From 2f91e3b914aee0e409c7a202d618b03625eb64c3 Mon Sep 17 00:00:00 2001 From: Vincent Biret Date: Fri, 20 Jun 2025 08:21:10 -0400 Subject: [PATCH 1/2] ci: draft migration to esrp release Signed-off-by: Vincent Biret --- .azure-pipelines/ci-build.yml | 242 ++++++++++++++++++++++++ .github/workflows/build-and-publish.yml | 2 + build.gradle | 10 +- scripts/validatePackageContents.ps1 | 5 +- scripts/zipPackageContent.ps1 | 31 +++ 5 files changed, 287 insertions(+), 3 deletions(-) create mode 100644 .azure-pipelines/ci-build.yml create mode 100644 scripts/zipPackageContent.ps1 diff --git a/.azure-pipelines/ci-build.yml b/.azure-pipelines/ci-build.yml new file mode 100644 index 00000000..bc19425b --- /dev/null +++ b/.azure-pipelines/ci-build.yml @@ -0,0 +1,242 @@ +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. + +name: $(BuildDefinitionName)_$(SourceBranchName)_$(Date:yyyyMMdd)$(Rev:.r) + +trigger: + tags: + include: + - "v*" + branches: + include: + - main + +parameters: + - name: previewBranch + type: string + default: "refs/heads/main" + +resources: + repositories: + - repository: 1ESPipelineTemplates + type: git + name: 1ESPipelineTemplates/1ESPipelineTemplates + ref: refs/tags/release + +extends: + template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates + parameters: + sdl: + sourceAnalysisPool: + name: Azure-Pipelines-1ESPT-ExDShared + os: windows + image: windows-latest + + stages: + - stage: build + jobs: + - job: build + pool: + name: Azure-Pipelines-1ESPT-ExDShared + os: linux + image: ubuntu-latest + #TODO maybe missing template context with sdl baselines? + steps: + - checkout: self + persistCredentials: true + + - task: JavaToolInstaller@1 + inputs: + versionSpec: '21' + jdkArchitectureOption: 'x64' + jdkSourceOption: 'PreInstalled' + + - task: DownloadSecureFile@1 + name: downloadLocalProperties + inputs: + secureFile: 'local.properties' + + - task: DownloadSecureFile@1 + name: downloadSecringGpg + inputs: + secureFile: 'secring.gpg' + + - pwsh: | + Copy-Item $(downloadSecringGpg.secureFilePath) secring.gpg -Verbose + Copy-Item $(downloadLocalProperties.secureFilePath) local.properties -Verbose + displayName: Copy secring and 'local.properties' + + - script: ./gradlew --no-daemon publishToMavenLocal -PmavenCentralPublishingEnabled=true -PmavenCentralSnapshotArtifactSuffix="" + displayName: Publish to local Maven for verification + # condition: contains(variables['build.sourceBranch'], 'refs/tags/v') + + # - script: ./gradlew --no-daemon publishToMavenLocal -PmavenCentralPublishingEnabled=true + # displayName: Publish to local Maven for verification + # condition: not(contains(variables['build.sourceBranch'], 'refs/tags/v')) + + - script: ./gradlew --no-daemon publishMavenPublicationToADORepository -PmavenCentralPublishingEnabled=true -PmavenCentralSnapshotArtifactSuffix="" + displayName: Publish to local Maven ADO for ESRP + # condition: contains(variables['build.sourceBranch'], 'refs/tags/v') + + # - script: ./gradlew --no-daemon publishMavenPublicationToADORepository -PmavenCentralPublishingEnabled=true + # displayName: Publish to local Maven ADO for ESRP + # condition: not(contains(variables['build.sourceBranch'], 'refs/tags/v')) + + - pwsh: | + $contents = Get-Content gradle.properties -Raw + $major = $contents | Select-String -Pattern 'mavenMajorVersion = ([0-9]+)' | ForEach-Object { $_.Matches.Groups[1].Value } + $minor = $contents | Select-String -Pattern 'mavenMinorVersion = ([0-9]+)' | ForEach-Object { $_.Matches.Groups[1].Value } + $patch = $contents | Select-String -Pattern 'mavenPatchVersion = ([0-9]+)' | ForEach-Object { $_.Matches.Groups[1].Value } + # $snapshot_suffix = if ($Env:BRANCH_NAME.StartsWith('refs/tags/v')) { '' } else { '-SNAPSHOT' } + $version = "$major.$minor.$patch$snapshot_suffix" + echo "Current version is $version" + echo "##vso[task.setvariable variable=PACKAGE_VERSION;]$version" + displayName: Get current version + name: GetVersion + env: + BRANCH_NAME: $(Build.SourceBranchName) + + - pwsh: | + .\scripts\ValidatePackageContents.ps1 -ArtifactId microsoft-graph-core -Version $(PACKAGE_VERSION) -ValidateMavenMetadata $false + displayName: Inspect contents of local Maven cache + + - pwsh: | + .\scripts\zipPackageContent.ps1 -OutputDirectory $Env:OUTPUT_DIRECTORY -ArtifactId microsoft-graph-core -PackageSegment abstractions -Version $(PACKAGE_VERSION) + echo "list of zips:" + Get-ChildItem -Path $Env:OUTPUT_DIRECTORY -Filter "*.zip" | ForEach-Object { Write-Host $_.FullName } + displayName: Zip contents of local Maven cache + env: + OUTPUT_DIRECTORY: $(Build.ArtifactStagingDirectory) + + - task: 1ES.PublishPipelineArtifact@1 + displayName: "Publish Artifact: jars" + inputs: + artifactName: jars + targetPath: "$(Build.ArtifactStagingDirectory)" + + - stage: deploy + # condition: and(or(contains(variables['build.sourceBranch'], 'refs/tags/v'), eq(variables['build.sourceBranch'], '${{ parameters.previewBranch }}')), succeeded()) + dependsOn: build + jobs: + - deployment: deploy_github + condition: and(contains(variables['build.sourceBranch'], 'refs/tags/v'), succeeded()) + pool: + name: Azure-Pipelines-1ESPT-ExDShared + os: linux + image: ubuntu-latest + templateContext: + type: releaseJob + isProduction: true + inputs: + - input: pipelineArtifact + artifactName: jars + targetPath: "$(Pipeline.Workspace)" + environment: kiota-github-releases + strategy: + runOnce: + deploy: + steps: + - pwsh: | + $zips = Get-ChildItem -Path "$(Pipeline.Workspace)" -Filter "*.zip" + $zip = $zips | Select-Object -First 1 + $zipName = $zip.Name + if ($zipName -match "\d+.\d+.\d+") + { + $version = $matches[0] + echo "Current version is $version" + echo "##vso[task.setvariable variable=artifactVersion;]$version" + } + else + { + Write-Error "No valid version found in zip file name." + exit 1 + } + + - pwsh: | + $zips = Get-ChildItem -Path "$(Pipeline.Workspace)" -Filter "*.zip" + foreach ($zip in $zips) { + $targetPath = $zip.FullName.Replace(".zip", "") + Expand-Archive -Path $zip.FullName -DestinationPath $targetPath + Remove-Item -Path $zip.FullName -Force + } + displayName: Unzip artifacts + + - task: GitHubRelease@1 + inputs: + gitHubConnection: "microsoftkiota" + tagSource: userSpecifiedTag + tag: "v$(artifactVersion)" + title: "v$(artifactVersion)" + assets: | + $(Pipeline.Workspace)/**/*.jar + $(Pipeline.Workspace)/**/*.jar.md5 + $(Pipeline.Workspace)/**/*.jar.sha1 + $(Pipeline.Workspace)/**/*.jar.sha256 + $(Pipeline.Workspace)/**/*.jar.sha512 + $(Pipeline.Workspace)/**/*.jar.asc + $(Pipeline.Workspace)/**/*.jar.asc.md5 + $(Pipeline.Workspace)/**/*.jar.asc.sha1 + $(Pipeline.Workspace)/**/*.jar.asc.sha256 + $(Pipeline.Workspace)/**/*.jar.asc.sha512 + $(Pipeline.Workspace)/**/*.pom + $(Pipeline.Workspace)/**/*.pom.md5 + $(Pipeline.Workspace)/**/*.pom.sha1 + $(Pipeline.Workspace)/**/*.pom.sha256 + $(Pipeline.Workspace)/**/*.pom.sha512 + $(Pipeline.Workspace)/**/*.pom.asc + $(Pipeline.Workspace)/**/*.pom.asc.md5 + $(Pipeline.Workspace)/**/*.pom.asc.sha1 + $(Pipeline.Workspace)/**/*.pom.asc.sha256 + $(Pipeline.Workspace)/**/*.pom.asc.sha512 + $(Pipeline.Workspace)/**/*.module + $(Pipeline.Workspace)/**/*.module.md5 + $(Pipeline.Workspace)/**/*.module.sha1 + $(Pipeline.Workspace)/**/*.module.sha256 + $(Pipeline.Workspace)/**/*.module.sha512 + $(Pipeline.Workspace)/**/*.module.asc + $(Pipeline.Workspace)/**/*.module.asc.md5 + $(Pipeline.Workspace)/**/*.module.asc.sha1 + $(Pipeline.Workspace)/**/*.module.asc.sha256 + $(Pipeline.Workspace)/**/*.module.asc.sha512 + + addChangeLog: false + action: edit + + - deployment: deploy_maven + # snapshots are not supported by ESRP release for now, but they are planning to add support. When it happens, simply remove the condition + # condition: and(contains(variables['build.sourceBranch'], 'refs/tags/v'), succeeded()) + pool: + name: Azure-Pipelines-1ESPT-ExDShared + os: linux + image: ubuntu-latest + templateContext: + type: releaseJob + isProduction: true + inputs: + - input: pipelineArtifact + artifactName: jars + targetPath: "$(Pipeline.Workspace)" + dependsOn: [] + environment: maven_central + strategy: + runOnce: + deploy: + steps: + - task: EsrpRelease@9 + inputs: + connectedservicename: "Federated DevX ESRP Managed Identity Connection" + usemanagedidentity: false + keyvaultname: "akv-prod-eastus" + authcertname: "ReferenceLibraryPrivateCert" + signcertname: "ReferencePackagePublisherCertificate" + clientid: "65035b7f-7357-4f29-bf25-c5ee5c3949f8" + intent: "PackageDistribution" + contenttype: "Maven" + contentsource: "Folder" + folderlocation: "$(Pipeline.Workspace)" + waitforreleasecompletion: true + owners: vibiret@microsoft.com + approvers: mmainer@microsoft.com + serviceendpointurl: "https://api.esrp.microsoft.com" + mainpublisher: "ESRPRELPACMAN" + domaintenantid: "cdc5aeea-15c5-4db6-b079-fcadd2505dc2" \ No newline at end of file diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index d3770159..71482093 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -1,5 +1,7 @@ name: Build and Publish +# TODO remove todo entries in build.gradle + on: workflow_dispatch: push: diff --git a/build.gradle b/build.gradle index 71a5111f..23a85870 100644 --- a/build.gradle +++ b/build.gradle @@ -7,6 +7,7 @@ plugins { id 'jacoco' id 'com.github.spotbugs' version '6.2.0' id "org.sonarqube" version "6.2.0.5505" + // TODO remove this dependency once we remove the GH WF id 'io.github.gradle-nexus.publish-plugin' version '2.0.0' } @@ -113,8 +114,15 @@ publishing { } } } -} + repositories { + maven { + name = "ADO" + url = layout.buildDirectory.dir("publishing-repository") + } + } +} +// TODO remove this section once we remove the GH WF nexusPublishing { repositories { sonatype { diff --git a/scripts/validatePackageContents.ps1 b/scripts/validatePackageContents.ps1 index ee1d8a71..4bd2d16e 100644 --- a/scripts/validatePackageContents.ps1 +++ b/scripts/validatePackageContents.ps1 @@ -3,7 +3,8 @@ param( [Parameter(Mandatory=$true)][string] $ArtifactId, [Parameter(Mandatory=$true)][string] $Version, [Parameter()][string] $GroupId = "com.microsoft.graph", - [Parameter()][string] $MavenLocalCachePath = "~" + [System.IO.Path]::DirectorySeparatorChar + ".m2" + [System.IO.Path]::DirectorySeparatorChar + "repository" + [Parameter()][string] $MavenLocalCachePath = "~" + [System.IO.Path]::DirectorySeparatorChar + ".m2" + [System.IO.Path]::DirectorySeparatorChar + "repository", + [Parameter()][bool] $ValidateMavenMetadata = $true ) $groupIdPath = $GroupId -replace "\.", [System.IO.Path]::DirectorySeparatorChar @@ -48,7 +49,7 @@ foreach($file in $expectedFiles) { } $mavenMetadataFiles = Get-ChildItem -Path $packageFullPath -Filter "maven-metadata*.xml" -if($mavenMetadataFiles.Count -eq 0) { +if($mavenMetadataFiles.Count -eq 0 -and $ValidateMavenMetadata -eq $true) { Write-Output "No maven-metadata*.xml files found in package." exit 1 } diff --git a/scripts/zipPackageContent.ps1 b/scripts/zipPackageContent.ps1 new file mode 100644 index 00000000..02cc9b65 --- /dev/null +++ b/scripts/zipPackageContent.ps1 @@ -0,0 +1,31 @@ +# Checks that expected files are present & have contents after the publish process to the local cache +param( + [Parameter(Mandatory=$true)][string] $ArtifactId, + [Parameter(Mandatory=$true)][string] $PackageSegment, + [Parameter(Mandatory=$true)][string] $Version, + [Parameter(Mandatory=$true)][string] $OutputDirectory, + [Parameter()][string] $GroupId = "com.microsoft.graph", + [Parameter()][string] $ComponentsSegment = "..\components", + [Parameter()][string] $buildOutDir = "build\publishing-repository" +) + +#components\bundle\build\publishing-repository\com\microsoft\kiota\microsoft-kiota-bundle\1.8.5\ + +$groupIdPath = $GroupId -replace "\.", [System.IO.Path]::DirectorySeparatorChar +$packageFullPath = Join-Path -Path $PSScriptRoot -ChildPath $ComponentsSegment -AdditionalChildPath $PackageSegment, $buildOutDir, $groupIdPath, $ArtifactId, $Version + +Write-Output "---------------------------------------------------" +Write-Output "Zipping package contents at $packageFullPath" + +if(-not (Test-Path -Path $packageFullPath)) { + Write-Output "Package not found in local cache." + exit 1 +} + +$outputFilePath = Join-Path -Path $OutputDirectory -ChildPath "$ArtifactId-$Version.zip" +# removing any existing file +Remove-Item -Path $outputFilePath -ErrorAction SilentlyContinue +# removing any xml files that are not expected in ESRP release +Compress-Archive -Path "$packageFullPath\*" -DestinationPath $outputFilePath + +exit 0 \ No newline at end of file From c7c45068ad9d09846f762e2e58279ce09e3373b5 Mon Sep 17 00:00:00 2001 From: Vincent Biret Date: Fri, 20 Jun 2025 08:29:45 -0400 Subject: [PATCH 2/2] ci: casing fix Signed-off-by: Vincent Biret --- .azure-pipelines/ci-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.azure-pipelines/ci-build.yml b/.azure-pipelines/ci-build.yml index bc19425b..a3957826 100644 --- a/.azure-pipelines/ci-build.yml +++ b/.azure-pipelines/ci-build.yml @@ -97,7 +97,7 @@ extends: BRANCH_NAME: $(Build.SourceBranchName) - pwsh: | - .\scripts\ValidatePackageContents.ps1 -ArtifactId microsoft-graph-core -Version $(PACKAGE_VERSION) -ValidateMavenMetadata $false + .\scripts\validatePackageContents.ps1 -ArtifactId microsoft-graph-core -Version $(PACKAGE_VERSION) -ValidateMavenMetadata $false displayName: Inspect contents of local Maven cache - pwsh: |