Skip to content

Commit

Permalink
Begin migration to release pipeline templates (#468)
Browse files Browse the repository at this point in the history 
* Begin migration to release pipeline templates

* Update core-pipeline.yml
  • Loading branch information
@gfs
gfs authored Jun 27, 2024
1 parent 4a24249 commit 7d9fada
Show file tree
Hide file tree
Showing 7 changed files with 58 additions and 743 deletions.
371 changes: 58 additions & 313 deletions Pipelines/core-pipeline.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,322 +2,67 @@
# https://aka.ms/yaml

name: OSSGadget_$(SourceBranchName)_$(Date:yyyyMMdd)$(Rev:.r)
trigger:
batch: true
branches:
include:
- main
paths:
include:
- Pipelines
- src
pr: none
# trigger:
# batch: true
# branches:
# include:
# - main
# paths:
# include:
# - Pipelines
# - src
# pr: none

stages:
- stage: Test
jobs:
- template: templates/dotnet-test-job.yml
parameters:
projectPath: 'src/oss-tests/oss-tests.csproj'
trigger: none
pr: none

- stage: Build
dependsOn: Test
jobs:
- template: templates/dotnet-build-publish-all-platforms-job.yml
parameters:
solutionPath: 'src/OSSGadget.sln'
csprojPath: 'src/**/!(CryptoGatherer)/*.csproj'
projectName: 'OSSGadget'
preBuild:
- template: templates/nbgv-set-version-steps.yml
resources:
repositories:
- repository: templates
type: git
name: SecurityEngineering/OSS-Tools-Pipeline-Templates
ref: refs/tags/v2.0.0
- repository: 1esPipelines
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release

- stage: SDL
dependsOn: Build
jobs:
- template: templates/sdl-job.yml
parameters:
serviceTreeID: 'e6121b8f-ffd8-40b1-981d-a5ea5c121baa'
variables:
BuildConfiguration: 'Release'
dotnetVersion: '8.0.x'

- stage: Release
dependsOn:
- SDL
condition: and(succeeded(), in(variables['Build.Reason'], 'IndividualCI', 'BatchedCI'))
jobs:
- job: sign_hash_release
displayName: Code Sign, Generate Hashes, Publish Public Releases
extends:
template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines
parameters:
pool:
name: CSPA
demands: ImageOverride -equals ubuntu-22.04-image-base
steps:
- task: UseDotNet@2
inputs:
packageType: 'sdk'
- script: 'dotnet tool update -g nbgv'
displayName: 'Install GitVersioning'
- task: PowerShell@2
displayName: Set Release Version
inputs:
targetType: 'inline'
script: |
$version = (nbgv get-version -v AssemblyInformationalVersion).split('+')[0]
Write-Host "##vso[task.setvariable variable=ReleaseVersion;]$version"
- task: DownloadBuildArtifacts@0
displayName: Download Unsigned Binary Archives
inputs:
buildType: 'current'
downloadType: 'specific'
itemPattern: 'Unsigned_Binaries/*.tar.gz'
downloadPath: '$(Build.BinariesDirectory)'
- task: ExtractFiles@1
displayName: Extract Binaries for Signing
inputs:
archiveFilePatterns: '$(Build.BinariesDirectory)/Unsigned_Binaries/*.tar.gz'
destinationFolder: '$(Build.BinariesDirectory)'
cleanDestinationFolder: false
- task: UseDotNet@2
inputs:
packageType: 'sdk'
version: '2.1.804'
- task: EsrpCodeSigning@1
displayName: Code Sign Linux
inputs:
ConnectedServiceName: 'OSSGadget_CodeSign'
FolderPath: '$(Build.BinariesDirectory)/linux/OSSGadget_linux_$(ReleaseVersion)'
Pattern: 'oss-characteristic.dll, oss-defog.dll, oss-detect-backdoor.dll, oss-detect-cryptography.dll, oss-diff.dll, oss-download.dll, oss-find-domain-squats.dll, oss-find-source.dll, oss-find-squats.dll, oss-health.dll, oss-metadata.dll, oss-risk-calculator.dll, Shared.dll'
signConfigType: 'inlineSignParams'
inlineOperation: |
[
{
"KeyCode" : "CP-230012",
"OperationCode" : "SigntoolSign",
"Parameters" : {
"OpusName" : "Microsoft",
"OpusInfo" : "http://www.microsoft.com",
"FileDigest" : "/fd \"SHA256\"",
"PageHash" : "/NPH",
"TimeStamp" : "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
},
"ToolName" : "sign",
"ToolVersion" : "1.0"
},
{
"KeyCode" : "CP-230012",
"OperationCode" : "SigntoolVerify",
"Parameters" : {},
"ToolName" : "sign",
"ToolVersion" : "1.0"
}
]
SessionTimeout: '60'
MaxConcurrency: '50'
MaxRetryAttempts: '5'
- task: EsrpCodeSigning@1
displayName: Code Sign MacOS
inputs:
ConnectedServiceName: 'OSSGadget_CodeSign'
FolderPath: '$(Build.BinariesDirectory)/macos/OSSGadget_macos_$(ReleaseVersion)'
Pattern: 'oss-characteristic.dll, oss-defog.dll, oss-detect-backdoor.dll, oss-detect-cryptography.dll, oss-diff.dll, oss-download.dll, oss-find-domain-squats.dll, oss-find-source.dll, oss-find-squats.dll, oss-health.dll, oss-metadata.dll, oss-risk-calculator.dll, Shared.dll'
signConfigType: 'inlineSignParams'
inlineOperation: |
[
{
"KeyCode" : "CP-230012",
"OperationCode" : "SigntoolSign",
"Parameters" : {
"OpusName" : "Microsoft",
"OpusInfo" : "http://www.microsoft.com",
"FileDigest" : "/fd \"SHA256\"",
"PageHash" : "/NPH",
"TimeStamp" : "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
},
"ToolName" : "sign",
"ToolVersion" : "1.0"
},
{
"KeyCode" : "CP-230012",
"OperationCode" : "SigntoolVerify",
"Parameters" : {},
"ToolName" : "sign",
"ToolVersion" : "1.0"
}
]
SessionTimeout: '60'
MaxConcurrency: '50'
MaxRetryAttempts: '5'
- task: EsrpCodeSigning@1
displayName: Code Sign Windows
inputs:
ConnectedServiceName: 'OSSGadget_CodeSign'
FolderPath: '$(Build.BinariesDirectory)/win/OSSGadget_win_$(ReleaseVersion)'
Pattern: 'oss-characteristic.dll, oss-defog.dll, oss-detect-backdoor.dll, oss-detect-cryptography.dll, oss-diff.dll, oss-download.dll, oss-find-domain-squats.dll, oss-find-source.dll, oss-find-squats.dll, oss-health.dll, oss-metadata.dll, oss-risk-calculator.dll, Shared.dll'
signConfigType: 'inlineSignParams'
inlineOperation: |
[
{
"KeyCode" : "CP-230012",
"OperationCode" : "SigntoolSign",
"Parameters" : {
"OpusName" : "Microsoft",
"OpusInfo" : "http://www.microsoft.com",
"FileDigest" : "/fd \"SHA256\"",
"PageHash" : "/NPH",
"TimeStamp" : "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
},
"ToolName" : "sign",
"ToolVersion" : "1.0"
},
{
"KeyCode" : "CP-230012",
"OperationCode" : "SigntoolVerify",
"Parameters" : {},
"ToolName" : "sign",
"ToolVersion" : "1.0"
}
]
SessionTimeout: '60'
MaxConcurrency: '50'
MaxRetryAttempts: '5'
- task: EsrpCodeSigning@1
displayName: Code Sign .NET Core App
inputs:
ConnectedServiceName: 'OSSGadget_CodeSign'
FolderPath: '$(Build.BinariesDirectory)/netcoreapp/OSSGadget_netcoreapp_$(ReleaseVersion)'
Pattern: 'oss-characteristic.dll, oss-defog.dll, oss-detect-backdoor.dll, oss-detect-cryptography.dll, oss-diff.dll, oss-download.dll, oss-find-domain-squats.dll, oss-find-source.dll, oss-find-squats.dll, oss-health.dll, oss-metadata.dll, oss-risk-calculator.dll, Shared.dll'
signConfigType: 'inlineSignParams'
inlineOperation: |
[
{
"KeyCode" : "CP-230012",
"OperationCode" : "SigntoolSign",
"Parameters" : {
"OpusName" : "Microsoft",
"OpusInfo" : "http://www.microsoft.com",
"FileDigest" : "/fd \"SHA256\"",
"PageHash" : "/NPH",
"TimeStamp" : "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
},
"ToolName" : "sign",
"ToolVersion" : "1.0"
},
{
"KeyCode" : "CP-230012",
"OperationCode" : "SigntoolVerify",
"Parameters" : {},
"ToolName" : "sign",
"ToolVersion" : "1.0"
}
]
SessionTimeout: '60'
MaxConcurrency: '50'
MaxRetryAttempts: '5'
- powershell: 'Get-ChildItem -Path ''$(Build.BinariesDirectory)'' -Recurse CodeSign* | foreach { Remove-Item -Path $_.FullName }'
displayName: 'Delete Code Sign Summaries'
- task: ArchiveFiles@2
displayName: Archive Artifact - Linux
inputs:
rootFolderOrFile: '$(Build.BinariesDirectory)/linux/OSSGadget_linux_$(ReleaseVersion)'
includeRootFolder: true
archiveType: 'tar'
archiveFile: '$(Build.StagingDirectory)/OSSGadget_linux_$(ReleaseVersion).tar.gz'
replaceExistingArchive: true
- task: ArchiveFiles@2
displayName: Archive Artifact - MacOS
inputs:
rootFolderOrFile: '$(Build.BinariesDirectory)/macos/OSSGadget_macos_$(ReleaseVersion)'
includeRootFolder: true
archiveType: 'tar'
archiveFile: '$(Build.StagingDirectory)/OSSGadget_macos_$(ReleaseVersion).tar.gz'
replaceExistingArchive: true
- task: ArchiveFiles@2
displayName: Archive Artifact - Windows
inputs:
rootFolderOrFile: '$(Build.BinariesDirectory)/win/OSSGadget_win_$(ReleaseVersion)'
includeRootFolder: true
archiveType: 'zip'
archiveFile: '$(Build.StagingDirectory)/OSSGadget_win_$(ReleaseVersion).zip'
replaceExistingArchive: true
- task: ArchiveFiles@2
displayName: Archive Artifact - .NET Core App
inputs:
rootFolderOrFile: '$(Build.BinariesDirectory)/netcoreapp/OSSGadget_netcoreapp_$(ReleaseVersion)'
includeRootFolder: true
archiveType: 'zip'
archiveFile: '$(Build.StagingDirectory)/OSSGadget_netcoreapp_$(ReleaseVersion).zip'
replaceExistingArchive: true
- task: PowerShell@2
displayName: Generate Hashes
inputs:
targetType: 'inline'
script: |
Get-ChildItem $(Build.StagingDirectory) | Foreach-Object {
$name = $_.Name
$tmp = (Get-FileHash "$(Build.StagingDirectory)/$name").Hash
Add-Content $(Build.StagingDirectory)/HASHES.txt "$tmp`t$name"
}
- task: PublishPipelineArtifact@1
displayName: Publish Signed Artifacts to Pipeline
inputs:
targetPath: '$(Build.StagingDirectory)'
artifact: 'Signed_Binaries'
- task: GitHubRelease@1
displayName: Release to GitHub
inputs:
gitHubConnection: 'OSSGadget_gfs'
repositoryName: 'microsoft/OSSGadget'
action: 'create'
target: '$(Build.SourceVersion)'
tagSource: 'userSpecifiedTag'
tag: 'v$(ReleaseVersion)'
title: 'OSS Gadget v$(ReleaseVersion)'
assets: |
$(Build.StagingDirectory)/*.tar.gz
$(Build.StagingDirectory)/*.zip
$(Build.StagingDirectory)/HASHES.txt
changeLogCompareToRelease: 'lastNonDraftRelease'
changeLogType: 'commitBased'

- stage: Publish_Shared_Nuget
dependsOn:
- SDL
condition: and(succeeded(), in(variables['Build.Reason'], 'IndividualCI', 'BatchedCI'))
jobs:
- template: templates/check-changes.yml
parameters:
jobName: 'check_changes_shared'
tagName: 'code_changed'
pathArgument: 'Pipelines/*.yml,src/*'
- template: templates/nuget-build-job.yml
parameters:
jobName: 'pack_shared'
projectPath: 'src/Shared/Shared.Lib.csproj'
projectName: 'Shared'
dependsOnArg: 'check_changes_shared'
conditionedOnTag: 'code_changed'
publishToNuget: true
name: MSSecurity-1ES-Build-Agents-Pool
image: MSSecurity-1ES-Windows-2022
os: windows
stages:
- stage: Test
jobs:
- template: dotnet-test-job.yml@templates
parameters:
jobName: 'dotnet_test_windows'
dotnetVersions: ['6.0.x','7.0.x','8.0.x']
poolName: MSSecurity-1ES-Build-Agents-Pool
poolImage: MSSecurity-1ES-Windows-2022
poolOs: windows
projectPath: 'src/oss-tests/oss-tests.csproj'

- stage: Publish_OSS_Find_Squats_Nuget
dependsOn:
- SDL
condition: and(succeeded(), in(variables['Build.Reason'], 'IndividualCI', 'BatchedCI'))
jobs:
- template: templates/check-changes.yml
parameters:
jobName: 'check_changes_oss_find_squats'
tagName: 'code_changed'
pathArgument: 'Pipelines/*,src/*'
- template: templates/nuget-build-job.yml
parameters:
jobName: 'pack_oss_find_squats'
projectPath: 'src/oss-find-squats/oss-find-squats.csproj'
projectName: 'oss-find-squats'
dependsOnArg: 'check_changes_oss_find_squats'
conditionedOnTag: 'code_changed'
publishToNuget: true
- template: templates/nuget-build-job.yml
parameters:
jobName: 'pack_oss_find_squats_lib'
projectPath: 'src/oss-find-squats-lib/oss-find-squats-lib.csproj'
projectName: 'oss-find-squats-lib'
dependsOnArg: 'check_changes_oss_find_squats'
conditionedOnTag: 'code_changed'
publishToNuget: true
- stage: Build
jobs:
- template: dotnet-build-job.yml@templates
parameters:
buildTool: 'dotnet'
buildConfiguration: 'Release'
dotnetVersion: '8.0.x'
targetFramework: 'net8.0'
projectPath: 'src/OSSGadget.sln'
projectName: 'OSSGadget'
poolName: MSSecurity-1ES-Build-Agents-Pool
poolImage: MSSecurity-1ES-Windows-2022
poolOs: windows
artifactName: 'OSSGadget-archive'
preBuild:
- template: nbgv-set-version-steps.yml@templates
Loading

0 comments on commit 7d9fada

Please sign in to comment.