Refactoring Azure pipeline for publishing package (#4464)

* Refactoring Azure pipeline for piblishing package * fix?
2024-08-26 23:17:38 +09:00 · 2024-08-26 23:17:38 +09:00 · 934ce828fa
--- a/.azure/OneBranch.Publish.yml
+++ b/.azure/OneBranch.Publish.yml
@ -19,314 +19,115 @@ parameters:
  type: boolean
  default: false

+- name: kernel
+  type: object
+  default:
  # build on ubuntu 20.04 openssl 1.1
- name: kernel5_4rpmcblrepos
-  type: object
-  default:
-  - cbl-mariner-1.0-prod-Microsoft-x86_64-rpms-yum
-  - cbl-mariner-2.0-prod-Microsoft-x86_64-yum
-  - cbl-mariner-2.0-prod-Microsoft-aarch64-yum
- name: kernel5_4rpmrepos
-  type: object
-  default:
-  - microsoft-sles12-prod-yum     # 12 3.12
-  - microsoft-sles15-prod-yum     # 15 4.12
-  - microsoft-centos7-prod-yum    # 7 3.10
-  - microsoft-centos8-prod-yum    # 8 4.18
-  - microsoft-opensuse15-prod-yum # 15 4.12
-  - microsoft-fedora32-prod-yum   # 32 5.6
-  - microsoft-fedora33-prod-yum   # 33 5.8
-  - microsoft-fedora34-prod-yum   # 34 5.11
-  - microsoft-fedora35-prod-yum   # 35 5.14
-  - microsoft-rhel7.3-prod-yum    # 7.3 3.10
-  - microsoft-rhel8.0-prod-yum    # 8.0 4.18
-  - microsoft-rhel8.1-prod-yum    # 8.1 4.18
- name: kernel5_4debrepos
-  type: object
-  default:
-  - microsoft-ubuntu-xenial-prod-apt   # 16.04 4.4
-  - microsoft-ubuntu-bionic-prod-apt   # 18.04 4.15
-  - microsoft-ubuntu-focal-prod-apt    # 20.04 5.4
-  - microsoft-ubuntu-groovy-prod-apt   # 20.10 5.8
-  - microsoft-ubuntu-hirsute-prod-apt  # 21.04 5.11
-  - microsoft-debian-stretch-prod-apt  #  9 4.9
-  - microsoft-debian-buster-prod-apt   # 10 4.19
-  - microsoft-debian-bullseye-prod-apt # 11 5.10
-
+  - name: kernel5_4
+    type: object
+    default:
+    - name: RPM
+      destinations:
+        - microsoft-sles12-prod-yum     # 12 3.12
+        - microsoft-sles15-prod-yum     # 15 4.12
+        - microsoft-centos7-prod-yum    # 7 3.10
+        - microsoft-centos8-prod-yum    # 8 4.18
+        - microsoft-opensuse15-prod-yum # 15 4.12
+        - microsoft-fedora32-prod-yum   # 32 5.6
+        - microsoft-fedora33-prod-yum   # 33 5.8
+        - microsoft-fedora34-prod-yum   # 34 5.11
+        - microsoft-fedora35-prod-yum   # 35 5.14
+        - microsoft-rhel7.3-prod-yum    # 7.3 3.10
+        - microsoft-rhel8.0-prod-yum    # 8.0 4.18
+        - microsoft-rhel8.1-prod-yum    # 8.1 4.18
+    - name: DEB
+      destinations:
+        - microsoft-ubuntu-xenial-prod-apt   # 16.04 4.4
+        - microsoft-ubuntu-bionic-prod-apt   # 18.04 4.15
+        - microsoft-ubuntu-focal-prod-apt    # 20.04 5.4
+        - microsoft-ubuntu-groovy-prod-apt   # 20.10 5.8
+        - microsoft-ubuntu-hirsute-prod-apt  # 21.04 5.11
+        - microsoft-debian-stretch-prod-apt  #  9 4.9
+        - microsoft-debian-buster-prod-apt   # 10 4.19
+        - microsoft-debian-bullseye-prod-apt # 11 5.10
+    - name: CBL
+      destinations:
+        - cbl-mariner-1.0-prod-Microsoft-x86_64-rpms-yum
+        - cbl-mariner-2.0-prod-Microsoft-x86_64-yum
+        - cbl-mariner-2.0-prod-Microsoft-aarch64-yum
  # built on ubuntu 22.04, openssl3
- name: kernel5_15rpmrepos
-  type: object
-  default:
-  - microsoft-fedora36-prod-yum   # 36 5.17
-  - microsoft-fedora37-prod-yum   # 37 6.0
-  - microsoft-fedora38-prod-yum   # 38 6.2
-  - microsoft-fedora39-prod-yum   # 39 6.5
-  - microsoft-rhel9.0-prod-yum    # 9.0 5.14
- name: kernel5_15debrepos
-  type: object
-  default:
-  - microsoft-ubuntu-jammy-prod-apt    # 22.04 5.15
-  - microsoft-ubuntu-kinetic-prod-apt  # 22.10 5.19
-  - microsoft-ubuntu-lunar-prod-apt    # 23.04 6.2
-  - microsoft-ubuntu-mantic-prod-apt   # 23.10 6.5
-  - microsoft-debian-bookworm-prod-apt # 12    6.1
-
+  - name: kernel5_15
+    type: object
+    default:
+    - name: RPM
+      destinations:
+        - microsoft-fedora36-prod-yum   # 36 5.17
+        - microsoft-fedora37-prod-yum   # 37 6.0
+        - microsoft-fedora38-prod-yum   # 38 6.2
+        - microsoft-fedora39-prod-yum   # 39 6.5
+        - microsoft-rhel9.0-prod-yum    # 9.0 5.14
+    - name: DEB
+      destinations:
+        - microsoft-ubuntu-jammy-prod-apt    # 22.04 5.15
+        - microsoft-ubuntu-kinetic-prod-apt  # 22.10 5.19
+        - microsoft-ubuntu-lunar-prod-apt    # 23.04 6.2
+        - microsoft-ubuntu-mantic-prod-apt   # 23.10 6.5
+        - microsoft-debian-bookworm-prod-apt # 12    6.1
  # built on ubuntu 24.04 openssl3 XDP
- name: kernel6_8cblrpmrepos
-  type: object
-  default:
-  - azurelinux-3.0-prod-ms-oss-x86_64-yum # 3.0 6.6
-  - azurelinux-3.0-prod-ms-oss-aarch64-yum # 3.0 6.6
- name: kernel6_8rpmrepos
-  type: object
-  default:
-  - microsoft-fedora40-prod-yum           # 40 6.8
- name: kernel6_8debrepos
-  type: object
-  default:
-  - microsoft-ubuntu-noble-prod-apt       # 24.04 6.8
+  - name: kernel6_8
+    type: object
+    default:
+    - name: RPM
+      destionations:
+        - microsoft-fedora40-prod-yum           # 40 6.8
+    - name: DEB
+      destinations:
+        - microsoft-ubuntu-noble-prod-apt       # 24.04 6.8
+    - name: CBL
+      destinations:
+        - azurelinux-3.0-prod-ms-oss-x86_64-yum  # 3.0 6.6
+        - azurelinux-3.0-prod-ms-oss-aarch64-yum # 3.0 6.6

 stages:
 - stage: UploadPackage_stage
  condition: or(startsWith(variables['Build.SourceBranch'], 'refs/tags/'), eq(variables['Build.Reason'], 'Manual'))
  jobs:
-  - job: UploadPackage_kernel5_4_debs
-    displayName: Upload kernel5_4 based DEB packages to repos
-    timeoutInMinutes: 120
-    workspace:
-      clean: all
-    pool:
-      vmImage: 'ubuntu-latest'
-    variables:
-    - group: MsQuicAADApp
-    steps:
-      - task: DownloadPipelineArtifact@2
-        inputs:
-          source: specific
-          project: $(resources.pipeline.onebranch.projectID)
-          pipeline: $(resources.pipeline.onebranch.pipelineID)
-          preferTriggeringPipeline: true
-          runVersion: specific
-          runId: $(resources.pipeline.onebranch.runID)
-          artifact: drop_package_linux_distribution_kernel5_4
-          path: $(Build.SourcesDirectory)/artifacts/signed/kernel5_4
-      - task: DownloadSecureFile@1
-        name:  pmcv4cert
-        displayName: 'Download cert for PMC v4'
-        inputs:
-          secureFile: 'auth.pem'
-      - ${{ each repo in parameters.kernel5_4debrepos }}:
-        - script: bash scripts/upload-linux-packages.sh -i $(PMCv4ClientId) -c $(pmcv4cert.secureFilePath) -f $(Build.SourcesDirectory)/artifacts/signed/kernel5_4/gen -r ${{ repo }} -n "*.deb"
-          condition: eq(${{ parameters.debug }}, false)
-          displayName: ${{ repo }}
-          continueOnError: true
-  - job: UploadPackage_kernel5_4_rpms
-    displayName: Upload kernel5_4 based RPM packages to repos
-    timeoutInMinutes: 120
-    workspace:
-      clean: all
-    pool:
-      vmImage: 'ubuntu-latest'
-    variables:
-    - group: MsQuicAADApp
-    steps:
-      - task: DownloadPipelineArtifact@2
-        inputs:
-          source: specific
-          project: $(resources.pipeline.onebranch.projectID)
-          pipeline: $(resources.pipeline.onebranch.pipelineID)
-          preferTriggeringPipeline: true
-          runVersion: specific
-          runId: $(resources.pipeline.onebranch.runID)
-          artifact: drop_package_linux_distribution_kernel5_4
-          path: $(Build.SourcesDirectory)/artifacts/signed/kernel5_4
-      - task: DownloadSecureFile@1
-        name:  pmcv4cert
-        displayName: 'Download cert for PMC v4'
-        inputs:
-          secureFile: 'auth.pem'
-      - ${{ each repo in parameters.kernel5_4rpmrepos }}:
-        - script: bash scripts/upload-linux-packages.sh -i $(PMCv4ClientId) -c $(pmcv4cert.secureFilePath) -f $(Build.SourcesDirectory)/artifacts/signed/kernel5_4/gen -r ${{ repo }} -n "*.rpm"
-          condition: eq(${{ parameters.debug }}, false)
-          displayName: ${{ repo }}
-          continueOnError: true
-  - job: UploadPackage_kernel5_4_rpms_cbl
-    displayName: Upload kernel5_4 based RPM packages to CBL repos
-    timeoutInMinutes: 120
-    workspace:
-      clean: all
-    pool:
-      vmImage: 'ubuntu-latest'
-    variables:
-    - group: MsQuicAADApp
-    steps:
-      - task: DownloadPipelineArtifact@2
-        inputs:
-          source: specific
-          project: $(resources.pipeline.onebranch.projectID)
-          pipeline: $(resources.pipeline.onebranch.pipelineID)
-          preferTriggeringPipeline: true
-          runVersion: specific
-          runId: $(resources.pipeline.onebranch.runID)
-          artifact: drop_package_linux_distribution_kernel5_4
-          path: $(Build.SourcesDirectory)/artifacts/signed/kernel5_4
-      - task: DownloadSecureFile@1
-        name:  pmcv4cert
-        displayName: 'Download cert for PMC v4'
-        inputs:
-          secureFile: 'auth.pem'
-      - ${{ each repo in parameters.kernel5_4rpmcblrepos }}:
-        - script: bash scripts/upload-linux-packages.sh -i $(PMCv4ClientId) -c $(pmcv4cert.secureFilePath) -f $(Build.SourcesDirectory)/artifacts/signed/kernel5_4/cbl -r ${{ repo }} -n "*.rpm"
-          condition: eq(${{ parameters.debug }}, false)
-          displayName: ${{ repo }}
-          continueOnError: true
-  - job: UploadPackage_kernel6_8_rpms_cbl
-    displayName: Upload kernel6_8 based RPM packages to CBL repos
-    timeoutInMinutes: 120
-    workspace:
-      clean: all
-    pool:
-      vmImage: 'ubuntu-latest'
-    variables:
-    - group: MsQuicAADApp
-    steps:
-      - task: DownloadPipelineArtifact@2
-        inputs:
-          source: specific
-          project: $(resources.pipeline.onebranch.projectID)
-          pipeline: $(resources.pipeline.onebranch.pipelineID)
-          preferTriggeringPipeline: true
-          runVersion: specific
-          runId: $(resources.pipeline.onebranch.runID)
-          artifact: drop_package_linux_distribution_kernel6_8
-          path: $(Build.SourcesDirectory)/artifacts/signed/kernel6_8
-      - task: DownloadSecureFile@1
-        name:  pmcv4cert
-        displayName: 'Download cert for PMC v4'
-        inputs:
-          secureFile: 'auth.pem'
-      - ${{ each repo in parameters.kernel6_8cblrpmrepos }}:
-        - script: bash scripts/upload-linux-packages.sh -i $(PMCv4ClientId) -c $(pmcv4cert.secureFilePath) -f $(Build.SourcesDirectory)/artifacts/signed/kernel6_8/cbl -r ${{ repo }} -n "*.rpm"
-          condition: eq(${{ parameters.debug }}, false)
-          displayName: ${{ repo }}
-          continueOnError: true
-  - job: UploadPackage_kernel5_15_debs
-    displayName: Upload kernel5_15 based DEB packages to repos
-    timeoutInMinutes: 120
-    workspace:
-      clean: all
-    pool:
-      vmImage: 'ubuntu-latest'
-    variables:
-    - group: MsQuicAADApp
-    steps:
-      - task: DownloadPipelineArtifact@2
-        inputs:
-          source: specific
-          project: $(resources.pipeline.onebranch.projectID)
-          pipeline: $(resources.pipeline.onebranch.pipelineID)
-          preferTriggeringPipeline: true
-          runVersion: specific
-          runId: $(resources.pipeline.onebranch.runID)
-          artifact: drop_package_linux_distribution_kernel5_15
-          path: $(Build.SourcesDirectory)/artifacts/signed/kernel5_15
-      - task: DownloadSecureFile@1
-        name:  pmcv4cert
-        displayName: 'Download cert for PMC v4'
-        inputs:
-          secureFile: 'auth.pem'
-      - ${{ each repo in parameters.kernel5_15debrepos }}:
-        - script: bash scripts/upload-linux-packages.sh -i $(PMCv4ClientId) -c $(pmcv4cert.secureFilePath) -f $(Build.SourcesDirectory)/artifacts/signed/kernel5_15/gen -r ${{ repo }} -n "*.deb"
-          condition: eq(${{ parameters.debug }}, false)
-          displayName: ${{ repo }}
-          continueOnError: true
-  - job: UploadPackage_kernel6_8_debs
-    displayName: Upload kernel6_8 based DEB packages to repos
-    timeoutInMinutes: 120
-    workspace:
-      clean: all
-    pool:
-      vmImage: 'ubuntu-latest'
-    variables:
-    - group: MsQuicAADApp
-    steps:
-      - task: DownloadPipelineArtifact@2
-        inputs:
-          source: specific
-          project: $(resources.pipeline.onebranch.projectID)
-          pipeline: $(resources.pipeline.onebranch.pipelineID)
-          preferTriggeringPipeline: true
-          runVersion: specific
-          runId: $(resources.pipeline.onebranch.runID)
-          artifact: drop_package_linux_distribution_kernel6_8
-          path: $(Build.SourcesDirectory)/artifacts/signed/kernel6_8
-      - task: DownloadSecureFile@1
-        name:  pmcv4cert
-        displayName: 'Download cert for PMC v4'
-        inputs:
-          secureFile: 'auth.pem'
-      - ${{ each repo in parameters.kernel6_8debrepos }}:
-        - script: bash scripts/upload-linux-packages.sh -i $(PMCv4ClientId) -c $(pmcv4cert.secureFilePath) -f $(Build.SourcesDirectory)/artifacts/signed/kernel6_8/gen -r ${{ repo }} -n "*.deb"
-          condition: eq(${{ parameters.debug }}, false)
-          displayName: ${{ repo }}
-          continueOnError: true
-  - job: UploadPackage_kernel5_15_rpms
-    displayName: Upload kernel5_15 based RPM packages to repos
-    timeoutInMinutes: 120
-    workspace:
-      clean: all
-    pool:
-      vmImage: 'ubuntu-latest'
-    variables:
-    - group: MsQuicAADApp
-    steps:
-      - task: DownloadPipelineArtifact@2
-        inputs:
-          source: specific
-          project: $(resources.pipeline.onebranch.projectID)
-          pipeline: $(resources.pipeline.onebranch.pipelineID)
-          preferTriggeringPipeline: true
-          runVersion: specific
-          runId: $(resources.pipeline.onebranch.runID)
-          artifact: drop_package_linux_distribution_kernel5_15
-          path: $(Build.SourcesDirectory)/artifacts/signed/kernel5_15
-      - task: DownloadSecureFile@1
-        name:  pmcv4cert
-        displayName: 'Download cert for PMC v4'
-        inputs:
-          secureFile: 'auth.pem'
-      - ${{ each repo in parameters.kernel5_15rpmrepos }}:
-        - script: bash scripts/upload-linux-packages.sh -i $(PMCv4ClientId) -c $(pmcv4cert.secureFilePath) -f $(Build.SourcesDirectory)/artifacts/signed/kernel5_15/gen -r ${{ repo }} -n "*.rpm"
-          condition: eq(${{ parameters.debug }}, false)
-          displayName: ${{ repo }}
-          continueOnError: true
-  - job: UploadPackage_kernel6_8_rpms
-    displayName: Upload kernel6_8 based RPM packages to repos
-    timeoutInMinutes: 120
-    workspace:
-      clean: all
-    pool:
-      vmImage: 'ubuntu-latest'
-    variables:
-    - group: MsQuicAADApp
-    steps:
-      - task: DownloadPipelineArtifact@2
-        inputs:
-          source: specific
-          project: $(resources.pipeline.onebranch.projectID)
-          pipeline: $(resources.pipeline.onebranch.pipelineID)
-          preferTriggeringPipeline: true
-          runVersion: specific
-          runId: $(resources.pipeline.onebranch.runID)
-          artifact: drop_package_linux_distribution_kernel6_8
-          path: $(Build.SourcesDirectory)/artifacts/signed/kernel6_8
-      - task: DownloadSecureFile@1
-        name:  pmcv4cert
-        displayName: 'Download cert for PMC v4'
-        inputs:
-          secureFile: 'auth.pem'
-      - ${{ each repo in parameters.kernel6_8rpmrepos }}:
-        - script: bash scripts/upload-linux-packages.sh -i $(PMCv4ClientId) -c $(pmcv4cert.secureFilePath) -f $(Build.SourcesDirectory)/artifacts/signed/kernel6_8/gen -r ${{ repo }} -n "*.rpm"
-          condition: eq(${{ parameters.debug }}, false)
-          displayName: ${{ repo }}
-          continueOnError: true
+  - ${{ each kernel in parameters.kernel }}:
+    - ${{ each repo_type in kernel.default }}:
+      - job: UploadPackage_${{ kernel.name }}_${{ repo_type.name }}
+        displayName: Upload ${{ kernel.name }} based ${{ repo_type.name }} packages to repos
+        timeoutInMinutes: 120
+        workspace:
+          clean: all
+        pool:
+          vmImage: 'ubuntu-latest'
+        variables:
+        - group: MsQuicAADApp
+        steps:
+          - task: DownloadPipelineArtifact@2
+            inputs:
+              source: specific
+              project: $(resources.pipeline.onebranch.projectID)
+              pipeline: $(resources.pipeline.onebranch.pipelineID)
+              preferTriggeringPipeline: true
+              runVersion: specific
+              runId: $(resources.pipeline.onebranch.runID)
+              artifact: drop_package_linux_distribution_${{ kernel.name }}
+              path: $(Build.SourcesDirectory)/artifacts/signed/${{ kernel.name }}
+          - task: DownloadSecureFile@1
+            name:  pmcv4cert
+            displayName: 'Download cert for PMC v4'
+            inputs:
+              secureFile: 'auth.pem'
+          - ${{ if eq(repo_type.name, 'CBL' )}}:
+            - ${{ each repo in repo_type.destinations }}:
+              - script: bash scripts/upload-linux-packages.sh -i $(PMCv4ClientId) -c $(pmcv4cert.secureFilePath) -f $(Build.SourcesDirectory)/artifacts/signed/${{ kernel.name }}/cbl -r ${{ repo }} -n "*.rpm"
+                condition: eq(${{ parameters.debug }}, false)
+                displayName: ${{ repo }}
+                continueOnError: true
+          - ${{ else }}:
+            - ${{ each repo in repo_type.destinations }}:
+              - script: bash scripts/upload-linux-packages.sh -i $(PMCv4ClientId) -c $(pmcv4cert.secureFilePath) -f $(Build.SourcesDirectory)/artifacts/signed/${{ kernel.name }}/gen -r ${{ repo }} -n "*.${{ lower(repo_type.name) }}"
+                condition: eq(${{ parameters.debug }}, false)
+                displayName: ${{ repo }}
+                continueOnError: true