зеркало из https://github.com/dotnet/spark.git
Use arcade's signing tool to sign all artifacts. (#124)
* Use arcade's signing tool to sign all artifacts. Fix #119 * Change Package Worker to be inside of MSBuild, so we can get the Version property correctly. * Collapse packaging the worker into the same build step as signing.
This commit is contained in:
Eric Erhardt
GitHub
Родитель
0a58c1e7ed
Коммит
fd5366f1b0
|
|
@ -147,6 +147,10 @@ jobs:
|
||||||
name: NetCoreInternal-Int-Pool
|
name: NetCoreInternal-Int-Pool
|
||||||
queue: buildpool.windows.10.amd64.vs2017
|
queue: buildpool.windows.10.amd64.vs2017
|
||||||
|
|
||||||
|
variables:
|
||||||
|
${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
|
||||||
|
_OfficialBuildIdArgs: /p:OfficialBuildId=$(BUILD.BUILDNUMBER)
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- task: DownloadBuildArtifacts@0
|
- task: DownloadBuildArtifacts@0
|
||||||
displayName: Download Build Artifacts
|
displayName: Download Build Artifacts
|
||||||
|
|
@ -164,57 +168,20 @@ jobs:
|
||||||
TeamName: $(_TeamName)
|
TeamName: $(_TeamName)
|
||||||
condition: and(succeeded(), in(variables['_SignType'], 'real', 'test'), eq(variables['Agent.Os'], 'Windows_NT'))
|
condition: and(succeeded(), in(variables['_SignType'], 'real', 'test'), eq(variables['Agent.Os'], 'Windows_NT'))
|
||||||
|
|
||||||
- task: MSBuild@1
|
|
||||||
displayName: 'Restore Sign Tools'
|
|
||||||
inputs:
|
|
||||||
solution: eng/Tools.proj
|
|
||||||
msbuildArguments: /t:Restore
|
|
||||||
msbuildVersion: 15.0
|
|
||||||
|
|
||||||
- task: MSBuild@1
|
|
||||||
displayName: 'Sign worker binaries'
|
|
||||||
inputs:
|
|
||||||
solution: eng/Sign.proj
|
|
||||||
msbuildArguments: /t:SignBinaries
|
|
||||||
/p:SignWorkerBinaries=true
|
|
||||||
/p:SignAssetsDir=$(Build.ArtifactStagingDirectory)\Microsoft.Spark.Binaries\Microsoft.Spark.Worker\
|
|
||||||
/p:SignType=$(_SignType)
|
|
||||||
msbuildVersion: 15.0
|
|
||||||
|
|
||||||
- task: MSBuild@1
|
|
||||||
displayName: 'Sign nuget/snupkg packages'
|
|
||||||
inputs:
|
|
||||||
solution: eng/Sign.proj
|
|
||||||
msbuildArguments: /t:SignBinaries
|
|
||||||
/p:SignAssetsDir=$(Build.ArtifactStagingDirectory)\Microsoft.Spark.Binaries\
|
|
||||||
/p:SignNugetPackages=true
|
|
||||||
/p:SignType=$(_SignType)
|
|
||||||
msbuildVersion: 15.0
|
|
||||||
|
|
||||||
- task: CopyFiles@2
|
|
||||||
displayName: Copy nupkg to publish
|
|
||||||
inputs:
|
|
||||||
sourceFolder: $(Build.ArtifactStagingDirectory)\Microsoft.Spark.Binaries
|
|
||||||
contents: |
|
|
||||||
**/*.nupkg
|
|
||||||
**/*.snupkg
|
|
||||||
targetFolder: $(Build.ArtifactStagingDirectory)/Packages
|
|
||||||
flattenFolders: true
|
|
||||||
|
|
||||||
- task: PowerShell@2
|
- task: PowerShell@2
|
||||||
displayName: Package Microsoft.Spark.Worker
|
displayName: Sign artifacts and Package Microsoft.Spark.Worker
|
||||||
inputs:
|
inputs:
|
||||||
targetType: filePath
|
filePath: eng\common\build.ps1
|
||||||
filePath: script\package-worker.ps1
|
arguments: -restore -sign -publish
|
||||||
arguments: $(Build.ArtifactStagingDirectory)\Packages $(Build.ArtifactStagingDirectory)\Microsoft.Spark.Binaries\Microsoft.Spark.Worker $(Build.ArtifactStagingDirectory)\Microsoft.Spark.Binaries
|
-c $(buildConfiguration)
|
||||||
workingDirectory: $(Build.ArtifactStagingDirectory)
|
-ci
|
||||||
|
$(_OfficialBuildIdArgs)
|
||||||
|
/p:DotNetSignType=$(_SignType)
|
||||||
|
/p:SparkPackagesDir=$(Build.ArtifactStagingDirectory)\Microsoft.Spark.Binaries\BuildArtifacts\artifacts\packages
|
||||||
|
/p:SparkWorkerPublishDir=$(Build.ArtifactStagingDirectory)\Microsoft.Spark.Binaries\Microsoft.Spark.Worker
|
||||||
|
/p:SparkWorkerPackageOutputDir=$(Build.ArtifactStagingDirectory)\Microsoft.Spark.Binaries
|
||||||
|
|
||||||
- task: PublishBuildArtifacts@1
|
- task: PublishBuildArtifacts@1
|
||||||
inputs:
|
inputs:
|
||||||
pathtoPublish: '$(Build.ArtifactStagingDirectory)/Microsoft.Spark.Binaries'
|
pathtoPublish: '$(Build.ArtifactStagingDirectory)/Microsoft.Spark.Binaries'
|
||||||
artifactName: Microsoft.Spark.Binaries
|
artifactName: Microsoft.Spark.Binaries
|
||||||
|
|
||||||
- task: PublishBuildArtifacts@1
|
|
||||||
inputs:
|
|
||||||
pathtoPublish: '$(Build.ArtifactStagingDirectory)/Packages'
|
|
||||||
artifactName: Microsoft.Spark.Binaries
|
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,19 @@
|
||||||
|
<Project DefaultTargets="PackageWorker">
|
||||||
|
<Import Project="..\src\csharp\Directory.Build.props" />
|
||||||
|
|
||||||
|
<Target Name="PackageWorker">
|
||||||
|
|
||||||
|
<Error Condition="'$(SparkWorkerPublishDir)' == ''"
|
||||||
|
Text="SparkWorkerPublishDir variable is not set." />
|
||||||
|
<Error Condition="'$(SparkWorkerPackageOutputDir)' == ''"
|
||||||
|
Text="SparkWorkerPackageOutputDir variable is not set." />
|
||||||
|
|
||||||
|
<Exec Command="powershell -NoProfile -NoLogo -ExecutionPolicy ByPass ^
|
||||||
|
$(RepoRoot)\script\package-worker.ps1 ^
|
||||||
|
$(Version) ^
|
||||||
|
$(SparkWorkerPublishDir) ^
|
||||||
|
$(SparkWorkerPackageOutputDir)" />
|
||||||
|
</Target>
|
||||||
|
|
||||||
|
<Import Project="..\src\csharp\Directory.Build.targets" />
|
||||||
|
</Project>
|
||||||
|
|
@ -0,0 +1,13 @@
|
||||||
|
<Project>
|
||||||
|
<PropertyGroup>
|
||||||
|
<PublishDependsOnTargets>PackageWorker;$(PublishDependsOnTargets)</PublishDependsOnTargets>
|
||||||
|
</PropertyGroup>
|
||||||
|
|
||||||
|
<Target Name="PackageWorker">
|
||||||
|
<MSBuild Projects="$(MSBuildThisFileDirectory)\PackageWorker.proj"
|
||||||
|
Properties="Configuration=$(Configuration);
|
||||||
|
OfficialBuildId=$(OfficialBuildId);
|
||||||
|
SparkWorkerPublishDir=$(SparkWorkerPublishDir);
|
||||||
|
SparkWorkerPackageOutputDir=$(SparkWorkerPackageOutputDir)" />
|
||||||
|
</Target>
|
||||||
|
</Project>
|
||||||
|
|
@ -1,46 +0,0 @@
|
||||||
<Project Sdk="Microsoft.NET.Sdk">
|
|
||||||
<!-- This will be overridden if we're building with MicroBuild. -->
|
|
||||||
<Target Name="SignFiles">
|
|
||||||
<Message Importance="High" Text="Attempting to sign %(FilesToSign.Identity) with authenticode='%(FilesToSign.Authenticode)'" />
|
|
||||||
</Target>
|
|
||||||
|
|
||||||
<Import Project="$(MSBuildThisFileDirectory)\obj\Tools.proj.nuget.g.props" Condition="Exists('$(MSBuildThisFileDirectory)\obj\Tools.proj.nuget.g.props')" />
|
|
||||||
<Import Project="$(MSBuildThisFileDirectory)\obj\Tools.proj.nuget.g.targets" Condition="Exists('$(MSBuildThisFileDirectory)\obj\Tools.proj.nuget.g.targets')" />
|
|
||||||
|
|
||||||
<Target Name="SetSigningProperties">
|
|
||||||
<PropertyGroup>
|
|
||||||
<!-- The OutDir and IntermediateOutputPath properties are required by MicroBuild. MicroBuild only
|
|
||||||
signs files that are under these paths. -->
|
|
||||||
<OutDir>$(SignAssetsDir)</OutDir>
|
|
||||||
<IntermediateOutputPath>$(SignAssetsDir)obj/</IntermediateOutputPath>
|
|
||||||
|
|
||||||
</PropertyGroup>
|
|
||||||
|
|
||||||
<Error Condition="!Exists('$(OutDir)')" Text="'OutDir' folder '$(OutDir)' does not exist."/>
|
|
||||||
</Target>
|
|
||||||
|
|
||||||
<Target Name="SignBinaries" Condition="'$(SignType)' == 'real'" DependsOnTargets="SetSigningProperties;GetFilesToSign">
|
|
||||||
<CallTarget Targets="SignFiles" />
|
|
||||||
</Target>
|
|
||||||
|
|
||||||
<Target Name="GetFilesToSign">
|
|
||||||
|
|
||||||
<ItemGroup Condition="'$(SignWorkerBinaries)' == 'true'">
|
|
||||||
<_filesToSign Include="$(OutDir)**/Microsoft.Spark.dll" />
|
|
||||||
<_filesToSign Include="$(OutDir)**/Microsoft.Spark.Worker.exe" />
|
|
||||||
<_filesToSign Include="$(OutDir)**/Microsoft.Spark.Worker.dll" />
|
|
||||||
|
|
||||||
<FilesToSign Include="@(_filesToSign)">
|
|
||||||
<Authenticode>Microsoft</Authenticode>
|
|
||||||
</FilesToSign>
|
|
||||||
</ItemGroup>
|
|
||||||
|
|
||||||
<ItemGroup Condition="'$(SignNugetPackages)' == 'true'">
|
|
||||||
<FilesToSign Include="$(OutDir)**/*.nupkg;$(OutDir)**/*.snupkg">
|
|
||||||
<Authenticode>NuGet</Authenticode>
|
|
||||||
</FilesToSign>
|
|
||||||
</ItemGroup>
|
|
||||||
|
|
||||||
<Error Condition="'@(FilesToSign)' == ''" Text="There are no files to sign. FilesToSign group is empty."/>
|
|
||||||
</Target>
|
|
||||||
</Project>
|
|
||||||
|
|
@ -0,0 +1,15 @@
|
||||||
|
<Project>
|
||||||
|
<ItemGroup>
|
||||||
|
<ItemsToSign Include="$(SparkPackagesDir)/**/*.nupkg" />
|
||||||
|
<ItemsToSign Include="$(SparkPackagesDir)/**/*.snupkg" />
|
||||||
|
|
||||||
|
<ItemsToSign Include="$(SparkWorkerPublishDir)/**/Microsoft.Spark.dll" />
|
||||||
|
<ItemsToSign Include="$(SparkWorkerPublishDir)/**/Microsoft.Spark.Worker.exe" />
|
||||||
|
<ItemsToSign Include="$(SparkWorkerPublishDir)/**/Microsoft.Spark.Worker.dll" />
|
||||||
|
</ItemGroup>
|
||||||
|
|
||||||
|
<ItemGroup>
|
||||||
|
<!-- extend arcade's FileExtensionSignInfo with snupkg information -->
|
||||||
|
<FileExtensionSignInfo Include=".snupkg" CertificateName="NuGet" />
|
||||||
|
</ItemGroup>
|
||||||
|
</Project>
|
||||||
|
|
@ -1,12 +0,0 @@
|
||||||
<Project Sdk="Microsoft.NET.Sdk">
|
|
||||||
<PropertyGroup>
|
|
||||||
<TargetFramework>net461</TargetFramework>
|
|
||||||
<RestoreSources>
|
|
||||||
https://dotnet.myget.org/F/dotnet-core/api/v3/index.json;
|
|
||||||
$(RestoreSources)
|
|
||||||
</RestoreSources>
|
|
||||||
</PropertyGroup>
|
|
||||||
<ItemGroup>
|
|
||||||
<PackageReference Include="MicroBuild.Core" Version="0.2.0" />
|
|
||||||
</ItemGroup>
|
|
||||||
</Project>
|
|
||||||
|
|
@ -1,9 +1,7 @@
|
||||||
$nuget_dir = $args[0]
|
$version = $args[0]
|
||||||
$worker_dir = $args[1]
|
$worker_dir = $args[1]
|
||||||
$output_dir = $args[2]
|
$output_dir = $args[2]
|
||||||
|
|
||||||
$file = Get-ChildItem $nuget_dir -Filter Microsoft.Spark.*.nupkg | Select-Object -First 1
|
|
||||||
$version = $file.Basename.Split(".", 3)[2]
|
|
||||||
$worker_version_dir = "Microsoft.Spark.Worker-$version"
|
$worker_version_dir = "Microsoft.Spark.Worker-$version"
|
||||||
|
|
||||||
$frameworks = Get-ChildItem -Directory $worker_dir
|
$frameworks = Get-ChildItem -Directory $worker_dir
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче