Azure
/
aztfy
зеркало из https://github.com/Azure/aztfexport.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
aztfy/azure-pipelines.yml

700 строки
26 KiB
YAML
Исходник Ответственный История

parameters:
- name: version
displayName: Release Version (e.g. v0.1.0)
type: string
- name: artifactBuildId
displayName: "Artifact source build id (defaults uses this build)"
type: number
default: 0
variables:
- name: pipelineId
value: 22
stages:
- stage: build
pool:
name: pool-ubuntu-2004
displayName: "Build"
jobs:
- job: build
displayName: "Build Binaries"
strategy:
matrix:
windows-386:
OS: windows
ARCH: 386
windows-amd64:
OS: windows
ARCH: amd64
linux-386:
OS: linux
ARCH: 386
linux-amd64:
OS: linux
ARCH: amd64
linux-arm:
OS: linux
ARCH: arm
linux-arm64:
OS: linux
ARCH: arm64
darwin-amd64:
OS: darwin
ARCH: amd64
darwin-arm64:
OS: darwin
ARCH: arm64
steps:
- task: GoTool@0
displayName: "Install Go"
inputs:
version: 1.19
- script: |
set -e
REVISION=`git rev-parse --short HEAD`
mkdir build
name=aztfexport
if [[ $OS = windows ]]; then
name=aztfexport.exe
fi
GOOS="${OS}" GOARCH="${ARCH}" CGO_ENABLED=0 go build -trimpath -ldflags="-s -w -X 'main.version=${VERSION}' -X 'main.revision=${REVISION}'" -o build/$name
displayName: "Go Build"
env:
OS: $(OS)
ARCH: $(ARCH)
VERSION: ${{ parameters.version }}
- task: UseDotNet@2
displayName: 'Install .NET SDK (Windows Only)'
condition: eq(variables.OS, 'windows')
inputs:
packageType: 'sdk'
version: '3.x'
- task: EsrpCodeSigning@1
displayName: "Sign Binary (Windows Only)"
condition: eq(variables.OS, 'windows')
inputs:
ConnectedServiceName: "ESRP Signing Service"
FolderPath: "$(system.defaultWorkingDirectory)/build"
Pattern: "*.exe"
signConfigType: "inlineSignParams"
inlineOperation: |
[
{
"KeyCode" : "CP-230012",
"OperationCode" : "SigntoolSign",
"Parameters" : {
"OpusName" : "Microsoft",
"OpusInfo" : "http://www.microsoft.com",
"PageHash" : "/NPH",
"TimeStamp" : "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256",
"FileDigest": "/fd \"SHA256\""
},
"ToolName" : "sign",
"ToolVersion" : "1.0"
},
{
"KeyCode" : "CP-230012",
"OperationCode" : "SigntoolVerify",
"Parameters" : {},
"ToolName" : "sign",
"ToolVersion" : "1.0"
}
]
SessionTimeout: "60"
MaxConcurrency: "50"
MaxRetryAttempts: "5"
- task: PublishPipelineArtifact@1
displayName: "Publish Binary"
inputs:
targetPath: "$(system.defaultWorkingDirectory)/build"
artifactName: "$(OS)-$(ARCH)"
- job: build_windows_setup
displayName: "Build Windows Setup"
pool:
name: pool-windows-2019
dependsOn: build
strategy:
matrix:
386:
ARCH: 386
amd64:
ARCH: amd64
steps:
- task: DownloadPipelineArtifact@2
displayName: "Download binary"
inputs:
artifact: windows-$(ARCH)
path: $(system.defaultWorkingDirectory)/dist/bin
- task: DownloadPackage@1
displayName: "Download wix toolset"
inputs:
packageType: 'upack'
feed: '9b6b54d1-85ce-4ff5-8faa-608b4a183fc6/fe61ad7c-682d-4a30-ae2e-6891a3b27dde'
view: '2e6dbd24-c57a-430c-9148-c2cf257a62ae'
definition: 'a4999329-4b03-4635-bbf3-1ae2d2405efe'
version: '3.11.2'
downloadPath: $(system.defaultWorkingDirectory)/dist/tool
- bash: |
set -e
# Setup wix
./dist/tool/wix311.exe -install -quiet -norestart
export PATH=$PATH:"/c/Program Files (x86)/WiX Toolset v3.11/bin"
# Build
cd $workdir/scripts/package/windows/build
declare -A map=( [386]=x86 [amd64]=x64 )
export VERSION=${VERSION:1}
cp $workdir/dist/bin/aztfexport.exe .
candle.exe -arch ${map[$ARCH]} -o setup.wxobj ./setup.wxs
mkdir $workdir/dist/output
light.exe -out $workdir/dist/output/aztfexport.msi ./setup.wxobj
env:
workdir: $(system.defaultWorkingDirectory)
VERSION: ${{ parameters.version }}
ARCH: $(ARCH)
displayName: "Build"
- task: UseDotNet@2
displayName: 'Install .NET SDK'
inputs:
packageType: 'sdk'
version: '3.x'
- task: EsrpCodeSigning@1
displayName: "Sign MSI"
inputs:
ConnectedServiceName: "ESRP Signing Service"
FolderPath: "$(system.defaultWorkingDirectory)/dist/output"
Pattern: "*.msi"
signConfigType: "inlineSignParams"
inlineOperation: |
[
{
"KeyCode" : "CP-230012",
"OperationCode" : "SigntoolSign",
"Parameters" : {
"OpusName" : "Microsoft",
"OpusInfo" : "http://www.microsoft.com",
"PageHash" : "/NPH",
"TimeStamp" : "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256",
"FileDigest": "/fd \"SHA256\""
},
"ToolName" : "sign",
"ToolVersion" : "1.0"
},
{
"KeyCode" : "CP-230012",
"OperationCode" : "SigntoolVerify",
"Parameters" : {},
"ToolName" : "sign",
"ToolVersion" : "1.0"
}
]
SessionTimeout: "60"
MaxConcurrency: "50"
MaxRetryAttempts: "5"
- task: PublishPipelineArtifact@1
displayName: "Publish MSI"
inputs:
targetPath: "$(system.defaultWorkingDirectory)/dist/output"
artifactName: windows-$(ARCH)-msi
- job: build_linux_packages
displayName: "Build Linux RPM/Debian Packages"
dependsOn: build
strategy:
matrix:
linux-386:
OS: linux
ARCH: 386
linux-amd64:
OS: linux
ARCH: amd64
linux-arm:
OS: linux
ARCH: arm
linux-arm64:
OS: linux
ARCH: arm64
steps:
- task: DownloadPipelineArtifact@2
inputs:
artifact: $(OS)-$(ARCH)
path: $(system.defaultWorkingDirectory)/dist/source
- script: |
mkdir $workdir/dist/output
displayName: "Prepare the output directory"
env:
workdir: $(system.defaultWorkingDirectory)
- script: |
set -e
chmod +x $WORKDIR/dist/source/aztfexport
declare -A deb_arch_map=( [386]=i386 [amd64]=amd64 [arm]=armhf [arm64]=arm64 )
declare -A rpm_arch_map=( [386]=i686 [amd64]=x86_64 [arm]=armv7hl [arm64]=aarch64 )
version=${VERSION:1}
# Build the image
cd $WORKDIR/scripts/package/linux/build
docker build -t aztfexportbuild .
# Build deb package
docker run -t --rm \
-v $WORKDIR/dist/source:/build/source \
-v $WORKDIR/dist/output:/build/output \
aztfexportbuild \
fpm \
--name aztfexport \
--license MPL-2.0 \
--version $version \
--description "A tool to bring existing Azure resources under Terraform's management" \
--url "https://github.com/Azure/aztfexport" \
--maintainer "magodo <wztdyl@sina.com>" \
--input-type dir \
--output-type deb \
--architecture ${deb_arch_map[$ARCH]} \
--package /build/output/aztfexport-$version-1-${deb_arch_map[$ARCH]}.deb \
/build/source/aztfexport=/usr/bin/aztfexport
# Build rpm package
echo $version
docker run -t --rm \
-v $WORKDIR/dist/source:/build/source \
-v $WORKDIR/dist/output:/build/output \
aztfexportbuild \
fpm \
--name aztfexport \
--license MPL-2.0 \
--version ${version} \
--description "A tool to bring existing Azure resources under Terraform's management" \
--url "https://github.com/Azure/aztfexport" \
--maintainer "magodo <wztdyl@sina.com>" \
--input-type dir \
--output-type rpm \
--architecture ${rpm_arch_map[$ARCH]} \
--package /build/output/aztfexport-$version-1-${rpm_arch_map[$ARCH]}.rpm \
/build/source/aztfexport=/usr/bin/aztfexport
displayName: "Build Packages"
env:
VERSION: ${{ parameters.version }}
WORKDIR: $(system.defaultWorkingDirectory)
- task: UseDotNet@2
displayName: 'Install .NET SDK'
inputs:
packageType: 'sdk'
version: '3.x'
- task: EsrpCodeSigning@1
displayName: "Sign Package"
inputs:
ConnectedServiceName: "ESRP Signing Service"
FolderPath: "$(system.defaultWorkingDirectory)/dist/output"
Pattern: "*.rpm,*.deb"
signConfigType: "inlineSignParams"
inlineOperation: |
[
{
"KeyCode": "CP-450779-Pgp",
"OperationCode": "LinuxSign",
"Parameters": {},
"ToolName": "sign",
"ToolVersion": "1.0"
}
]
SessionTimeout: "60"
MaxConcurrency: "50"
MaxRetryAttempts: "5"
- task: PublishPipelineArtifact@1
displayName: "Publish Packages"
inputs:
targetPath: "$(system.defaultWorkingDirectory)/dist/output"
artifactName: $(OS)-$(ARCH)-pkg
- stage: github_release
displayName: "Github Draft Release"
pool:
name: pool-ubuntu-2004
jobs:
- job: release
displayName: "Github Release"
steps:
- ${{ if eq(parameters.artifactBuildId, 0) }}:
- task: DownloadPipelineArtifact@2
inputs:
path: $(system.defaultWorkingDirectory)/dist
- ${{ else }}:
- task: DownloadPipelineArtifact@2
inputs:
path: $(system.defaultWorkingDirectory)/dist
source: "specific"
project: "release"
pipeline: $(pipelineId)
runVersion: "specific"
runId: ${{ parameters.artifactBuildId }}
- script: |
set -e
NAME="aztfexport"
OS_ARCH=(
"windows:amd64"
"windows:386"
"linux:amd64"
"linux:386"
"linux:arm"
"linux:arm64"
"darwin:amd64"
"darwin:arm64"
)
mkdir release
for os_arch in "${OS_ARCH[@]}" ; do
OS=${os_arch%%:*}
ARCH=${os_arch#*:}
name=aztfexport
if [[ $OS = windows ]]; then
name=aztfexport.exe
fi
chmod +x dist/${OS}-${ARCH}/${name}
zip -j release/${NAME}_${VERSION}_${OS}_${ARCH}.zip dist/${OS}-${ARCH}/${name}
done
# Copy MSI
cp dist/windows-386-msi/aztfexport.msi release/${NAME}_${VERSION}_x86.msi
cp dist/windows-amd64-msi/aztfexport.msi release/${NAME}_${VERSION}_x64.msi
cd release
shasum -a 256 *.zip *.msi > ${NAME}_SHA256SUMS
cp ${NAME}_SHA256SUMS ${NAME}_SHA256SUMS.sig
displayName: "Prepare Binary Archives & Digests"
env:
VERSION: ${{ parameters.version }}
- task: UseDotNet@2
displayName: 'Install .NET SDK'
inputs:
packageType: 'sdk'
version: '3.x'
- task: EsrpCodeSigning@1
displayName: "Sign Binary Archive Digests"
inputs:
ConnectedServiceName: "ESRP Signing Service"
FolderPath: "$(system.defaultWorkingDirectory)/release"
Pattern: "*_SHA256SUMS.sig"
signConfigType: "inlineSignParams"
inlineOperation: |
[
{
"KeyCode": "CP-450779-Pgp",
"OperationCode": "LinuxSign",
"Parameters": {},
"ToolName": "sign",
"ToolVersion": "1.0"
}
]
SessionTimeout: "60"
MaxConcurrency: "50"
MaxRetryAttempts: "5"
- script: |
set -e
git config user.name "azure-terraform-bot"
git config user.email "azure-terraform@microsoft.com"
git tag -a "${VERSION}" -m "${VERSION}"
git push https://${PAT}@github.com/Azure/aztfexport.git --tags
displayName: "Create and Push a Git Release"
env:
VERSION: ${{ parameters.version }}
PAT: $(AZURE_TERRAFORM_BOT_PAT)
- task: GitHubRelease@1
displayName: "Draft Github Release"
inputs:
gitHubConnection: "github_aztfy"
repositoryName: "$(Build.Repository.Name)"
action: "create"
target: "$(Build.SourceVersion)"
tagSource: "gitTag"
tagPattern: '^v\d+\.\d+\.\d+'
assets: "$(system.defaultWorkingDirectory)/release/*"
isDraft: true
addChangeLog: false
- stage: publish_linux_packages
displayName: "Publish Linux Packages"
pool:
name: pool-ubuntu-2004
jobs:
- job: publish
displayName: "Publish Packages"
strategy:
matrix:
# deb platforms
# ubuntu-bionic-amd64:
# TYPE: deb
# ARCH: amd64
# REPO_ID: 5d16326637164fbc1139c4e1
# REPO_DISTRO: ubuntu
# REPO_RELEASE: bionic
# ubuntu-bionic-arm64:
# TYPE: deb
# ARCH: arm64
# REPO_ID: 5d16326637164fbc1139c4e1
# REPO_DISTRO: ubuntu
# REPO_RELEASE: bionic
ubuntu-focal-amd64:
TYPE: deb
ARCH: amd64
REPO_ID: 5e852952e45fffa1beda61fe
REPO_DISTRO: ubuntu
REPO_RELEASE: focal
ubuntu-focal-arm64:
TYPE: deb
ARCH: arm64
REPO_ID: 5e852952e45fffa1beda61fe
REPO_DISTRO: ubuntu
REPO_RELEASE: focal
ubuntu-jammy-amd64:
TYPE: deb
ARCH: amd64
REPO_ID: 61faea6cea3a770ab120ac8a
REPO_DISTRO: ubuntu
REPO_RELEASE: jammy
ubuntu-jammy-arm64:
TYPE: deb
ARCH: arm64
REPO_ID: 61faea6cea3a770ab120ac8a
REPO_DISTRO: ubuntu
REPO_RELEASE: jammy
# debian-buster-amd64:
# TYPE: deb
# ARCH: amd64
# REPO_ID: 5d23b16c9a6e3b375bbba42e
# REPO_DISTRO: debian
# REPO_RELEASE: buster
# debian-buster-arm64:
# TYPE: deb
# ARCH: arm64
# REPO_ID: 5d23b16c9a6e3b375bbba42e
# REPO_DISTRO: debian
# REPO_RELEASE: buster
# debian-bullseye-amd64:
# TYPE: deb
# ARCH: amd64
# REPO_ID: 611ab3a32acdcd0744c8c841
# REPO_DISTRO: debian
# REPO_RELEASE: bullseye
# debian-bullseye-arm64:
# TYPE: deb
# ARCH: arm64
# REPO_ID: 611ab3a32acdcd0744c8c841
# REPO_DISTRO: debian
# REPO_RELEASE: bullseye
# rpm platforms
# centos-8-x86_64:
# TYPE: rpm
# ARCH: amd64
# REPO_ID: 5e5ed94a523a8019fe47607e
# REPO_DISTRO: centos
# REPO_RELEASE: 8
# centos-8-aarch64:
# TYPE: rpm
# ARCH: arm64
# REPO_ID: 5e5ed94a523a8019fe47607e
# REPO_DISTRO: centos
# REPO_RELEASE: 8
rhel-8-x86_64:
TYPE: rpm
ARCH: amd64
REPO_ID: 5d4470e1eebce7156eee5407
REPO_DISTRO: rhel
REPO_RELEASE: 8
rhel-8-aarch64:
TYPE: rpm
ARCH: arm64
REPO_ID: 5d4470e1eebce7156eee5407
REPO_DISTRO: rhel
REPO_RELEASE: 8
rhel-9-x86_64:
TYPE: rpm
ARCH: amd64
REPO_ID: 627067cc3ac6d7548f4d66cd
REPO_DISTRO: rhel
REPO_RELEASE: 9
rhel-9-aarch64:
TYPE: rpm
ARCH: arm64
REPO_ID: 627067cc3ac6d7548f4d66cd
REPO_DISTRO: rhel
REPO_RELEASE: 9
# fedora-34-x86_64:
# TYPE: rpm
# ARCH: amd64
# REPO_ID: 606e1da573e50659b0803a7b
# REPO_DISTRO: fedora
# REPO_RELEASE: 34
# fedora-34-aarch64:
# TYPE: rpm
# ARCH: arm64
# REPO_ID: 606e1da573e50659b0803a7b
# REPO_DISTRO: fedora
# REPO_RELEASE: 34
# fedora-35-x86_64:
# TYPE: rpm
# ARCH: amd64
# REPO_ID: 6196d483ea3a770f011f63fb
# REPO_DISTRO: fedora
# REPO_RELEASE: 35
# fedora-35-aarch64:
# TYPE: rpm
# ARCH: arm64
# REPO_ID: 6196d483ea3a770f011f63fb
# REPO_DISTRO: fedora
# REPO_RELEASE: 35
# fedora-36-x86_64:
# TYPE: rpm
# ARCH: amd64
# REPO_ID: 6271bc683ac6d73aa84d6737
# REPO_DISTRO: fedora
# REPO_RELEASE: 36
# fedora-36-aarch64:
# TYPE: rpm
# ARCH: arm64
# REPO_ID: 6271bc683ac6d73aa84d6737
# REPO_DISTRO: fedora
# REPO_RELEASE: 36
steps:
- ${{ if eq(parameters.artifactBuildId, 0) }}:
- task: DownloadPipelineArtifact@2
inputs:
artifact: linux-$(ARCH)-pkg
path: $(system.defaultWorkingDirectory)/dist/pkg
- ${{ else }}:
- task: DownloadPipelineArtifact@2
inputs:
artifact: linux-$(ARCH)-pkg
path: $(system.defaultWorkingDirectory)/dist/pkg
source: "specific"
project: "release"
pipeline: $(pipelineId)
runVersion: "specific"
runId: ${{ parameters.artifactBuildId }}
- task: DownloadPackage@1
displayName: "Download repoclient"
inputs:
packageType: 'upack'
feed: '9b6b54d1-85ce-4ff5-8faa-608b4a183fc6/fe61ad7c-682d-4a30-ae2e-6891a3b27dde'
view: '2e6dbd24-c57a-430c-9148-c2cf257a62ae'
definition: '5dc48a28-dc78-4d14-9a8b-4981783b402d'
version: '2.2.1'
downloadPath: $(system.defaultWorkingDirectory)/dist/tool
- script: |
set -e
sudo apt install -y ./dist/tool/azure-repoapi-client_2.2.1_amd64.deb
mkdir ~/.repoclient
cat << EOF > ~/.repoclient/config.json
{
"server": "azure-apt-cat.cloudapp.net",
"port": "443",
"AADClientId": "$(LINUX_REPO_SP_CLIENT_ID)",
"AADClientSecret": "$(LINUX_REPO_SP_CLIENT_SECRET)",
"AADResource": "https://microsoft.onmicrosoft.com/945999e9-da09-4b5b-878f-b66c414602c0",
"AADTenant": "72f988bf-86f1-41af-91ab-2d7cd011db47",
"AADAuthorityUrl": "https://login.microsoftonline.com",
"repositoryId": "IGNORE"
}
EOF
pkg=(./dist/pkg/*.${TYPE})
[[ ${#pkg[@]} == 1 ]] || { echo "not exactly one target packages found: $(declare -p pkg)" > 2; exit 1; }
pkg=${pkg[0]}
# Allow error's to occur prior to quit the task, as we are capturing the command output, otherwise, we will have no chance to output that in stdout/stderr.
set +e
ret=$(repoclient package add -r ${REPO_ID} $pkg)
[[ $? == 0 ]] || { echo "Error: repoclient package add failed: $ret" >&2; exit 1; }
echo -e "repoclient package add returns:\n$ret\n"
location=$(jq -r '.Location' <<< $ret)
package_id=${location##*/}
[[ -n $package_id ]] || { echo "Error: empty package id got" >&2; exit 1; }
echo "package id: $package_id"
ret=$(repoclient package check $package_id)
[[ $? == 0 ]] || { echo "Error: repoclient package check failed: $ret" >&2; exit 1; }
echo -e "repoclient package check returns:\n$ret\n"
displayName: "Publish via repoclient"
env:
TYPE: $(TYPE)
REPO_ID: $(REPO_ID)
- script: |
set -e
# Skip verifying rhel distros as they don't have a docker image available
[[ $REPO_DISTRO == rhel ]] && exit 0
# Install and run kvm service
sudo apt install qemu-kvm libvirt-clients libvirt-daemon-system bridge-utils virtinst libvirt-daemon
sudo systemctl enable --now libvirtd
# Setup binfmt_misc to enable multi arch
docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
# Launch the base container of the correct architecture
cid=$(docker run --rm -dit --platform=linux/$ARCH ${REPO_DISTRO}:${REPO_RELEASE})
docker cp ${workdir}/scripts/package/linux/verify/${REPO_DISTRO}-${REPO_RELEASE}.sh ${cid}:/verify.sh
docker exec $cid /verify.sh $VERSION
displayName: "Verify"
env:
workdir: $(system.defaultWorkingDirectory)
TYPE: $(TYPE)
ARCH: $(ARCH)
REPO_ID: $(REPO_ID)
REPO_DISTRO: $(REPO_DISTRO)
REPO_RELEASE: $(REPO_RELEASE)
VERSION: ${{ parameters.version }}
- stage: publish_windows_setup
displayName: "Publish Windows Setup"
pool:
name: pool-windows-2019
jobs:
- job: pr
displayName: "PR to winget"
steps:
- pwsh: |
$ErrorActionPreference = "Stop"
cd
iwr https://aka.ms/wingetcreate/latest -OutFile wingetcreate.exe
git clone https://github.com/microsoft/winget-pkgs.git
cd winget-pkgs
..\wingetcreate.exe update --urls https://github.com/Azure/aztfexport/releases/download/$env:VERSION/aztfexport_$($env:VERSION)_x64.msi https://github.com/Azure/aztfexport/releases/download/$env:VERSION/aztfexport_$($env:VERSION)_x86.msi --version $env:VERSION.Substring(1) --submit --token $env:PAT Microsoft.Azure.AztfExport
displayName: "Create PR"
env:
VERSION: ${{ parameters.version }}
PAT: $(AZURE_TERRAFORM_BOT_PAT)
- stage: pr_to_homebrew
displayName: "PR to homebrew"
pool:
name: pool-ubuntu-2004
jobs:
- job: pr
displayName: "PR to homebrew"
steps:
- script: |
set -e
# Install brew
export NONINTERACTIVE=1
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
# Bump formula
brew tap homebrew/core
cd "$(brew --repository homebrew/core)"
git config user.name "azure-terraform-bot"
git config user.email "azure-terraform@microsoft.com"
HOMEBREW_GITHUB_API_TOKEN=${PAT} brew bump-formula-pr --version=${VERSION:1} --no-browse --force aztfexport
displayName: "Create PR"
env:
VERSION: ${{ parameters.version }}
PAT: $(AZURE_TERRAFORM_BOT_PAT)
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку