-
Notifications
You must be signed in to change notification settings - Fork 271
/
azure-pipelines-release.yml
177 lines (156 loc) · 5.19 KB
/
azure-pipelines-release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
trigger: none
pr: none
pool:
name: '1ES-Hosted-DurableTaskFramework'
demands:
- ImageOverride -equals MMS2022TLS
variables:
- name: PackageSuffix
# if source branch is not `dev` then we're generating a release based on a feature branch
# In that case, we populate the environment variable "PackageSuffix" accordingly
${{ if ne(variables['Build.SourceBranchName'], 'dev') }}:
value: 'pr.$(Build.BuildNumber)' # the "pr" section is to denote this code is a candidate to be PR'ed
${{ else }}:
value: ''
steps:
# Configure all the .NET SDK versions we need
- task: UseDotNet@2
displayName: 'Use the .NET Core 2.1 SDK (required for build signing)'
inputs:
packageType: 'sdk'
version: '2.1.x'
- task: UseDotNet@2
displayName: 'Use the .NET Core 3.1 SDK'
inputs:
packageType: 'sdk'
version: '3.1.x'
- task: UseDotNet@2
displayName: 'Use the .NET 6 SDK'
inputs:
packageType: 'sdk'
version: '6.0.x'
# Use NuGet
- task: NuGetToolInstaller@1
displayName: 'Use NuGet '
# dotnet restore
- task: DotNetCoreCLI@2
displayName: 'dotnet restore'
inputs:
command: restore
projects: '**/**/*.csproj'
feedsToUse: config
nugetConfigPath: 'nuget.config'
# Build durable-extension
- task: VSBuild@1
displayName: 'Build Durable Extension'
inputs:
solution: '**/WebJobs.Extensions.DurableTask.sln'
vsVersion: "16.0"
configuration: Release
# Authenticode sign all the DLLs with the Microsoft certificate.
- task: EsrpCodeSigning@1
inputs:
ConnectedServiceName: 'ESRP Service'
FolderPath: 'src/WebJobs.Extensions.DurableTask/bin/Release'
Pattern: '*DurableTask.dll'
signConfigType: 'inlineSignParams'
inlineOperation: |
[
{
"KeyCode": "CP-230012",
"OperationCode": "SigntoolSign",
"Parameters": {
"OpusName": "Microsoft",
"OpusInfo": "http://www.microsoft.com",
"FileDigest": "/fd \"SHA256\"",
"PageHash": "/NPH",
"TimeStamp": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
},
"ToolName": "sign",
"ToolVersion": "1.0"
},
{
"KeyCode": "CP-230012",
"OperationCode": "SigntoolVerify",
"Parameters": {},
"ToolName": "sign",
"ToolVersion": "1.0"
}
]
SessionTimeout: '60'
MaxConcurrency: '50'
MaxRetryAttempts: '5'
# SBOM generator task for additional supply chain protection
- task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
displayName: 'Manifest Generator '
inputs:
BuildDropPath: '$(System.DefaultWorkingDirectory)'
# dotnet pack
# Packaging needs to be a separate step from build.
# This will automatically pick up the signed DLLs.
- task: DotNetCoreCLI@2
displayName: 'dotnet pack WebJobs.Extensions.DurableTask.csproj'
inputs:
command: pack
packagesToPack: 'src/**/WebJobs.Extensions.DurableTask.csproj'
configuration: Release
packDirectory: 'azure-functions-durable-extension'
nobuild: true
# Remove redundant symbol package(s)
- script: |
echo *** Searching for .symbols.nupkg files to delete...
dir /s /b *.symbols.nupkg
echo *** Deleting .symbols.nupkg files...
del /S /Q *.symbols.nupkg
echo *** Listing remaining packages
dir /s /b *.nupkg
displayName: 'Remove Redundant Symbols Package(s)'
continueOnError: true
# Digitally sign all the nuget packages with the Microsoft certificate.
# This appears to be an in-place signing job, which is convenient.
- task: EsrpCodeSigning@1
inputs:
ConnectedServiceName: 'ESRP Service'
FolderPath: '$(System.DefaultWorkingDirectory)'
Pattern: '*.nupkg'
signConfigType: 'inlineSignParams'
inlineOperation: |
[
{
"KeyCode": "CP-401405",
"OperationCode": "NuGetSign",
"Parameters": {},
"ToolName": "sign",
"ToolVersion": "1.0"
},
{
"KeyCode": "CP-401405",
"OperationCode": "NuGetVerify",
"Parameters": {},
"ToolName": "sign",
"ToolVersion": "1.0"
}
]
SessionTimeout: '60'
MaxConcurrency: '50'
MaxRetryAttempts: '5'
# zip .NET in-proc perf tests
- task: DotNetCoreCLI@2
displayName: 'Zip .NET in-proc perf tests'
inputs:
command: 'publish'
publishWebProjects: false
projects: '$(System.DefaultWorkingDirectory)/test/PerfTests/DFPerfTests/**/*.csproj'
arguments: '-o $(System.DefaultWorkingDirectory)/test/PerfTests/DFPerfTests/Output'
zipAfterPublish: true
modifyOutputPath: true
# Move zip'ed .NET in-proc perf tests to the ADO publishing directory
- task: CopyFiles@2
inputs:
SourceFolder: '$(System.DefaultWorkingDirectory)/test/PerfTests/DFPerfTests/Output/'
Contents: '**'
TargetFolder: '$(System.DefaultWorkingDirectory)/azure-functions-durable-extension/'
# Make the nuget packages available for download in the ADO portal UI
- publish: '$(System.DefaultWorkingDirectory)/azure-functions-durable-extension'
displayName: 'Publish nuget packages to Artifacts'
artifact: PackageOutput