This repository has been archived by the owner on Jun 14, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 28
/
Copy pathazure-pipelines-release.yml
104 lines (91 loc) · 3.34 KB
/
azure-pipelines-release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
name: $(BuildDefinitionName)_$(date:yyMM).$(date:dd)$(rev:rrr)
trigger: none
resources:
repositories:
- repository: ComplianceRepo
type: github
endpoint: ComplianceGHRepo
name: PowerShell/compliance
variables:
- name: PackageName
value: 'Microsoft.PowerShell.IoT'
- name: PackageVersion
value: '0.2.0'
- name: BuildOutDir
value: ''
stages:
- stage: Build
displayName: Build module
pool:
name: 1ES
demands:
- ImageOverride -equals PSMMS2019-Secure
jobs:
- job: BuildPkg
displayName: Build module
variables:
- group: ESRP
steps:
- pwsh: |
& $(Build.SourcesDirectory)\SimpleBuild.ps1
displayName: Build Microsoft.PowerShell.IoT module
condition: succeededOrFailed()
- pwsh: |
dir "$(BuildOutDir)\*" -Recurse
displayName: Show BuildOutDirectory
- template: Sbom.yml@ComplianceRepo
parameters:
BuildDropPath: "$(BuildOutDir)"
Build_Repository_Uri: 'https://github.com/PowerShell/PowerShell-IoT'
PackageName: $(PackageName)
PackageVersion: $(PackageVersion)
- pwsh: |
dir "$(BuildOutDir)\*" -Recurse
displayName: Show BuildOutDirectory
- pwsh: |
$signSrcPath = "$(BuildOutDir)"
# Set signing src path variable
$vstsCommandString = "vso[task.setvariable variable=signSrcPath]${signSrcPath}"
Write-Host "sending " + $vstsCommandString
Write-Host "##$vstsCommandString"
$signOutPath = "$(Build.SourcesDirectory)\signed\Microsoft.PowerShell.IoT"
$null = New-Item -ItemType Directory -Path $signOutPath
# Set signing out path variable
$vstsCommandString = "vso[task.setvariable variable=signOutPath]${signOutPath}"
Write-Host "sending " + $vstsCommandString
Write-Host "##$vstsCommandString"
# Set path variable for guardian codesign validation
$vstsCommandString = "vso[task.setvariable variable=GDN_CODESIGN_TARGETDIRECTORY]${signOutPath}"
Write-Host "sending " + $vstsCommandString
Write-Host "##$vstsCommandString"
displayName: Setup variables for signing
- template: EsrpSign.yml@ComplianceRepo
parameters:
# the folder which contains the binaries to sign
buildOutputPath: $(signSrcPath)
# the location to put the signed output
signOutputPath: $(signOutPath)
# the certificate ID to use
certificateId: "CP-230012"
# the file pattern to use, comma separated
pattern: '*.psd1,Microsoft.PowerShell.IoT.dll'
- pwsh: |
Compress-Archive -Path "$(signOutPath)\*" -DestinationPath "$(System.ArtifactsDirectory)\Microsoft.PowerShell.IoT.zip"
displayName: Create Microsoft.PowerShell.IoT.zip
- publish: $(System.ArtifactsDirectory)\Microsoft.PowerShell.IoT.zip
artifact: SignedModule
- template: assembly-module-compliance.yml@ComplianceRepo
parameters:
# component-governance
sourceScanPath: '$(signOutPath)'
# credscan
suppressionsFile: ''
# TermCheck
optionsRulesDBPath: ''
optionsFTPath: ''
# tsa-upload
codeBaseName: 'Microsoft_PowerShell_IoT_2_14_2022'
# selections
APIScan: false # set to false when not using Windows APIs.
# binskim
AnalyzeTarget: '$(signOutPath)\Microsoft.PowerShell.IoT.dll'