Skip to content

Commit 33c2291

Browse files
authored
Enable Azure DevOps release build (#912)
Add YAML files and signing XML files to enable release build in Azure DevOps.
1 parent 7050b12 commit 33c2291

File tree

3 files changed

+148
-0
lines changed

3 files changed

+148
-0
lines changed

.vsts-ci/releaseBuild.yml

Lines changed: 126 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,126 @@
1+
name: PSReadLine-ModuleBuild-$(Build.BuildId)
2+
trigger:
3+
branches:
4+
include:
5+
- master
6+
- release*
7+
8+
variables:
9+
DOTNET_CLI_TELEMETRY_OPTOUT: 1
10+
POWERSHELL_TELEMETRY_OPTOUT: 1
11+
DOTNET_SKIP_FIRST_TIME_EXPERIENCE: 1
12+
13+
# Set AzDevOps Agent to clean the machine after the end of the build
14+
resources:
15+
- repo: self
16+
clean: true
17+
18+
jobs:
19+
- job: build_windows
20+
pool: Package ES Lab A
21+
22+
steps:
23+
24+
- checkout: self
25+
clean: true
26+
persistCredentials: true
27+
28+
- task: PkgESSetupBuild@10
29+
displayName: 'Initialize build'
30+
inputs:
31+
# Do not create a release share.
32+
# Enabling this will cause failures!
33+
useDfs: false
34+
productName: PSReadLine
35+
# Add branch name to build name (only for non-master)
36+
branchVersion: true
37+
disableWorkspace: true
38+
disableBuildTools: true
39+
disableNugetPack: true
40+
41+
- pwsh: |
42+
$(Build.SourcesDirectory)\build.ps1 -Bootstrap
43+
$(Build.SourcesDirectory)\build.ps1 -Configuration Release -Framework net461
44+
# Set target folder paths
45+
$vstsCommandString = "vso[task.setvariable variable=PSReadLine]$(Build.SourcesDirectory)\bin\Release\PSReadLine"
46+
Write-Host "sending " + $vstsCommandString
47+
Write-Host "##$vstsCommandString"
48+
$vstsCommandString = "vso[task.setvariable variable=Signed]$(Build.SourcesDirectory)\bin\Release\Signed"
49+
Write-Host "sending " + $vstsCommandString
50+
Write-Host "##$vstsCommandString"
51+
displayName: Bootstrap & Build
52+
53+
# Sign the module files
54+
- task: PkgESCodeSign@10
55+
displayName: 'CodeSign - module artifacts'
56+
env:
57+
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
58+
inputs:
59+
signConfigXml: '$(Build.SourcesDirectory)\.vsts-ci\sign-module-files.xml'
60+
inPathRoot: '$(PSReadLine)'
61+
outPathRoot: '$(Signed)'
62+
binVersion: Production
63+
binVersionOverride: ''
64+
65+
# Replace the *.psm1, *.ps1, *.psd1, *.dll files with the signed ones
66+
- pwsh: |
67+
# Show the signed files
68+
Get-ChildItem -Path $(Signed)
69+
Copy-Item -Path $(Signed)\* -Destination $(PSReadLine) -Force
70+
displayName: 'Replace unsigned files with signed ones'
71+
72+
# Create catalog file from the signed modules files
73+
- pwsh: |
74+
New-FileCatalog -CatalogFilePath $(PSReadLine)\PSReadLine.cat -Path $(PSReadLine) -CatalogVersion 2.0 | `
75+
ForEach-Object -MemberName FullName
76+
displayName: 'Create catalog file'
77+
78+
# Sign the catalog file
79+
- task: PkgESCodeSign@10
80+
displayName: 'CodeSign - catalog file'
81+
env:
82+
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
83+
inputs:
84+
signConfigXml: '$(Build.SourcesDirectory)\.vsts-ci\sign-catalog.xml'
85+
inPathRoot: '$(PSReadLine)'
86+
outPathRoot: '$(Signed)'
87+
binVersion: Production
88+
binVersionOverride: ''
89+
90+
# Copy the signed catalog file over
91+
- pwsh: |
92+
# Show the signed files
93+
Get-ChildItem -Path $(Signed)
94+
Copy-Item -Path $(Signed)\PSReadLine.cat -Destination $(PSReadLine) -Force
95+
displayName: 'Replace catalog file with the signed one'
96+
97+
# Verify the signatures
98+
- pwsh: |
99+
$HasInvalidFiles = $false
100+
$WrongCert = @{}
101+
Get-ChildItem -Path $(PSReadLine) -Recurse -Include "*.dll","*.ps*1*","*.cat" | `
102+
Get-AuthenticodeSignature | ForEach-Object {
103+
$_ | Select-Object Path, Status
104+
if ($_.Status -ne 'Valid') { $HasInvalidFiles = $true }
105+
if ($_.SignerCertificate.Subject -notmatch 'CN=Microsoft Corporation.*') {
106+
$WrongCert.Add($_.Path, $_.SignerCertificate.Subject)
107+
}
108+
}
109+
110+
if ($HasInvalidFiles) { throw "Authenticode verification failed. There is one or more invalid files." }
111+
if ($WrongCert.Count -gt 0) {
112+
$WrongCert
113+
throw "Certificate should have the subject starts with 'Microsoft Corporation'"
114+
}
115+
displayName: 'Verify the signed files'
116+
117+
- pwsh: |
118+
$CatInfo = Test-FileCatalog -Path $(PSReadLine) -CatalogFilePath $(PSReadLine)\PSReadLine.cat -Detailed
119+
$CatInfo | Format-List
120+
if ($CatInfo.Status -ne "Valid") { throw "Catalog file is invalid." }
121+
displayName: 'Verify the catalog file'
122+
123+
- pwsh: |
124+
Get-ChildItem -Path $(PSReadLine)
125+
Write-Host "##vso[artifact.upload containerfolder=PSReadLine;artifactname=PSReadLine]$(PSReadLine)"
126+
displayName: 'Upload module artifacts'

.vsts-ci/sign-catalog.xml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
<?xml version="1.0" encoding="utf-8" ?>
2+
3+
<!-- Config files for Azure DevOps code-signing pipeline. -->
4+
<SignConfigXML>
5+
<job platform="" configuration="" dest="__OUTPATHROOT__\signed" jobname="PSReadLine" approvers="dongbow;slee">
6+
<file src="__INPATHROOT__\PSReadLine.cat" signType="AuthenticodeFormer" dest="__OUTPATHROOT__\PSReadLine.cat" />
7+
</job>
8+
</SignConfigXML>

.vsts-ci/sign-module-files.xml

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
<?xml version="1.0" encoding="utf-8" ?>
2+
3+
<!-- Config files for Azure DevOps code-signing pipeline. -->
4+
<SignConfigXML>
5+
<job platform="" configuration="" dest="__OUTPATHROOT__\signed" jobname="PSReadLine" approvers="vigarg;gstolt">
6+
<file src="__INPATHROOT__\PSReadLine.psd1" signType="AuthenticodeFormer" dest="__OUTPATHROOT__\PSReadLine.psd1" />
7+
<file src="__INPATHROOT__\PSReadLine.psm1" signType="AuthenticodeFormer" dest="__OUTPATHROOT__\PSReadLine.psm1" />
8+
<file src="__INPATHROOT__\SamplePSReadLineProfile.ps1" signType="AuthenticodeFormer" dest="__OUTPATHROOT__\SamplePSReadLineProfile.ps1" />
9+
<file src="__INPATHROOT__\PSReadLine.format.ps1xml" signType="AuthenticodeFormer" dest="__OUTPATHROOT__\PSReadLine.format.ps1xml" />
10+
11+
<file src="__INPATHROOT__\Microsoft.PowerShell.PSReadLine2.dll" signType="AuthenticodeFormer" dest="__OUTPATHROOT__\Microsoft.PowerShell.PSReadLine2.dll" />
12+
<file src="__INPATHROOT__\System.Runtime.InteropServices.RuntimeInformation.dll" signType="AuthenticodeFormer" dest="__OUTPATHROOT__\System.Runtime.InteropServices.RuntimeInformation.dll" />
13+
</job>
14+
</SignConfigXML>

0 commit comments

Comments
 (0)