@@ -15,6 +15,37 @@ parameters:
1515 default : false
1616 displayName : ' Enable ESRP code signing'
1717
18+ #
19+ # 1ES Pipeline Templates do not allow using a matrix strategy so we create
20+ # a YAML object parameter with and foreach to create jobs for each entry.
21+ # Each OS has its own matrix object since their build steps differ.
22+ #
23+ - name : windows_matrix
24+ type : object
25+ default :
26+ - id : windows_x64
27+ jobName : ' Windows (x86)'
28+ runtime : win-x86
29+ pool : GitClient-1ESHostedPool-intel-pc
30+ image : win-x86_64-ado1es
31+ os : windows
32+
33+ variables :
34+ - name : ' esrpConnectionName'
35+ value : ' 1ESGitClient-ESRP'
36+ - name : ' esrpEndpointUrl'
37+ value : ' https://api.esrp.microsoft.com/api/v2'
38+ - name : ' esrpClientId'
39+ value : ' TODO'
40+ - name : ' esrpTenantId'
41+ value : ' TODO'
42+ - name : ' esrpAuthAkvName'
43+ value : ' TODO'
44+ - name : ' esrpAuthCertName'
45+ value : ' TODO'
46+ - name : ' esrpAuthSignCertName'
47+ value : ' TODO'
48+
1849extends :
1950 template : v1/1ES.Official.PipelineTemplate.yml@1ESPipelines
2051 parameters :
@@ -44,3 +75,132 @@ extends:
4475 script : |
4576 # Set the version variable for later stages to consume
4677 echo "##vso[task.setvariable variable=value;isOutput=true;isReadOnly=true]$(cat ./VERSION | sed -E 's/.[0-9]+$//')"
78+
79+ stage : build
80+ displayName : ' Build and Sign'
81+ dependsOn : prebuild
82+ jobs :
83+ #
84+ # Windows build jobs
85+ #
86+ - ${{ each dim in parameters.windows_matrix }} :
87+ - job : ${{ dim.id }}
88+ displayName : ${{ dim.jobName }}
89+ pool :
90+ name : ${{ dim.pool }}
91+ image : ${{ dim.image }}
92+ os : ${{ dim.os }}
93+ variables :
94+ version : $[stageDependencies.prebuild.vars.outputs['version.value']]
95+ templateContext :
96+ outputs :
97+ - output : pipelineArtifact
98+ targetPath : ' $(Build.ArtifactStagingDirectory)\payload'
99+ artifactName : ' ${{ dim.runtime }}_payload'
100+ - output : pipelineArtifact
101+ targetPath : ' $(Build.ArtifactStagingDirectory)\symbols'
102+ artifactName : ' ${{ dim.runtime }}_symbols'
103+ - output : pipelineArtifact
104+ targetPath : ' $(Build.ArtifactStagingDirectory)\installers'
105+ artifactName : ' ${{ dim.runtime }}_installers'
106+ steps :
107+ - checkout : self
108+ - task : UseDotNet@2
109+ displayName : ' Use .NET 8 SDK'
110+ inputs :
111+ packageType : sdk
112+ version : ' 8.x'
113+ - task : PowerShell@2
114+ displayName : ' Build payload'
115+ inputs :
116+ targetType : filePath
117+ filePath : ' .\src\windows\Installer.Windows\layout.ps1'
118+ arguments : |
119+ -Configuration Release `
120+ -Output $(Build.ArtifactStagingDirectory)\payload `
121+ -SymbolOutput $(Build.ArtifactStagingDirectory)\symbols
122+ # - task: EsrpCodeSigning@5
123+ # condition: and(succeeded(), eq('${{ parameters.esrp }}', true))
124+ # displayName: 'Sign payload'
125+ # inputs:
126+ # connectedServiceName: '$(esrpConnectionName)'
127+ # appRegistrationClientId: '$(esrpClientId)'
128+ # appRegistrationTenantId: '$(esrpTenantId)'
129+ # authAkvName: '$(esrpAuthAkvName)'
130+ # authCertName: '$(esrpAuthCertName)'
131+ # authSignCertName: '$(esrpAuthSignCertName)'
132+ # serviceEndpointUrl: '$(esrpEndpointUrl)'
133+ # folderPath: '$(Build.ArtifactStagingDirectory)\payload'
134+ # pattern: '**\*.exe;**\*.dll'
135+ # signConfigType: inlineSignParams
136+ # inlineOperation: |
137+ # [
138+ # {
139+ # "KeyCode": "CP-230012",
140+ # "OperationCode": "SigntoolSign",
141+ # "ToolName": "sign",
142+ # "ToolVersion": "1.0",
143+ # "Parameters": {
144+ # "OpusName": "Microsoft",
145+ # "OpusInfo": "https://www.microsoft.com",
146+ # "FileDigest": "/fd SHA256",
147+ # "PageHash": "/NPH",
148+ # "TimeStamp": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
149+ # }
150+ # },
151+ # {
152+ # "KeyCode": "CP-230012",
153+ # "OperationCode": "SigntoolVerify",
154+ # "ToolName": "sign",
155+ # "ToolVersion": "1.0",
156+ # "Parameters": {}
157+ # }
158+ # ]
159+ - task : PowerShell@2
160+ displayName : ' Build installers'
161+ inputs :
162+ targetType : inline
163+ script : |
164+ dotnet build '.\src\windows\Installer.Windows\Installer.Windows.csproj' `
165+ --configuration Release `
166+ --no-dependencies `
167+ -p:NoLayout=true `
168+ -p:PayloadPath="$(Build.ArtifactStagingDirectory)\payload" `
169+ -p:OutputPath="$(Build.ArtifactStagingDirectory)\installers"
170+ # - task: EsrpCodeSigning@5
171+ # condition: and(succeeded(), eq('${{ parameters.esrp }}', true))
172+ # displayName: 'Sign installers'
173+ # inputs:
174+ # connectedServiceName: '$(esrpConnectionName)'
175+ # appRegistrationClientId: '$(esrpClientId)'
176+ # appRegistrationTenantId: '$(esrpTenantId)'
177+ # authAkvName: '$(esrpAuthAkvName)'
178+ # authCertName: '$(esrpAuthCertName)'
179+ # authSignCertName: '$(esrpAuthSignCertName)'
180+ # serviceEndpointUrl: '$(esrpEndpointUrl)'
181+ # folderPath: '$(Build.ArtifactStagingDirectory)\installers'
182+ # pattern: '**\*.exe'
183+ # signConfigType: inlineSignParams
184+ # inlineOperation: |
185+ # [
186+ # {
187+ # "KeyCode": "CP-230012",
188+ # "OperationCode": "SigntoolSign",
189+ # "ToolName": "sign",
190+ # "ToolVersion": "1.0",
191+ # "Parameters": {
192+ # "OpusName": "Microsoft",
193+ # "OpusInfo": "https://www.microsoft.com",
194+ # "FileDigest": "/fd SHA256",
195+ # "PageHash": "/NPH",
196+ # "TimeStamp": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
197+ # }
198+ # },
199+ # {
200+ # "KeyCode": "CP-230012",
201+ # "OperationCode": "SigntoolVerify",
202+ # "ToolName": "sign",
203+ # "ToolVersion": "1.0",
204+ # "Parameters": {}
205+ # }
206+ # ]
0 commit comments