ESRP Codesign task, build and test pipeline updates (#32)
* Break pipeline into templates to separate PR/CI/Release builds
This commit is contained in:
Ryan K
GitHub
Родитель
fd27f55386
Коммит
804e51a597
|
|
@ -1,45 +1,16 @@
|
|||
trigger: none
|
||||
trigger:
|
||||
- master
|
||||
|
||||
jobs:
|
||||
- job: build
|
||||
strategy:
|
||||
matrix:
|
||||
|
||||
linux:
|
||||
imageName: 'ubuntu-16.04'
|
||||
build_script: 'package:linux'
|
||||
package_name: 'Linux'
|
||||
|
||||
mac:
|
||||
imageName: 'macos-10.13'
|
||||
build_script: 'package:mac'
|
||||
package_name: 'MacOS'
|
||||
|
||||
windows:
|
||||
imageName: 'vs2017-win2016'
|
||||
build_script: 'package:win'
|
||||
package_name: 'Windows'
|
||||
|
||||
- job: Build_and_Test
|
||||
pool:
|
||||
vmImage: $(imageName)
|
||||
|
||||
vmImage: 'ubuntu-16.04'
|
||||
steps:
|
||||
- task: NodeTool@0
|
||||
- template: ./pipelines/build-and-test-template.yml
|
||||
|
||||
- task: ComponentGovernanceComponentDetection@0
|
||||
inputs:
|
||||
versionSpec: '12.x'
|
||||
|
||||
- script: 'npm run $(build_script)'
|
||||
|
||||
- task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
|
||||
displayName: 'Component Detection'
|
||||
|
||||
- task: CopyFiles@2
|
||||
inputs:
|
||||
SourceFolder: '$(Build.SourcesDirectory)/'
|
||||
Contents: '.artifactignore'
|
||||
TargetFolder: '$(Build.SourcesDirectory)/dist/'
|
||||
|
||||
- task: PublishPipelineArtifact@1
|
||||
inputs:
|
||||
targetPath: '$(Build.SourcesDirectory)/dist/'
|
||||
artifact: '$(package_name)'
|
||||
scanType: 'Register'
|
||||
verbosity: 'Verbose'
|
||||
alertWarningLevel: 'High'
|
||||
failOnAlert: true
|
||||
|
|
|
|||
|
|
@ -13,3 +13,8 @@ setIconOptions({
|
|||
|
||||
Enzyme.configure({ adapter: new Adapter() });
|
||||
document.execCommand = jest.fn(); // copyableMaskField
|
||||
|
||||
// fix for smooth-dnd invocation error in test
|
||||
Object.defineProperty(global, 'Node', {
|
||||
value: {firstElementChild: jest.fn()}
|
||||
});
|
||||
|
|
|
|||
|
|
@ -0,0 +1,6 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<configuration>
|
||||
<packageSources>
|
||||
<add key="ESRP" value="https://microsoft.pkgs.visualstudio.com/_packaging/ESRP/nuget/v3/index.json" />
|
||||
</packageSources>
|
||||
</configuration>
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<packages>
|
||||
<package id="Microsoft.EsrpClient" version="1.2.10" />
|
||||
</packages>
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
steps:
|
||||
- task: NodeTool@0
|
||||
inputs:
|
||||
versionSpec: '12.x'
|
||||
|
||||
- script: 'npm install'
|
||||
displayName: Install dependencies
|
||||
- script: 'npm run build'
|
||||
displayName: Build source
|
||||
- script: 'npm test'
|
||||
displayName: Run tests
|
||||
|
||||
# - task: PublishCodeCoverageResults@1
|
||||
# inputs:
|
||||
# codeCoverageTool: 'Cobertura'
|
||||
# summaryFileLocation: $(Build.SourcesDirectory)/coverage/cobertura-coverage.xml
|
||||
# reportDirectory: $(Build.SourcesDirectory)/coverage
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
Param(
|
||||
[string]$AuthCertFilePath,
|
||||
[string]$AuthCertKey,
|
||||
[string]$CertFilePath,
|
||||
[string]$CertKey
|
||||
)
|
||||
|
||||
# Import auth certificate
|
||||
$AuthCertificate = Import-PfxCertificate -FilePath $AuthCertFilePath -CertStoreLocation Cert:\LocalMachine\My -Password (ConvertTo-SecureString $AuthCertKey -AsPlainText -Force)
|
||||
$ESRPAuthCertificateSubjectName = $AuthCertificate.Subject
|
||||
|
||||
Write-Output ("##vso[task.setvariable variable=ESRPAuthCertificateSubjectName;]$ESRPAuthCertificateSubjectName")
|
||||
|
||||
# Import signing certificate
|
||||
$Certificate = Import-PfxCertificate -FilePath $CertFilePath -CertStoreLocation Cert:\LocalMachine\My -Password (ConvertTo-SecureString $CertKey -AsPlainText -Force)
|
||||
$ESRPCertificateSubjectName = $Certificate.Subject
|
||||
|
||||
Write-Output ("##vso[task.setvariable variable=ESRPCertificateSubjectName;]$ESRPCertificateSubjectName")
|
||||
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
pr:
|
||||
- master
|
||||
|
||||
jobs:
|
||||
- job: Verify_Build_and_Test
|
||||
pool:
|
||||
vmImage: 'ubuntu-16.04'
|
||||
steps:
|
||||
- template: ./build-and-test-template.yml
|
||||
|
||||
- task: ComponentGovernanceComponentDetection@0
|
||||
inputs:
|
||||
scanType: 'LogOnly'
|
||||
verbosity: 'Normal'
|
||||
alertWarningLevel: 'High'
|
||||
failOnAlert: true
|
||||
|
|
@ -0,0 +1,80 @@
|
|||
trigger: none
|
||||
|
||||
variables:
|
||||
- group: ESRP
|
||||
|
||||
jobs:
|
||||
- job: build_and_test
|
||||
pool:
|
||||
vmImage: 'ubuntu-16.04'
|
||||
steps:
|
||||
- template: ./build-and-test-template.yml
|
||||
|
||||
- job: package
|
||||
dependsOn: 'build_and_test'
|
||||
strategy:
|
||||
matrix:
|
||||
|
||||
# linux:
|
||||
# imageName: 'ubuntu-16.04'
|
||||
# build_script: 'package:linux'
|
||||
# package_name: 'Linux'
|
||||
|
||||
# mac:
|
||||
# imageName: 'macos-10.13'
|
||||
# build_script: 'package:mac'
|
||||
# package_name: 'MacOS'
|
||||
|
||||
windows:
|
||||
imageName: 'vs2017-win2016'
|
||||
build_script: 'package:win'
|
||||
package_name: 'Windows'
|
||||
|
||||
pool:
|
||||
vmImage: $(imageName)
|
||||
|
||||
steps:
|
||||
- task: NodeTool@0
|
||||
inputs:
|
||||
versionSpec: '12.x'
|
||||
|
||||
- script: 'npm run $(build_script)'
|
||||
|
||||
- task: NuGetCommand@2
|
||||
displayName: Install ESRPClient
|
||||
inputs:
|
||||
restoreSolution: '$(Build.SourcesDirectory)/pipelines/ESRPClient/packages.config'
|
||||
feedsToUse: config
|
||||
nugetConfigPath: '$(Build.SourcesDirectory)/pipelines/ESRPClient/NuGet.config'
|
||||
externalFeedCredentials: 'Nuget'
|
||||
restoreDirectory: packages
|
||||
|
||||
- task: DownloadSecureFile@1
|
||||
name: AuthCert
|
||||
inputs:
|
||||
secureFile: 'AuthCert.pfx'
|
||||
|
||||
- task: DownloadSecureFile@1
|
||||
name: ESRPCert
|
||||
inputs:
|
||||
secureFile: 'ESRPCert.pfx'
|
||||
|
||||
- powershell: |
|
||||
$ErrorActionPreference = "Stop"
|
||||
$(Build.SourcesDirectory)/pipelines/import-esrp-auth-cert.ps1 -AuthCertFilePath $(AuthCert.secureFilePath) -AuthCertKey '$(ESRPAuthKey)' -CertFilePath $(ESRPCert.secureFilePath) -CertKey '$(ESRPKey)'
|
||||
displayName: Import Certificates
|
||||
|
||||
- powershell: |
|
||||
$ErrorActionPreference = "Stop"
|
||||
$(Build.SourcesDirectory)/pipelines/sign.ps1 -ESRPClientId $(ESRPClientId) -ClientPath "$(Build.SourcesDirectory)\pipelines\ESRPClient\packages\Microsoft.EsrpClient.1.2.10\tools\" -Path $(Build.SourcesDirectory)/dist/ -Ext .msi
|
||||
displayName: Request code sign
|
||||
- task: CopyFiles@2
|
||||
inputs:
|
||||
SourceFolder: '$(Build.SourcesDirectory)/'
|
||||
Contents: '.artifactignore'
|
||||
TargetFolder: '$(Build.SourcesDirectory)/dist/'
|
||||
|
||||
- task: PublishPipelineArtifact@1
|
||||
inputs:
|
||||
targetPath: '$(Build.SourcesDirectory)/dist/'
|
||||
artifact: '$(package_name)'
|
||||
|
|
@ -0,0 +1,78 @@
|
|||
Param(
|
||||
[string]$Path,
|
||||
[string]$Ext,
|
||||
[string]$ClientPath,
|
||||
[string]$ESRPClientId
|
||||
)
|
||||
|
||||
function Create-TmpJson($Obj) {
|
||||
$FileName = [System.IO.Path]::GetTempFileName()
|
||||
ConvertTo-Json -Depth 100 $Obj | Out-File -Encoding UTF8 $FileName
|
||||
return $FileName
|
||||
}
|
||||
|
||||
$FileToSign = Get-ChildItem $Path | where {$_.extension -eq $Ext} | Select-Object -first 1 | % {$_.FullName}
|
||||
|
||||
$Auth = Create-TmpJson @{
|
||||
Version = "1.0.0"
|
||||
AuthenticationType = "AAD_CERT"
|
||||
ClientId = $ESRPClientId
|
||||
AuthCert = @{
|
||||
SubjectName = $env:ESRPAuthCertificateSubjectName
|
||||
StoreLocation = "LocalMachine"
|
||||
StoreName = "My"
|
||||
}
|
||||
RequestSigningCert = @{
|
||||
SubjectName = $env:ESRPCertificateSubjectName
|
||||
StoreLocation = "LocalMachine"
|
||||
StoreName = "My"
|
||||
}
|
||||
}
|
||||
|
||||
$Policy = Create-TmpJson @{
|
||||
Version = "1.0.0"
|
||||
}
|
||||
|
||||
$Input = Create-TmpJson @{
|
||||
Version = "1.0.0"
|
||||
SignBatches = @(
|
||||
@{
|
||||
SourceLocationType = "UNC"
|
||||
SignRequestFiles = @(
|
||||
@{
|
||||
CustomerCorrelationId = $env:ESRPClientId
|
||||
SourceLocation = $FileToSign
|
||||
}
|
||||
)
|
||||
SigningInfo = @{
|
||||
Operations = @(
|
||||
@{
|
||||
KeyCode = "CP-230012"
|
||||
OperationCode = "SigntoolSign"
|
||||
Parameters = @{
|
||||
OpusName = "Microsoft"
|
||||
OpusInfo = "http://www.microsoft.com"
|
||||
FileDigest = "/fd `"SHA256`""
|
||||
PageHash = "/NPH"
|
||||
TimeStamp = "/tr `"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer`" /td sha256"
|
||||
}
|
||||
ToolName = "sign"
|
||||
ToolVersion = "1.0"
|
||||
},
|
||||
@{
|
||||
KeyCode = "CP-230012"
|
||||
OperationCode = "SigntoolVerify"
|
||||
Parameters = @{
|
||||
VerifyAll = "/all"
|
||||
}
|
||||
ToolName = "sign"
|
||||
ToolVersion = "1.0"
|
||||
}
|
||||
)
|
||||
}
|
||||
}
|
||||
)
|
||||
}
|
||||
|
||||
$Output = [System.IO.Path]::GetTempFileName()
|
||||
& "$ClientPath\ESRPClient.exe" Sign -a $Auth -p $Policy -i $Input -o $Output
|
||||
|
|
@ -14143,126 +14143,7 @@ exports[`components/settings/settingsPane matches snapshot with repositoryLocati
|
|||
>
|
||||
<div
|
||||
class="smooth-dnd-container vertical"
|
||||
>
|
||||
<div
|
||||
class="smooth-dnd-draggable-wrapper"
|
||||
>
|
||||
<div
|
||||
class="item"
|
||||
>
|
||||
<div
|
||||
class="numbering"
|
||||
>
|
||||
1
|
||||
</div>
|
||||
<div
|
||||
class="location-item"
|
||||
role="listitem"
|
||||
>
|
||||
<div
|
||||
class="item-details"
|
||||
>
|
||||
<div
|
||||
class="copyableMaskField"
|
||||
>
|
||||
<div
|
||||
class="labelSection"
|
||||
>
|
||||
<div
|
||||
class="labelWithTooltip"
|
||||
>
|
||||
<label
|
||||
class="ms-Label root-99"
|
||||
for="copyableMaskField55"
|
||||
required=""
|
||||
>
|
||||
settings.modelDefinitions.repositoryTypes.private.textBoxLabel
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
<div
|
||||
class="controlSection"
|
||||
>
|
||||
<div
|
||||
class="borderedSection "
|
||||
>
|
||||
<input
|
||||
aria-label="settings.modelDefinitions.repositoryTypes.private.textBoxLabel"
|
||||
class="input"
|
||||
id="copyableMaskField55"
|
||||
type="password"
|
||||
value=""
|
||||
/>
|
||||
<input
|
||||
class="input"
|
||||
readonly=""
|
||||
style="position: absolute; left: -9000px; top: -9000px;"
|
||||
tabindex="-1"
|
||||
value=""
|
||||
/>
|
||||
<button
|
||||
aria-label="common.copyableMaskField.toggleMask.ariaLabel"
|
||||
class="ms-Button ms-Button--icon root-78"
|
||||
data-is-focusable="true"
|
||||
title="common.copyableMaskField.toggleMask.label"
|
||||
type="button"
|
||||
>
|
||||
<div
|
||||
class="ms-Button-flexContainer flexContainer-68"
|
||||
>
|
||||
<i
|
||||
class="ms-Button-icon icon-75"
|
||||
data-icon-name="RedEye"
|
||||
role="presentation"
|
||||
/>
|
||||
</div>
|
||||
</button>
|
||||
</div>
|
||||
<div
|
||||
class="copySection"
|
||||
>
|
||||
<button
|
||||
aria-label="common.copyableMaskField.copy.ariaLabel"
|
||||
class="ms-Button ms-Button--icon root-78"
|
||||
data-is-focusable="true"
|
||||
title="common.copyableMaskField.copy.label"
|
||||
type="button"
|
||||
>
|
||||
<div
|
||||
class="ms-Button-flexContainer flexContainer-68"
|
||||
>
|
||||
<i
|
||||
class="ms-Button-icon icon-75"
|
||||
data-icon-name="copy"
|
||||
role="presentation"
|
||||
/>
|
||||
</div>
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<button
|
||||
aria-label="settings.cancel"
|
||||
class="ms-Button ms-Button--icon remove-button root-78"
|
||||
data-is-focusable="true"
|
||||
title="settings.cancel"
|
||||
type="button"
|
||||
>
|
||||
<div
|
||||
class="ms-Button-flexContainer flexContainer-68"
|
||||
>
|
||||
<i
|
||||
class="ms-Button-icon icon-75"
|
||||
data-icon-name="cancel"
|
||||
role="presentation"
|
||||
/>
|
||||
</div>
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
/>
|
||||
<button
|
||||
aria-expanded="false"
|
||||
aria-haspopup="true"
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче