Replace 1ES with OneBranch pipeline

PowerShell · Mar 19, 2024 · 72148d4 · 72148d4
1 parent edafb44
commit 72148d4
Show file tree

Hide file tree

Showing 18 changed files with 282 additions and 726 deletions.
diff --git a/.config/tsaoptions.json b/.config/tsaoptions.json
@@ -0,0 +1,8 @@
+{
+  "instanceUrl": "https://msazure.visualstudio.com",
+  "projectName": "One",
+  "areaPath": "One\\MGMT\\Compute\\Powershell\\Powershell",
+  "notificationAliases": [ "[email protected]", "[email protected]" ],
+  "codebaseName": "PowerShell_PowerShellEditorServices_20240313",
+  "tools": [ "CredScan", "PoliCheck", "BinSkim" ]
+}
diff --git a/.github/release.yml b/.github/release.yml
@@ -0,0 +1,16 @@
+changelog:
+  exclude:
+    labels:
+      - Ignore
+    authors:
+      - dependabot[bot]
+  categories:
+    - title: Enhancements & Features ✨
+      labels:
+        - Issue-Enhancement
+    - title: Squashed Bugs 🐛
+      labels:
+        - Issue-Bug
+    - title: Other Changes 🙏
+      labels:
+        - "*"
diff --git a/.github/workflows/ci-test.yml b/.github/workflows/ci-test.yml
@@ -37,6 +37,9 @@ jobs:
             6.0.x
             7.0.x
             8.0.x
+          source-url: https://pkgs.dev.azure.com/mscodehub/PowerShellCore/_packaging/PowerShellCore_PublicPackages/nuget/v3/index.json
+        env:
+          NUGET_AUTH_TOKEN: ${{ secrets.AZURE_NUGET_TOKEN }}
 
       - name: Install PSResources
         shell: pwsh

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -33,6 +33,9 @@ jobs:
       with:
         cache: true
         cache-dependency-path: '**/packages.lock.json'
+        source-url: https://pkgs.dev.azure.com/mscodehub/PowerShellCore/_packaging/PowerShellCore_PublicPackages/nuget/v3/index.json
+      env:
+        NUGET_AUTH_TOKEN: ${{ secrets.AZURE_NUGET_TOKEN }}
 
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v3

diff --git a/.github/workflows/emacs-test.yml b/.github/workflows/emacs-test.yml
@@ -27,6 +27,9 @@ jobs:
         with:
           cache: true
           cache-dependency-path: '**/packages.lock.json'
+          source-url: https://pkgs.dev.azure.com/mscodehub/PowerShellCore/_packaging/PowerShellCore_PublicPackages/nuget/v3/index.json
+        env:
+          NUGET_AUTH_TOKEN: ${{ secrets.AZURE_NUGET_TOKEN }}
 
       - name: Install PSResources
         shell: pwsh

diff --git a/.github/workflows/vim-test.yml b/.github/workflows/vim-test.yml
@@ -27,6 +27,9 @@ jobs:
         with:
           cache: true
           cache-dependency-path: '**/packages.lock.json'
+          source-url: https://pkgs.dev.azure.com/mscodehub/PowerShellCore/_packaging/PowerShellCore_PublicPackages/nuget/v3/index.json
+        env:
+          NUGET_AUTH_TOKEN: ${{ secrets.AZURE_NUGET_TOKEN }}
 
       - name: Install PSResources
         shell: pwsh

diff --git a/.pipelines/PowerShellEditorServices-Official.yml b/.pipelines/PowerShellEditorServices-Official.yml
@@ -0,0 +1,182 @@
+#################################################################################
+#                               OneBranch Pipelines                             #
+# This pipeline was created by EasyStart from a sample located at:              #
+#   https://aka.ms/obpipelines/easystart/samples                                #
+# Documentation:  https://aka.ms/obpipelines                                    #
+# Yaml Schema:    https://aka.ms/obpipelines/yaml/schema                        #
+# Retail Tasks:   https://aka.ms/obpipelines/tasks                              #
+# Support:        https://aka.ms/onebranchsup                                   #
+#################################################################################
+
+trigger: none
+
+parameters:
+- name: debug
+  displayName: Enable debug output
+  type: boolean
+  default: false
+
+variables:
+  system.debug: ${{ parameters.debug }}
+  BuildConfiguration: Release
+  WindowsContainerImage: onebranch.azurecr.io/windows/ltsc2019/vse2022:latest
+  DOTNET_NOLOGO: true
+  DOTNET_CLI_TELEMETRY_OPTOUT: true
+  DOTNET_GENERATE_ASPNET_CERTIFICATE: false
+
+resources:
+  repositories:
+    - repository: templates
+      type: git
+      name: OneBranch.Pipelines/GovernedTemplates
+      ref: refs/heads/main
+
+extends:
+  # https://aka.ms/obpipelines/templates
+  template: v2/OneBranch.Official.CrossPlat.yml@templates
+  parameters:
+    globalSdl: # https://aka.ms/obpipelines/sdl
+      asyncSdl:
+        enabled: true
+        forStages: [build]
+    stages:
+    - stage: build
+      jobs:
+      - job: main
+        displayName: Build package
+        pool:
+          type: windows
+        variables:
+          ob_outputDirectory: $(Build.SourcesDirectory)/module
+        steps:
+          - pwsh: |
+              [xml]$xml = Get-Content PowerShellEditorServices.Common.props
+              $version = $xml.Project.PropertyGroup.VersionPrefix
+              Write-Output "##vso[task.setvariable variable=version;isOutput=true]$version"
+            name: package
+            displayName: Get version from project properties
+          - task: onebranch.pipeline.version@1
+            displayName: Set OneBranch version
+            inputs:
+              system: Custom
+              customVersion: $(package.version)
+          - task: UseDotNet@2
+            displayName: Install .NET 8.x SDK
+            inputs:
+              packageType: sdk
+              version: 8.x
+          - task: UseDotNet@2
+            displayName: Install .NET 7.x runtime
+            inputs:
+              packageType: runtime
+              version: 7.x
+          - task: UseDotNet@2
+            displayName: Install .NET 6.x runtime
+            inputs:
+              packageType: runtime
+              version: 6.x
+          - task: PowerShell@2
+            displayName: Install PSResources
+            inputs:
+              pwsh: true
+              filePath: tools/installPSResources.ps1
+          - task: PowerShell@2
+            displayName: Build and test
+            inputs:
+              targetType: inline
+              pwsh: true
+              script: Invoke-Build TestFull -Configuration $(BuildConfiguration)
+          - task: PublishTestResults@2
+            displayName: Publish test results
+            inputs:
+              testRunner: VSTest
+              testResultsFiles: '**/*.trx'
+              failTaskOnFailedTests: true
+          - task: PowerShell@2
+            displayName: Assert release configuration
+            inputs:
+              targetType: inline
+              pwsh: true
+              script: |
+                $assembly = [Reflection.Assembly]::LoadFile("$(Build.SourcesDirectory)/module/PowerShellEditorServices/bin/Core/Microsoft.PowerShell.EditorServices.Hosting.dll")
+                if ($assembly.GetCustomAttributes([System.Diagnostics.DebuggableAttribute], $true).IsJITOptimizerDisabled) {
+                  Write-Host "##vso[task.LogIssue type=error;]Was not built in release configuration!"
+                  exit 1
+                }
+          - task: onebranch.pipeline.signing@1
+            displayName: Sign 1st-party files
+            inputs:
+              command: sign
+              signing_environment: external_distribution
+              search_root: $(Build.SourcesDirectory)/module
+              files_to_sign: |
+                **/*.ps1;
+                **/*.psd1;
+                **/*.psm1;
+                **/*.ps1xml;
+                **/Microsoft.PowerShell.EditorServices*.dll;
+                !Plaster/*;
+          - task: onebranch.pipeline.signing@1
+            displayName: Sign 3rd-party files
+            inputs:
+              command: sign
+              signing_environment: 135020002
+              search_root: $(Build.SourcesDirectory)/module
+              files_to_sign: |
+                **/MediatR.dll;
+                **/Nerdbank.Streams.dll;
+                **/Newtonsoft.Json.dll;
+                **/OmniSharp.Extensions*.dll;
+                **/Serilog*.dll;
+                **/System.Reactive.dll;
+                Plaster/**/*.ps1;
+                Plaster/**/*.psd1;
+                Plaster/**/*.psm1;
+    - stage: release
+      dependsOn: build
+      variables:
+        version: $[ stageDependencies.build.main.outputs['package.version'] ]
+        drop: $(Pipeline.Workspace)/drop_build_main
+      jobs:
+      - job: validation
+        displayName: Manual validation
+        pool:
+          type: agentless
+        timeoutInMinutes: 1440
+        steps:
+        - task: ManualValidation@0
+          displayName: Wait 24 hours for validation
+          inputs:
+            notifyUsers: $(Build.RequestedForEmail)
+            instructions: Please validate the release
+            timeoutInMinutes: 1440
+      - job: github
+        dependsOn: validation
+        displayName: Publish draft to GitHub
+        pool:
+          type: windows
+        variables:
+          ob_outputDirectory: $(Build.SourcesDirectory)/out
+        steps:
+        - download: current
+          displayName: Download artifacts
+        - task: ArchiveFiles@2
+          displayName: Zip signed artifacts
+          inputs:
+            rootFolderOrFile: $(drop)
+            includeRootFolder: false
+            archiveType: zip
+            archiveFile: out/PowerShellEditorServices.zip
+        - task: GitHubRelease@1
+          displayName: Create GitHub release
+          inputs:
+            gitHubConnection: GitHub
+            repositoryName: PowerShell/PowerShellEditorServices
+            assets: out/PowerShellEditorServices.zip
+            tagSource: userSpecifiedTag
+            tag: v$(version)
+            isDraft: true
+            addChangeLog: false
+            releaseNotesSource: inline
+            releaseNotesInline: |
+              # TODO: Generate release notes on GitHub!
diff --git a/.vsts-ci/azure-pipelines-ci.yml b/.vsts-ci/azure-pipelines-ci.yml
diff --git a/.vsts-ci/azure-pipelines-release.yml b/.vsts-ci/azure-pipelines-release.yml
diff --git a/.vsts-ci/misc-analysis.yml b/.vsts-ci/misc-analysis.yml