-
Notifications
You must be signed in to change notification settings - Fork 271
/
azure-pipelines-analyzer-release.yml
148 lines (132 loc) · 4.15 KB
/
azure-pipelines-analyzer-release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
trigger: none
pr: none
pool:
name: '1ES-Hosted-DurableTaskFramework'
demands:
- ImageOverride -equals MMS2022TLS
steps:
# Configure all the .NET SDK versions we need
- task: UseDotNet@2
displayName: 'Use the .NET Core 2.1 SDK (required for build signing)'
inputs:
packageType: 'sdk'
version: '2.1.x'
- task: UseDotNet@2
displayName: 'Use the .NET Core 3.1 SDK'
inputs:
packageType: 'sdk'
version: '3.1.x'
- task: UseDotNet@2
displayName: 'Use the .NET 6 SDK'
inputs:
packageType: 'sdk'
version: '6.0.x'
# Use NuGet
- task: NuGetToolInstaller@1
displayName: 'Use NuGet '
# dotnet restore
- task: DotNetCoreCLI@2
displayName: 'dotnet restore'
inputs:
command: restore
projects: '**/**/*.csproj'
feedsToUse: config
nugetConfigPath: 'nuget.config'
# Build durable-analyzer
- task: VSBuild@1
displayName: 'Build Durable Analyzer'
inputs:
solution: '**/WebJobs.Extensions.DurableTask.Analyzers.sln'
vsVersion: "16.0"
configuration: Release
# Authenticode sign all the DLLs with the Microsoft certificate.
- task: EsrpCodeSigning@1
inputs:
ConnectedServiceName: 'ESRP Service'
FolderPath: 'src/WebJobs.Extensions.DurableTask.Analyzers/bin/Release'
Pattern: '*DurableTask.Analyzers.dll'
signConfigType: 'inlineSignParams'
inlineOperation: |
[
{
"KeyCode": "CP-230012",
"OperationCode": "SigntoolSign",
"Parameters": {
"OpusName": "Microsoft",
"OpusInfo": "http://www.microsoft.com",
"FileDigest": "/fd \"SHA256\"",
"PageHash": "/NPH",
"TimeStamp": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
},
"ToolName": "sign",
"ToolVersion": "1.0"
},
{
"KeyCode": "CP-230012",
"OperationCode": "SigntoolVerify",
"Parameters": {},
"ToolName": "sign",
"ToolVersion": "1.0"
}
]
SessionTimeout: '60'
MaxConcurrency: '50'
MaxRetryAttempts: '5'
# SBOM generator task for additional supply chain protection
- task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
displayName: 'Manifest Generator '
inputs:
BuildDropPath: '$(System.DefaultWorkingDirectory)'
# dotnet pack
# Packaging needs to be a separate step from build.
# This will automatically pick up the signed DLLs.
- task: DotNetCoreCLI@2
displayName: 'dotnet pack WebJobs.Extensions.DurableTask.Analyzers.csproj'
inputs:
command: pack
packagesToPack: 'src/**/WebJobs.Extensions.DurableTask.Analyzers.csproj'
configuration: Release
packDirectory: 'azure-functions-durable-extension'
nobuild: true
# Remove redundant symbol package(s)
- script: |
echo *** Searching for .symbols.nupkg files to delete...
dir /s /b *.symbols.nupkg
echo *** Deleting .symbols.nupkg files...
del /S /Q *.symbols.nupkg
echo *** Listing remaining packages
dir /s /b *.nupkg
displayName: 'Remove Redundant Symbols Package(s)'
continueOnError: true
# Digitally sign all the nuget packages with the Microsoft certificate.
# This appears to be an in-place signing job, which is convenient.
- task: EsrpCodeSigning@1
inputs:
ConnectedServiceName: 'ESRP Service'
FolderPath: '$(System.DefaultWorkingDirectory)'
Pattern: '*.nupkg'
signConfigType: 'inlineSignParams'
inlineOperation: |
[
{
"KeyCode": "CP-401405",
"OperationCode": "NuGetSign",
"Parameters": {},
"ToolName": "sign",
"ToolVersion": "1.0"
},
{
"KeyCode": "CP-401405",
"OperationCode": "NuGetVerify",
"Parameters": {},
"ToolName": "sign",
"ToolVersion": "1.0"
}
]
SessionTimeout: '60'
MaxConcurrency: '50'
MaxRetryAttempts: '5'
# Make the nuget packages available for download in the ADO portal UI
- publish: '$(System.DefaultWorkingDirectory)/azure-functions-durable-extension'
displayName: 'Publish nuget packages to Artifacts'
artifact: PackageOutput