diff --git a/.config/suppress.json b/.config/suppress.json new file mode 100644 index 0000000..0df4962 --- /dev/null +++ b/.config/suppress.json @@ -0,0 +1,9 @@ +{ + "tool": "Credential Scanner", + "suppressions": [ + { + "file": "Experimental\\HelpParsers\\README.md", + "_justification": "Documentation example." + } + ] +} diff --git a/.config/tsaoptions.json b/.config/tsaoptions.json new file mode 100644 index 0000000..7ccb818 --- /dev/null +++ b/.config/tsaoptions.json @@ -0,0 +1,8 @@ +{ + "instanceUrl": "https://msazure.visualstudio.com", + "projectName": "One", + "areaPath": "One\\MGMT\\Compute\\Powershell\\Powershell", + "codebaseName": "TFSMSAzure_TOBECHANGED", + "notificationAliases": [ "jimtru@microsoft.com", "slee@microsoft.com" ], + "tools": [ "CredScan", "PoliCheck", "BinSkim" ] +} diff --git a/.pipelines/Crescendo-Official.yml b/.pipelines/Crescendo-Official.yml new file mode 100644 index 0000000..de96ce8 --- /dev/null +++ b/.pipelines/Crescendo-Official.yml @@ -0,0 +1,140 @@ +name: Crescendo-ModuleBuild-$(Build.BuildId) +trigger: none +pr: none + +variables: + BuildConfiguration: Release + DOTNET_NOLOGO: true + DOTNET_GENERATE_ASPNET_CERTIFICATE: false + DOTNET_CLI_TELEMETRY_OPTOUT: 1 + POWERSHELL_TELEMETRY_OPTOUT: 1 + DOTNET_SKIP_FIRST_TIME_EXPERIENCE: 1 + WindowsContainerImage: onebranch.azurecr.io/windows/ltsc2022/vse2022:latest + +resources: + repositories: + - repository: templates + type: git + name: OneBranch.Pipelines/GovernedTemplates + ref: refs/heads/main + +extends: + # https://aka.ms/obpipelines/templates + template: v2/OneBranch.Official.CrossPlat.yml@templates + parameters: + featureFlags: + WindowsHostVersion: '1ESWindows2022' + globalSdl: # https://aka.ms/obpipelines/sdl + asyncSdl: + enabled: true + forStages: [build] + credscan: + enabled: true + scanfolder: $(Build.SourcesDirectory) + suppressionsFile: $(Build.SourcesDirectory)\.config\suppress.json + stages: + - stage: build + jobs: + - job: main + displayName: Build package + pool: + type: windows + variables: + - name: ob_outputDirectory + value: $(Build.SourcesDirectory)/out + - name: ob_sdl_credscan_suppressionsFile + value: $(Build.SourcesDirectory)\.config\suppress.json + steps: + - pwsh: | + Write-Verbose -Verbose ((Get-Item $(Build.SourcesDirectory)).FullName) + # Get-ChildItem $(Build.SourcesDirectory) -Recurse -File -Name | Write-Verbose -Verbose + $manifestData = Import-PowerShellDataFile -Path ./Microsoft.PowerShell.Crescendo/src/Microsoft.PowerShell.Crescendo.psd1 + $moduleVersion = $manifestData.ModuleVersion + Write-Output "##vso[task.setvariable variable=version;isOutput=true]$moduleVersion" + if ($manifestData.PrivateData.PsData.Prerelease) { + $prerel = $manifestData.PrivateData.PSData.Prerelease + $nupkgVersion = "${moduleVersion}-${prerel}" + } else { + $nupkgVersion = $moduleVersion + } + Write-Output "##vso[task.setvariable variable=nupkgversion;isOutput=true]$nupkgVersion" + name: package + displayName: Get version from project properties + - task: onebranch.pipeline.version@1 + displayName: Set OneBranch version + inputs: + system: Custom + customVersion: $(package.version) + - task: UseDotNet@2 + displayName: Use .NET SDK + inputs: + packageType: sdk + useGlobalJson: true + - pwsh: ./build.ps1 -publish + displayName: Build Crescendo + - task: onebranch.pipeline.signing@1 + displayName: Sign 1st-party files + inputs: + command: sign + signing_profile: external_distribution + search_root: $(Build.SourcesDirectory)/out/Microsoft.PowerShell.Crescendo + files_to_sign: | + **/*.psd1; + **/*.psm1; + **/*.ps1xml; + **/*.ps1; + - task: ArchiveFiles@2 + displayName: Zip module + inputs: + rootFolderOrFile: $(Build.SourcesDirectory)/out/Microsoft.PowerShell.Crescendo + includeRootFolder: false + archiveType: zip + archiveFile: out/Microsoft.PowerShell.Crescendo-v$(package.version).zip + - pwsh: | + ./build -package + Write-Verbose -Verbose ((Get-Item .).FullName) + Write-Verbose -Verbose ((Get-Item $(Build.SourcesDirectory)).FullName) + Get-ChildItem $(Build.SourcesDirectory) -Recurse -File -Name | Write-Verbose -Verbose + displayName: Package module + - task: onebranch.pipeline.signing@1 + displayName: Sign NuGet package + inputs: + command: sign + signing_profile: external_distribution + search_root: $(Build.SourcesDirectory)/out + files_to_sign: "**/*.nupkg" + - stage: release + dependsOn: build + variables: + version: $[ stageDependencies.build.main.outputs['package.version'] ] + drop: $(Pipeline.Workspace)/drop_build_main + jobs: + - job: validation + displayName: Manual validation + pool: + type: agentless + timeoutInMinutes: 1440 + steps: + - task: ManualValidation@0 + displayName: Wait 24 hours for validation + inputs: + notifyUsers: $(Build.RequestedForEmail) + instructions: Please validate the release and then publish it! + timeoutInMinutes: 1440 + - job: publish + dependsOn: validation + displayName: Publish to PowerShell Gallery + pool: + type: windows + variables: + ob_outputDirectory: $(Build.SourcesDirectory)/out + steps: + - download: current + displayName: Download artifacts + - task: NuGetCommand@2 + displayName: Publish Crescendo to PowerShell Gallery + inputs: + command: push + packagesToPush: $(Build.SourcesDirectory)/Microsoft.PowerShell.Crescendo.$(package.nupkgVersion).nupkg + nuGetFeedType: external + publishFeedCredentials: PowerShellGallery diff --git a/build.ps1 b/build.ps1 index 5b50cac..f7bd5a8 100644 --- a/build.ps1 +++ b/build.ps1 @@ -25,7 +25,8 @@ $PubBase = "${PSScriptRoot}/out" $PubRoot = "${PubBase}/${Name}" $SignRoot = "${PSScriptRoot}/signed/${Name}" $SignVersion = "${SignRoot}/${Version}" -$PubDir = "${PubRoot}/${Version}" +# $PubDir = "${PubRoot}/${Version}" +$PubDir = "${PubRoot}" $PreRelease = ${ManifestData}.PrivateData.PSData.Prerelease if (-not $test -and -not $build -and -not $publish -and -not $package -and -not $BuildTestTool) { @@ -85,7 +86,7 @@ function Export-Module } # now constuct a nupkg by registering a local repository and calling publish module $repoName = [guid]::newGuid().ToString("N") - Register-PSRepository -Name $repoName -SourceLocation ${packageRoot} -InstallationPolicy Trusted + Register-PSRepository -Name $repoName -SourceLocation ${pubBase} -InstallationPolicy Trusted Publish-Module -Path $packageRoot -Repository $repoName Unregister-PSRepository -Name $repoName Get-ChildItem -Recurse -Name $packageRoot | Write-Verbose -Verbose @@ -95,14 +96,14 @@ function Export-Module else { $nupkgName = "{0}.{1}.nupkg" -f ${Name},${Version} } - $nupkgPath = Join-Path $packageRoot $nupkgName - if ($env:TF_BUILD) { - # In Azure DevOps - Write-Host "##vso[artifact.upload containerfolder=$nupkgName;artifactname=$nupkgName;]$nupkgPath" - } - else { + $nupkgPath = Join-Path $pubBase $nupkgName + #if ($env:TF_BUILD) { + # # In Azure DevOps + # Write-Host "##vso[artifact.upload containerfolder=$nupkgName;artifactname=$nupkgName;]$nupkgPath" + #} + #else { Write-Verbose -Verbose "package path: $nupkgPath (exists:$(Test-Path $nupkgPath))" - } + #} } if ($publish) { diff --git a/global.json b/global.json index 0470208..368a14e 100644 --- a/global.json +++ b/global.json @@ -1,5 +1,6 @@ { - "sdk": { - "version": "6.0.100" - } + "sdk": { + "version": "8.0.100", + "rollForward": "latestMajor" + } } diff --git a/nuget.config b/nuget.config new file mode 100644 index 0000000..379149e --- /dev/null +++ b/nuget.config @@ -0,0 +1,8 @@ + + + + + + + +