From ff8d57c0168421af5a859a6cef75c0bff03300a6 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 23 Jun 2021 15:26:56 -0700 Subject: [PATCH 1/7] Generate SHA512 CheckSum file for all packages --- .../azureDevOps/templates/nuget.yml | 65 ++++++++++++++++++- 1 file changed, 64 insertions(+), 1 deletion(-) diff --git a/tools/releaseBuild/azureDevOps/templates/nuget.yml b/tools/releaseBuild/azureDevOps/templates/nuget.yml index db0198132cb..00b977b6a3c 100644 --- a/tools/releaseBuild/azureDevOps/templates/nuget.yml +++ b/tools/releaseBuild/azureDevOps/templates/nuget.yml @@ -54,13 +54,21 @@ jobs: version: '$(SDKVersion)' - task: DownloadBuildArtifacts@0 - displayName: 'Download PowerShell build artifacts' + displayName: 'Download PowerShell build artifacts - finalResults' inputs: buildType: current downloadType: single artifactName: finalResults downloadPath: '$(System.ArtifactsDirectory)' + - task: DownloadBuildArtifacts@0 + displayName: 'Download PowerShell build artifacts - macosPkgResults' + inputs: + buildType: current + downloadType: single + artifactName: macosPkgResults + downloadPath: '$(System.ArtifactsDirectory)' + - powershell: 'Get-ChildItem $(System.ArtifactsDirectory) -recurse' displayName: 'Capture downloaded artifacts' @@ -182,6 +190,40 @@ jobs: Get-ChildItem "$(System.ArtifactsDirectory)\signed\globaltool" -Recurse displayName: Move global tool packages to subfolder and capture + - pwsh: | + $packagePath = (Join-Path $(System.ArtifactsDirectory) checksum) + New-Item $packagePath -ItemType Directory -Force > $null + $srcPaths = @("$(System.ArtifactsDirectory)\finalResults", "$(System.ArtifactsDirectory)\macosPkgResults", "$(System.ArtifactsDirectory)\signed") + + $packages = Get-ChildItem -Path $srcPaths -Include *.zip, *.tar.gz, *.msi*, *.pkg, *.deb, *.rpm -Exclude "PowerShell-Symbols*" -Recurse + $packages | ForEach-Object { Copy-Item $_.FullName -Destination $packagePath -Verbose } + + $message = Get-ChildItem $packagePath -Recurse | Select-Object -ExpandProperty FullName | Out-String + Write-Verbose -Verbose $message + + $hashFileContent = [System.Text.StringBuilder]::new() + + Get-ChildItem -Path $packagePath | ForEach-Object { + Write-Verbose -Verbose "Generating checksum file for $_" + $packageName = Split-Path $_ -Leaf + $hash = (Get-FileHash -Path $packagePath -Algorithm SHA512).Hash + + # the '*' before the packagename signifies it is a binary + $hashLine = "$hash *$packageName" + $.AppendLine($hashLine) > $null + } + + $hashFileContent.ToString() | Out-File -FilePath "$packagePath\SHA512SUMS" -Force + + $fileContent = Get-Content -Path "$packagePath\SHA512SUMS" -Raw | Out-String + Write-Verbose -Verbose -Message $fileContent + displayName: Generate checksum file + + - template: upload-final-results.yml + parameters: + artifactPath: '$(System.ArtifactsDirectory)\checksum' + artifactFilter: SHA512SUMS + - task: AzureFileCopy@4 displayName: 'Upload NuGet packages to Azure' inputs: @@ -192,6 +234,16 @@ jobs: ContainerName: '$(AzureVersion)-nuget' condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true')) + - task: AzureFileCopy@4 + displayName: 'Upload CheckSum file to Azure' + inputs: + SourcePath: '$(System.ArtifactsDirectory)\checksum\SHA512SUMS' + azureSubscription: '$(AzureFileCopySubscription)' + Destination: AzureBlob + storage: '$(StorageAccount)' + ContainerName: '$(AzureVersion)-nuget' + condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true')) + - task: AzureFileCopy@4 displayName: 'Upload global tool packages to Azure' inputs: @@ -203,6 +255,17 @@ jobs: blobPrefix: '$(Version)' condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true')) + - task: AzureFileCopy@4 + displayName: 'Upload checksum file to Global Tool packages on Azure' + inputs: + sourcePath: '$(System.ArtifactsDirectory)\checksum\SHA512SUMS' + azureSubscription: '$(GlobalToolSubscription)' + Destination: AzureBlob + storage: '$(GlobalToolStorageAccount)' + ContainerName: 'tool' + blobPrefix: '$(Version)' + condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true')) + - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0 displayName: 'Component Detection' inputs: From cfe232eb7567e3a350826b4510eead3e565fadda Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 23 Jun 2021 21:04:34 -0700 Subject: [PATCH 2/7] Fix file path --- tools/releaseBuild/azureDevOps/templates/nuget.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/releaseBuild/azureDevOps/templates/nuget.yml b/tools/releaseBuild/azureDevOps/templates/nuget.yml index 00b977b6a3c..507e4a39c1a 100644 --- a/tools/releaseBuild/azureDevOps/templates/nuget.yml +++ b/tools/releaseBuild/azureDevOps/templates/nuget.yml @@ -206,7 +206,7 @@ jobs: Get-ChildItem -Path $packagePath | ForEach-Object { Write-Verbose -Verbose "Generating checksum file for $_" $packageName = Split-Path $_ -Leaf - $hash = (Get-FileHash -Path $packagePath -Algorithm SHA512).Hash + $hash = (Get-FileHash -Path $_ -Algorithm SHA512).Hash # the '*' before the packagename signifies it is a binary $hashLine = "$hash *$packageName" From 43c633678ae36e2e20e78a96fb429c4a442649a7 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Thu, 24 Jun 2021 09:34:10 -0700 Subject: [PATCH 3/7] Fix typo --- tools/releaseBuild/azureDevOps/templates/nuget.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/releaseBuild/azureDevOps/templates/nuget.yml b/tools/releaseBuild/azureDevOps/templates/nuget.yml index 507e4a39c1a..184e203bcca 100644 --- a/tools/releaseBuild/azureDevOps/templates/nuget.yml +++ b/tools/releaseBuild/azureDevOps/templates/nuget.yml @@ -210,7 +210,7 @@ jobs: # the '*' before the packagename signifies it is a binary $hashLine = "$hash *$packageName" - $.AppendLine($hashLine) > $null + $hashFileContent.AppendLine($hashLine) > $null } $hashFileContent.ToString() | Out-File -FilePath "$packagePath\SHA512SUMS" -Force From 858f323f162f261bda9f109867698685ade83ea2 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Fri, 25 Jun 2021 08:46:58 -0700 Subject: [PATCH 4/7] Make hash lowercase --- tools/releaseBuild/azureDevOps/templates/nuget.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/releaseBuild/azureDevOps/templates/nuget.yml b/tools/releaseBuild/azureDevOps/templates/nuget.yml index 184e203bcca..5da77d7bc1b 100644 --- a/tools/releaseBuild/azureDevOps/templates/nuget.yml +++ b/tools/releaseBuild/azureDevOps/templates/nuget.yml @@ -206,7 +206,7 @@ jobs: Get-ChildItem -Path $packagePath | ForEach-Object { Write-Verbose -Verbose "Generating checksum file for $_" $packageName = Split-Path $_ -Leaf - $hash = (Get-FileHash -Path $_ -Algorithm SHA512).Hash + $hash = (Get-FileHash -Path $_ -Algorithm SHA512).Hash.ToLower() # the '*' before the packagename signifies it is a binary $hashLine = "$hash *$packageName" From 751c358f82b36cc221ced117cc80c3aa17c17c14 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Fri, 25 Jun 2021 11:22:09 -0700 Subject: [PATCH 5/7] Move checksum file to folder we already upload --- .../azureDevOps/templates/nuget.yml | 24 +++---------------- 1 file changed, 3 insertions(+), 21 deletions(-) diff --git a/tools/releaseBuild/azureDevOps/templates/nuget.yml b/tools/releaseBuild/azureDevOps/templates/nuget.yml index 5da77d7bc1b..4dab334a053 100644 --- a/tools/releaseBuild/azureDevOps/templates/nuget.yml +++ b/tools/releaseBuild/azureDevOps/templates/nuget.yml @@ -217,6 +217,9 @@ jobs: $fileContent = Get-Content -Path "$packagePath\SHA512SUMS" -Raw | Out-String Write-Verbose -Verbose -Message $fileContent + + Copy-Item -Path "$packagePath\SHA512SUMS" -Destination '$(System.ArtifactsDirectory)\signed\' -verbose + Copy-Item -Path "$packagePath\SHA512SUMS" -Destination '$(System.ArtifactsDirectory)\signed\globaltool\' -verbose displayName: Generate checksum file - template: upload-final-results.yml @@ -234,16 +237,6 @@ jobs: ContainerName: '$(AzureVersion)-nuget' condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true')) - - task: AzureFileCopy@4 - displayName: 'Upload CheckSum file to Azure' - inputs: - SourcePath: '$(System.ArtifactsDirectory)\checksum\SHA512SUMS' - azureSubscription: '$(AzureFileCopySubscription)' - Destination: AzureBlob - storage: '$(StorageAccount)' - ContainerName: '$(AzureVersion)-nuget' - condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true')) - - task: AzureFileCopy@4 displayName: 'Upload global tool packages to Azure' inputs: @@ -255,17 +248,6 @@ jobs: blobPrefix: '$(Version)' condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true')) - - task: AzureFileCopy@4 - displayName: 'Upload checksum file to Global Tool packages on Azure' - inputs: - sourcePath: '$(System.ArtifactsDirectory)\checksum\SHA512SUMS' - azureSubscription: '$(GlobalToolSubscription)' - Destination: AzureBlob - storage: '$(GlobalToolStorageAccount)' - ContainerName: 'tool' - blobPrefix: '$(Version)' - condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true')) - - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0 displayName: 'Component Detection' inputs: From 5ca1c99de800d89cad8a6a7d6f42f31a2b726308 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Mon, 28 Jun 2021 11:37:00 -0700 Subject: [PATCH 6/7] Update tools/releaseBuild/azureDevOps/templates/nuget.yml Co-authored-by: Robert Holt --- tools/releaseBuild/azureDevOps/templates/nuget.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/releaseBuild/azureDevOps/templates/nuget.yml b/tools/releaseBuild/azureDevOps/templates/nuget.yml index 4dab334a053..e877c239235 100644 --- a/tools/releaseBuild/azureDevOps/templates/nuget.yml +++ b/tools/releaseBuild/azureDevOps/templates/nuget.yml @@ -198,8 +198,8 @@ jobs: $packages = Get-ChildItem -Path $srcPaths -Include *.zip, *.tar.gz, *.msi*, *.pkg, *.deb, *.rpm -Exclude "PowerShell-Symbols*" -Recurse $packages | ForEach-Object { Copy-Item $_.FullName -Destination $packagePath -Verbose } - $message = Get-ChildItem $packagePath -Recurse | Select-Object -ExpandProperty FullName | Out-String - Write-Verbose -Verbose $message + $packagePathList = Get-ChildItem $packagePath -Recurse | Select-Object -ExpandProperty FullName | Out-String + Write-Verbose -Verbose $packagePathList $hashFileContent = [System.Text.StringBuilder]::new() From 03ccfca67369d4160f3ff3087d83e2e571b59e42 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Mon, 28 Jun 2021 11:37:30 -0700 Subject: [PATCH 7/7] Update tools/releaseBuild/azureDevOps/templates/nuget.yml Co-authored-by: Robert Holt --- .../azureDevOps/templates/nuget.yml | 23 ++++++++----------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/tools/releaseBuild/azureDevOps/templates/nuget.yml b/tools/releaseBuild/azureDevOps/templates/nuget.yml index e877c239235..4e303e17439 100644 --- a/tools/releaseBuild/azureDevOps/templates/nuget.yml +++ b/tools/releaseBuild/azureDevOps/templates/nuget.yml @@ -201,19 +201,16 @@ jobs: $packagePathList = Get-ChildItem $packagePath -Recurse | Select-Object -ExpandProperty FullName | Out-String Write-Verbose -Verbose $packagePathList - $hashFileContent = [System.Text.StringBuilder]::new() - - Get-ChildItem -Path $packagePath | ForEach-Object { - Write-Verbose -Verbose "Generating checksum file for $_" - $packageName = Split-Path $_ -Leaf - $hash = (Get-FileHash -Path $_ -Algorithm SHA512).Hash.ToLower() - - # the '*' before the packagename signifies it is a binary - $hashLine = "$hash *$packageName" - $hashFileContent.AppendLine($hashLine) > $null - } - - $hashFileContent.ToString() | Out-File -FilePath "$packagePath\SHA512SUMS" -Force + Get-ChildItem -Path $packagePath | + ForEach-Object { + Write-Verbose -Verbose "Generating checksum file for $($_.FullName)" + $packageName = $_.Name + $hash = (Get-FileHash -Path $_.FullName -Algorithm SHA512).Hash.ToLower() + + # the '*' before the packagename signifies it is a binary + "$hash *$packageName" + } | + Out-File -FilePath "$packagePath\SHA512SUMS" -Force $fileContent = Get-Content -Path "$packagePath\SHA512SUMS" -Raw | Out-String Write-Verbose -Verbose -Message $fileContent