From 2bcbe6b49208cb2040091b1cd2c9b3df8e69f5bd Mon Sep 17 00:00:00 2001 From: "Dustin L. Howett" Date: Tue, 2 Apr 2024 17:52:29 -0500 Subject: [PATCH] ci/rel: publish symbols using the internal symbol request API instead (#16991) Work is ongoing to remove individually-authenticated service accounts from some pipelines. This moves us closer to that goal. Tested in Nightly 2403.28002. --- .github/actions/spelling/allow/microsoft.txt | 2 + build/pipelines/ob-nightly.yml | 2 + build/pipelines/ob-release.yml | 2 + ...sh-symbols-using-symbolrequestprod-api.yml | 117 ++++++++++++++++++ .../pipeline-onebranch-full-release-build.yml | 9 +- 5 files changed, 130 insertions(+), 2 deletions(-) create mode 100644 build/pipelines/templates-v2/job-publish-symbols-using-symbolrequestprod-api.yml diff --git a/.github/actions/spelling/allow/microsoft.txt b/.github/actions/spelling/allow/microsoft.txt index 5e7aa5c06ee..9cda69aa947 100644 --- a/.github/actions/spelling/allow/microsoft.txt +++ b/.github/actions/spelling/allow/microsoft.txt @@ -32,6 +32,7 @@ DWINRT enablewttlogging HOMESHARE Intelli +issecret IVisual libucrt libucrtd @@ -74,6 +75,7 @@ sid Skype SRW sxs +symbolrequestprod Sysinternals sysnative systemroot diff --git a/build/pipelines/ob-nightly.yml b/build/pipelines/ob-nightly.yml index 1c90866f9e2..99cff5b206c 100644 --- a/build/pipelines/ob-nightly.yml +++ b/build/pipelines/ob-nightly.yml @@ -33,6 +33,8 @@ extends: publishSymbolsToPublic: true publishVpackToWindows: false symbolExpiryTime: 15 + symbolPublishingSubscription: $(SymbolPublishingServiceConnection) + symbolPublishingProject: $(SymbolPublishingProject) ${{ if eq(true, parameters.publishToAzure) }}: extraPublishJobs: - template: build/pipelines/templates-v2/job-deploy-to-azure-storage.yml@self diff --git a/build/pipelines/ob-release.yml b/build/pipelines/ob-release.yml index ca168e6d337..147fef4e5a1 100644 --- a/build/pipelines/ob-release.yml +++ b/build/pipelines/ob-release.yml @@ -81,3 +81,5 @@ extends: terminalInternalPackageVersion: ${{ parameters.terminalInternalPackageVersion }} publishSymbolsToPublic: ${{ parameters.publishSymbolsToPublic }} publishVpackToWindows: ${{ parameters.publishVpackToWindows }} + symbolPublishingSubscription: $(SymbolPublishingServiceConnection) + symbolPublishingProject: $(SymbolPublishingProject) diff --git a/build/pipelines/templates-v2/job-publish-symbols-using-symbolrequestprod-api.yml b/build/pipelines/templates-v2/job-publish-symbols-using-symbolrequestprod-api.yml new file mode 100644 index 00000000000..0f9d338699b --- /dev/null +++ b/build/pipelines/templates-v2/job-publish-symbols-using-symbolrequestprod-api.yml @@ -0,0 +1,117 @@ +parameters: + - name: includePublicSymbolServer + type: boolean + default: false + - name: pool + type: object + default: [] + - name: dependsOn + type: object + default: null + - name: artifactStem + type: string + default: '' + - name: jobName + type: string + default: PublishSymbols + - name: symbolExpiryTime + type: string + default: 36530 # This is the default from PublishSymbols@2 + - name: variables + type: object + default: {} + - name: subscription + type: string + - name: symbolProject + type: string + +jobs: +- job: ${{ parameters.jobName }} + ${{ if ne(length(parameters.pool), 0) }}: + pool: ${{ parameters.pool }} + ${{ if eq(parameters.includePublicSymbolServer, true) }}: + displayName: Publish Symbols to Internal and MSDL + ${{ else }}: + displayName: Publish Symbols Internally + dependsOn: ${{ parameters.dependsOn }} + variables: + ${{ insert }}: ${{ parameters.variables }} + steps: + - checkout: self + clean: true + fetchDepth: 1 + fetchTags: false # Tags still result in depth > 1 fetch; we don't need them here + submodules: true + persistCredentials: True + + - task: PkgESSetupBuild@12 + displayName: Package ES - Setup Build + inputs: + disableOutputRedirect: true + + - task: DownloadPipelineArtifact@2 + displayName: Download all PDBs from all prior build phases + inputs: + itemPattern: '**/*.pdb' + targetPath: '$(Build.SourcesDirectory)/bin' + + - powershell: |- + Get-PackageProvider -Name NuGet -ForceBootstrap + Install-Module -Verbose -AllowClobber -Force Az.Accounts, Az.Storage, Az.Network, Az.Resources, Az.Compute + displayName: Install Azure Module Dependencies + + # Transit the Azure token from the Service Connection into a secret variable for the rest of the pipeline to use. + - task: AzurePowerShell@5 + displayName: Generate an Azure Token + inputs: + azureSubscription: ${{ parameters.subscription }} + azurePowerShellVersion: LatestVersion + pwsh: true + ScriptType: InlineScript + Inline: |- + $AzToken = (Get-AzAccessToken -ResourceUrl api://30471ccf-0966-45b9-a979-065dbedb24c1).Token + Write-Host "##vso[task.setvariable variable=SymbolAccessToken;issecret=true]$AzToken" + + + - task: PublishSymbols@2 + displayName: Publish Symbols (to current Azure DevOps tenant) + continueOnError: True + inputs: + SymbolsFolder: '$(Build.SourcesDirectory)/bin' + SearchPattern: '**/*.pdb' + IndexSources: false + DetailedLog: true + SymbolsMaximumWaitTime: 30 + SymbolServerType: 'TeamServices' + SymbolsProduct: 'Windows Terminal Converged Symbols' + SymbolsVersion: '$(XES_APPXMANIFESTVERSION)' + SymbolsArtifactName: 'WindowsTerminal_$(XES_APPXMANIFESTVERSION)' + SymbolExpirationInDays: ${{ parameters.symbolExpiryTime }} + env: + LIB: $(Build.SourcesDirectory) + + - pwsh: |- + # Prepare the defaults for IRM + $PSDefaultParameterValues['Invoke-RestMethod:Headers'] = @{ Authorization = "Bearer $(SymbolAccessToken)" } + $PSDefaultParameterValues['Invoke-RestMethod:ContentType'] = "application/json" + $PSDefaultParameterValues['Invoke-RestMethod:Method'] = "POST" + + $BaseUri = "https://symbolrequestprod.trafficmanager.net/projects/${{ parameters.symbolProject }}/requests" + + # Prepare the request + $expiration = (Get-Date).Add([TimeSpan]::FromDays(${{ parameters.symbolExpiryTime }})) + $createRequestBody = @{ + requestName = "WindowsTerminal_$(XES_APPXMANIFESTVERSION)"; + expirationTime = $expiration.ToString(); + } + Write-Host "##[debug]Starting request $($createRequestBody.requestName) with expiration date of $($createRequestBody.expirationTime)" + Invoke-RestMethod -Uri "$BaseUri" -Body ($createRequestBody | ConvertTo-Json -Compress) -Verbose + + # Request symbol publication + $publishRequestBody = @{ + publishToInternalServer = $true; + publishToPublicServer = $${{ parameters.includePublicSymbolServer }}; + } + Write-Host "##[debug]Submitting request $($createRequestBody.requestName) ($($publishRequestBody | ConvertTo-Json -Compress))" + Invoke-RestMethod -Uri "$BaseUri/$($createRequestBody.requestName)" -Body ($publishRequestBody | ConvertTo-Json -Compress) -Verbose + displayName: Publish Symbols using internal REST API diff --git a/build/pipelines/templates-v2/pipeline-onebranch-full-release-build.yml b/build/pipelines/templates-v2/pipeline-onebranch-full-release-build.yml index f66d452b36a..37d21c89a69 100644 --- a/build/pipelines/templates-v2/pipeline-onebranch-full-release-build.yml +++ b/build/pipelines/templates-v2/pipeline-onebranch-full-release-build.yml @@ -52,6 +52,10 @@ parameters: - name: publishVpackToWindows type: boolean default: false + - name: symbolPublishingSubscription + type: string + - name: symbolPublishingProject + type: string - name: extraPublishJobs type: object @@ -248,12 +252,13 @@ extends: displayName: Publish dependsOn: [Build] jobs: - - template: ./build/pipelines/templates-v2/job-publish-symbols.yml@self + - template: ./build/pipelines/templates-v2/job-publish-symbols-using-symbolrequestprod-api.yml@self parameters: pool: { type: windows } includePublicSymbolServer: ${{ parameters.publishSymbolsToPublic }} - symbolPatGoesInTaskInputs: true # onebranch tries to muck with the PAT variable, so we need to change how it get the PAT symbolExpiryTime: ${{ parameters.symbolExpiryTime }} + subscription: ${{ parameters.symbolPublishingSubscription }} + symbolProject: ${{ parameters.symbolPublishingProject }} variables: ob_git_checkout: false # This job checks itself out ob_git_skip_checkout_none: true