Add support for ESRP Release to Maven Central

Azure · May 20, 2022 · 0c77007 · 0c77007
1 parent 5b557be
commit 0c77007
Show file tree

Hide file tree

Showing 4 changed files with 239 additions and 13 deletions.
diff --git a/eng/pipelines/templates/stages/archetype-java-release-batch.yml b/eng/pipelines/templates/stages/archetype-java-release-batch.yml
@@ -210,18 +210,33 @@ stages:
                   - template: tools/gpg/gpg.yml@azure-sdk-build-tools
                   - ${{ each artifact in parameters.Artifacts }}:
                     - ${{if ne(artifact.skipPublishPackage, 'true')}}:
-                      - template: /eng/pipelines/templates/steps/java-publishing.yml
-                        parameters:
-                          ArtifactID: ${{artifact.name}}
-                          GroupID: ${{artifact.groupId}}
-                          ArtifactDirectory: $(Pipeline.Workspace)/${{parameters.ArtifactName}}-signed
-                          Target: MavenCentral
-                          BuildToolsPath: $(Pipeline.Workspace)/azure-sdk-build-tools
-                          JavaRepoRoot: $(Pipeline.Workspace)/azure-sdk-for-java
-                      - template: /eng/common/pipelines/templates/steps/publish-artifact.yml
-                        parameters:
-                          ArtifactName: ${{parameters.ArtifactName}}-${{artifact.name}}-mavencentral-$(System.JobAttempt)
-                          ArtifactPath: $(Pipeline.Workspace)/${{parameters.ArtifactName}}-signed
+                      - ${{ if eq(variables.useEsrpRelease, 'true') }}:
+                        - template: /eng/pipelines/templates/steps/java-publishing.yml
+                          parameters:
+                            ArtifactID: ${{artifact.name}}
+                            GroupID: ${{artifact.groupId}}
+                            ArtifactDirectory: $(Pipeline.Workspace)/${{parameters.ArtifactName}}-signed
+                            OutputDirectory: $(Pipeline.Workspace)/EsrpPackages
+                            Target: EsrpRelease
+                            BuildToolsPath: $(Pipeline.Workspace)/azure-sdk-build-tools
+                            JavaRepoRoot: $(Pipeline.Workspace)/azure-sdk-for-java
+                        - template: /eng/common/pipelines/templates/steps/publish-artifact.yml
+                          parameters:
+                            ArtifactName: ${{parameters.ArtifactName}}-${{artifact.name}}-esrp-$(System.JobAttempt)
+                            ArtifactPath: $(Pipeline.Workspace)/EsrpPackages
+                      - ${{ else }}:
+                        - template: /eng/pipelines/templates/steps/java-publishing.yml
+                          parameters:
+                            ArtifactID: ${{artifact.name}}
+                            GroupID: ${{artifact.groupId}}
+                            ArtifactDirectory: $(Pipeline.Workspace)/${{parameters.ArtifactName}}-signed
+                            Target: MavenCentral
+                            BuildToolsPath: $(Pipeline.Workspace)/azure-sdk-build-tools
+                            JavaRepoRoot: $(Pipeline.Workspace)/azure-sdk-for-java
+                        - template: /eng/common/pipelines/templates/steps/publish-artifact.yml
+                          parameters:
+                            ArtifactName: ${{parameters.ArtifactName}}-${{artifact.name}}-mavencentral-$(System.JobAttempt)
+                            ArtifactPath: $(Pipeline.Workspace)/${{parameters.ArtifactName}}-signed
                       # After publishing to Maven, publish to the azure-sdk-for-java feed. The reason for
                       # this is that the azure-sdk-for-java feed will have the package available immediately
                       # whereas Maven can take several hours for the package to become available.

diff --git a/eng/pipelines/templates/steps/java-publishing.yml b/eng/pipelines/templates/steps/java-publishing.yml
@@ -1,5 +1,6 @@
 parameters:
   ArtifactDirectory: not-specified
+  OutputDirectory: not-specified
   RepositoryUrl: not-specified
   GroupID:
   ArtifactID:
@@ -80,4 +81,34 @@ steps:
           -GPGExecutablePath ${{ parameters.GPGExecutablePath }}
           -StageOnly:$${{parameters.StageOnly}}
           -ShouldPublish:$${{parameters.ShouldPublish}}
-          -InformationAction Continue
+          -InformationAction Continue
+
+  - ${{if eq(parameters.Target, 'EsrpRelease')}}:
+    - task: PowerShell@2
+      name: gpgSign
+      displayName: 'Gpg sign and hash packages'
+      inputs:
+        pwsh: true
+        workingDirectory: $(Agent.BuildDirectory)
+        filePath: ${{ parameters.JavaRepoRoot }}/eng/scripts/SignAndHash-MavenPackages.ps1
+        arguments: >
+          -Path ${{ parameters.ArtifactDirectory }}
+          -DestinationPath ${{ parameters.OutputDirectory }}
+          -GroupIDFilter "${{ parameters.GroupID }}"
+          -ArtifactIDFilter "${{ parameters.ArtifactID }}"
+          -GPGExecutablePath ${{ parameters.GPGExecutablePath }}
+          -InformationAction Continue
+    - ${{if and(eq(parameters.ShouldPublish, 'true'), ne(parameters.StageOnly, 'true'))}}:
+      - task: EsrpRelease@1
+        displayName: 'Publish to ESRP'
+        inputs:
+          ConnectedServiceName: 'ESRP Release Service'
+          Intent: 'PackageDistribution'
+          ContentType: 'Maven'
+          PackageLocation: $(gpgSign.packageLocation)
+          Owners: '[email protected]'
+          Approvers: '[email protected]'
+          ServiceEndpointUrl: 'https://api.esrp.microsoft.com'
+          MainPublisher: 'ESRPRELPACMANTEST'
+          DomainTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47'
+
diff --git a/eng/scripts/SignAndHash-MavenPackages.ps1 b/eng/scripts/SignAndHash-MavenPackages.ps1
@@ -0,0 +1,177 @@
+#Requires -Version 7
+
+param(
+  [Parameter(Mandatory=$true)][string]$Path,
+  [Parameter(Mandatory=$true)][string]$DestinationPath,
+  [Parameter(Mandatory=$true)][string]$GPGExecutablePath,
+  [Parameter(Mandatory=$false)][AllowEmptyString()][string]$GroupIDFilter,
+  [Parameter(Mandatory=$false)][AllowEmptyString()][string]$ArtifactIDFilter
+)
+
+Set-StrictMode -Version 2.0
+
+$ErrorActionPreference = "Stop"
+
+. $PSScriptRoot\MavenPackaging.ps1
+
+# The Resolve-Path will normalize the path separators and throw if they don't exist.
+# This is necessary because, the yml passes in ${{parameters.BuildToolsPath}}/ which
+# on Windows means <drive>:\<BuildToolsPath>/<whatever>/<else>. Maven doesn't always
+# behave well with different separators in the path.
+$Path = Resolve-Path $Path
+$GPGExecutablePath = Resolve-Path $GPGExecutablePath
+
+function Get-RandomRepositoryDirectory() {
+  Write-Host "Getting random repository directory."
+  $randomSubDirectoryName = [System.IO.Path]::GetRandomFileName()
+  $randomRepositoryDirectory = New-Item -Type Directory -Path $env:TEMP -Name $randomSubDirectoryName
+  Write-Host "Random repository directory is: $randomRepositoryDirectory"
+  return $randomRepositoryDirectory
+}
+
+function ConvertTo-DeploymentDetails($PackageDetail) {
+  $pomArtifact = $packageDetail.AssociatedArtifacts | Where-Object { ($null -eq $_.Classifier) -and ($_.Type -eq "pom") }
+
+  $fileArtifact = $packageDetail.AssociatedArtifacts.Length -eq 1 `
+    ? $packageDetail.AssociatedArtifacts[0] `
+    : ($packageDetail.AssociatedArtifacts | Where-Object { ($null -eq $_.Classifier) -and (($_.Type -eq "jar") -or ($_.Type -eq "aar")) })
+
+  $javadocArtifact = $packageDetail.AssociatedArtifacts | Where-Object { ($_.Classifier -eq "javadoc") -and ($_.Type -eq "jar")}
+
+  $sourcesArtifact = $packageDetail.AssociatedArtifacts | Where-Object { ($_.Classifier -eq "sources") -and ($_.Type -eq "jar") }
+
+  [AssociatedArtifact[]]$additionalArtifacts = $packageDetail.AssociatedArtifacts | Where-Object {
+    ($_ -ne $pomArtifact) -and
+    ($_ -ne $fileArtifact) -and
+    ($_ -ne $javadocArtifact) -and
+    ($_ -ne $sourcesArtifact)
+  }
+
+  return [ordered]@{
+    FullyQualifiedName= $packageDetail.FullyQualifiedName;
+    GroupId= $packageDetail.GroupId;
+    ArtifactId= $packageDetail.ArtifactId;
+    Version= $packageDetail.Version;
+    PomArtifact= $pomArtifact;
+    FileArtifact= $fileArtifact;
+    JavadocArtifact= $javadocArtifact;
+    SourcesArtifact= $sourcesArtifact;
+    AdditionalArtifacts= $additionalArtifacts;
+  }
+}
+
+
+Write-Host "PS Script Root is: $PSScriptRoot"
+Write-Host "Path is: $Path"
+Write-Host "DestinationPath is: $DestinationPath"
+Write-Host "GPG Executable Path is: $GPGExecutablePath"
+Write-Host "Group ID Filter is: $GroupIDFilter"
+Write-Host "Artifact ID Filter is: $ArtifactIDFilter"
+
+Write-Host "Getting filtered package details."
+
+[array]$packageDetails = Get-FilteredMavenPackageDetails -ArtifactDirectory $Path -GroupIDFilter $GroupIDFilter -ArtifactIDFilter $ArtifactIDFilter
+| ForEach-Object { ConvertTo-DeploymentDetails $_ }
+
+Write-Host "Found $($packageDetails.Length) packages to publish:"
+$packageDetails | ForEach-Object { Write-Host $_.FullyQualifiedName }
+
+if ($packageDetails.Length -eq 0) {
+  throw "Aborting, no packages to publish."
+}
+
+Write-Host "Creating destination directory $DestinationPath"
+if (Test-Path $DestinationPath) {
+  Remove-Item $DestinationPath -Force -Recurse | Out-Null
+}
+New-Item -Path $DestinationPath -Type Directory | Out-Null
+
+$DestinationPath = Resolve-Path -Path $DestinationPath
+$destinationPathUri = $([Uri]$DestinationPath).AbsoluteUri
+
+foreach ($packageDetail in $packageDetails) {
+  Write-Host "GPG signing and publishing package: $($packageDetail.FullyQualifiedName)"
+
+  $pomOption = "-DpomFile=$($packageDetail.PomArtifact.File.FullName)"
+  Write-Host "POM Option is: $pomOption"
+
+  $fileOption = "-Dfile=$($packageDetail.FileArtifact.File.FullName)"
+  Write-Host "File Option is: $fileOption"
+
+  $javadocOption = ""
+  if (-not $packageDetail.JavadocArtifact) {
+    Write-Host "No JavaDoc artifact, omitting JavaDoc Option"
+  } else {
+    $javadocOption = "-Djavadoc=$($packageDetail.JavadocArtifact.File.FullName)"
+    Write-Host "JavaDoc Option is: $javadocOption"
+  }
+
+  $sourcesOption = ""
+  if (-not $packageDetail.SourcesArtifact) {
+    Write-Host "No Sources artifact, omitting Sources Option"
+  } else {
+    $sourcesOption = "-Dsources=$($packageDetail.SourcesArtifact.File.FullName)"
+    Write-Host "Sources Option is: $sourcesOption"
+  }
+
+  foreach ($additionalArtifact in $packageDetail.AdditionalArtifacts) {
+    Write-Host "Additional associated artifact is: $($additionalArtifact.File.FullName)"
+  }
+
+  $commaDelimitedFileNames = ""
+  $commaDelimitedClassifiers = ""
+  $commaDelimitedTypes = ""
+
+  if ($null -ne $packageDetail.AdditionalArtifacts) {
+    foreach($additionalArtifact in $packageDetail.AdditionalArtifacts) {
+      $commaDelimitedFileNames += ",$($additionalArtifact.File.FullName)"
+      $commaDelimitedClassifiers += ",$($additionalArtifact.Classifier)"
+      $commaDelimitedTypes += ",$($additionalArtifact.Type)"
+    }
+  }
+
+  $filesOption = "-Dfiles=$($commaDelimitedFileNames.Substring(1))"
+  $classifiersOption = "-Dclassifiers=$($commaDelimitedClassifiers.Substring(1))"
+  $typesOption = "-Dtypes=$($commaDelimitedTypes.Substring(1))"
+
+  Write-Host "Files Option is: $filesOption"
+  Write-Host "Classifiers Option is: $classifiersOption"
+  Write-Host "Types Option is: $typesOption"
+
+  $gpgexeOption = "-Dgpgexe=$GPGExecutablePath"
+  Write-Host "GPG Executable Option is: $gpgexeOption"
+
+  $urlOption = "-Durl=$destinationPathUri"
+  Write-Host "URL Option is: $urlOption"
+
+  $settingsOption = "--settings=$(Join-Path $PSScriptRoot '..' 'maven.publish.settings.xml' -Resolve)"
+  Write-Host "Settings Option is: $settingsOption"
+
+  Write-Host ""
+  Write-Host "Signing package"
+
+  Write-Host @"
+  mvn gpg:sign-and-deploy-file "--batch-mode" "-Daether.checksums.algorithms=SHA-256,MD5,SHA-1" "$pomOption" "$fileOption" "$javadocOption" "$sourcesOption" "$filesOption" "$classifiersOption" "$typesOption" "$urlOption" "$gpgexeOption" "-DrepositoryId=target-repo" "$settingsOption"
+"@
+
+  mvn gpg:sign-and-deploy-file "--batch-mode" "-Daether.checksums.algorithms=SHA-256,MD5,SHA-1" "$pomOption" "$fileOption" "$javadocOption" "$sourcesOption" "$filesOption" "$classifiersOption" "$typesOption" "$urlOption" "$gpgexeOption" "-DrepositoryId=target-repo" "$settingsOption"
+
+  if ($LASTEXITCODE) { exit $LASTEXITCODE }
+
+  $groupId = $packageDetail.GroupId
+  $artifactId = $packageDetail.ArtifactId
+  $version = $packageDetail.Version
+
+  $relativePath = "$($groupId.Replace('.', '/'))/$artifactId/$version"
+  $signedArtifactPath = Join-Path $DestinationPath $relativePath
+
+  if (-not (Test-Path $signedArtifactPath)) {
+    Write-Error "Unable to located expected gpg output folder $signedArtifactPath"
+    exit 1
+  }
+
+  Write-Host "##vso[task.setvariable variable=packageLocation;isoutput=true]$signedArtifactPath"
+  Write-Host ""
+}
+
+exit 0
diff --git a/sdk/template/ci.yml b/sdk/template/ci.yml
@@ -39,6 +39,9 @@ pr:
       - sdk/template/azure-sdk-template-three/pom.xml
       - sdk/template/azure-template-perf/pom.xml
 
+variables:
+  useEsrpRelease: 'true'
+
 extends:
   template: ../../eng/pipelines/templates/stages/archetype-sdk-client.yml
   parameters: