trigger: none parameters: - name: buildAgentPoolVar displayName: 'Build agent pool' type: string default: 'BuildAgentPool' - name: windowsBuildAgentVmImageVar displayName: 'Windows build agent image' type: string default: 'WindowsBuildAgentImage' - name: linuxBuildAgentVmImageVar displayName: 'Linux build agent image' type: string default: 'LinuxBuildAgentImage' - name: linuxTestImage displayName: 'Linux test agent image' type: string default: 'ubuntu-latest' values: - 'ubuntu-18.04' - 'ubuntu-20.04' - 'ubuntu-latest' - name: windowsTestImage displayName: 'Windows test agent image' type: string default: 'windows-latest' values: - 'windows-2019' - 'windows-2022' - 'windows-latest' - name: macBuildImage displayName: 'MacOS test agent image' type: string default: 'macOS-latest' values: - 'macOS-10.15' - 'macOS-11' - 'macOS-latest' - name: build_win displayName: 'Build a Windows release' type: boolean default: true - name: build_mac displayName: 'Build a MacOS Release' type: boolean default: false # Currently not building for Mac, so default is false - name: build_linux displayName: 'Build a Linux Release' type: boolean default: true - name: release displayName: 'Publish Release' type: boolean default: false variables: - name: winVmImage value: $[variables.${{ parameters.windowsBuildAgentVmImageVar }}] - name: linuxVmImage value: $[variables.${{ parameters.linuxBuildAgentVmImageVar }}] stages: - stage: 'SDL' displayName: 'SDL Stage' jobs: - job: SDL_checks displayName: 'SDL checks' pool: vmImage: ${{ parameters.windowsTestImage }} steps: - template: 'common/sdl-checks.yml' - stage: 'Test' displayName: 'Build and Test' dependsOn: [SDL] pool: vmImage: ${{ parameters.linuxTestImage }} jobs: - job: build_and_test displayName: 'Build and Test Source' steps: - template: .\build-and-test-template.yml - stage: 'Package' displayName: 'Package for all platforms' dependsOn: [SDL, Test] jobs: - job: packageWindows displayName: "Package for Windows" condition: ${{ parameters.build_win }} pool: name: $[variables.${{ parameters.buildAgentPoolVar }}] vmImage: $(winVmImage) demands: - ImageOverride -equals $(winVmImage) steps: - template: '.\common\install-node.yml' - template: '.\build-windows.yml' - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0 displayName: 'Generate Software Manifest' inputs: BuildDropPath: '$(Build.SourcesDirectory)/dist/' - task: CopyFiles@2 displayName: 'ArtifactIgnore' inputs: SourceFolder: '$(Build.SourcesDirectory)/' Contents: '.artifactignore' TargetFolder: '$(Build.SourcesDirectory)/dist/' - publish: $(Build.SourcesDirectory)/dist/ displayName: 'Staging artifact for signing' artifact: Windows - job: packageMac displayName: "Package for MacOS" condition: ${{ parameters.build_mac }} pool: vmImage: ${{ parameters.macBuildImage }} steps: - template: '.\common\install-node.yml' - template: '.\build-mac.yml' - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0 displayName: 'Generate Software Manifest' inputs: BuildDropPath: '$(Build.SourcesDirectory)/dist/' - task: CopyFiles@2 displayName: 'ArtifactIgnore' inputs: SourceFolder: '$(Build.SourcesDirectory)/' Contents: '.artifactignore' TargetFolder: '$(Build.SourcesDirectory)/dist/' - publish: $(Build.SourcesDirectory)/dist/ displayName: 'Staging artifact for signing' artifact: Mac - job: packageLinux displayName: "Package for Linux" condition: ${{ parameters.build_linux }} pool: name: $[variables.${{ parameters.buildAgentPoolVar }}] vmImage: $(linuxVmImage) demands: - ImageOverride -equals $(linuxVmImage) steps: - template: '.\common\install-node.yml' - template: '.\build-linux.yml' - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0 displayName: 'Generate Software Manifest' inputs: BuildDropPath: '$(Build.SourcesDirectory)/dist/' - task: CopyFiles@2 displayName: 'ArtifactIgnore' inputs: SourceFolder: '$(Build.SourcesDirectory)/' Contents: '.artifactignore' TargetFolder: '$(Build.SourcesDirectory)/dist/' - publish: $(Build.SourcesDirectory)/dist/ displayName: 'Staging artifact for signing' artifact: Linux - stage: 'CodeSign' displayName: 'CodeSign Packages' dependsOn: [SDL, Test, Package] pool: name: $[variables.${{ parameters.buildAgentPoolVar }}] vmImage: $(linuxVmImage) demands: - ImageOverride -equals $(linuxVmImage) jobs: - job: signWindows displayName: 'Windows' condition: ${{ parameters.build_win }} steps: - download: current artifact: Windows - task: EsrpCodeSigning@2 displayName: 'Sign Windows MSI package' inputs: ConnectedServiceName: 'Azure IoT Explorer CodeSign' FolderPath: '$(Pipeline.Workspace)' Pattern: '*.msi' signConfigType: 'inlineSignParams' inlineOperation: | [ { "KeyCode": "CP-230012", "OperationCode": "SigntoolSign", "Parameters": { "OpusName": "Microsoft", "OpusInfo": "http://www.microsoft.com", "FileDigest": "/fd \"SHA256\"", "PageHash": "/NPH", "TimeStamp": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" }, "ToolName": "sign", "ToolVersion": "1.0" }, { "KeyCode": "CP-230012", "OperationCode": "SigntoolVerify", "Parameters": { "VerifyAll": "/all" }, "ToolName": "sign", "ToolVersion": "1.0" } ] SessionTimeout: '60' MaxConcurrency: '50' MaxRetryAttempts: '5' VerboseLogin: false - task: CopyFiles@2 displayName: 'ArtifactIgnore' inputs: SourceFolder: $(Build.SourcesDirectory)/ Contents: '.artifactignore' TargetFolder: $(Pipeline.Workspace) - publish: $(Pipeline.Workspace) displayName: 'Staging signed artifact for release' artifact: Windows_Signed - job: signMac displayName: 'MacOS' condition: ${{ parameters.build_mac }} steps: - download: current artifact: Mac - task: EsrpCodeSigning@2 displayName: 'Sign MacOS DMG' inputs: ConnectedServiceName: 'Azure IoT Explorer CodeSign' FolderPath: '$(Pipeline.Workspace)' Pattern: '*.dmg' signConfigType: 'inlineSignParams' inlineOperation: | [ { "KeyCode" : "CP-401337-Apple", "OperationCode" : "MacAppDeveloperSign", "Parameters" : { "Hardening": "--options=runtime" }, "ToolName" : "sign", "ToolVersion" : "1.0" } ] SessionTimeout: '60' MaxConcurrency: '50' MaxRetryAttempts: '5' VerboseLogin: false - task: EsrpCodeSigning@2 displayName: 'Sign MacOS DMG - Notarized' inputs: ConnectedServiceName: 'Azure IoT Explorer CodeSign' FolderPath: '$(Pipeline.Workspace)' Pattern: '*.dmg' signConfigType: 'inlineSignParams' inlineOperation: | [ { "KeyCode" : "CP-401337-Apple", "OperationCode" : "MacAppNotarize", "Parameters" : {"BundleId":"com.microsoft.azure.iot.pnp.ui"}, "ToolName" : "sign", "ToolVersion" : "1.0" } ] SessionTimeout: '60' MaxConcurrency: '50' MaxRetryAttempts: '5' VerboseLogin: false - task: CopyFiles@2 displayName: 'ArtifactIgnore' condition: succeededOrFailed() inputs: SourceFolder: $(Build.SourcesDirectory)/ Contents: '.artifactignore' TargetFolder: $(Pipeline.Workspace) - publish: $(Pipeline.Workspace) displayName: 'Staging signed artifact for release' artifact: Mac_Signed - job: signLinux displayName: 'Linux' condition: ${{ parameters.build_linux }} steps: - download: current artifact: Linux - task: EsrpCodeSigning@2 displayName: 'Sign Linux DEB package' inputs: ConnectedServiceName: 'Azure IoT Explorer CodeSign' FolderPath: '$(Pipeline.Workspace)' Pattern: '*.deb' signConfigType: 'inlineSignParams' inlineOperation: | [ { "KeyCode" : "CP-450778-Pgp", "OperationCode" : "LinuxSign", "Parameters" : {}, "ToolName" : "sign", "ToolVersion" : "1.0" } ] SessionTimeout: '60' MaxConcurrency: '50' MaxRetryAttempts: '5' VerboseLogin: false - task: CopyFiles@2 displayName: 'ArtifactIgnore' inputs: SourceFolder: $(Build.SourcesDirectory)/ Contents: '.artifactignore' TargetFolder: $(Pipeline.Workspace) - publish: $(Pipeline.Workspace) displayName: 'Staging signed artifact for release' artifact: Linux_Signed - stage: 'Release' displayName: 'Publish Release' condition: ${{ parameters.release }} dependsOn: [SDL, Test, Package, CodeSign] pool: name: $[variables.${{ parameters.buildAgentPoolVar }}] vmImage: $(linuxVmImage) demands: - ImageOverride -equals $(linuxVmImage) jobs: - deployment: 'StageRelease' displayName: 'Stage GitHub Release' environment: 'production' - job: publishRelease displayName: 'Publish artifacts and draft GitHub Release' steps: - download: current artifact: Windows_Signed - download: current artifact: Mac_Signed - download: current artifact: Linux_Signed - task: CopyFiles@2 displayName: 'Flatten files for release' inputs: SourceFolder: $(Pipeline.Workspace) Contents: | **/*.deb **/*.msi # **/*.dmg - removed mac artifact until we fix a codesign / packaging issue flattenFolders: true TargetFolder: $(Pipeline.Workspace)/release - task: GitHubRelease@1 displayName: 'Draft Github release (if tagged)' inputs: gitHubConnection: 'Azure IoT Explorer Github Service Connection' repositoryName: '$(Build.Repository.Name)' action: 'create' target: '$(Build.SourceVersion)' tagSource: 'gitTag' isDraft: true addChangeLog: true assetUploadMode: replace changeLogCompareToRelease: 'lastFullRelease' changeLogType: 'commitBased' assets: '$(Pipeline.Workspace)/release/*.*'