Files
winget-pkgs/DevOpsPipelineDefinitions/publish-pipeline.yaml
T
2024-06-24 15:58:58 -07:00

293 lines
11 KiB
YAML

# Publish pipeline for WinGet.
# Name of the run
name: '$(Build.DefinitionName)-$(Build.DefinitionVersion)-$(Date:yyyyMMdd)-$(Rev:r)'
# Batch CI run. when a pipeline is running, the system waits until the run is completed,
# then starts another run with all changes that have not yet been built.
trigger:
batch: true
branches:
include:
- master
pr: none
variables:
Publish.SkipManifestIndexUpdate: $[coalesce(variables.SkipManifestIndexUpdate, 'False')]
resources:
repositories:
- repository: 1ESPipelineTemplates
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release
extends:
template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
parameters:
pool:
name: Azure-Pipelines-1ESPT-ExDShared
image: windows-2022
os: windows
customBuildTags:
- ES365AIMigrationTooling
stages:
- stage: WinGetSvc_Publish
jobs:
# Agent phase.
- job: 'CommitProcessing'
displayName: 'Commit Processing'
variables:
skipComponentGovernanceDetection: ${{ true }}
runCodesignValidationInjection: ${{ false }}
timeoutInMinutes: 0
steps:
# Downloads all the setup files and its dependencies.
- task: AzureCLI@2
displayName: 'Azure Setup'
inputs:
azureSubscription: '$(WinGetSvc.DataAccess)'
scriptType: batch
scriptLocation: inlineScript
inlineScript: |
az storage blob download-batch --auth-mode login -d . --pattern * -s servicewrapper --output none --account-name $(ValidationStorageAccountName)
addSpnToEnvironment: true
# WinGet setup
- task: CmdLine@2
name: 'wingetsetup'
displayName: 'WinGet Setup'
env:
HOST_KEY: $(AzureFunctionHostKey)
SIGN_ENDPOINT: $(AzFuncSignEndpoint)
CLEANUP_ENDPOINT: $(AzFuncPublishCleanupEndpoint)
MANIFEST_PUBLISH_COMPLETION_ENDPOINT: $(AzFuncManifestPublishCompletionEndpoint)
PIPELINE_TASK_MESSAGE_QUEUE_ENDPOINT: $(AzFuncPipelineTaskMessageQueueEndPoint)
RESTSOURCE_UPDATE_ENDPOINT: $(AzFuncRestSourceUpdateEndpoint)
PUBLISH_ENDPOINT: $(AzFuncCommitPipelinePublishEndpoint)
inputs:
script: 'winget_publish_setup.cmd'
workingDirectory: scripts
- task: AzureCLI@2
displayName: 'Validate Commits'
inputs:
azureSubscription: '$(WinGetSvc.DataAccess)'
scriptType: batch
scriptLocation: inlineScript
inlineScript: |
WinGetSvcWrapper.exe validate-commits --operationId %BUILD_BUILDNUMBER%
addSpnToEnvironment: true
failOnStandardError: true
env:
ValidationConnectionString: $(ValidationStorageAccountConnectionString)
CacheConnectionString: $(CacheStorageAccountConnectionString)
ValidationStorageAccountName: $(ValidationStorageAccountName)
CacheStorageAccountName: $(CacheStorageAccountName)
StorageManagedIdentityClientId: $(StorageManagedIdentityClientId)
ExecutionEnvironment: $(ExecutionEnvironment)
PackagePublisher: $(PackagePublisher)
DIApplicationInsightKey: $(DIApplicationInsightKey)
WinGet:AppConfig:Primary: $(AppConfigPrimary)
WinGet:AppConfig:Secondary: $(AppConfigSecondary)
WinGet:AppConfig:PrimaryEndpoint: $(AppConfigPrimaryEndpoint)
WinGet:AppConfig:SecondaryEndpoint: $(AppConfigSecondaryEndpoint)
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
GithubServiceAccountToken: $(GithubServiceAccountToken)
# Agentless phase. Depends on previous job.
- job: 'SignPackage'
pool: server
timeoutInMinutes: 1500
displayName: 'Sign package'
dependsOn:
- 'CommitProcessing'
variables:
HostKeySecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.hostkey']]
SignEndpointSecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.signEndpoint']]
steps:
# Sign package.
- task: AzureFunction@1
displayName: 'Signing package'
inputs:
function: '$(SignEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "CommitPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Agentless phase. Depends on previous job.
- job: 'Publish'
pool: server
timeoutInMinutes: 1500
displayName: 'Publish'
dependsOn:
- 'CommitProcessing'
- 'SignPackage'
condition: succeeded()
variables:
HostKeySecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.hostkey']]
PublishEndpointSecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.publishEndpoint']]
steps:
- task: AzureFunction@1
displayName: 'Publish'
inputs:
function: '$(PublishEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "CommitPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)",
"BuildRepositoryId": "$(build.repository.id)",
"CommitTablePartitionKey": "$(CommitTablePartitionKey)",
"CommitTableRowKey": "$(CommitTableRowKey)",
"SkipManifestIndexUpdate": "$(Publish.SkipManifestIndexUpdate)"
}
waitForCompletion: "true"
# Agentless phase. Depends on previous job.
- job: 'PublishToRestSource'
pool: server
timeoutInMinutes: 1500
displayName: 'Publish to rest source'
dependsOn:
- 'CommitProcessing'
- 'Publish'
variables:
HostKeySecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.hostkey']]
RestSourceUpdateEndpointSecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.restsourceUpdateEndpoint']]
steps:
# Publish updates to rest source
- task: AzureFunction@1
displayName: 'Publishing to rest source'
inputs:
function: '$(RestSourceUpdateEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "CommitPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)"
}
waitForCompletion: "true"
# Agentless phase. Depends on previous job.
- job: 'PostPublish'
pool: server
timeoutInMinutes: 1500
displayName: 'Post publish'
dependsOn:
- 'CommitProcessing'
- 'Publish'
- 'PublishToRestSource'
condition: and(succeeded(), ne(variables['Source.SkipPostPublish'], 'true'))
variables:
HostKeySecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.hostkey']]
CleanEndpointSecret: $[ dependencies.CommitProcessing.outputs['wingetsetup.cleanupEndpoint']]
ManifestPublishCompletionEndPoint: $[ dependencies.CommitProcessing.outputs['wingetsetup.manifestPublishCompletionEndPoint']]
PipelineTaskMessageQueueEndPoint: $[ dependencies.CommitProcessing.outputs['wingetsetup.PipelineTaskMessageQueueEndPoint']]
steps:
- task: AzureFunction@1
displayName: 'Waiver Commit'
inputs:
function: '$(PipelineTaskMessageQueueEndPoint)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "CommitPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)",
"BuildRepositoryId": "$(build.repository.id)",
"TaskIdentifier": "WaiverCommit"
}
waitForCompletion: "true"
- task: AzureFunction@1
displayName: 'Pull Request Notification'
inputs:
function: '$(ManifestPublishCompletionEndPoint)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "CommitPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)",
"BuildRepositoryId": "$(build.repository.id)"
}
waitForCompletion: "true"
# Close issues.
- task: AzureFunction@1
displayName: 'Cleanup Issues'
inputs:
function: '$(CleanEndpointSecret)'
key: '$(HostKeySecret)'
body: |
{
"operationId": "$(Build.BuildNumber)",
"BuildId": "$(Build.BuildId)",
"PlanUrl": "$(system.CollectionUri)",
"HubName": "$(system.HostType)",
"pipelineType": "CommitPipeline",
"ProjectId": "$(system.TeamProjectId)",
"PlanId": "$(system.PlanId)",
"JobId": "$(system.JobId)",
"TimelineId": "$(system.TimelineId)",
"TaskInstanceId": "$(system.TaskInstanceId)",
"AuthToken": "$(system.AccessToken)",
"BuildRepositoryId": "$(build.repository.id)"
}
waitForCompletion: "true"