOINT: $(AzFuncRebuildPublishEndpoint)
CLEANUP_ENDPOINT: $(AzFuncRebuildCleanupEndpoint)
RESTSOURCE_REBUILD_ENDPOINT: $(AzFuncRestSourceRebuildEndpoint)
inputs:
script: 'winget_rebuild_setup.cmd'
workingDirectory: scripts
- task: CmdLine@2
displayName: 'Validate Manifests'
inputs:
script: 'WinGetSvcWrapper.exe rebuild --operationId %BUILD_BUILDNUMBER%'
failOnStderr: true
condition: succeeded()
env:
ValidationConnectionString: $(ValidationStorageAccountConnectionString)
ExecutionEnvironment: $(ExecutionEnvironment)
PackagePublisher: $(PackagePublisher)
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
DIApplicationInsightKey: $(DIApplicationInsightKey)
WinGet:AppConfig:Primary: $(AppConfigPrimary)
WinGet:AppConfig:Secondary: $(AppConfigSecondary)
DevOpsOrganization: $(DevOpsOrganization)
DevOpsProjectName: $(DevOpsProjectName)
DevOpsPublishPipelineDefinitionId: $(DevOpsPublishPipelineDefinitionId)
- task: CmdLine@2
displayName: 'Validate Manifests'
inputs:
script: 'WinGetSvcWrapper.exe rebuild --operationId %BUILD_BUILDNUMBER%'
failOnStderr: true
condition: succeeded()
env:
ValidationConnectionString: $(ValidationStorageAccountConnectionString)
ExecutionEnvironment: $(ExecutionEnvironment)
PackagePublisher: $(PackagePublisher)
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
DIApplicationInsightKey: $(DIApplicationInsightKey)
WinGet:AppConfig:Primary: $(AppConfigPrimary)
WinGet:AppConfig:Secondary: $(AppConfigSecondary)
DevOpsOrganization: $(DevOpsOrganization)
DevOpsProjectName: $(DevOpsProjectName)
DevOpsPublishPipelineDefinitionId: $(DevOpsPublishPipelineDefinitionId)
# Agentless phase. Depends on previous job.
- job: 'SignPackage'
pool: server
timeoutInMinutes: 1500
displayName: 'Sign package'
dependsOn:
- 'Rebuild'
variables:
HostKeySecret: $[ dependencies.Rebuild.outputs['wingetsetup.hostkey']]
SignEndpointSecret: $[ dependencies.Rebuild.outputs['wingetsetup.signEndpoint']]
steps:
# Agentless phase. Depends on previous job.
- job: 'SignPackage'
pool: server
timeoutInMinutes: 1500
displayName: 'Sign package'
dependsOn:
- 'Rebuild'
variables:
HostKeySecret: $[ dependencies.Rebuild.outputs['wingetsetup.hostkey']]
SignEndpointSecret: $[ dependencies.Rebuild.outputs['wingetsetup.signEndpoint']]
steps:
# Sign package.
- task: AzureFunction@1
displayName: 'Signing package'
inputs:
function: '$(SignEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "RebuildPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Sign package.
- task: AzureFunction@1
displayName: 'Signing package'
inputs:
function: '$(SignEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "RebuildPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Agentless phase. Depends on previous job.
- job: 'Publish'
pool: server
timeoutInMinutes: 1500
displayName: 'Publish'
dependsOn:
- 'Rebuild'
- 'SignPackage'
variables:
HostKeySecret: $[ dependencies.Rebuild.outputs['wingetsetup.hostkey']]
PublishEndpointSecret: $[ dependencies.Rebuild.outputs['wingetsetup.publishEndpoint']]
steps:
# Agentless phase. Depends on previous job.
- job: 'Publish'
pool: server
timeoutInMinutes: 1500
displayName: 'Publish'
dependsOn:
- 'Rebuild'
- 'SignPackage'
variables:
HostKeySecret: $[ dependencies.Rebuild.outputs['wingetsetup.hostkey']]
PublishEndpointSecret: $[ dependencies.Rebuild.outputs['wingetsetup.publishEndpoint']]
steps:
# Rebuild Publish.
- task: AzureFunction@1
displayName: 'Publish'
inputs:
function: '$(PublishEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "RebuildPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)",
"ContainerName": "$(CacheContainerName)",
"CommitTablePartitionKey": "$(CommitTablePartitionKey)",
"CommitTableRowKey": "$(CommitTableRowKey)",
"EnableContainerBackup": "$(Rebuild.EnableContainerBackup)",
"SkipManifestIndexUpdate": "$(Rebuild.SkipManifestIndexUpdate)",
"ClearContainer": "$(Rebuild.ClearContainer)",
}
waitForCompletion: "true"
# Rebuild Publish.
- task: AzureFunction@1
displayName: 'Publish'
inputs:
function: '$(PublishEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "RebuildPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)",
"ContainerName": "$(CacheContainerName)",
"CommitTablePartitionKey": "$(CommitTablePartitionKey)",
"CommitTableRowKey": "$(CommitTableRowKey)",
"EnableContainerBackup": "$(Rebuild.EnableContainerBackup)",
"SkipManifestIndexUpdate": "$(Rebuild.SkipManifestIndexUpdate)",
"ClearContainer": "$(Rebuild.ClearContainer)",
}
waitForCompletion: "true"
# Agentless phase. Depends on previous job.
- job: 'Cleanup'
pool: server
timeoutInMinutes: 1500
displayName: 'Cleanup'
dependsOn:
- 'Rebuild'
- 'SignPackage'
- 'Publish'
condition: and(succeededOrFailed(), ne(variables['Rebuild.SkipPausePublishPipeline'], 'True'))
variables:
HostKeySecret: $[ dependencies.Rebuild.outputs['wingetsetup.hostkey']]
CleanupEndpointSecret: $[ dependencies.Rebuild.outputs['wingetsetup.cleanupEndpoint']]
steps:
# Agentless phase. Depends on previous job.
- job: 'Cleanup'
pool: server
timeoutInMinutes: 1500
displayName: 'Cleanup'
dependsOn:
- 'Rebuild'
- 'SignPackage'
- 'Publish'
condition: and(succeededOrFailed(), ne(variables['Rebuild.SkipPausePublishPipeline'], 'True'))
variables:
HostKeySecret: $[ dependencies.Rebuild.outputs['wingetsetup.hostkey']]
CleanupEndpointSecret: $[ dependencies.Rebuild.outputs['wingetsetup.cleanupEndpoint']]
steps:
# Rebuild cleanup.
- task: AzureFunction@1
displayName: 'Cleanup'
inputs:
function: '$(CleanupEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "RebuildPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)",
}
waitForCompletion: "true"
# Rebuild cleanup.
- task: AzureFunction@1
displayName: 'Cleanup'
inputs:
function: '$(CleanupEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "RebuildPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)",
}
waitForCompletion: "true"
@@ -6,72 +6,89 @@ name: '$(Build.DefinitionName)-$(Build.DefinitionVersion)-$(Date:yyyyMMdd)-$(Rev
trigger: none
pr: none
jobs:
resources:
repositories:
- repository: 1ESPipelineTemplates
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release
extends:
template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
parameters:
pool:
name: Azure-Pipelines-1ESPT-ExDShared
image: windows-2022
os: windows
customBuildTags:
- ES365AIMigrationTooling
# Agent phase.
- job: 'Rebuild'
displayName: 'Start Rebuild'
pool:
vmImage: 'windows-latest'
variables:
skipComponentGovernanceDetection: ${{ true }}
runCodesignValidationInjection: ${{ false }}
timeoutInMinutes: 0
steps:
stages:
- stage: WinGetSvc_Rest_Rebuild
jobs:
# Agent phase.
- job: 'Rebuild'
displayName: 'Start Rebuild'
variables:
skipComponentGovernanceDetection: ${{ true }}
runCodesignValidationInjection: ${{ false }}
timeoutInMinutes: 0
steps:
# Allow scripts to access the system token.
- checkout: none
persistCredentials: true
# Allow scripts to access the system token.
- checkout: none
persistCredentials: true
# Downloads all the setup files and its dependencies.
- task: AzureCLI@1
displayName: 'Azure Setup'
inputs:
azureSubscription: '$(WinGet.Subscription)'
scriptLocation: inlineScript
inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none'
env:
AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString)
# Downloads all the setup files and its dependencies.
- task: AzureCLI@1
displayName: 'Azure Setup'
inputs:
azureSubscription: '$(WinGet.Subscription)'
scriptLocation: inlineScript
inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none'
env:
AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString)
# WinGet setup
- script: 'winget_rebuild_setup.cmd'
name: 'wingetsetup'
displayName: 'WinGet Setup'
workingDirectory: scripts
env:
HOST_KEY: $(AzureFunctionHostKey)
RESTSOURCE_REBUILD_ENDPOINT: $(AzFuncRestSourceRebuildEndpoint)
# WinGet setup
- task: CmdLine@2
name: 'wingetsetup'
displayName: 'WinGet Setup'
env:
HOST_KEY: $(AzureFunctionHostKey)
RESTSOURCE_REBUILD_ENDPOINT: $(AzFuncRestSourceRebuildEndpoint)
inputs:
script: 'winget_rebuild_setup.cmd'
workingDirectory: scripts
# Agentless phase. Depends on previous job.
- job: 'PublishToRestSource'
pool: server
timeoutInMinutes: 1500
displayName: 'Publish to rest source'
dependsOn:
- 'Rebuild'
variables:
HostKeySecret: $[ dependencies.Rebuild.outputs['wingetsetup.hostkey']]
RestSourceRebuildEndpointSecret: $[ dependencies.Rebuild.outputs['wingetsetup.restsourceRebuildEndpoint']]
steps:
# Agentless phase. Depends on previous job.
- job: 'PublishToRestSource'
pool: server
timeoutInMinutes: 1500
displayName: 'Publish to rest source'
dependsOn:
- 'Rebuild'
variables:
HostKeySecret: $[ dependencies.Rebuild.outputs['wingetsetup.hostkey']]
RestSourceRebuildEndpointSecret: $[ dependencies.Rebuild.outputs['wingetsetup.restsourceRebuildEndpoint']]
steps:
# Rebuild Rest source.
- task: AzureFunction@1
displayName: 'Publish to rest source'
inputs:
function: '$(RestSourceRebuildEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "RebuildPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Rebuild Rest source.
- task: AzureFunction@1
displayName: 'Publish to rest source'
inputs:
function: '$(RestSourceRebuildEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "RebuildPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
+300 -284
View File
@@ -12,304 +12,320 @@ pr:
include:
- manifests
jobs:
resources:
repositories:
- repository: 1ESPipelineTemplates
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release
extends:
template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
parameters:
pool:
name: Azure-Pipelines-1ESPT-ExDShared
image: windows-2022
os: windows
customBuildTags:
- ES365AIMigrationTooling
stages:
- stage: WinGetSvc_Validation
jobs:
# Agent phase. Process pull request changes and validate manifests.
- job: 'FileValidation'
displayName: 'Pull Request Validation'
pool:
vmImage: 'windows-latest'
variables:
skipComponentGovernanceDetection: ${{ true }}
runCodesignValidationInjection: ${{ false }}
timeoutInMinutes: 0
steps:
# Agent phase. Process pull request changes and validate manifests.
- job: 'FileValidation'
displayName: 'Pull Request Validation'
variables:
skipComponentGovernanceDetection: ${{ true }}
runCodesignValidationInjection: ${{ false }}
timeoutInMinutes: 0
steps:
# Downloads all the setup files and its dependencies.
- task: AzureCLI@1
displayName: 'Azure Setup'
inputs:
azureSubscription: '$(WinGet.Subscription)'
scriptLocation: inlineScript
inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none'
env:
AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString)
# Downloads all the setup files and its dependencies.
- task: AzureCLI@1
displayName: 'Azure Setup'
inputs:
azureSubscription: '$(WinGet.Subscription)'
scriptLocation: inlineScript
inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none'
env:
AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString)
# WinGet setup
- script: 'winget_validation_setup.cmd'
name: 'wingetsetup'
displayName: 'WinGet Setup'
workingDirectory: scripts
env:
HOST_KEY: $(AzureFunctionHostKey)
SMART_SCREEN_ENDPOINT: $(AzFuncSmartScreenEndpoint)
DOMAIN_URLS_VALIDATION_ENDPOINT: $(AzFuncDomainUrlValEndpoint)
MANIFEST_POLICY_ENDPOINT: $(AzFuncManifestPolicyEndpoint)
SCAN_ENDPOINT: $(AzFuncScanEndpoint)
INSTALLATION_ENDPOINT: $(AzFuncInstallationVerificationEndpoint)
LABEL_ENDPOINT: $(AzFuncSetLabelOnPullRequestEndpoint)
CLEANUP_ENDPOINT: $(AzFuncCleanupEndpoint)
LABEL_KEY: $(AzureFunctionLabelKey)
CATALOG_CONTENT_VERIFICATION_ENDPOINT: $(AzFuncCatalogContentVerificationEndpoint)
- task: CmdLine@2
name: 'wingetsetup'
displayName: 'WinGet Setup'
env:
HOST_KEY: $(AzureFunctionHostKey)
SMART_SCREEN_ENDPOINT: $(AzFuncSmartScreenEndpoint)
DOMAIN_URLS_VALIDATION_ENDPOINT: $(AzFuncDomainUrlValEndpoint)
MANIFEST_POLICY_ENDPOINT: $(AzFuncManifestPolicyEndpoint)
SCAN_ENDPOINT: $(AzFuncScanEndpoint)
INSTALLATION_ENDPOINT: $(AzFuncInstallationVerificationEndpoint)
LABEL_ENDPOINT: $(AzFuncSetLabelOnPullRequestEndpoint)
CLEANUP_ENDPOINT: $(AzFuncCleanupEndpoint)
LABEL_KEY: $(AzureFunctionLabelKey)
CATALOG_CONTENT_VERIFICATION_ENDPOINT: $(AzFuncCatalogContentVerificationEndpoint)
inputs:
script: 'winget_validation_setup.cmd'
workingDirectory: scripts
# Validates integrity of pull request.
- task: CmdLine@2
displayName: 'Validate Pull Request'
inputs:
script: 'WinGetSvcWrapper.exe process-pr --operationId %BUILD_BUILDNUMBER%'
failOnStderr: true
condition: succeeded()
env:
ValidationConnectionString: $(ValidationStorageAccountConnectionString)
GithubRepository: $(GithubRepository)
GithubServiceAccountToken: $(GithubServiceAccountToken)
ExecutionEnvironment: $(ExecutionEnvironment)
DIApplicationInsightKey: $(DIApplicationInsightKey)
WinGet:AppConfig:Primary: $(AppConfigPrimary)
WinGet:AppConfig:Secondary: $(AppConfigSecondary)
# Validates integrity of pull request.
- task: CmdLine@2
displayName: 'Validate Pull Request'
inputs:
script: 'WinGetSvcWrapper.exe process-pr --operationId %BUILD_BUILDNUMBER%'
failOnStderr: true
condition: succeeded()
env:
ValidationConnectionString: $(ValidationStorageAccountConnectionString)
GithubRepository: $(GithubRepository)
GithubServiceAccountToken: $(GithubServiceAccountToken)
ExecutionEnvironment: $(ExecutionEnvironment)
DIApplicationInsightKey: $(DIApplicationInsightKey)
WinGet:AppConfig:Primary: $(AppConfigPrimary)
WinGet:AppConfig:Secondary: $(AppConfigSecondary)
# Validates manifest integrity.
- task: CmdLine@2
displayName: 'Validate Manifest'
inputs:
script: 'WinGetSvcWrapper.exe validate-manifests --operationId %BUILD_BUILDNUMBER%'
failOnStderr: true
condition: succeeded()
env:
ValidationConnectionString: $(ValidationStorageAccountConnectionString)
CacheConnectionString: $(CacheStorageAccountConnectionString)
DIApplicationInsightKey: $(DIApplicationInsightKey)
WinGet:AppConfig:Primary: $(AppConfigPrimary)
WinGet:AppConfig:Secondary: $(AppConfigSecondary)
# Validates manifest integrity.
- task: CmdLine@2
displayName: 'Validate Manifest'
inputs:
script: 'WinGetSvcWrapper.exe validate-manifests --operationId %BUILD_BUILDNUMBER%'
failOnStderr: true
condition: succeeded()
env:
ValidationConnectionString: $(ValidationStorageAccountConnectionString)
CacheConnectionString: $(CacheStorageAccountConnectionString)
DIApplicationInsightKey: $(DIApplicationInsightKey)
WinGet:AppConfig:Primary: $(AppConfigPrimary)
WinGet:AppConfig:Secondary: $(AppConfigSecondary)
# Agentless phase. Depends on previous job.
- job: 'ContentValidation'
pool: server
displayName: 'Manifest Content Validation'
timeoutInMinutes: 1500
dependsOn:
- 'FileValidation'
variables:
HostKeySecret: $[ dependencies.FileValidation.outputs['wingetsetup.hostkey']]
SmartScreenEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.smartScreenEndpoint']]
DomainUrlValidationEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.domainUrlValidationEndpoint']]
ManiestPolicyEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.manifestPolicyEndpoint']]
steps:
# Agentless phase. Depends on previous job.
- job: 'ContentValidation'
pool: server
displayName: 'Manifest Content Validation'
timeoutInMinutes: 1500
dependsOn:
- 'FileValidation'
variables:
HostKeySecret: $[ dependencies.FileValidation.outputs['wingetsetup.hostkey']]
SmartScreenEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.smartScreenEndpoint']]
DomainUrlValidationEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.domainUrlValidationEndpoint']]
ManiestPolicyEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.manifestPolicyEndpoint']]
steps:
# Scans all the urls from manifest contents.
- task: AzureFunction@1
displayName: 'URLs Validation'
inputs:
function: '$(SmartScreenEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Scans all the urls from manifest contents.
- task: AzureFunction@1
displayName: 'URLs Validation'
inputs:
function: '$(SmartScreenEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Domain url validations.
- task: AzureFunction@1
displayName: 'URL Domain validation'
inputs:
function: '$(DomainUrlValidationEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Domain url validations.
- task: AzureFunction@1
displayName: 'URL Domain validation'
inputs:
function: '$(DomainUrlValidationEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Manifest policy checks.
- task: AzureFunction@1
displayName: 'Manifest Policy Validation'
inputs:
function: '$(ManiestPolicyEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Manifest policy checks.
- task: AzureFunction@1
displayName: 'Manifest Policy Validation'
inputs:
function: '$(ManiestPolicyEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Agentless phase. Depends on previous job.
- job: 'InstallerValidation'
pool: server
displayName: 'Installer Validation'
timeoutInMinutes: 1500
dependsOn:
- 'FileValidation'
- 'ContentValidation'
variables:
HostKeySecret: $[ dependencies.FileValidation.outputs['wingetsetup.hostkey']]
ScanEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.scanEndpoint']]
InstallationEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.installationEndpoint']]
steps:
# Agentless phase. Depends on previous job.
- job: 'InstallerValidation'
pool: server
displayName: 'Installer Validation'
timeoutInMinutes: 1500
dependsOn:
- 'FileValidation'
- 'ContentValidation'
variables:
HostKeySecret: $[ dependencies.FileValidation.outputs['wingetsetup.hostkey']]
ScanEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.scanEndpoint']]
InstallationEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.installationEndpoint']]
steps:
# Scan installers in manifests.
- task: AzureFunction@1
displayName: 'Installers Scan'
inputs:
function: '$(ScanEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Scan installers in manifests.
- task: AzureFunction@1
displayName: 'Installers Scan'
inputs:
function: '$(ScanEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Validates installation.
- task: AzureFunction@1
displayName: 'Installation Validation'
inputs:
function: '$(InstallationEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Validates installation.
- task: AzureFunction@1
displayName: 'Installation Validation'
inputs:
function: '$(InstallationEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Agentless phase. Depends on previous job.
- job: 'CatalogContentVerification'
pool: server
displayName: 'Catalog Content Verification'
timeoutInMinutes: 1500
dependsOn:
- 'FileValidation'
- 'ContentValidation'
- 'InstallerValidation'
variables:
HostKeySecret: $[ dependencies.FileValidation.outputs['wingetsetup.hostkey']]
CatalogContentVerificationEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.catalogContentVerificationEndpoint']]
steps:
# Agentless phase. Depends on previous job.
- job: 'CatalogContentVerification'
pool: server
displayName: 'Catalog Content Verification'
timeoutInMinutes: 1500
dependsOn:
- 'FileValidation'
- 'ContentValidation'
- 'InstallerValidation'
variables:
HostKeySecret: $[ dependencies.FileValidation.outputs['wingetsetup.hostkey']]
CatalogContentVerificationEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.catalogContentVerificationEndpoint']]
steps:
# Catalog content verification
- task: AzureFunction@1
displayName: 'Catalog Content Verification'
inputs:
function: '$(CatalogContentVerificationEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Catalog content verification
- task: AzureFunction@1
displayName: 'Catalog Content Verification'
inputs:
function: '$(CatalogContentVerificationEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Agentless phase. Runs even if previous jobs failed.
- job: 'postvalidation'
pool: server
displayName: 'Post Validation'
dependsOn:
- 'FileValidation'
- 'ContentValidation'
- 'InstallerValidation'
- 'CatalogContentVerification'
condition: succeededOrFailed()
variables:
HostKeySecret: $[ dependencies.FileValidation.outputs['wingetsetup.hostkey']]
LabelKeySecret : $[ dependencies.FileValidation.outputs['wingetsetup.labelkey']]
LabelEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.labelEndpoint']]
RepositoryId: $[ dependencies.FileValidation.outputs['wingetsetup.repoId']]
CleanupEndpointSecret: $[ dependencies.filevalidation.outputs['wingetsetup.cleanupEndpoint']]
steps:
# Agentless phase. Runs even if previous jobs failed.
- job: 'postvalidation'
pool: server
displayName: 'Post Validation'
dependsOn:
- 'FileValidation'
- 'ContentValidation'
- 'InstallerValidation'
- 'CatalogContentVerification'
condition: succeededOrFailed()
variables:
HostKeySecret: $[ dependencies.FileValidation.outputs['wingetsetup.hostkey']]
LabelKeySecret : $[ dependencies.FileValidation.outputs['wingetsetup.labelkey']]
LabelEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.labelEndpoint']]
RepositoryId: $[ dependencies.FileValidation.outputs['wingetsetup.repoId']]
CleanupEndpointSecret: $[ dependencies.filevalidation.outputs['wingetsetup.cleanupEndpoint']]
steps:
# Set label in GitHub PullRequest.
- task: AzureFunction@1
displayName: 'Set Label'
condition: eq(variables['WinGet.RepositoryType'], 'GitHub')
inputs:
function: '$(LabelEndpointSecret)'
key: '$(LabelKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"PlanUrl": "$(system.CollectionUri)",
"BuildId": "$(Build.BuildId)",
"HubName": "$(system.HostType)",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)",
"BuildRepositoryId": "$(RepositoryId)",
"PullRequestNumber": "$(System.PullRequest.PullRequestNumber)",
}
waitForCompletion: "true"
# Set label in GitHub PullRequest.
- task: AzureFunction@1
displayName: 'Set Label'
condition: eq(variables['WinGet.RepositoryType'], 'GitHub')
inputs:
function: '$(LabelEndpointSecret)'
key: '$(LabelKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"PlanUrl": "$(system.CollectionUri)",
"BuildId": "$(Build.BuildId)",
"HubName": "$(system.HostType)",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)",
"BuildRepositoryId": "$(RepositoryId)",
"PullRequestNumber": "$(System.PullRequest.PullRequestNumber)",
}
waitForCompletion: "true"
# Cleanup resources.
- task: AzureFunction@1
displayName: 'Validation cleanup'
inputs:
function: '$(CleanupEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"PlanUrl": "$(system.CollectionUri)",
"BuildId": "$(Build.BuildId)",
"HubName": "$(system.HostType)",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Cleanup resources.
- task: AzureFunction@1
displayName: 'Validation cleanup'
inputs:
function: '$(CleanupEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"PlanUrl": "$(system.CollectionUri)",
"BuildId": "$(Build.BuildId)",
"HubName": "$(system.HostType)",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"