mirror of
https://github.com/Mintplex-Labs/winget-pkgs.git
synced 2026-07-01 18:28:34 -04:00
293 lines
11 KiB
YAML
293 lines
11 KiB
YAML
# Publish pipeline for WinGet.
|
|
|
|
# Name of the run
|
|
name: '$(Build.DefinitionName)-$(Build.DefinitionVersion)-$(Date:yyyyMMdd)-$(Rev:r)'
|
|
|
|
# Batch CI run. when a pipeline is running, the system waits until the run is completed,
|
|
# then starts another run with all changes that have not yet been built.
|
|
trigger:
|
|
batch: true
|
|
branches:
|
|
include:
|
|
- master
|
|
|
|
pr: none
|
|
|
|
variables:
|
|
Publish.SkipManifestIndexUpdate: $[coalesce(variables.SkipManifestIndexUpdate, 'False')]
|
|
|
|
resources:
|
|
repositories:
|
|
- repository: 1ESPipelineTemplates
|
|
type: git
|
|
name: 1ESPipelineTemplates/1ESPipelineTemplates
|
|
ref: refs/tags/release
|
|
extends:
|
|
template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
|
|
parameters:
|
|
pool:
|
|
name: Azure-Pipelines-1ESPT-ExDShared
|
|
image: windows-2022
|
|
os: windows
|
|
customBuildTags:
|
|
- ES365AIMigrationTooling
|
|
|
|
stages:
|
|
- stage: WinGetSvc_Publish
|
|
jobs:
|
|
# Agent phase.
|
|
- job: 'CommitProcessing'
|
|
displayName: 'Commit Processing'
|
|
variables:
|
|
skipComponentGovernanceDetection: ${{ true }}
|
|
runCodesignValidationInjection: ${{ false }}
|
|
timeoutInMinutes: 0
|
|
|
|
steps:
|
|
|
|
# Downloads all the setup files and its dependencies.
|
|
- task: AzureCLI@2
|
|
displayName: 'Azure Setup'
|
|
inputs:
|
|
azureSubscription: '$(WinGetSvc.DataAccess)'
|
|
scriptType: batch
|
|
scriptLocation: inlineScript
|
|
inlineScript: |
|
|
az storage blob download-batch --auth-mode login -d . --pattern * -s servicewrapper --output none --account-name $(ValidationStorageAccountName)
|
|
addSpnToEnvironment: true
|
|
|
|
# WinGet setup
|
|
- task: CmdLine@2
|
|
name: 'wingetsetup'
|
|
displayName: 'WinGet Setup'
|
|
env:
|
|
HOST_KEY: $(AzureFunctionHostKey)
|
|
SIGN_ENDPOINT: $(AzFuncSignEndpoint)
|
|
CLEANUP_ENDPOINT: $(AzFuncPublishCleanupEndpoint)
|
|
MANIFEST_PUBLISH_COMPLETION_ENDPOINT: $(AzFuncManifestPublishCompletionEndpoint)
|
|
PIPELINE_TASK_MESSAGE_QUEUE_ENDPOINT: $(AzFuncPipelineTaskMessageQueueEndPoint)
|
|
RESTSOURCE_UPDATE_ENDPOINT: $(AzFuncRestSourceUpdateEndpoint)
|
|
PUBLISH_ENDPOINT: $(AzFuncCommitPipelinePublishEndpoint)
|
|
inputs:
|
|
script: 'winget_publish_setup.cmd'
|
|
workingDirectory: scripts
|
|
|
|
- task: AzureCLI@2
|
|
displayName: 'Validate Commits'
|
|
inputs:
|
|
azureSubscription: '$(WinGetSvc.DataAccess)'
|
|
scriptType: batch
|
|
scriptLocation: inlineScript
|
|
inlineScript: |
|
|
WinGetSvcWrapper.exe validate-commits --operationId %BUILD_BUILDNUMBER%
|
|
addSpnToEnvironment: true
|
|
failOnStandardError: true
|
|
env:
|
|
ValidationConnectionString: $(ValidationStorageAccountConnectionString)
|
|
CacheConnectionString: $(CacheStorageAccountConnectionString)
|
|
ValidationStorageAccountName: $(ValidationStorageAccountName)
|
|
CacheStorageAccountName: $(CacheStorageAccountName)
|
|
StorageManagedIdentityClientId: $(StorageManagedIdentityClientId)
|
|
ExecutionEnvironment: $(ExecutionEnvironment)
|
|
PackagePublisher: $(PackagePublisher)
|
|
DIApplicationInsightKey: $(DIApplicationInsightKey)
|
|
WinGet:AppConfig:Primary: $(AppConfigPrimary)
|
|
WinGet:AppConfig:Secondary: $(AppConfigSecondary)
|
|
WinGet:AppConfig:PrimaryEndpoint: $(AppConfigPrimaryEndpoint)
|
|
WinGet:AppConfig:SecondaryEndpoint: $(AppConfigSecondaryEndpoint)
|
|
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
|
|
GithubServiceAccountToken: $(GithubServiceAccountToken)
|
|
|
|
# Agentless phase. Depends on previous job.
|
|
- job: 'SignPackage'
|
|
pool: server
|
|
timeoutInMinutes: 1500
|
|
displayName: 'Sign package'
|
|
dependsOn:
|
|
- 'CommitProcessing'
|
|
variables:
|
|
HostKeySecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.hostkey']]
|
|
SignEndpointSecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.signEndpoint']]
|
|
steps:
|
|
|
|
# Sign package.
|
|
- task: AzureFunction@1
|
|
displayName: 'Signing package'
|
|
inputs:
|
|
function: '$(SignEndpointSecret)'
|
|
key: '$(HostKeySecret)'
|
|
body: |
|
|
{
|
|
"operationId": "$(Build.BuildNumber)",
|
|
"BuildId": "$(Build.BuildId)",
|
|
"PlanUrl": "$(system.CollectionUri)",
|
|
"HubName": "$(system.HostType)",
|
|
"pipelineType": "CommitPipeline",
|
|
"ProjectId": "$(system.TeamProjectId)",
|
|
"PlanId": "$(system.PlanId)",
|
|
"JobId": "$(system.JobId)",
|
|
"TimelineId": "$(system.TimelineId)",
|
|
"TaskInstanceId": "$(system.TaskInstanceId)",
|
|
"AuthToken": "$(system.AccessToken)"
|
|
}
|
|
waitForCompletion: "true"
|
|
|
|
# Agentless phase. Depends on previous job.
|
|
- job: 'Publish'
|
|
pool: server
|
|
timeoutInMinutes: 1500
|
|
displayName: 'Publish'
|
|
dependsOn:
|
|
- 'CommitProcessing'
|
|
- 'SignPackage'
|
|
condition: succeeded()
|
|
variables:
|
|
HostKeySecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.hostkey']]
|
|
PublishEndpointSecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.publishEndpoint']]
|
|
steps:
|
|
|
|
- task: AzureFunction@1
|
|
displayName: 'Publish'
|
|
inputs:
|
|
function: '$(PublishEndpointSecret)'
|
|
key: '$(HostKeySecret)'
|
|
body: |
|
|
{
|
|
"operationId": "$(Build.BuildNumber)",
|
|
"BuildId": "$(Build.BuildId)",
|
|
"PlanUrl": "$(system.CollectionUri)",
|
|
"HubName": "$(system.HostType)",
|
|
"pipelineType": "CommitPipeline",
|
|
"ProjectId": "$(system.TeamProjectId)",
|
|
"PlanId": "$(system.PlanId)",
|
|
"JobId": "$(system.JobId)",
|
|
"TimelineId": "$(system.TimelineId)",
|
|
"TaskInstanceId": "$(system.TaskInstanceId)",
|
|
"AuthToken": "$(system.AccessToken)",
|
|
"BuildRepositoryId": "$(build.repository.id)",
|
|
"CommitTablePartitionKey": "$(CommitTablePartitionKey)",
|
|
"CommitTableRowKey": "$(CommitTableRowKey)",
|
|
"SkipManifestIndexUpdate": "$(Publish.SkipManifestIndexUpdate)"
|
|
}
|
|
waitForCompletion: "true"
|
|
|
|
# Agentless phase. Depends on previous job.
|
|
- job: 'PublishToRestSource'
|
|
pool: server
|
|
timeoutInMinutes: 1500
|
|
displayName: 'Publish to rest source'
|
|
dependsOn:
|
|
- 'CommitProcessing'
|
|
- 'Publish'
|
|
variables:
|
|
HostKeySecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.hostkey']]
|
|
RestSourceUpdateEndpointSecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.restsourceUpdateEndpoint']]
|
|
steps:
|
|
|
|
# Publish updates to rest source
|
|
- task: AzureFunction@1
|
|
displayName: 'Publishing to rest source'
|
|
inputs:
|
|
function: '$(RestSourceUpdateEndpointSecret)'
|
|
key: '$(HostKeySecret)'
|
|
body: |
|
|
{
|
|
"operationId": "$(Build.BuildNumber)",
|
|
"BuildId": "$(Build.BuildId)",
|
|
"PlanUrl": "$(system.CollectionUri)",
|
|
"HubName": "$(system.HostType)",
|
|
"pipelineType": "CommitPipeline",
|
|
"ProjectId": "$(system.TeamProjectId)",
|
|
"PlanId": "$(system.PlanId)",
|
|
"JobId": "$(system.JobId)",
|
|
"TimelineId": "$(system.TimelineId)",
|
|
"TaskInstanceId": "$(system.TaskInstanceId)",
|
|
"AuthToken": "$(system.AccessToken)"
|
|
}
|
|
waitForCompletion: "true"
|
|
|
|
# Agentless phase. Depends on previous job.
|
|
- job: 'PostPublish'
|
|
pool: server
|
|
timeoutInMinutes: 1500
|
|
displayName: 'Post publish'
|
|
dependsOn:
|
|
- 'CommitProcessing'
|
|
- 'Publish'
|
|
- 'PublishToRestSource'
|
|
condition: and(succeeded(), ne(variables['Source.SkipPostPublish'], 'true'))
|
|
variables:
|
|
HostKeySecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.hostkey']]
|
|
CleanEndpointSecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.cleanupEndpoint']]
|
|
ManifestPublishCompletionEndPoint: $[ dependencies.CommitProcessing.outputs['wingetsetup.manifestPublishCompletionEndPoint']]
|
|
PipelineTaskMessageQueueEndPoint: $[ dependencies.CommitProcessing.outputs['wingetsetup.PipelineTaskMessageQueueEndPoint']]
|
|
steps:
|
|
|
|
- task: AzureFunction@1
|
|
displayName: 'Waiver Commit'
|
|
inputs:
|
|
function: '$(PipelineTaskMessageQueueEndPoint)'
|
|
key: '$(HostKeySecret)'
|
|
body: |
|
|
{
|
|
"operationId": "$(Build.BuildNumber)",
|
|
"BuildId": "$(Build.BuildId)",
|
|
"PlanUrl": "$(system.CollectionUri)",
|
|
"HubName": "$(system.HostType)",
|
|
"pipelineType": "CommitPipeline",
|
|
"ProjectId": "$(system.TeamProjectId)",
|
|
"PlanId": "$(system.PlanId)",
|
|
"JobId": "$(system.JobId)",
|
|
"TimelineId": "$(system.TimelineId)",
|
|
"TaskInstanceId": "$(system.TaskInstanceId)",
|
|
"AuthToken": "$(system.AccessToken)",
|
|
"BuildRepositoryId": "$(build.repository.id)",
|
|
"TaskIdentifier": "WaiverCommit"
|
|
}
|
|
waitForCompletion: "true"
|
|
|
|
- task: AzureFunction@1
|
|
displayName: 'Pull Request Notification'
|
|
inputs:
|
|
function: '$(ManifestPublishCompletionEndPoint)'
|
|
key: '$(HostKeySecret)'
|
|
body: |
|
|
{
|
|
"operationId": "$(Build.BuildNumber)",
|
|
"BuildId": "$(Build.BuildId)",
|
|
"PlanUrl": "$(system.CollectionUri)",
|
|
"HubName": "$(system.HostType)",
|
|
"pipelineType": "CommitPipeline",
|
|
"ProjectId": "$(system.TeamProjectId)",
|
|
"PlanId": "$(system.PlanId)",
|
|
"JobId": "$(system.JobId)",
|
|
"TimelineId": "$(system.TimelineId)",
|
|
"TaskInstanceId": "$(system.TaskInstanceId)",
|
|
"AuthToken": "$(system.AccessToken)",
|
|
"BuildRepositoryId": "$(build.repository.id)"
|
|
}
|
|
waitForCompletion: "true"
|
|
|
|
# Close issues.
|
|
- task: AzureFunction@1
|
|
displayName: 'Cleanup Issues'
|
|
inputs:
|
|
function: '$(CleanEndpointSecret)'
|
|
key: '$(HostKeySecret)'
|
|
body: |
|
|
{
|
|
"operationId": "$(Build.BuildNumber)",
|
|
"BuildId": "$(Build.BuildId)",
|
|
"PlanUrl": "$(system.CollectionUri)",
|
|
"HubName": "$(system.HostType)",
|
|
"pipelineType": "CommitPipeline",
|
|
"ProjectId": "$(system.TeamProjectId)",
|
|
"PlanId": "$(system.PlanId)",
|
|
"JobId": "$(system.JobId)",
|
|
"TimelineId": "$(system.TimelineId)",
|
|
"TaskInstanceId": "$(system.TaskInstanceId)",
|
|
"AuthToken": "$(system.AccessToken)",
|
|
"BuildRepositoryId": "$(build.repository.id)"
|
|
}
|
|
waitForCompletion: "true"
|