Fix SBOM and release pipeline (#27)

SteveL-MSFT · web-flow · commit 14c6a6c87c6b · 2022-02-10T16:28:40.000-08:00
* fix release yaml

* fix stage name

* fix yaml dependency

* fix pool name

* change pool name back

* add dotnet install task

* fix build to use proper outpath

* update cert

* fix out path

* put signed bits in different folder

* use different cert

* fix signedzip location

* change cert

* fix test
diff --git a/build.ps1 b/build.ps1
@@ -15,7 +15,7 @@ param (
 try {
     Push-Location "$PSScriptRoot/src/code"
 
-    $outPath = "$PSScriptRoot/out"
+    $outPath = "$PSScriptRoot/out/Microsoft.PowerShell.TextUtility"
 
     if ($Clean) {
         if (Test-Path $outPath) {
@@ -26,7 +26,7 @@ try {
         dotnet clean
     }
 
-    dotnet publish --output "$PSScriptRoot/out" --configuration $Configuration
+    dotnet publish --output $outPath --configuration $Configuration
 }
 finally {
     Pop-Location
diff --git a/yaml/releaseBuild.yml b/yaml/releaseBuild.yml
@@ -39,7 +39,7 @@ resources:
     name: PowerShell/compliance
 
 stages:
-- stage: Build and Sign
+- stage: BuildAndSign
   displayName: Build and Sign
   jobs:
   - job: 'BuildAndSign'
@@ -51,15 +51,21 @@ stages:
       demands:
       - ImageOverride -equals PSMMS2019-Secure
     steps:
+    - task: UseDotNet@2
+      displayName: 'Use .NET Core sdk'
+      inputs:
+        packageType: sdk
+        includePreviewVersions: true
+        version: 6.x
     - powershell: |
         Get-ChildItem -Path env:
       displayName: Capture environment
       condition: succeededOrFailed()
-    steps:
     - pwsh: |
         # build agents get reused so we make sure to remove the old archive
         Remove-Item -Path $(Build.SourcesDirectory)/SignedZip -Recurse -Force -ErrorAction Ignore
-        Remove-Item -Path $(Build.SourcesDirectory)/Microsoft.PowerShell.TextUtility -Recurse -Force -ErrorAction Ignore
+        Remove-Item -Path $(Build.SourcesDirectory)/out -Recurse -Force -ErrorAction Ignore
+        Remove-Item -Path $(Build.SourcesDirectory)/signed -Recurse -Force -ErrorAction Ignore
         .\build.ps1 -Clean
         Remove-Item .\out\*.pdb
         $packageVersion = (Import-PowerShellDataFile $(Build.SourcesDirectory)/out/Microsoft.PowerShell.TextUtility/Microsoft.PowerShell.TextUtility.psd1).ModuleVersion
@@ -75,9 +81,9 @@ stages:
         # the folder which contains the binaries to sign
         buildOutputPath: $(Build.SourcesDirectory)/out
         # the location to put the signed output
-        signOutputPath: $(Build.SourcesDirectory)/Microsoft.PowerShell.TextUtility
+        signOutputPath: $(Build.SourcesDirectory)/signed/Microsoft.PowerShell.TextUtility
         # the certificate ID to use
-        certificateId: "CP-230012"
+        certificateId: "CP-460906"
         # The file pattern to use
         # If not using minimatch: comma separated, with * supported
         # If using minimatch: newline separated, with !, **, and * supported.
@@ -89,30 +95,30 @@ stages:
 
     - template: Sbom.yml@ComplianceRepo
       parameters:
-        BuildDropPath: $(Build.SourcesDirectory)/out/Microsoft.PowerShell.TextUtility
+        BuildDropPath: $(Build.SourcesDirectory)/signed/Microsoft.PowerShell.TextUtility
         Build_Repository_Uri: 'https://github.com/powershell/textutility'
         PackageName: 'Microsoft.PowerShell.TextUtility'
         PackageVersion: $(PackageVersion)
 
     - pwsh: |
-        New-Item -Path $(Build.SourcesDirectory)/out/SignedZip -ItemType Directory -ErrorAction Ignore
-        Compress-Archive -Path $(Build.SourcesDirectory)/Microsoft.PowerShell.TextUtility -DestinationPath $(Build.SourcesDirectory)/out/SignedZip/Microsoft.PowerShell.TextUtility.zip -Force
+        New-Item -Path $(Build.SourcesDirectory)/SignedZip -ItemType Directory -ErrorAction Ignore
+        Compress-Archive -Path $(Build.SourcesDirectory)/signed/Microsoft.PowerShell.TextUtility -DestinationPath $(Build.SourcesDirectory)/SignedZip/Microsoft.PowerShell.TextUtility.zip -Force
       displayName: 'Compress archive'
       condition: succeededOrFailed()
 
     - task: PublishPipelineArtifact@1
       inputs:
-        targetpath: $(Build.SourcesDirectory)/out/Microsoft.PowerShell.TextUtility
+        targetpath: $(Build.SourcesDirectory)/signed/Microsoft.PowerShell.TextUtility
         artifactName: Signed
 
     - task: PublishPipelineArtifact@1
       inputs:
-        targetpath: $(Build.SourcesDirectory)/out/SignedZip
+        targetpath: $(Build.SourcesDirectory)/SignedZip
         artifactName: SignedZip
 
 - stage: compliance
   displayName: Compliance
-  dependsOn: Build
+  dependsOn: BuildAndSign
   jobs:
   - job: Compliance_Job
     pool:
diff --git a/yaml/template/runtest.yml b/yaml/template/runtest.yml
@@ -14,6 +14,6 @@ jobs:
         artifactName: out
         targetPath: '$(Build.SourcesDirectory)/out'
     - pwsh: |
-        Import-Module ./out/Microsoft.PowerShell.TextUtility.psd1
+        Import-Module ./out/Microsoft.PowerShell.TextUtility
         Invoke-Pester -Path ./test -OutputFormat NUnitXml -EnableExit
     condition: succeeded()

Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,7 @@ param (`
`15`	`15`	`try {`
`16`	`16`	`Push-Location "$PSScriptRoot/src/code"`
`17`	`17`
`18`		`- $outPath = "$PSScriptRoot/out"`
	`18`	`+ $outPath = "$PSScriptRoot/out/Microsoft.PowerShell.TextUtility"`
`19`	`19`
`20`	`20`	`if ($Clean) {`
`21`	`21`	`if (Test-Path $outPath) {`
`@@ -26,7 +26,7 @@ try {`
`26`	`26`	`dotnet clean`
`27`	`27`	`}`
`28`	`28`
`29`		`- dotnet publish --output "$PSScriptRoot/out" --configuration $Configuration`
	`29`	`+ dotnet publish --output $outPath --configuration $Configuration`
`30`	`30`	`}`
`31`	`31`	`finally {`
`32`	`32`	`Pop-Location`