From 972aa7cb9dd7a8afb5ab253b2c788bf32b19b0ae Mon Sep 17 00:00:00 2001 From: Connor Adsit Date: Wed, 3 Mar 2021 11:47:52 -0800 Subject: [PATCH] [CI] Circumvent login keychain with envvars (#10749) * Use envvars for GitHub.Token * add gitHubToken parameter to stage.yml * Use envvars for certificate passwords --- tools/devops/automation/build-pipeline.yml | 8 +++- .../automation/templates/devices/build.yml | 40 ++++++++++++------- .../automation/templates/devices/stage.yml | 38 +++++++++++------- 3 files changed, 56 insertions(+), 30 deletions(-) diff --git a/tools/devops/automation/build-pipeline.yml b/tools/devops/automation/build-pipeline.yml index f2c67a7fdd..a9cd93397e 100644 --- a/tools/devops/automation/build-pipeline.yml +++ b/tools/devops/automation/build-pipeline.yml @@ -143,6 +143,8 @@ stages: iOSDeviceDemand: 'xismoke-32' vsdropsPrefix: ${{ variables.vsdropsPrefix }} keyringPass: $(xma-password) + gitHubToken: ${{ variables['GitHub.Token'] }} + xqaCertPass: $(xqa--certificates--password) - template: templates/devices/stage.yml parameters: @@ -156,6 +158,8 @@ stages: iOSDeviceDemand: 'ios' vsdropsPrefix: ${{ variables.vsdropsPrefix }} keyringPass: $(xma-password) + gitHubToken: ${{ variables['GitHub.Token'] }} + xqaCertPass: $(xqa--certificates--password) - template: templates/devices/stage.yml parameters: @@ -169,6 +173,8 @@ stages: iOSDeviceDemand: 'tvos' vsdropsPrefix: ${{ variables.vsdropsPrefix }} keyringPass: $(xma-password) + gitHubToken: ${{ variables['GitHub.Token'] }} + xqaCertPass: $(xqa--certificates--password) - template: templates/mac/stage.yml parameters: @@ -189,7 +195,7 @@ stages: displayName: 'Sample testing' dependsOn: - build_packages - condition: and(succeeded(), contains (stageDependencies.build_packages.build.outputs['configuration.RunSampleTests'], 'True')) + condition: and(succeeded(), contains (stageDependencies.build_packages.build.outputs['configuration.RunSampleTests'], 'True')) jobs: - job: sample_testing pool: diff --git a/tools/devops/automation/templates/devices/build.yml b/tools/devops/automation/templates/devices/build.yml index dcd34b2341..ac4b140fd4 100644 --- a/tools/devops/automation/templates/devices/build.yml +++ b/tools/devops/automation/templates/devices/build.yml @@ -7,12 +7,12 @@ parameters: - name: statusContext - type: string - default: 'iOS Device Tests' # default context, since we started dealing with iOS devices. + type: string + default: 'iOS Device Tests' # default context, since we started dealing with iOS devices. - name: testsLabels - type: string - default: '--label=run-ios-64-tests,run-non-monotouch-tests,run-monotouch-tests,run-mscorlib-tests' # default context, since we started dealing with iOS devices. + type: string + default: '--label=run-ios-64-tests,run-non-monotouch-tests,run-monotouch-tests,run-mscorlib-tests' # default context, since we started dealing with iOS devices. - name: disableProvisionatorCache type: boolean @@ -23,7 +23,7 @@ parameters: default: false - name: useXamarinStorage - type: boolean + type: boolean default: false # xamarin-storage will disappear, so by default do not use it - name: vsdropsPrefix @@ -34,8 +34,14 @@ parameters: type: string - name: devicePrefix - type: string - default: 'ios' # default context, since we started dealing with iOS devices. + type: string + default: 'ios' # default context, since we started dealing with iOS devices. + +- name: gitHubToken + type: string + +- name: xqaCertPass + type: string steps: @@ -120,10 +126,16 @@ steps: set -e rm -f ~/Library/Caches/com.xamarin.provisionator/Provisions/*p12 rm -f ~/Library/Caches/com.xamarin.provisionator/Provisions/*mobileprovision - ./maccore/tools/install-qa-provisioning-profiles.sh -v + ./maccore/tools/install-qa-provisioning-profiles.sh -v displayName: 'Add provisioning profiles' timeoutInMinutes: 30 env: + AUTH_TOKEN_GITHUB_COM: ${{ parameters.gitHubToken }} + AUTH_TOKEN_LA_DEV_APPLE_P12: ${{ parameters.xqaCertPass }} + AUTH_TOKEN_LA_DISTR_APPLE_P12: ${{ parameters.xqaCertPass }} + AUTH_TOKEN_LA_MAC_INSTALLER_DISTR_P12: ${{ parameters.xqaCertPass }} + AUTH_TOKEN_VSENG_XAMARIN_MAC_DEVICES_P12: ${{ parameters.xqaCertPass }} + AUTH_TOKEN_VSENG_XAMARIN_MAC_DEVICES_2_P12: ${{ parameters.xqaCertPass }} LOGIN_KEYCHAIN_PASSWORD: ${{ parameters.keyringPass }} # download the artifacts.json, which will use to find the URI of the built pkg to later be installed by provisionator @@ -170,7 +182,7 @@ steps: # remove any old processes that might have been left behind. - pwsh : | Import-Module $Env:SYSTEM_DEFAULTWORKINGDIRECTORY/xamarin-macios/tools/devops/automation/scripts/System.psm1 - Clear-XamarinProcesses + Clear-XamarinProcesses displayName: 'Process cleanup' # Increase mlaunch verbosity. Will step on the old setting present. @@ -178,19 +190,19 @@ steps: Import-Module $Env:SYSTEM_DEFAULTWORKINGDIRECTORY/xamarin-macios/tools/devops/automation/scripts/MLaunch.psm1 Set-MLaunchVerbosity -Verbosity 10 displayName: 'Make mlaunch verbose' - condition: succeededOrFailed() # we do not care about the previous step + condition: succeededOrFailed() # we do not care about the previous step # Re-start the daemon used to find the devices in the bot. - pwsh : | Import-Module $Env:SYSTEM_DEFAULTWORKINGDIRECTORY/xamarin-macios/tools/devops/automation/scripts/MLaunch.psm1 - Optimize-DeviceDiscovery + Optimize-DeviceDiscovery displayName: 'Fix device discovery (reset launchctl)' condition: succeededOrFailed() # making mlaunch verbose should be a non blocker -# Update the status to pending, that way the monitoring person knows that we started running the tests. Up to this +# Update the status to pending, that way the monitoring person knows that we started running the tests. Up to this # point we were just setting up the agent. - pwsh: | - Import-Module $Env:SYSTEM_DEFAULTWORKINGDIRECTORY/xamarin-macios/tools/devops/automation/scripts/GitHub.psm1 + Import-Module $Env:SYSTEM_DEFAULTWORKINGDIRECTORY/xamarin-macios/tools/devops/automation/scripts/GitHub.psm1 Set-GitHubStatus -Status "pending" -Context "$Env:CONTEXT" -Description "Running device tests on $Env:CONTEXT" env: BUILD_REVISION: $(Build.SourceVersion) @@ -222,7 +234,7 @@ steps: echo '##vso[task.setvariable variable=TESTS_JOBSTATUS;isOutput=true]Failed' fi env: - WORKING_DIR: $(System.DefaultWorkingDirectory) + WORKING_DIR: $(System.DefaultWorkingDirectory) TESTS_EXTRA_ARGUMENTS: ${{ parameters.testsLabels }} USE_XAMARIN_STORAGE: ${{ parameters.useXamarinStorage }} VSDROPS_URI: '${{ parameters.vsdropsPrefix }}/$(Build.BuildNumber)/$(Build.BuildId)/${{ parameters.devicePrefix }};/tests/' # uri used to create the vsdrops index using full uri diff --git a/tools/devops/automation/templates/devices/stage.yml b/tools/devops/automation/templates/devices/stage.yml index 04708c1f1f..c7afa76577 100644 --- a/tools/devops/automation/templates/devices/stage.yml +++ b/tools/devops/automation/templates/devices/stage.yml @@ -1,7 +1,7 @@ # Main template that contains all the jobs that are required to run the device tests. # # The stage contains two different jobs -# +# # tests: Runs the tests on a pool that contains devices that are capable to run them. # publish_html: Because vsdrop is not supported on macOS we have an extra job that # will run on a pool with Windows devices that will publish the results on VSDrop to @@ -11,13 +11,13 @@ parameters: # string that is used to identify the status to be used to expose the result on GitHub - name: statusContext - type: string - default: 'iOS Device Tests' # default context, since we started dealing with iOS devices. + type: string + default: 'iOS Device Tests' # default context, since we started dealing with iOS devices. # string that contains the extra labels to pass to xharness to select the tests to execute. - name: testsLabels - type: string - default: '--label=run-ios-64-tests,run-non-monotouch-tests,run-monotouch-tests,run-mscorlib-tests' # default context, since we started dealing with iOS devices. + type: string + default: '--label=run-ios-64-tests,run-non-monotouch-tests,run-monotouch-tests,run-mscorlib-tests' # default context, since we started dealing with iOS devices. # name of the pool that contains the iOS devices - name: iOSDevicePool @@ -27,16 +27,16 @@ parameters: # demand that has to be matched by a bot to be able to run the tests. - name: iOSDeviceDemand type: string - default: 'xismoke' + default: 'xismoke' - name: useXamarinStorage type: boolean default: false -- name: vsdropsPrefix +- name: vsdropsPrefix type: string -- name: stageName +- name: stageName type: string - name: keyringPass @@ -47,7 +47,13 @@ parameters: - name: devicePrefix type: string - default: 'ios' # default context, since we started dealing with iOS devices. + default: 'ios' # default context, since we started dealing with iOS devices. + +- name: gitHubToken + type: string + +- name: xqaCertPass + type: string stages: - stage: @@ -71,9 +77,11 @@ stages: testsLabels: ${{ parameters.testsLabels }} statusContext: ${{ parameters.statusContext }} useXamarinStorage: ${{ parameters.useXamarinStorage }} - vsdropsPrefix: ${{ parameters.vsdropsPrefix }} - keyringPass: ${{ parameters.keyringPass }} + vsdropsPrefix: ${{ parameters.vsdropsPrefix }} + keyringPass: ${{ parameters.keyringPass }} devicePrefix: ${{ parameters.devicePrefix }} + gitHubToken: ${{ parameters.gitHubToken }} + xqaCertPass: ${{ parameters.xqaCertPass }} - job: upload_vsdrops displayName: 'Upload report to vsdrops' @@ -86,7 +94,7 @@ stages: clean: all steps: - template: ../common/upload-vsdrops.yml - parameters: + parameters: devicePrefix: ${{ parameters.devicePrefix }} - job: upload_vsts_tests @@ -100,7 +108,7 @@ stages: clean: all steps: - template: ../common/upload-vsts-tests.yml - parameters: + parameters: devicePrefix: ${{ parameters.devicePrefix }} - job: publish_html @@ -109,7 +117,7 @@ stages: dependsOn: # has to wait for the tests to be done AND the data to be uploaded - tests - upload_vsdrops - - upload_vsts_tests + - upload_vsts_tests condition: succeededOrFailed() variables: # Define the variable FOO from the previous job @@ -124,5 +132,5 @@ stages: - template: ../common/publish-html.yml parameters: statusContext: ${{ parameters.statusContext }} - vsdropsPrefix: ${{ parameters.vsdropsPrefix }} + vsdropsPrefix: ${{ parameters.vsdropsPrefix }} devicePrefix: ${{ parameters.devicePrefix }}