Skip to content

Add build to vPack Pipeline #25915

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
TravisEz13 merged 36 commits into from
Sep 3, 2025
Merged

Add build to vPack Pipeline #25915

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
36 commits
Select commit Hold shift + click to select a range
aa7539b
Added build steps and throw before signing
jshigetomi Aug 25, 2025
d5e599a
Added build steps and throw before signing
jshigetomi Aug 25, 2025
f931f41
connect vpackname
jshigetomi Aug 27, 2025
cec2a6e
add group feed read general for nuget switch
jshigetomi Aug 27, 2025
6e4519e
Add internal build tools signing check
jshigetomi Aug 27, 2025
218fab3
Remove deprecated PAT group reference from pipeline configuration
TravisEz13 Aug 27, 2025
d5d4f7f
Fix OfficialBuild parameter assignment in pipeline configuration
TravisEz13 Aug 28, 2025
aa3804f
Remove CheckIssuerOnly parameter from Update-PSSignedBuildFolder func…
TravisEz13 Aug 28, 2025
e335a4d
Refactor vPack architecture handling and remove deprecated parameter
TravisEz13 Aug 28, 2025
2545e94
Fix display name formatting in build step for Windows Universal
TravisEz13 Aug 28, 2025
2ed384e
Refactor parameters in PowerShell-vPack-Official.yml: reorder Officia…
TravisEz13 Aug 28, 2025
42383f4
Add Component Detection task to governance build pipeline
TravisEz13 Aug 28, 2025
dbc00a9
Add environment variable for restore phase in build steps
TravisEz13 Aug 28, 2025
e742533
Remove VPackPublishOverride parameter and related references from the…
TravisEz13 Aug 28, 2025
6a84af0
Add artifact suffix for architecture in vPack package creation
TravisEz13 Aug 29, 2025
31dd91c
Rename build stage and job, and update artifact naming convention in …
TravisEz13 Aug 29, 2025
1636ca8
Refactor package naming and description for architecture-specific bui…
TravisEz13 Aug 29, 2025
56596f5
Update vPack name format to include OfficialBuild and SourceBranchNam…
TravisEz13 Aug 29, 2025
e55d94a
Fix parameter interpolation in vPack name definition in PowerShell-vP…
TravisEz13 Aug 29, 2025
b2d6576
Remove artifact suffix assignment for architecture in vPack pipeline
TravisEz13 Aug 29, 2025
eac453c
Update vPack name format to include createVPack parameter in PowerShe…
TravisEz13 Aug 29, 2025
70281f8
Update vPack name format to include vPackName parameter in PowerShell…
TravisEz13 Aug 29, 2025
a94d62d
Update vPack name format to use underscores instead of dots in PowerS…
TravisEz13 Aug 29, 2025
6ab03bf
Apply suggestion from @TravisEz13
TravisEz13 Aug 29, 2025
a51a17e
Add version validation for ob_createvpack_*Ver variables in PowerShel…
TravisEz13 Aug 29, 2025
452320e
Fix version splitting regex to use brackets for better clarity in Pow…
TravisEz13 Aug 29, 2025
25a725f
Add variables for versioning and output directory in PowerShell-vPack…
TravisEz13 Aug 29, 2025
61904c9
Merge branch 'addBuildTovPack' of https://github.com/powershell/power…
TravisEz13 Aug 30, 2025
8fbe198
Use officialBuild parameter to selectively upload package items to ob…
jshigetomi Sep 2, 2025
d524ead
Use officialBuild parameter to selectively upload package items to ob…
jshigetomi Sep 2, 2025
4cf1ae9
Output copy path for task
jshigetomi Sep 2, 2025
fa1235f
make another case for vpack case
jshigetomi Sep 3, 2025
0d033e9
add else if
jshigetomi Sep 3, 2025
59da02c
cast to boolean
jshigetomi Sep 3, 2025
c95f1cd
remove signed architecture name
jshigetomi Sep 3, 2025
848e939
Merge branch 'master' into addBuildTovPack
jshigetomi Sep 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
283 changes: 193 additions & 90 deletions .pipelines/PowerShell-vPack-Official.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,32 +1,30 @@
trigger: none

parameters: # parameters are shown up in ADO UI in a build queue time
- name: OfficialBuild
type: boolean
default: true
- name: 'createVPack'
displayName: 'Create and Submit VPack'
type: boolean
default: true
- name: 'debug'
displayName: 'Enable debug output'
type: boolean
default: false
- name: 'architecture'
- name: vPackName
type: string
displayName: 'Select the vpack architecture:'
displayName: 'VPack Name:'
default: 'PowerShell'
values:
- x64
- x86
- arm64
default: x64
- name: 'VPackPublishOverride'
type: string
displayName: 'VPack Publish Override Version (can leave blank):'
default: ' '
- PowerShell
- PowerShellDoNotUse
- name: 'ReleaseTagVar'
type: string
displayName: 'Release Tag Var:'
default: 'fromBranch'
- name: 'debug'
displayName: 'Enable debug output'
type: boolean
default: false

name: vPack_${{ parameters.architecture }}_$(date:yyMM).$(date:dd)$(rev:rrr)
name: vPack_$(Build.SourceBranchName)_Prod.${{ parameters.OfficialBuild }}_Create.${{ parameters.createVPack }}_Name.${{ parameters.vPackName}}_$(date:yyyyMMdd).$(rev:rr)

variables:
- name: CDP_DEFINITION_BUILD_COUNT
Expand All @@ -51,6 +49,12 @@ variables:
value: ${{ parameters.ReleaseTagVar }}
- group: Azure Blob variable group
- group: certificate_logical_to_actual # used within signing task
- name: templateFile
value: ${{ iif ( parameters.OfficialBuild, 'v2/Microsoft.Official.yml@templates', 'v2/Microsoft.NonOfficial.yml@templates' ) }}
- group: DotNetPrivateBuildAccess
- group: certificate_logical_to_actual
# We shouldn't be using PATs anymore
# - group: mscodehub-feed-read-general

resources:
repositories:
Expand All @@ -59,17 +63,8 @@ resources:
name: OneBranch.Pipelines/GovernedTemplates
ref: refs/heads/main

pipelines:
- pipeline: PSPackagesOfficial
source: 'PowerShell-Packages-Official'
trigger:
branches:
include:
- master
- releases/*

extends:
template: v2/Microsoft.Official.yml@templates
template: ${{ variables.templateFile }}
parameters:
platform:
name: 'windows_undocked' # windows undocked
Expand Down Expand Up @@ -99,35 +94,116 @@ extends:
enabled: false
tsaOptionsFile: .config/tsaoptions.json
stages:
- stage: main
- stage: BuildStage
jobs:
- job: main
- job: BuildJob
pool:
type: windows

strategy:
matrix:
x86:
architecture: x86

x64:
architecture: x64

arm64:
architecture: arm64

variables:
ArtifactPlatform: 'windows'
ob_artifactBaseName: drop_build_$(architecture)
ob_outputDirectory: '$(BUILD.SOURCESDIRECTORY)\out'
ob_createvpack_enabled: ${{ parameters.createVPack }}
ob_createvpack_packagename: 'PowerShell.${{ parameters.architecture }}'
ob_createvpack_description: PowerShell ${{ parameters.architecture }} $(version)
ob_createvpack_owneralias: tplunk
ob_createvpack_versionAs: string
ob_createvpack_version: '$(version)'
ob_createvpack_versionAs: parts
ob_createvpack_propsFile: true
ob_createvpack_verbose: true
ob_createvpack_packagename: '${{ parameters.vPackName }}.$(architecture)'
ob_createvpack_description: PowerShell $(architecture) $(version)
# I think the variables reload after we transition back to the host so this works. 🤷‍♂️
ob_createvpack_majorVer: $(pwshMajorVersion)
ob_createvpack_minorVer: $(pwshMinorVersion)
ob_createvpack_patchVer: $(pwshPatchVersion)
${{ if ne(variables['pwshPrereleaseVersion'], '') }}:
ob_createvpack_prereleaseVer: $(pwshPrereleaseVersion)
${{ else }}:
ob_createvpack_prereleaseVer: $(Build.SourceVersion)

steps:
- checkout: self
displayName: Checkout source code - during restore
clean: true
path: s
env:
ob_restore_phase: true

- template: .pipelines/templates/SetVersionVariables.yml@self
parameters:
ReleaseTagVar: $(ReleaseTagVar)
CreateJson: yes
UseJson: no

- pwsh: |
$version = '$(Version)'
Write-Verbose -Verbose "Version: $version"
if(!$version) {
throw "Version is not set."
}

$mainVersionParts = $version -split '-'

Write-Verbose -Verbose "mainVersionParts: $($mainVersionParts[0]) ; $($mainVersionParts[1])"
$versionParts = $mainVersionParts[0] -split '[.]';
$major = $versionParts[0]
$minor = $versionParts[1]
$patch = $versionParts[2]

$previewPart = $mainVersionParts[1]
Write-Verbose -Verbose "previewPart: $previewPart"

Write-Host "major: $major; minor: $minor; patch: $patch;"

$vstsCommandString = "vso[task.setvariable variable=pwshMajorVersion]$major"
Write-Host ("sending " + $vstsCommandString)
Write-Host "##$vstsCommandString"

$vstsCommandString = "vso[task.setvariable variable=pwshMinorVersion]$minor"
Write-Host ("sending " + $vstsCommandString)
Write-Host "##$vstsCommandString"

$vstsCommandString = "vso[task.setvariable variable=pwshPatchVersion]$patch"
Write-Host ("sending " + $vstsCommandString)
Write-Host "##$vstsCommandString"
if($previewPart) {
$vstsCommandString = "vso[task.setvariable variable=pwshPrereleaseVersion]$previewPart"
} else {
Write-Verbose -Verbose "No prerelease part found in version string."
}
displayName: Set ob_createvpack_*Ver
env:
ob_restore_phase: true

# Validate pwsh*Version variables
- pwsh: |
$variables = @("pwshMajorVersion", "pwshMinorVersion", "pwshPatchVersion")
foreach ($var in $variables) {
if (-not (get-item "Env:\$var" -ErrorAction SilentlyContinue).value) {
throw "Required variable '`$env:$var' is not set."
}
}
displayName: Validate pwsh*Version variables
env:
ob_restore_phase: true

- pwsh: |
if($env:RELEASETAGVAR -match '-') {
throw "Don't release a preview build without coordinating with Windows Engineering Build Tools Team"
}
displayName: Stop any preview release
env:
ob_restore_phase: true

- task: UseDotNet@2
displayName: 'Use .NET Core sdk'
Expand All @@ -136,88 +212,115 @@ extends:
version: 3.1.x
installationPath: $(Agent.ToolsDirectory)/dotnet

### BUILD ###

- template: /.pipelines/templates/insert-nuget-config-azfeed.yml@self
parameters:
repoRoot: $(repoRoot)

- task: CodeQL3000Init@0 # Add CodeQL Init task right before your 'Build' step.
env:
ob_restore_phase: true # Set ob_restore_phase to run this step before '🔒 Setup Signing' step.
inputs:
Enabled: true
AnalyzeInPipeline: false # Do not upload results
Language: csharp

- task: UseDotNet@2
displayName: 'Install .NET based on global.json'
inputs:
useGlobalJson: true
workingDirectory: $(repoRoot)
env:
ob_restore_phase: true

- pwsh: |
$packageArtifactName = 'drop_windows_package_package_win_${{ parameters.architecture }}'
$vstsCommandString = "vso[task.setvariable variable=PackageArtifactName]$packageArtifactName"
Write-Host "sending " + $vstsCommandString
# Need to set PowerShellRoot variable for obp-file-signing template
$vstsCommandString = "vso[task.setvariable variable=PowerShellRoot]$(repoRoot)"
Write-Host ("sending " + $vstsCommandString)
Write-Host "##$vstsCommandString"

$packageArtifactPath = '$(Pipeline.Workspace)\PSPackagesOfficial'
$vstsCommandString = "vso[task.setvariable variable=PackageArtifactPath]$packageArtifactPath"
Write-Host "sending " + $vstsCommandString
$Architecture = '$(Architecture)'
$runtime = switch ($Architecture)
{
"x64" { "win7-x64" }
"x86" { "win7-x86" }
"arm64" { "win-arm64" }
}

$params = @{}
if ($env:BuildConfiguration -eq 'minSize') {
$params['ForMinimalSize'] = $true
}

$vstsCommandString = "vso[task.setvariable variable=Runtime]$runtime"
Write-Host ("sending " + $vstsCommandString)
Write-Host "##$vstsCommandString"
displayName: 'Set package artifact variables'

- download: PSPackagesOfficial
artifact: $(PackageArtifactName)
displayName: Download package
Write-Verbose -Message "Building PowerShell with Runtime: $runtime for '$env:BuildConfiguration' configuration"
Import-Module -Name $(repoRoot)/build.psm1 -Force
$buildWithSymbolsPath = New-Item -ItemType Directory -Path "$(Pipeline.Workspace)/Symbols_$Architecture" -Force

- pwsh: 'Get-ChildItem $(PackageArtifactPath)\* -recurse | Select-Object -ExpandProperty Name'
displayName: 'Capture Artifact Listing'
Start-PSBootstrap -Scenario Package
$null = New-Item -ItemType Directory -Path $buildWithSymbolsPath -Force -Verbose

- pwsh: |
$message = @()
$packages = Get-ChildItem $(PackageArtifactPath)\* -recurse -include *.zip, *.msi

if($packages.count -eq 0) {throw "No packages found in $(PackageArtifactPath)"}

$packages | ForEach-Object {
if($_.Name -notmatch 'PowerShell-\d+\.\d+\.\d+\-([a-z]*.\d+\-)?win\-(fxdependent|x64|arm64|x86|fxdependentWinDesktop)\.(msi|zip){1}')
{
$messageInstance = "$($_.Name) is not a valid package name"
$message += $messageInstance
Write-Warning $messageInstance
}
$ReleaseTagParam = @{}

if ($env:RELEASETAGVAR) {
$ReleaseTagParam['ReleaseTag'] = $env:RELEASETAGVAR
}

if($message.count -gt 0){throw ($message | out-string)}
displayName: 'Validate Zip and MSI Package Names'
Start-PSBuild -Runtime $runtime -Configuration Release -Output $buildWithSymbolsPath -Clean -PSModuleRestore @params @ReleaseTagParam

- pwsh: |
Get-ChildItem $(PackageArtifactPath)\* -recurse -include *.zip | ForEach-Object {
if($_.Name -match 'PowerShell-\d+\.\d+\.\d+\-([a-z]*.\d+\-)?win\-(${{ parameters.architecture }})\.(zip){1}')
{
Expand-Archive -Path $_.FullName -DestinationPath $(ob_outputDirectory)
}
}
displayName: 'Extract Zip to ob_outputDirectory'
$refFolderPath = Join-Path $buildWithSymbolsPath 'ref'
Write-Verbose -Verbose "refFolderPath: $refFolderPath"
$outputPath = Join-Path '$(ob_outputDirectory)' 'psoptions'
$null = New-Item -ItemType Directory -Path $outputPath -Force
$psOptPath = "$outputPath/psoptions.json"
Save-PSOptions -PSOptionsPath $psOptPath

Write-Verbose -Verbose "Completed building PowerShell for '$env:BuildConfiguration' configuration"
displayName: Build Windows Universal - $(Architecture) -$(BuildConfiguration) Symbols folder
env:
__DOTNET_RUNTIME_FEED_KEY: $(RUNTIME_SOURCEFEED_KEY)
ob_restore_phase: true # Set ob_restore_phase to run this step before '🔒 Setup Signing' step.

- task: CodeQL3000Finalize@0 # Add CodeQL Finalize task right after your 'Build' step.
env:
ob_restore_phase: true # Set ob_restore_phase to run this step before '🔒 Setup Signing' step.

- task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
displayName: 'Component Detection'
inputs:
sourceScanPath: '$(repoRoot)\src'
ob_restore_phase: true

- template: /.pipelines/templates/obp-file-signing.yml@self
parameters:
binPath: '$(Pipeline.Workspace)/Symbols_$(Architecture)'
SigningProfile: $(windows_build_tools_cert_id)
OfficialBuild: false
vPackScenario: true

### END OF BUILD ###

- pwsh: |
Write-Verbose "VPack Version: $(ob_createvpack_version)" -Verbose
Get-ChildItem -Path $(ob_outputDirectory)\* -Recurse
Get-Content $(ob_outputdirectory)\preview.json -ErrorAction SilentlyContinue | Write-Host
Get-ChildItem env:/ob_createvpack_*Ver
Get-ChildItem -Path "$(Pipeline.Workspace)\Symbols_$(Architecture)\*" -Recurse
Get-Content "$(Pipeline.Workspace)\PowerShell\preview.json" -ErrorAction SilentlyContinue | Write-Host
displayName: Debug Output Directory and Version
condition: succeededOrFailed()

- pwsh: |
Write-Host "Using VPackPublishOverride variable"
$vpackVersion = '${{ parameters.VPackPublishOverride }}'
$vstsCommandString = "vso[task.setvariable variable=ob_createvpack_version]$vpackVersion"
Write-Host "sending " + $vstsCommandString
Write-Host "##$vstsCommandString"
condition: ne('${{ parameters.VPackPublishOverride }}', ' ')
displayName: 'Set ob_createvpack_version with VPackPublishOverride'

- pwsh: |
Get-ChildItem -Path env: | Out-String -width 9999 -Stream | write-Verbose -Verbose
displayName: Capture Environment
condition: succeededOrFailed()

- pwsh: |
Write-Verbose "VPack Version: $(ob_createvpack_version)" -Verbose
$vpackFiles = Get-ChildItem -Path $(ob_outputDirectory)\* -Recurse
$vpackFiles = Get-ChildItem -Path "$(Pipeline.Workspace)\Symbols_$(Architecture)\*" -Recurse
if($vpackFiles.Count -eq 0) {
throw "No files found in $(ob_outputDirectory)"
throw "No files found in $(Pipeline.Workspace)\Symbols_$(Architecture)"
}
$vpackFiles
displayName: Debug Output Directory and Version
condition: succeededOrFailed()

- task: onebranch.pipeline.signing@1
displayName: 'Onebranch Signing'
inputs:
command: 'sign'
signing_environment: 'azure-ado'
cp_code: $(windows_build_tools_cert_id)
files_to_sign: '**/*.exe;**/System.Management.Automation.dll'
search_root: $(ob_outputDirectory)
Loading