Skip to content

Commit 31b2255

Browse files
testforstephentestforstephen
authored
Onboard pipelines to MicroBuild (#583)
* Onboard pipelines to MicroBuild * onboard code sign to microbuild * remove p2 copy logic * remove p2 buildartifact dir * use MicroBuild to publish to maven * fix m2 sign path * upgrade to actions/cache@v4
1 parent dff3538 commit 31b2255

File tree

4 files changed

+183
-207
lines changed

4 files changed

+183
-207
lines changed

.azure-pipelines/publish-to-maven.yml

Lines changed: 100 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,100 @@
1+
name: $(Date:yyyyMMdd).$(Rev:r)
2+
resources:
3+
repositories:
4+
- repository: MicroBuildTemplate
5+
type: git
6+
name: 1ESPipelineTemplates/MicroBuildTemplate
7+
ref: refs/tags/release
8+
trigger: none
9+
extends:
10+
template: azure-pipelines/1ES.Official.Publish.yml@MicroBuildTemplate
11+
parameters:
12+
pool:
13+
os: linux
14+
name: 1ES_JavaTooling_Pool
15+
image: 1ES_JavaTooling_Ubuntu-2004
16+
sdl:
17+
sourceAnalysisPool:
18+
name: 1ES_JavaTooling_Pool
19+
image: 1ES_JavaTooling_Windows_2022
20+
os: windows
21+
stages:
22+
- stage: PublishToMaven
23+
jobs:
24+
- job: PublishToMaven
25+
steps:
26+
- task: DownloadBuildArtifacts@1
27+
displayName: 'Download Jar Artifacts'
28+
inputs:
29+
buildType: specific
30+
project: 'a4d27ce2-a42d-4b71-8eef-78cee9a9728e'
31+
pipeline: 16486
32+
downloadType: specific
33+
extractTars: false
34+
itemPattern: 'm2/**'
35+
- script: |
36+
echo "import public key"
37+
echo $GPG_PUBLIC_B64 | base64 -d | gpg --import
38+
39+
echo "import secret key"
40+
echo $GPG_SECRET_B64 | base64 -d | gpg --batch --passphrase $GPGPASS --import
41+
displayName: 'import GPG keys'
42+
env:
43+
GPG_PUBLIC_B64: $(GPG_PUBLIC_B64)
44+
GPG_SECRET_B64: $(GPG_SECRET_B64)
45+
GPGPASS: $(GPGPASS)
46+
- task: NodeTool@0
47+
displayName: 'Use Node 20.x'
48+
inputs:
49+
versionSpec: 20.x
50+
- script: |
51+
cd $(System.ArtifactsDirectory)/m2
52+
pluginJarFile=$(basename -- java-debug-parent/*.pom)
53+
54+
# remove .* from end
55+
noExt=${pluginJarFile%.*}
56+
57+
# remove *- from start
58+
export releaseVersion=${noExt##*-}
59+
echo $releaseVersion
60+
61+
export artifactFolder=$(pwd .)
62+
wget https://raw.githubusercontent.com/microsoft/java-debug/master/scripts/publishMaven.js
63+
64+
export GPG_TTY=$(tty)
65+
node publishMaven.js -task gpg
66+
displayName: 'sign artifacts'
67+
env:
68+
GPG_PUBLIC_B64: $(GPG_PUBLIC_B64)
69+
GPG_SECRET_B64: $(GPG_SECRET_B64)
70+
GPGPASS: $(GPGPASS)
71+
NEXUS_OSSRHPASS: $(NEXUS_OSSRHPASS)
72+
NEXUS_OSSRHUSER: $(NEXUS_OSSRHUSER)
73+
NEXUS_STAGINGPROFILEID: $(NEXUS_STAGINGPROFILEID)
74+
- template: MicroBuild.Publish.yml@MicroBuildTemplate
75+
parameters:
76+
intent: 'PackageDistribution'
77+
contentType: 'Maven'
78+
contentSource: 'Folder'
79+
folderLocation: '$(System.ArtifactsDirectory)/m2/java-debug-parent'
80+
waitForReleaseCompletion: true
81+
owners: '[email protected]'
82+
approvers: '[email protected]'
83+
- template: MicroBuild.Publish.yml@MicroBuildTemplate
84+
parameters:
85+
intent: 'PackageDistribution'
86+
contentType: 'Maven'
87+
contentSource: 'Folder'
88+
folderLocation: '$(System.ArtifactsDirectory)/m2/com.microsoft.java.debug.core'
89+
waitForReleaseCompletion: true
90+
owners: '[email protected]'
91+
approvers: '[email protected]'
92+
- template: MicroBuild.Publish.yml@MicroBuildTemplate
93+
parameters:
94+
intent: 'PackageDistribution'
95+
contentType: 'Maven'
96+
contentSource: 'Folder'
97+
folderLocation: '$(System.ArtifactsDirectory)/m2/com.microsoft.java.debug.plugin'
98+
waitForReleaseCompletion: true
99+
owners: '[email protected]'
100+
approvers: '[email protected]'

.azure-pipelines/signjars-nightly.yml

Lines changed: 35 additions & 62 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,23 @@ extends:
4545
steps:
4646
- checkout: self
4747
fetchTags: true
48+
- task: UsePythonVersion@0
49+
displayName: 'Use Python 3.11.x'
50+
inputs:
51+
versionSpec: 3.11.x
52+
- task: UseDotNet@2
53+
displayName: 'Use .NET Core 3.1.x'
54+
inputs:
55+
packageType: 'sdk'
56+
version: '3.1.x'
57+
- task: MicroBuildSigningPlugin@4
58+
displayName: 'Install Signing Plugin'
59+
inputs:
60+
signType: real
61+
azureSubscription: 'MicroBuild Signing Task (MSEng)'
62+
feedSource: 'https://mseng.pkgs.visualstudio.com/DefaultCollection/_packaging/MicroBuildToolset/nuget/v3/index.json'
63+
env:
64+
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
4865
- task: JavaToolInstaller@0
4966
displayName: Use Java 21
5067
inputs:
@@ -70,38 +87,16 @@ extends:
7087
7188
mkdir -p jars
7289
mv .repository/com/microsoft/java/com.microsoft.java.debug.core/$RELEASE_VERSION/com.microsoft.java.debug.core*.jar jars/
73-
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
74-
displayName: Sign core.jar
90+
- task: CmdLine@2
91+
displayName: Sign core jars
7592
inputs:
76-
ConnectedServiceName: $(ConnectedServiceName)
77-
AppRegistrationClientId: $(AppRegistrationClientId)
78-
AppRegistrationTenantId: $(AppRegistrationTenantId)
79-
AuthAKVName: $(AuthAKVName)
80-
AuthCertName: $(AuthCertName)
81-
AuthSignCertName: $(AuthSignCertName)
82-
FolderPath: jars
83-
Pattern: com.microsoft.java.debug.core*.jar
84-
signConfigType: inlineSignParams
85-
inlineOperation: |-
86-
[
87-
{
88-
"KeyCode" : "CP-447347-Java",
89-
"OperationCode" : "JavaSign",
90-
"Parameters" : {
91-
"SigAlg" : "SHA256withRSA",
92-
"Timestamp" : "-tsa http://sha256timestamp.ws.digicert.com/sha256/timestamp"
93-
},
94-
"ToolName" : "sign",
95-
"ToolVersion" : "1.0"
96-
},
97-
{
98-
"KeyCode" : "CP-447347-Java",
99-
"OperationCode" : "JavaVerify",
100-
"Parameters" : {},
101-
"ToolName" : "sign",
102-
"ToolVersion" : "1.0"
103-
}
104-
]
93+
script: |
94+
files=$(find . -type f -name "com.microsoft.java.debug.core*.jar")
95+
for file in $files; do
96+
fileName=$(basename "$file")
97+
dotnet "$MBSIGN_APPFOLDER/DDSignFiles.dll" -- /file:"$fileName" /certs:100010171
98+
done
99+
workingDirectory: 'jars'
105100
- task: CmdLine@2
106101
displayName: install signed core.jar
107102
inputs:
@@ -116,38 +111,16 @@ extends:
116111
117112
mkdir -p jars
118113
mv .repository/com/microsoft/java/com.microsoft.java.debug.plugin/$RELEASE_VERSION/com.microsoft.java.debug.plugin*.jar jars/
119-
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
120-
displayName: Sign plugin.jar
114+
- task: CmdLine@2
115+
displayName: Sign plugin jars
121116
inputs:
122-
ConnectedServiceName: $(ConnectedServiceName)
123-
AppRegistrationClientId: $(AppRegistrationClientId)
124-
AppRegistrationTenantId: $(AppRegistrationTenantId)
125-
AuthAKVName: $(AuthAKVName)
126-
AuthCertName: $(AuthCertName)
127-
AuthSignCertName: $(AuthSignCertName)
128-
FolderPath: jars
129-
Pattern: com.microsoft.java.debug.plugin*.jar
130-
signConfigType: inlineSignParams
131-
inlineOperation: |-
132-
[
133-
{
134-
"KeyCode" : "CP-447347-Java",
135-
"OperationCode" : "JavaSign",
136-
"Parameters" : {
137-
"SigAlg" : "SHA256withRSA",
138-
"Timestamp" : "-tsa http://sha256timestamp.ws.digicert.com/sha256/timestamp"
139-
},
140-
"ToolName" : "sign",
141-
"ToolVersion" : "1.0"
142-
},
143-
{
144-
"KeyCode" : "CP-447347-Java",
145-
"OperationCode" : "JavaVerify",
146-
"Parameters" : {},
147-
"ToolName" : "sign",
148-
"ToolVersion" : "1.0"
149-
}
150-
]
117+
script: |
118+
files=$(find . -type f -name "com.microsoft.java.debug.plugin*.jar")
119+
for file in $files; do
120+
fileName=$(basename "$file")
121+
dotnet "$MBSIGN_APPFOLDER/DDSignFiles.dll" -- /file:"$fileName" /certs:100010171
122+
done
123+
workingDirectory: 'jars'
151124
- task: CopyFiles@2
152125
displayName: "Copy plugin.jar to: $(Build.ArtifactStagingDirectory)"
153126
inputs:

0 commit comments

Comments
 (0)