@@ -26,11 +26,17 @@ parameters:
2626 default : false
2727
2828variables :
29- system.debug : ${{ parameters.debug }}
30- BuildConfiguration : Release
31- WindowsContainerImage : onebranch.azurecr.io/windows/ltsc2022/vse2022:latest
32- DOTNET_NOLOGO : true
33- DOTNET_GENERATE_ASPNET_CERTIFICATE : false
29+ - name : system.debug
30+ value : ${{ parameters.debug }}
31+ - name : BuildConfiguration
32+ value : Release
33+ - name : WindowsContainerImage
34+ value : onebranch.azurecr.io/windows/ltsc2022/vse2022:latest
35+ - name : DOTNET_NOLOGO
36+ value : true
37+ - name : DOTNET_GENERATE_ASPNET_CERTIFICATE
38+ value : false
39+ - group : SecretManagementAcr
3440
3541resources :
3642 repositories :
@@ -185,3 +191,153 @@ extends:
185191 packagesToPush : $(drop)/Microsoft.PowerShell.SecretManagement.Library.$(version).nupkg
186192 nuGetFeedType : external
187193 publishFeedCredentials : PowerShellNuGetOrgPush
194+ - stage : PrepForEv2
195+ condition : ne(variables['Build.Reason'], 'Schedule')
196+ dependsOn : build
197+ variables :
198+ drop : $(Pipeline.Workspace)/drop_build_main
199+ version : $[ stageDependencies.build.main.outputs['package.version'] ]
200+ jobs :
201+ - job : CopyEv2FilesToArtifact
202+ displayName : Copy Ev2 Files To Artifact
203+ variables :
204+ - name : ob_outputDirectory
205+ value : ' $(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT'
206+ pool :
207+ timeoutInMinutes : 30
208+ type : windows
209+ steps :
210+ - task : onebranch.pipeline.signing@1
211+ displayName : Sign 1st Party Files
212+ inputs :
213+ command : ' sign'
214+ signing_profile : external_distribution
215+ files_to_sign : ' **\*.ps1'
216+ search_root : ' $(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot/Shell'
217+ - download : current
218+ displayName : Download artifacts
219+ - pwsh : |
220+ $modulePath = Join-Path $(drop) -ChildPath 'Microsoft.PowerShell.SecretManagement.$(version).nupkg'
221+ $fileExists = Test-Path $modulePath
222+ Write-Verbose -Verbose "Module file $modulePath Exists: $fileExists"
223+
224+ $srcDir = Join-Path '$(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot' -ChildPath 'SrcFiles'
225+ New-Item $srcDir -ItemType Directory
226+
227+ $dest = Join-Path $srcDir -ChildPath 'Microsoft.PowerShell.SecretManagement.$(version).nupkg'
228+ Copy-Item -Path $modulePath -Destination $dest
229+
230+ Get-ChildItem '$(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot/SrcFiles/'
231+ displayName: Move artifact to Ev2 folder
232+ pwsh : |
233+ $srcPath = Join-Path '$(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot' -ChildPath 'Shell'
234+ $pathToRunTarFile = Join-Path '$(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot/Shell' -ChildPath "Run.tar"
235+ tar -cvf $pathToRunTarFile -C $srcPath ./Run
236+ $tarExists = Test-Path $pathToRunTarFile
237+ Write-Verbose -Verbose "Tar file $pathToRunTarFile exists: $tarExists"
238+ displayName: Compress Run script into tar file as needed for EV2 Shell extension
239+ pwsh : |
240+ $pathToJsonFile = Join-Path -Path '$(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot' -ChildPath 'SecretManagementToACR.Rollout.json'
241+ $content = Get-Content -Path $pathToJsonFile | ConvertFrom-Json
242+ $envVarArrayLen = $content.shellExtensions.launch.environmentVariables.Length
243+
244+ [xml]$xml = Get-Content Directory.Build.props
245+ $version = $xml.Project.PropertyGroup.ModuleVersion
246+
247+ for ($i=0; $i -lt $envVarArrayLen; $i++)
248+ {
249+ $name = $($content.shellExtensions.launch.environmentVariables[$i].name)
250+ if ($name -eq "DESTINATION_ACR_NAME")
251+ {
252+ $content.shellExtensions.launch.environmentVariables[$i].value = '$(acr_name)'
253+ Write-Verbose -Verbose "ACR Name: $($content.shellExtensions.launch.environmentVariables[$i].value)"
254+ }
255+ elseif ($name -eq "DESTINATION_ACR_URI")
256+ {
257+ $content.shellExtensions.launch.environmentVariables[$i].value = '$(acr_uri)'
258+ Write-Verbose -Verbose "ACR URI: $($content.shellExtensions.launch.environmentVariables[$i].value)"
259+ }
260+ elseif ($name -eq "MI_NAME")
261+ {
262+ $content.shellExtensions.launch.environmentVariables[$i].value = '$(managed_identity_name)'
263+ Write-Verbose -Verbose "MI Name: $($content.shellExtensions.launch.environmentVariables[$i].value)"
264+ }
265+ elseif ($name -eq "MI_CLIENTID")
266+ {
267+ $content.shellExtensions.launch.environmentVariables[$i].value = '$(managed_identity_clientid)'
268+ Write-Verbose -Verbose "MI Client ID: $($content.shellExtensions.launch.environmentVariables[$i].value)"
269+ }
270+ elseif($name -eq "SECRET_MANAGEMENT_VERSION")
271+ {
272+ $content.shellExtensions.launch.environmentVariables[$i].value = $version
273+ Write-Verbose -Verbose "Module version: $($content.shellExtensions.launch.environmentVariables[$i].value)"
274+ }
275+ elseif($name -eq "SECRET_MANAGEMENT_MODULE")
276+ {
277+ $content.shellExtensions.launch.environmentVariables[$i].reference.path = "SrcFiles\\Microsoft.PowerShell.SecretManagement.$(version).nupkg"
278+ Write-Verbose -Verbose "Module Path: $($content.shellExtensions.launch.environmentVariables[$i].reference.path)"
279+ }
280+ }
281+
282+ $identityString = "/subscriptions/$(acr_subscription)/resourcegroups/$(acr_resource_group)/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$(managed_identity_name)"
283+ $content.shellExtensions.launch.identity.userAssignedIdentities[0] = $identityString
284+
285+ Remove-Item -Path $pathToJsonFile
286+ $content | ConvertTo-Json -Depth 6 | Out-File $pathToJsonFile
287+
288+ displayName: 'Replace values in SecretManagementToACR.Rollout.json file'
289+ pwsh : |
290+ $pathToJsonFile = Join-Path -Path '$(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot' -ChildPath 'RolloutSpec.json'
291+ $content = Get-Content -Path $pathToJsonFile | ConvertFrom-Json
292+ $content.RolloutMetadata.Notification.Email.To = '$(email_address)'
293+
294+ Remove-Item -Path $pathToJsonFile
295+ $content | ConvertTo-Json -Depth 4 | Out-File $pathToJsonFile
296+
297+ displayName: 'Replace values in RolloutSpecPath.json'
298+ pwsh : |
299+ $pathToJsonFile = Join-Path -Path '$(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot' -ChildPath 'ServiceModel.json'
300+ $content = Get-Content -Path $pathToJsonFile | ConvertFrom-Json
301+ $content.ServiceResourceGroups[0].AzureResourceGroupName = '$(acr_resource_group)'
302+ $content.ServiceResourceGroups[0].AzureSubscriptionId = '$(acr_subscription)'
303+
304+ Remove-Item -Path $pathToJsonFile
305+ $content | ConvertTo-Json -Depth 9 | Out-File $pathToJsonFile
306+
307+ displayName: 'Replace values in ServiceModel.json'
308+ task : CopyFiles@2
309+ inputs :
310+ Contents : ' EV2Specs/**'
311+ TargetFolder : $(ob_outputDirectory)
312+ - stage : ' Prod_release'
313+ displayName : Deploy Images to ACR with EV2
314+ dependsOn :
315+ - PrepForEV2
316+ variables :
317+ - name : ob_release_environment
318+ value : " Production"
319+ - name : repoRoot
320+ value : $(Build.SourcesDirectory)
321+ jobs :
322+ - job : Prod_ReleaseJob
323+ pool :
324+ type : release
325+ steps :
326+ - task : DownloadPipelineArtifact@2
327+ inputs :
328+ targetPath : ' $(Pipeline.Workspace)'
329+ artifact : drop_PrepForEV2_CopyEv2FilesToArtifact
330+ displayName : ' Download drop_PrepForEV2_CopyEv2FilesToArtifact artifact that has all files needed'
331+ - task : DownloadPipelineArtifact@2
332+ inputs :
333+ buildType : ' current'
334+ targetPath : ' $(Pipeline.Workspace)'
335+ displayName : ' Download to get EV2 Files'
336+ - task : vsrm-ev2.vss-services-ev2.adm-release-task.ExpressV2Internal@1
337+ displayName : ' Ev2: Push to ACR'
338+ inputs :
339+ UseServerMonitorTask : true
340+ EndpointProviderType : ApprovalService
341+ ApprovalServiceEnvironment : Production
342+ ServiceRootPath : ' $(Pipeline.Workspace)/drop_PrepForEV2_CopyEv2FilesToArtifact/EV2Specs/ServiceGroupRoot'
343+ RolloutSpecPath : ' $(Pipeline.Workspace)/drop_PrepForEV2_CopyEv2FilesToArtifact/EV2Specs/ServiceGroupRoot/RolloutSpec.json'
0 commit comments