Skip to content

Onboard pipelines to MicroBuild #583

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
testforstephen merged 7 commits into from
Mar 21, 2025
Merged

Onboard pipelines to MicroBuild #583

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
51c48ad
Onboard pipelines to MicroBuild
testforstephen Mar 21, 2025
5a0e525
onboard code sign to microbuild
testforstephen Mar 21, 2025
653399c
remove p2 copy logic
testforstephen Mar 21, 2025
d9b5fdd
remove p2 buildartifact dir
testforstephen Mar 21, 2025
1d6ae10
use MicroBuild to publish to maven
testforstephen Mar 21, 2025
b29da93
fix m2 sign path
testforstephen Mar 21, 2025
a300292
upgrade to actions/cache@v4
testforstephen Mar 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
100 changes: 100 additions & 0 deletions .azure-pipelines/publish-to-maven.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
name: $(Date:yyyyMMdd).$(Rev:r)
resources:
repositories:
- repository: MicroBuildTemplate
type: git
name: 1ESPipelineTemplates/MicroBuildTemplate
ref: refs/tags/release
trigger: none
extends:
template: azure-pipelines/1ES.Official.Publish.yml@MicroBuildTemplate
parameters:
pool:
os: linux
name: 1ES_JavaTooling_Pool
image: 1ES_JavaTooling_Ubuntu-2004
sdl:
sourceAnalysisPool:
name: 1ES_JavaTooling_Pool
image: 1ES_JavaTooling_Windows_2022
os: windows
stages:
- stage: PublishToMaven
jobs:
- job: PublishToMaven
steps:
- task: DownloadBuildArtifacts@1
displayName: 'Download Jar Artifacts'
inputs:
buildType: specific
project: 'a4d27ce2-a42d-4b71-8eef-78cee9a9728e'
pipeline: 16486
downloadType: specific
extractTars: false
itemPattern: 'm2/**'
- script: |
echo "import public key"
echo $GPG_PUBLIC_B64 | base64 -d | gpg --import

echo "import secret key"
echo $GPG_SECRET_B64 | base64 -d | gpg --batch --passphrase $GPGPASS --import
displayName: 'import GPG keys'
env:
GPG_PUBLIC_B64: $(GPG_PUBLIC_B64)
GPG_SECRET_B64: $(GPG_SECRET_B64)
GPGPASS: $(GPGPASS)
- task: NodeTool@0
displayName: 'Use Node 20.x'
inputs:
versionSpec: 20.x
- script: |
cd $(System.ArtifactsDirectory)/m2
pluginJarFile=$(basename -- java-debug-parent/*.pom)

# remove .* from end
noExt=${pluginJarFile%.*}

# remove *- from start
export releaseVersion=${noExt##*-}
echo $releaseVersion

export artifactFolder=$(pwd .)
wget https://raw.githubusercontent.com/microsoft/java-debug/master/scripts/publishMaven.js

export GPG_TTY=$(tty)
node publishMaven.js -task gpg
displayName: 'sign artifacts'
env:
GPG_PUBLIC_B64: $(GPG_PUBLIC_B64)
GPG_SECRET_B64: $(GPG_SECRET_B64)
GPGPASS: $(GPGPASS)
NEXUS_OSSRHPASS: $(NEXUS_OSSRHPASS)
NEXUS_OSSRHUSER: $(NEXUS_OSSRHUSER)
NEXUS_STAGINGPROFILEID: $(NEXUS_STAGINGPROFILEID)
- template: MicroBuild.Publish.yml@MicroBuildTemplate
parameters:
intent: 'PackageDistribution'
contentType: 'Maven'
contentSource: 'Folder'
folderLocation: '$(System.ArtifactsDirectory)/m2/java-debug-parent'
waitForReleaseCompletion: true
owners: 'jinbwan@microsoft.com'
approvers: 'roml@microsoft.com'
- template: MicroBuild.Publish.yml@MicroBuildTemplate
parameters:
intent: 'PackageDistribution'
contentType: 'Maven'
contentSource: 'Folder'
folderLocation: '$(System.ArtifactsDirectory)/m2/com.microsoft.java.debug.core'
waitForReleaseCompletion: true
owners: 'jinbwan@microsoft.com'
approvers: 'roml@microsoft.com'
- template: MicroBuild.Publish.yml@MicroBuildTemplate
parameters:
intent: 'PackageDistribution'
contentType: 'Maven'
contentSource: 'Folder'
folderLocation: '$(System.ArtifactsDirectory)/m2/com.microsoft.java.debug.plugin'
waitForReleaseCompletion: true
owners: 'jinbwan@microsoft.com'
approvers: 'roml@microsoft.com'
97 changes: 35 additions & 62 deletions .azure-pipelines/signjars-nightly.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,23 @@ extends:
steps:
- checkout: self
fetchTags: true
- task: UsePythonVersion@0
displayName: 'Use Python 3.11.x'
inputs:
versionSpec: 3.11.x
- task: UseDotNet@2
displayName: 'Use .NET Core 3.1.x'
inputs:
packageType: 'sdk'
version: '3.1.x'
- task: MicroBuildSigningPlugin@4
displayName: 'Install Signing Plugin'
inputs:
signType: real
azureSubscription: 'MicroBuild Signing Task (MSEng)'
feedSource: 'https://mseng.pkgs.visualstudio.com/DefaultCollection/_packaging/MicroBuildToolset/nuget/v3/index.json'
env:
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
- task: JavaToolInstaller@0
displayName: Use Java 21
inputs:
Expand All @@ -70,38 +87,16 @@ extends:

mkdir -p jars
mv .repository/com/microsoft/java/com.microsoft.java.debug.core/$RELEASE_VERSION/com.microsoft.java.debug.core*.jar jars/
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
displayName: Sign core.jar
- task: CmdLine@2
displayName: Sign core jars
inputs:
ConnectedServiceName: $(ConnectedServiceName)
AppRegistrationClientId: $(AppRegistrationClientId)
AppRegistrationTenantId: $(AppRegistrationTenantId)
AuthAKVName: $(AuthAKVName)
AuthCertName: $(AuthCertName)
AuthSignCertName: $(AuthSignCertName)
FolderPath: jars
Pattern: com.microsoft.java.debug.core*.jar
signConfigType: inlineSignParams
inlineOperation: |-
[
{
"KeyCode" : "CP-447347-Java",
"OperationCode" : "JavaSign",
"Parameters" : {
"SigAlg" : "SHA256withRSA",
"Timestamp" : "-tsa http://sha256timestamp.ws.digicert.com/sha256/timestamp"
},
"ToolName" : "sign",
"ToolVersion" : "1.0"
},
{
"KeyCode" : "CP-447347-Java",
"OperationCode" : "JavaVerify",
"Parameters" : {},
"ToolName" : "sign",
"ToolVersion" : "1.0"
}
]
script: |
files=$(find . -type f -name "com.microsoft.java.debug.core*.jar")
for file in $files; do
fileName=$(basename "$file")
dotnet "$MBSIGN_APPFOLDER/DDSignFiles.dll" -- /file:"$fileName" /certs:100010171
done
workingDirectory: 'jars'
- task: CmdLine@2
displayName: install signed core.jar
inputs:
Expand All @@ -116,38 +111,16 @@ extends:

mkdir -p jars
mv .repository/com/microsoft/java/com.microsoft.java.debug.plugin/$RELEASE_VERSION/com.microsoft.java.debug.plugin*.jar jars/
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
displayName: Sign plugin.jar
- task: CmdLine@2
displayName: Sign plugin jars
inputs:
ConnectedServiceName: $(ConnectedServiceName)
AppRegistrationClientId: $(AppRegistrationClientId)
AppRegistrationTenantId: $(AppRegistrationTenantId)
AuthAKVName: $(AuthAKVName)
AuthCertName: $(AuthCertName)
AuthSignCertName: $(AuthSignCertName)
FolderPath: jars
Pattern: com.microsoft.java.debug.plugin*.jar
signConfigType: inlineSignParams
inlineOperation: |-
[
{
"KeyCode" : "CP-447347-Java",
"OperationCode" : "JavaSign",
"Parameters" : {
"SigAlg" : "SHA256withRSA",
"Timestamp" : "-tsa http://sha256timestamp.ws.digicert.com/sha256/timestamp"
},
"ToolName" : "sign",
"ToolVersion" : "1.0"
},
{
"KeyCode" : "CP-447347-Java",
"OperationCode" : "JavaVerify",
"Parameters" : {},
"ToolName" : "sign",
"ToolVersion" : "1.0"
}
]
script: |
files=$(find . -type f -name "com.microsoft.java.debug.plugin*.jar")
for file in $files; do
fileName=$(basename "$file")
dotnet "$MBSIGN_APPFOLDER/DDSignFiles.dll" -- /file:"$fileName" /certs:100010171
done
workingDirectory: 'jars'
- task: CopyFiles@2
displayName: "Copy plugin.jar to: $(Build.ArtifactStagingDirectory)"
inputs:
Expand Down
Loading