From aa7539ba57b44c36b6b30d507c979f3001db1a4d Mon Sep 17 00:00:00 2001 From: Justin Chung <124807742+jshigetomi@users.noreply.github.com> Date: Mon, 25 Aug 2025 16:45:13 -0500 Subject: [PATCH 01/34] Added build steps and throw before signing Remove reference to packages pipeline Use repoRoot set architecture variable to string set and use variable architecutre Get the fullname of all artifacrts Look in Symbols_Arch for all files Initialize PowerShellRoot for signing template Skip signature validation for now revert signature validation Look for tsa and credscan in pipeline.workspace revert signature validation Look for tsa and credscan in pipeline.workspace turn off sig val check for test cert sigining in pipeline and Update-PSSignedBuildFolder Pass parameter to signing template Use bool not string cast to boolean Add parameter to second call to method look for credscan in pipeline.workspace revert windows-hosted build change Revert credscan define artifactPlatform Remove checkout define artifactPlatform Remove checkout maintain checkout to only s Add parameter for vPack name Remove template Add parameter names --- .pipelines/PowerShell-vPack-Official.yml | 157 ++++++++++++++-------- .pipelines/templates/obp-file-signing.yml | 15 ++- tools/packaging/packaging.psm1 | 16 ++- 3 files changed, 123 insertions(+), 65 deletions(-) diff --git a/.pipelines/PowerShell-vPack-Official.yml b/.pipelines/PowerShell-vPack-Official.yml index 36b6505dd04..ba1acf6bdac 100644 --- a/.pipelines/PowerShell-vPack-Official.yml +++ b/.pipelines/PowerShell-vPack-Official.yml @@ -25,6 +25,16 @@ parameters: # parameters are shown up in ADO UI in a build queue time type: string displayName: 'Release Tag Var:' default: 'fromBranch' +- name: OfficialBuild + type: boolean + default: false +- name: vPackName + type: string + displayName: 'VPack Name:' + default: 'PowerShell' + values: + - PowerShell + - PowerShellDoNotUse name: vPack_${{ parameters.architecture }}_$(date:yyMM).$(date:dd)$(rev:rrr) @@ -51,6 +61,10 @@ variables: value: ${{ parameters.ReleaseTagVar }} - group: Azure Blob variable group - group: certificate_logical_to_actual # used within signing task + - name: templateFile + value: ${{ iif ( parameters.OfficialBuild, 'v2/Microsoft.Official.yml@templates', 'v2/Microsoft.NonOfficial.yml@templates' ) }} + - group: DotNetPrivateBuildAccess + - group: certificate_logical_to_actual resources: repositories: @@ -59,17 +73,8 @@ resources: name: OneBranch.Pipelines/GovernedTemplates ref: refs/heads/main - pipelines: - - pipeline: PSPackagesOfficial - source: 'PowerShell-Packages-Official' - trigger: - branches: - include: - - master - - releases/* - extends: - template: v2/Microsoft.Official.yml@templates + template: ${{ variables.templateFile }} parameters: platform: name: 'windows_undocked' # windows undocked @@ -116,8 +121,15 @@ extends: ob_createvpack_version: '$(version)' ob_createvpack_propsFile: true ob_createvpack_verbose: true + ArtifactPlatform: 'windows' steps: + - checkout: self + clean: true + path: s + env: + ob_restore_phase: true + - template: .pipelines/templates/SetVersionVariables.yml@self parameters: ReleaseTagVar: $(ReleaseTagVar) @@ -137,56 +149,94 @@ extends: version: 3.1.x installationPath: $(Agent.ToolsDirectory)/dotnet + ### BUILD ### + + - template: /.pipelines/templates/insert-nuget-config-azfeed.yml@self + parameters: + repoRoot: $(repoRoot) + + - task: CodeQL3000Init@0 # Add CodeQL Init task right before your 'Build' step. + env: + ob_restore_phase: true # Set ob_restore_phase to run this step before '🔒 Setup Signing' step. + inputs: + Enabled: true + AnalyzeInPipeline: false # Do not upload results + Language: csharp + + - task: UseDotNet@2 + inputs: + useGlobalJson: true + workingDirectory: $(repoRoot) + env: + ob_restore_phase: true + - pwsh: | - $packageArtifactName = 'drop_windows_package_package_win_${{ parameters.architecture }}' - $vstsCommandString = "vso[task.setvariable variable=PackageArtifactName]$packageArtifactName" - Write-Host "sending " + $vstsCommandString + # Need to set PowerShellRoot variable for obp-file-signing template + $vstsCommandString = "vso[task.setvariable variable=PowerShellRoot]$(repoRoot)" + Write-Host ("sending " + $vstsCommandString) Write-Host "##$vstsCommandString" - $packageArtifactPath = '$(Pipeline.Workspace)\PSPackagesOfficial' - $vstsCommandString = "vso[task.setvariable variable=PackageArtifactPath]$packageArtifactPath" - Write-Host "sending " + $vstsCommandString + $Architecture = '${{ parameters.architecture }}' + $runtime = switch ($Architecture) + { + "x64" { "win7-x64" } + "x86" { "win7-x86" } + "arm64" { "win-arm64" } + } + + $params = @{} + if ($env:BuildConfiguration -eq 'minSize') { + $params['ForMinimalSize'] = $true + } + + $vstsCommandString = "vso[task.setvariable variable=Runtime]$runtime" + Write-Host ("sending " + $vstsCommandString) Write-Host "##$vstsCommandString" - displayName: 'Set package artifact variables' - - download: PSPackagesOfficial - artifact: $(PackageArtifactName) - displayName: Download package + Write-Verbose -Message "Building PowerShell with Runtime: $runtime for '$env:BuildConfiguration' configuration" + Import-Module -Name $(repoRoot)/build.psm1 -Force + $buildWithSymbolsPath = New-Item -ItemType Directory -Path "$(Pipeline.Workspace)/Symbols_$Architecture" -Force - - pwsh: 'Get-ChildItem $(PackageArtifactPath)\* -recurse | Select-Object -ExpandProperty Name' - displayName: 'Capture Artifact Listing' + Start-PSBootstrap -Scenario Package + $null = New-Item -ItemType Directory -Path $buildWithSymbolsPath -Force -Verbose - - pwsh: | - $message = @() - $packages = Get-ChildItem $(PackageArtifactPath)\* -recurse -include *.zip, *.msi - - if($packages.count -eq 0) {throw "No packages found in $(PackageArtifactPath)"} - - $packages | ForEach-Object { - if($_.Name -notmatch 'PowerShell-\d+\.\d+\.\d+\-([a-z]*.\d+\-)?win\-(fxdependent|x64|arm64|x86|fxdependentWinDesktop)\.(msi|zip){1}') - { - $messageInstance = "$($_.Name) is not a valid package name" - $message += $messageInstance - Write-Warning $messageInstance - } + $ReleaseTagParam = @{} + + if ($env:RELEASETAGVAR) { + $ReleaseTagParam['ReleaseTag'] = $env:RELEASETAGVAR } - if($message.count -gt 0){throw ($message | out-string)} - displayName: 'Validate Zip and MSI Package Names' + Start-PSBuild -Runtime $runtime -Configuration Release -Output $buildWithSymbolsPath -Clean -PSModuleRestore @params @ReleaseTagParam - - pwsh: | - Get-ChildItem $(PackageArtifactPath)\* -recurse -include *.zip | ForEach-Object { - if($_.Name -match 'PowerShell-\d+\.\d+\.\d+\-([a-z]*.\d+\-)?win\-(${{ parameters.architecture }})\.(zip){1}') - { - Expand-Archive -Path $_.FullName -DestinationPath $(ob_outputDirectory) - } - } - displayName: 'Extract Zip to ob_outputDirectory' + $refFolderPath = Join-Path $buildWithSymbolsPath 'ref' + Write-Verbose -Verbose "refFolderPath: $refFolderPath" + $outputPath = Join-Path '$(ob_outputDirectory)' 'psoptions' + $null = New-Item -ItemType Directory -Path $outputPath -Force + $psOptPath = "$outputPath/psoptions.json" + Save-PSOptions -PSOptionsPath $psOptPath + + Write-Verbose -Verbose "Completed building PowerShell for '$env:BuildConfiguration' configuration" + displayName: 'Build Windows Universal - ${{ parameters.architecture }} - -$(BuildConfiguration) Symbols folder' + env: + __DOTNET_RUNTIME_FEED_KEY: $(RUNTIME_SOURCEFEED_KEY) + ob_restore_phase: true # Set ob_restore_phase to run this step before '🔒 Setup Signing' step. + + - task: CodeQL3000Finalize@0 # Add CodeQL Finalize task right after your 'Build' step. + env: + ob_restore_phase: true # Set ob_restore_phase to run this step before '🔒 Setup Signing' step. + + - template: /.pipelines/templates/obp-file-signing.yml@self + parameters: + binPath: '$(Pipeline.Workspace)/Symbols_${{ parameters.architecture }}' + SigningProfile: $(windows_build_tools_cert_id) + OfficialBuild: ${{ parameters.OfficialBuild }} + + ### END OF BUILD ### - pwsh: | Write-Verbose "VPack Version: $(ob_createvpack_version)" -Verbose - Get-ChildItem -Path $(ob_outputDirectory)\* -Recurse - Get-Content $(ob_outputdirectory)\preview.json -ErrorAction SilentlyContinue | Write-Host + Get-ChildItem -Path "$(Pipeline.Workspace)\Symbols_${{ parameters.architecture }}\*" -Recurse + Get-Content "$(Pipeline.Workspace)\PowerShell\preview.json" -ErrorAction SilentlyContinue | Write-Host displayName: Debug Output Directory and Version condition: succeededOrFailed() @@ -206,19 +256,10 @@ extends: - pwsh: | Write-Verbose "VPack Version: $(ob_createvpack_version)" -Verbose - $vpackFiles = Get-ChildItem -Path $(ob_outputDirectory)\* -Recurse + $vpackFiles = Get-ChildItem -Path "$(Pipeline.Workspace)\Symbols_${{ parameters.architecture }}\*" -Recurse if($vpackFiles.Count -eq 0) { - throw "No files found in $(ob_outputDirectory)" + throw "No files found in $(Pipeline.Workspace)\Symbols_${{ parameters.architecture }}" } $vpackFiles displayName: Debug Output Directory and Version condition: succeededOrFailed() - - - task: onebranch.pipeline.signing@1 - displayName: 'Onebranch Signing' - inputs: - command: 'sign' - signing_environment: 'azure-ado' - cp_code: $(windows_build_tools_cert_id) - files_to_sign: '**/*.exe;**/System.Management.Automation.dll' - search_root: $(ob_outputDirectory) diff --git a/.pipelines/templates/obp-file-signing.yml b/.pipelines/templates/obp-file-signing.yml index b6683d3caaf..c6057746c8a 100644 --- a/.pipelines/templates/obp-file-signing.yml +++ b/.pipelines/templates/obp-file-signing.yml @@ -1,6 +1,8 @@ parameters: binPath: '$(ob_outputDirectory)' globalTool: 'false' + SigningProfile: 'external_distribution' + OfficialBuild: true steps: - pwsh: | @@ -80,7 +82,7 @@ steps: displayName: Sign 1st party files inputs: command: 'sign' - signing_profile: external_distribution + signing_profile: ${{ parameters.SigningProfile }} files_to_sign: '**\*.psd1;**\*.psm1;**\*.ps1xml;**\*.ps1;**\*.dll;**\*.exe;**\pwsh' search_root: $(Pipeline.Workspace)/toBeSigned @@ -95,13 +97,15 @@ steps: $BuildPath = (Get-Item '${{ parameters.binPath }}').FullName Write-Verbose -Verbose -Message "BuildPath: $BuildPath" + $officialBuild = [System.Convert]::ToBoolean('${{ parameters.OfficialBuild }}') + ## copy all files to be signed to build folder - Update-PSSignedBuildFolder -BuildPath $BuildPath -SignedFilesPath '$(Pipeline.Workspace)/toBeSigned' + Update-PSSignedBuildFolder -BuildPath $BuildPath -SignedFilesPath '$(Pipeline.Workspace)/toBeSigned' -OfficialBuild $officialBuild $dlls = Get-ChildItem $BuildPath/*.dll, $BuildPath/*.exe -Recurse $signatures = $dlls | Get-AuthenticodeSignature - $missingSignatures = $signatures | Where-Object { $_.status -eq 'notsigned' -or $_.SignerCertificate.Issuer -notmatch '^CN=Microsoft.*'}| select-object -ExpandProperty Path - + $missingSignatures = $signatures | Where-Object { $_.status -eq 'notsigned' -or $_.SignerCertificate.Issuer -notmatch '^CN=(Microsoft|TestAzureEngBuildCodeSign).*'}| select-object -ExpandProperty Path + Write-Verbose -verbose "to be signed:`r`n $($missingSignatures | Out-String)" $filesToSignDirectory = "$(Pipeline.Workspace)/thirdPartyToBeSigned" @@ -137,6 +141,7 @@ steps: displayName: Capture ThirdParty Signed files - pwsh: | + $officialBuild = [System.Convert]::ToBoolean('${{ parameters.OfficialBuild }}') Import-Module '$(PowerShellRoot)/build.psm1' -Force Import-Module '$(PowerShellRoot)/tools/packaging' -Force $isGlobalTool = '${{ parameters.globalTool }}' -eq 'true' @@ -153,7 +158,7 @@ steps: Write-Verbose "Copying third party signed files to the build folder" $thirdPartySignedFilesPath = (Get-Item '$(Pipeline.Workspace)/thirdPartyToBeSigned').FullName - Update-PSSignedBuildFolder -BuildPath $pathForUpload -SignedFilesPath $thirdPartySignedFilesPath + Update-PSSignedBuildFolder -BuildPath $pathForUpload -SignedFilesPath $thirdPartySignedFilesPath -OfficialBuild $officialBuild displayName: 'Copy signed files for upload' diff --git a/tools/packaging/packaging.psm1 b/tools/packaging/packaging.psm1 index 52355c1eb4f..ca4764f6d69 100644 --- a/tools/packaging/packaging.psm1 +++ b/tools/packaging/packaging.psm1 @@ -887,7 +887,8 @@ function Update-PSSignedBuildFolder [string]$BuildPath, [Parameter(Mandatory)] [string]$SignedFilesPath, - [string[]] $RemoveFilter = ('*.pdb', '*.zip', '*.r2rmap') + [string[]] $RemoveFilter = ('*.pdb', '*.zip', '*.r2rmap'), + [bool]$OfficialBuild = $true ) $BuildPathNormalized = (Get-Item $BuildPath).FullName @@ -943,8 +944,19 @@ function Update-PSSignedBuildFolder if ($IsWindows) { $signature = Get-AuthenticodeSignature -FilePath $signedFilePath - if ($signature.Status -ne 'Valid') { + + if ($signature.Status -ne 'Valid' -and $OfficialBuild) { Write-Error "Invalid signature for $signedFilePath" + } elseif ($OfficialBuild -eq $false) { + if ($signature.Status -eq 'NotSigned') { + Write-Warning "File is not signed: $signedFilePath" + } elseif ($signature.SignerCertificate.Issuer -notmatch '^CN=(Microsoft|TestAzureEngBuildCodeSign).*') { + Write-Warning "File signed with test certificate: $signedFilePath" + Write-Host "Certificate Issuer: $($signature.SignerCertificate.Issuer)" + Write-Host "Certificate Subject: $($signature.SignerCertificate.Subject)" + } else { + Write-Verbose -Verbose "File properly signed: $signedFilePath" + } } } else From d5e599a3b35e6392e5c43f1f9033c0cdec0ad421 Mon Sep 17 00:00:00 2001 From: Justin Chung <124807742+jshigetomi@users.noreply.github.com> Date: Mon, 25 Aug 2025 16:45:13 -0500 Subject: [PATCH 02/34] Added build steps and throw before signing Remove reference to packages pipeline Use repoRoot set architecture variable to string set and use variable architecutre Get the fullname of all artifacrts Look in Symbols_Arch for all files Initialize PowerShellRoot for signing template Skip signature validation for now revert signature validation Look for tsa and credscan in pipeline.workspace revert signature validation Look for tsa and credscan in pipeline.workspace turn off sig val check for test cert sigining in pipeline and Update-PSSignedBuildFolder Pass parameter to signing template Use bool not string cast to boolean Add parameter to second call to method look for credscan in pipeline.workspace revert windows-hosted build change Revert credscan define artifactPlatform Remove checkout define artifactPlatform Remove checkout maintain checkout to only s Add parameter for vPack name Remove template Add parameter names From f931f41d74b876c157bb6eb80404c21d2561644f Mon Sep 17 00:00:00 2001 From: Justin Chung <124807742+jshigetomi@users.noreply.github.com> Date: Wed, 27 Aug 2025 14:56:05 -0500 Subject: [PATCH 03/34] connect vpackname --- .pipelines/PowerShell-vPack-Official.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/PowerShell-vPack-Official.yml b/.pipelines/PowerShell-vPack-Official.yml index ba1acf6bdac..de596f790ee 100644 --- a/.pipelines/PowerShell-vPack-Official.yml +++ b/.pipelines/PowerShell-vPack-Official.yml @@ -114,7 +114,7 @@ extends: variables: ob_outputDirectory: '$(BUILD.SOURCESDIRECTORY)\out' ob_createvpack_enabled: ${{ parameters.createVPack }} - ob_createvpack_packagename: 'PowerShell.${{ parameters.architecture }}' + ob_createvpack_packagename: '${{ parameters.vPackName }}.${{ parameters.architecture }}' ob_createvpack_description: PowerShell ${{ parameters.architecture }} $(version) ob_createvpack_owneralias: tplunk ob_createvpack_versionAs: string From cec2a6eca5c215c68a393e0ab9e18c7c8f631902 Mon Sep 17 00:00:00 2001 From: Justin Chung <124807742+jshigetomi@users.noreply.github.com> Date: Wed, 27 Aug 2025 15:51:24 -0500 Subject: [PATCH 04/34] add group feed read general for nuget switch --- .pipelines/PowerShell-vPack-Official.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.pipelines/PowerShell-vPack-Official.yml b/.pipelines/PowerShell-vPack-Official.yml index de596f790ee..393610c31f7 100644 --- a/.pipelines/PowerShell-vPack-Official.yml +++ b/.pipelines/PowerShell-vPack-Official.yml @@ -65,6 +65,7 @@ variables: value: ${{ iif ( parameters.OfficialBuild, 'v2/Microsoft.Official.yml@templates', 'v2/Microsoft.NonOfficial.yml@templates' ) }} - group: DotNetPrivateBuildAccess - group: certificate_logical_to_actual + - group: mscodehub-feed-read-general resources: repositories: From 6e4519e6822b3b47e1d6191a9ca3c36057f8c697 Mon Sep 17 00:00:00 2001 From: Justin Chung <124807742+jshigetomi@users.noreply.github.com> Date: Wed, 27 Aug 2025 16:28:36 -0500 Subject: [PATCH 05/34] Add internal build tools signing check --- .pipelines/PowerShell-vPack-Official.yml | 2 +- .pipelines/templates/obp-file-signing.yml | 13 ++++++++----- tools/packaging/packaging.psm1 | 7 +++++-- 3 files changed, 14 insertions(+), 8 deletions(-) diff --git a/.pipelines/PowerShell-vPack-Official.yml b/.pipelines/PowerShell-vPack-Official.yml index 393610c31f7..b66ea154c31 100644 --- a/.pipelines/PowerShell-vPack-Official.yml +++ b/.pipelines/PowerShell-vPack-Official.yml @@ -230,7 +230,7 @@ extends: parameters: binPath: '$(Pipeline.Workspace)/Symbols_${{ parameters.architecture }}' SigningProfile: $(windows_build_tools_cert_id) - OfficialBuild: ${{ parameters.OfficialBuild }} + OfficialBuild: $false ### END OF BUILD ### diff --git a/.pipelines/templates/obp-file-signing.yml b/.pipelines/templates/obp-file-signing.yml index c6057746c8a..84ac82083b2 100644 --- a/.pipelines/templates/obp-file-signing.yml +++ b/.pipelines/templates/obp-file-signing.yml @@ -98,14 +98,16 @@ steps: Write-Verbose -Verbose -Message "BuildPath: $BuildPath" $officialBuild = [System.Convert]::ToBoolean('${{ parameters.OfficialBuild }}') - + $checkIssuerOnly = [System.Convert]::ToBoolean('${{ parameters.CheckIssuerOnly }}') ## copy all files to be signed to build folder - Update-PSSignedBuildFolder -BuildPath $BuildPath -SignedFilesPath '$(Pipeline.Workspace)/toBeSigned' -OfficialBuild $officialBuild + Update-PSSignedBuildFolder -BuildPath $BuildPath -SignedFilesPath '$(Pipeline.Workspace)/toBeSigned' -OfficialBuild $officialBuild -CheckIssuerOnly $checkIssuerOnly $dlls = Get-ChildItem $BuildPath/*.dll, $BuildPath/*.exe -Recurse $signatures = $dlls | Get-AuthenticodeSignature - $missingSignatures = $signatures | Where-Object { $_.status -eq 'notsigned' -or $_.SignerCertificate.Issuer -notmatch '^CN=(Microsoft|TestAzureEngBuildCodeSign).*'}| select-object -ExpandProperty Path - + $officialIssuerPattern = '^CN=(Microsoft Code Signing PCA|Microsoft Root Certificate Authority|Microsoft Corporation).*' + $testCert = '^CN=(Microsoft|TestAzureEngBuildCodeSign).*' + $missingSignatures = $signatures | Where-Object { $_.status -eq 'notsigned' -or $_.SignerCertificate.Issuer -notmatch $testCert -or $_.SignerCertificate.Issuer -notmatch $officialIssuerPattern} | select-object -ExpandProperty Path + Write-Verbose -verbose "to be signed:`r`n $($missingSignatures | Out-String)" $filesToSignDirectory = "$(Pipeline.Workspace)/thirdPartyToBeSigned" @@ -142,6 +144,7 @@ steps: - pwsh: | $officialBuild = [System.Convert]::ToBoolean('${{ parameters.OfficialBuild }}') + $checkIssuerOnly = [System.Convert]::ToBoolean('${{ parameters.CheckIssuerOnly }}') Import-Module '$(PowerShellRoot)/build.psm1' -Force Import-Module '$(PowerShellRoot)/tools/packaging' -Force $isGlobalTool = '${{ parameters.globalTool }}' -eq 'true' @@ -158,7 +161,7 @@ steps: Write-Verbose "Copying third party signed files to the build folder" $thirdPartySignedFilesPath = (Get-Item '$(Pipeline.Workspace)/thirdPartyToBeSigned').FullName - Update-PSSignedBuildFolder -BuildPath $pathForUpload -SignedFilesPath $thirdPartySignedFilesPath -OfficialBuild $officialBuild + Update-PSSignedBuildFolder -BuildPath $pathForUpload -SignedFilesPath $thirdPartySignedFilesPath -OfficialBuild $officialBuild -CheckIssuerOnly $checkIssuerOnly displayName: 'Copy signed files for upload' diff --git a/tools/packaging/packaging.psm1 b/tools/packaging/packaging.psm1 index ca4764f6d69..86b4fe8a645 100644 --- a/tools/packaging/packaging.psm1 +++ b/tools/packaging/packaging.psm1 @@ -888,7 +888,8 @@ function Update-PSSignedBuildFolder [Parameter(Mandatory)] [string]$SignedFilesPath, [string[]] $RemoveFilter = ('*.pdb', '*.zip', '*.r2rmap'), - [bool]$OfficialBuild = $true + [bool]$OfficialBuild = $true, + [bool]$CheckIssuerOnly = $false ) $BuildPathNormalized = (Get-Item $BuildPath).FullName @@ -946,11 +947,13 @@ function Update-PSSignedBuildFolder $signature = Get-AuthenticodeSignature -FilePath $signedFilePath if ($signature.Status -ne 'Valid' -and $OfficialBuild) { + Write-Host "Certificate Issuer: $($signature.SignerCertificate.Issuer)" + Write-Host "Certificate Subject: $($signature.SignerCertificate.Subject)" Write-Error "Invalid signature for $signedFilePath" } elseif ($OfficialBuild -eq $false) { if ($signature.Status -eq 'NotSigned') { Write-Warning "File is not signed: $signedFilePath" - } elseif ($signature.SignerCertificate.Issuer -notmatch '^CN=(Microsoft|TestAzureEngBuildCodeSign).*') { + } elseif ($signature.SignerCertificate.Issuer -notmatch '^CN=(Microsoft|TestAzureEngBuildCodeSign|Windows Internal Build Tools).*') { Write-Warning "File signed with test certificate: $signedFilePath" Write-Host "Certificate Issuer: $($signature.SignerCertificate.Issuer)" Write-Host "Certificate Subject: $($signature.SignerCertificate.Subject)" From 218fab39576ea6e1b8af85273bddc39187157b4e Mon Sep 17 00:00:00 2001 From: "Travis Plunk (HE/HIM)" Date: Wed, 27 Aug 2025 16:01:43 -0700 Subject: [PATCH 06/34] Remove deprecated PAT group reference from pipeline configuration --- .pipelines/PowerShell-vPack-Official.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.pipelines/PowerShell-vPack-Official.yml b/.pipelines/PowerShell-vPack-Official.yml index b66ea154c31..cec9e22e678 100644 --- a/.pipelines/PowerShell-vPack-Official.yml +++ b/.pipelines/PowerShell-vPack-Official.yml @@ -65,7 +65,8 @@ variables: value: ${{ iif ( parameters.OfficialBuild, 'v2/Microsoft.Official.yml@templates', 'v2/Microsoft.NonOfficial.yml@templates' ) }} - group: DotNetPrivateBuildAccess - group: certificate_logical_to_actual - - group: mscodehub-feed-read-general +# We shouldn't be using PATs anymore +# - group: mscodehub-feed-read-general resources: repositories: @@ -129,7 +130,7 @@ extends: clean: true path: s env: - ob_restore_phase: true + ob_restore_phase: true - template: .pipelines/templates/SetVersionVariables.yml@self parameters: From d5d4f7fd59978f5c696948f315e65f13ecd11560 Mon Sep 17 00:00:00 2001 From: "Travis Plunk (HE/HIM)" Date: Thu, 28 Aug 2025 09:50:25 -0700 Subject: [PATCH 07/34] Fix OfficialBuild parameter assignment in pipeline configuration --- .pipelines/PowerShell-vPack-Official.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/PowerShell-vPack-Official.yml b/.pipelines/PowerShell-vPack-Official.yml index cec9e22e678..1bdf2acdd5c 100644 --- a/.pipelines/PowerShell-vPack-Official.yml +++ b/.pipelines/PowerShell-vPack-Official.yml @@ -231,7 +231,7 @@ extends: parameters: binPath: '$(Pipeline.Workspace)/Symbols_${{ parameters.architecture }}' SigningProfile: $(windows_build_tools_cert_id) - OfficialBuild: $false + OfficialBuild: false ### END OF BUILD ### From aa3804fba7b01fb36af46373d4ee10f70094980f Mon Sep 17 00:00:00 2001 From: "Travis Plunk (HE/HIM)" Date: Thu, 28 Aug 2025 11:34:21 -0700 Subject: [PATCH 08/34] Remove CheckIssuerOnly parameter from Update-PSSignedBuildFolder function --- .pipelines/templates/obp-file-signing.yml | 6 ++---- tools/packaging/packaging.psm1 | 3 +-- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/.pipelines/templates/obp-file-signing.yml b/.pipelines/templates/obp-file-signing.yml index 84ac82083b2..d873ccf04ed 100644 --- a/.pipelines/templates/obp-file-signing.yml +++ b/.pipelines/templates/obp-file-signing.yml @@ -98,9 +98,8 @@ steps: Write-Verbose -Verbose -Message "BuildPath: $BuildPath" $officialBuild = [System.Convert]::ToBoolean('${{ parameters.OfficialBuild }}') - $checkIssuerOnly = [System.Convert]::ToBoolean('${{ parameters.CheckIssuerOnly }}') ## copy all files to be signed to build folder - Update-PSSignedBuildFolder -BuildPath $BuildPath -SignedFilesPath '$(Pipeline.Workspace)/toBeSigned' -OfficialBuild $officialBuild -CheckIssuerOnly $checkIssuerOnly + Update-PSSignedBuildFolder -BuildPath $BuildPath -SignedFilesPath '$(Pipeline.Workspace)/toBeSigned' -OfficialBuild $officialBuild $dlls = Get-ChildItem $BuildPath/*.dll, $BuildPath/*.exe -Recurse $signatures = $dlls | Get-AuthenticodeSignature @@ -144,7 +143,6 @@ steps: - pwsh: | $officialBuild = [System.Convert]::ToBoolean('${{ parameters.OfficialBuild }}') - $checkIssuerOnly = [System.Convert]::ToBoolean('${{ parameters.CheckIssuerOnly }}') Import-Module '$(PowerShellRoot)/build.psm1' -Force Import-Module '$(PowerShellRoot)/tools/packaging' -Force $isGlobalTool = '${{ parameters.globalTool }}' -eq 'true' @@ -161,7 +159,7 @@ steps: Write-Verbose "Copying third party signed files to the build folder" $thirdPartySignedFilesPath = (Get-Item '$(Pipeline.Workspace)/thirdPartyToBeSigned').FullName - Update-PSSignedBuildFolder -BuildPath $pathForUpload -SignedFilesPath $thirdPartySignedFilesPath -OfficialBuild $officialBuild -CheckIssuerOnly $checkIssuerOnly + Update-PSSignedBuildFolder -BuildPath $pathForUpload -SignedFilesPath $thirdPartySignedFilesPath -OfficialBuild $officialBuild displayName: 'Copy signed files for upload' diff --git a/tools/packaging/packaging.psm1 b/tools/packaging/packaging.psm1 index 86b4fe8a645..b1e4327bee0 100644 --- a/tools/packaging/packaging.psm1 +++ b/tools/packaging/packaging.psm1 @@ -888,8 +888,7 @@ function Update-PSSignedBuildFolder [Parameter(Mandatory)] [string]$SignedFilesPath, [string[]] $RemoveFilter = ('*.pdb', '*.zip', '*.r2rmap'), - [bool]$OfficialBuild = $true, - [bool]$CheckIssuerOnly = $false + [bool]$OfficialBuild = $true ) $BuildPathNormalized = (Get-Item $BuildPath).FullName From e335a4d780daf4614ad581bd93707d9e931d8716 Mon Sep 17 00:00:00 2001 From: "Travis Plunk (HE/HIM)" Date: Thu, 28 Aug 2025 15:11:45 -0700 Subject: [PATCH 09/34] Refactor vPack architecture handling and remove deprecated parameter --- .pipelines/PowerShell-vPack-Official.yml | 41 ++++++++++++++---------- 1 file changed, 24 insertions(+), 17 deletions(-) diff --git a/.pipelines/PowerShell-vPack-Official.yml b/.pipelines/PowerShell-vPack-Official.yml index 1bdf2acdd5c..ff6bdcb604a 100644 --- a/.pipelines/PowerShell-vPack-Official.yml +++ b/.pipelines/PowerShell-vPack-Official.yml @@ -9,14 +9,6 @@ parameters: # parameters are shown up in ADO UI in a build queue time displayName: 'Enable debug output' type: boolean default: false -- name: 'architecture' - type: string - displayName: 'Select the vpack architecture:' - values: - - x64 - - x86 - - arm64 - default: x64 - name: 'VPackPublishOverride' type: string displayName: 'VPack Publish Override Version (can leave blank):' @@ -36,7 +28,7 @@ parameters: # parameters are shown up in ADO UI in a build queue time - PowerShell - PowerShellDoNotUse -name: vPack_${{ parameters.architecture }}_$(date:yyMM).$(date:dd)$(rev:rrr) +name: vPack_$(date:yyMM).$(date:dd)$(rev:rrr) variables: - name: CDP_DEFINITION_BUILD_COUNT @@ -113,11 +105,26 @@ extends: pool: type: windows + strategy: + matrix: + x86: + architecture: x86 + ob_createvpack_packagename: '${{ parameters.vPackName }}.x86' + ob_createvpack_description: PowerShell x86 $(version) + + x64: + architecture: x64 + ob_createvpack_packagename: '${{ parameters.vPackName }}.x64' + ob_createvpack_description: PowerShell x64 $(version) + + arm64: + architecture: arm64 + ob_createvpack_packagename: '${{ parameters.vPackName }}.arm64' + ob_createvpack_description: PowerShell arm64 $(version) + variables: ob_outputDirectory: '$(BUILD.SOURCESDIRECTORY)\out' ob_createvpack_enabled: ${{ parameters.createVPack }} - ob_createvpack_packagename: '${{ parameters.vPackName }}.${{ parameters.architecture }}' - ob_createvpack_description: PowerShell ${{ parameters.architecture }} $(version) ob_createvpack_owneralias: tplunk ob_createvpack_versionAs: string ob_createvpack_version: '$(version)' @@ -178,7 +185,7 @@ extends: Write-Host ("sending " + $vstsCommandString) Write-Host "##$vstsCommandString" - $Architecture = '${{ parameters.architecture }}' + $Architecture = '$(Architecture)' $runtime = switch ($Architecture) { "x64" { "win7-x64" } @@ -218,7 +225,7 @@ extends: Save-PSOptions -PSOptionsPath $psOptPath Write-Verbose -Verbose "Completed building PowerShell for '$env:BuildConfiguration' configuration" - displayName: 'Build Windows Universal - ${{ parameters.architecture }} - -$(BuildConfiguration) Symbols folder' + displayName: 'Build Windows Universal - '$(Architecture)' - -$(BuildConfiguration) Symbols folder' env: __DOTNET_RUNTIME_FEED_KEY: $(RUNTIME_SOURCEFEED_KEY) ob_restore_phase: true # Set ob_restore_phase to run this step before '🔒 Setup Signing' step. @@ -229,7 +236,7 @@ extends: - template: /.pipelines/templates/obp-file-signing.yml@self parameters: - binPath: '$(Pipeline.Workspace)/Symbols_${{ parameters.architecture }}' + binPath: '$(Pipeline.Workspace)/Symbols_$(Architecture)' SigningProfile: $(windows_build_tools_cert_id) OfficialBuild: false @@ -237,7 +244,7 @@ extends: - pwsh: | Write-Verbose "VPack Version: $(ob_createvpack_version)" -Verbose - Get-ChildItem -Path "$(Pipeline.Workspace)\Symbols_${{ parameters.architecture }}\*" -Recurse + Get-ChildItem -Path "$(Pipeline.Workspace)\Symbols_$(Architecture)\*" -Recurse Get-Content "$(Pipeline.Workspace)\PowerShell\preview.json" -ErrorAction SilentlyContinue | Write-Host displayName: Debug Output Directory and Version condition: succeededOrFailed() @@ -258,9 +265,9 @@ extends: - pwsh: | Write-Verbose "VPack Version: $(ob_createvpack_version)" -Verbose - $vpackFiles = Get-ChildItem -Path "$(Pipeline.Workspace)\Symbols_${{ parameters.architecture }}\*" -Recurse + $vpackFiles = Get-ChildItem -Path "$(Pipeline.Workspace)\Symbols_$(Architecture)\*" -Recurse if($vpackFiles.Count -eq 0) { - throw "No files found in $(Pipeline.Workspace)\Symbols_${{ parameters.architecture }}" + throw "No files found in $(Pipeline.Workspace)\Symbols_$(Architecture)" } $vpackFiles displayName: Debug Output Directory and Version From 2545e948cbd1b80964ced0283e76c48b379f6902 Mon Sep 17 00:00:00 2001 From: "Travis Plunk (HE/HIM)" Date: Thu, 28 Aug 2025 15:36:13 -0700 Subject: [PATCH 10/34] Fix display name formatting in build step for Windows Universal --- .pipelines/PowerShell-vPack-Official.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/PowerShell-vPack-Official.yml b/.pipelines/PowerShell-vPack-Official.yml index ff6bdcb604a..b505353fa0d 100644 --- a/.pipelines/PowerShell-vPack-Official.yml +++ b/.pipelines/PowerShell-vPack-Official.yml @@ -225,7 +225,7 @@ extends: Save-PSOptions -PSOptionsPath $psOptPath Write-Verbose -Verbose "Completed building PowerShell for '$env:BuildConfiguration' configuration" - displayName: 'Build Windows Universal - '$(Architecture)' - -$(BuildConfiguration) Symbols folder' + displayName: Build Windows Universal - $(Architecture) - -$(BuildConfiguration) Symbols folder env: __DOTNET_RUNTIME_FEED_KEY: $(RUNTIME_SOURCEFEED_KEY) ob_restore_phase: true # Set ob_restore_phase to run this step before '🔒 Setup Signing' step. From 2ed384edb968dbf1df5820ddb445a67570925c18 Mon Sep 17 00:00:00 2001 From: "Travis Plunk (HE/HIM)" Date: Thu, 28 Aug 2025 16:09:44 -0700 Subject: [PATCH 11/34] Refactor parameters in PowerShell-vPack-Official.yml: reorder OfficialBuild and debug, and adjust vPackName settings --- .pipelines/PowerShell-vPack-Official.yml | 67 +++++++++++++++++------- 1 file changed, 49 insertions(+), 18 deletions(-) diff --git a/.pipelines/PowerShell-vPack-Official.yml b/.pipelines/PowerShell-vPack-Official.yml index b505353fa0d..13c092db3f6 100644 --- a/.pipelines/PowerShell-vPack-Official.yml +++ b/.pipelines/PowerShell-vPack-Official.yml @@ -1,14 +1,20 @@ trigger: none parameters: # parameters are shown up in ADO UI in a build queue time +- name: OfficialBuild + type: boolean + default: false - name: 'createVPack' displayName: 'Create and Submit VPack' type: boolean default: true -- name: 'debug' - displayName: 'Enable debug output' - type: boolean - default: false +- name: vPackName + type: string + displayName: 'VPack Name:' + default: 'PowerShell' + values: + - PowerShell + - PowerShellDoNotUse - name: 'VPackPublishOverride' type: string displayName: 'VPack Publish Override Version (can leave blank):' @@ -17,16 +23,10 @@ parameters: # parameters are shown up in ADO UI in a build queue time type: string displayName: 'Release Tag Var:' default: 'fromBranch' -- name: OfficialBuild +- name: 'debug' + displayName: 'Enable debug output' type: boolean default: false -- name: vPackName - type: string - displayName: 'VPack Name:' - default: 'PowerShell' - values: - - PowerShell - - PowerShellDoNotUse name: vPack_$(date:yyMM).$(date:dd)$(rev:rrr) @@ -99,9 +99,9 @@ extends: enabled: false tsaOptionsFile: .config/tsaoptions.json stages: - - stage: main + - stage: Build jobs: - - job: main + - job: Build pool: type: windows @@ -126,14 +126,14 @@ extends: ob_outputDirectory: '$(BUILD.SOURCESDIRECTORY)\out' ob_createvpack_enabled: ${{ parameters.createVPack }} ob_createvpack_owneralias: tplunk - ob_createvpack_versionAs: string - ob_createvpack_version: '$(version)' + ob_createvpack_versionAs: parts ob_createvpack_propsFile: true ob_createvpack_verbose: true ArtifactPlatform: 'windows' steps: - checkout: self + displayName: Checkout source code - during restore clean: true path: s env: @@ -145,6 +145,36 @@ extends: CreateJson: yes UseJson: no + - pwsh: | + Write-Host "Using VPackPublishOverride variable" + + $mainVersionParts = '$(version)' -split '-' + $versionParts = $mainVersionParts[0] -split '.'; + $major = $versionParts[0] + $minor = $versionParts[1] + $patch = $versionParts[2] + $previewPart = $mainVersionParts[1] + + Write-Host "major: $major; minor: $minor; patch: $patch;" + + $vstsCommandString = "vso[task.setvariable variable=ob_createvpack_majorVer]$major" + Write-Host "sending " + $vstsCommandString + Write-Host "##$vstsCommandString" + + $vstsCommandString = "vso[task.setvariable variable=ob_createvpack_minorVer]$minor" + Write-Host "sending " + $vstsCommandString + Write-Host "##$vstsCommandString" + + $vstsCommandString = "vso[task.setvariable variable=ob_createvpack_patchVer]$patch" + Write-Host "sending " + $vstsCommandString + Write-Host "##$vstsCommandString" + if($previewPart) { + $vstsCommandString = "vso[task.setvariable variable=ob_createvpack_prereleaseVer]$previewPart" + } else { + Write-Verbose -Verbose "No prerelease part found in version string." + } + displayName: Set ob_createvpack_*Ver + - pwsh: | if($env:RELEASETAGVAR -match '-') { throw "Don't release a preview build without coordinating with Windows Engineering Build Tools Team" @@ -173,6 +203,7 @@ extends: Language: csharp - task: UseDotNet@2 + displayName: 'Install .NET based on global.json' inputs: useGlobalJson: true workingDirectory: $(repoRoot) @@ -225,7 +256,7 @@ extends: Save-PSOptions -PSOptionsPath $psOptPath Write-Verbose -Verbose "Completed building PowerShell for '$env:BuildConfiguration' configuration" - displayName: Build Windows Universal - $(Architecture) - -$(BuildConfiguration) Symbols folder + displayName: Build Windows Universal - $(Architecture) -$(BuildConfiguration) Symbols folder env: __DOTNET_RUNTIME_FEED_KEY: $(RUNTIME_SOURCEFEED_KEY) ob_restore_phase: true # Set ob_restore_phase to run this step before '🔒 Setup Signing' step. @@ -243,7 +274,7 @@ extends: ### END OF BUILD ### - pwsh: | - Write-Verbose "VPack Version: $(ob_createvpack_version)" -Verbose + Get-ChildItem env:ob_createvpack_*Ver Get-ChildItem -Path "$(Pipeline.Workspace)\Symbols_$(Architecture)\*" -Recurse Get-Content "$(Pipeline.Workspace)\PowerShell\preview.json" -ErrorAction SilentlyContinue | Write-Host displayName: Debug Output Directory and Version From 42383f4204673e2bc0ab11021d0236222016ac5a Mon Sep 17 00:00:00 2001 From: "Travis Plunk (HE/HIM)" Date: Thu, 28 Aug 2025 16:41:26 -0700 Subject: [PATCH 12/34] Add Component Detection task to governance build pipeline --- .pipelines/PowerShell-vPack-Official.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.pipelines/PowerShell-vPack-Official.yml b/.pipelines/PowerShell-vPack-Official.yml index 13c092db3f6..05e7a61e375 100644 --- a/.pipelines/PowerShell-vPack-Official.yml +++ b/.pipelines/PowerShell-vPack-Official.yml @@ -265,6 +265,12 @@ extends: env: ob_restore_phase: true # Set ob_restore_phase to run this step before '🔒 Setup Signing' step. + - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0 + displayName: 'Component Detection' + inputs: + sourceScanPath: '$(repoRoot)\src' + ob_restore_phase: true + - template: /.pipelines/templates/obp-file-signing.yml@self parameters: binPath: '$(Pipeline.Workspace)/Symbols_$(Architecture)' From dbc00a9608f2e8d1870331d8cc4203406288f2eb Mon Sep 17 00:00:00 2001 From: "Travis Plunk (HE/HIM)" Date: Thu, 28 Aug 2025 16:47:34 -0700 Subject: [PATCH 13/34] Add environment variable for restore phase in build steps --- .pipelines/PowerShell-vPack-Official.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.pipelines/PowerShell-vPack-Official.yml b/.pipelines/PowerShell-vPack-Official.yml index 05e7a61e375..f3ec7ca8d7e 100644 --- a/.pipelines/PowerShell-vPack-Official.yml +++ b/.pipelines/PowerShell-vPack-Official.yml @@ -174,12 +174,16 @@ extends: Write-Verbose -Verbose "No prerelease part found in version string." } displayName: Set ob_createvpack_*Ver + env: + ob_restore_phase: true - pwsh: | if($env:RELEASETAGVAR -match '-') { throw "Don't release a preview build without coordinating with Windows Engineering Build Tools Team" } displayName: Stop any preview release + env: + ob_restore_phase: true - task: UseDotNet@2 displayName: 'Use .NET Core sdk' From e7425336fe7683a57cc6e9f398664d602e40e1ac Mon Sep 17 00:00:00 2001 From: "Travis Plunk (HE/HIM)" Date: Thu, 28 Aug 2025 16:52:31 -0700 Subject: [PATCH 14/34] Remove VPackPublishOverride parameter and related references from the pipeline --- .pipelines/PowerShell-vPack-Official.yml | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/.pipelines/PowerShell-vPack-Official.yml b/.pipelines/PowerShell-vPack-Official.yml index f3ec7ca8d7e..0f3f5b2d384 100644 --- a/.pipelines/PowerShell-vPack-Official.yml +++ b/.pipelines/PowerShell-vPack-Official.yml @@ -15,10 +15,6 @@ parameters: # parameters are shown up in ADO UI in a build queue time values: - PowerShell - PowerShellDoNotUse -- name: 'VPackPublishOverride' - type: string - displayName: 'VPack Publish Override Version (can leave blank):' - default: ' ' - name: 'ReleaseTagVar' type: string displayName: 'Release Tag Var:' @@ -146,8 +142,6 @@ extends: UseJson: no - pwsh: | - Write-Host "Using VPackPublishOverride variable" - $mainVersionParts = '$(version)' -split '-' $versionParts = $mainVersionParts[0] -split '.'; $major = $versionParts[0] @@ -290,22 +284,12 @@ extends: displayName: Debug Output Directory and Version condition: succeededOrFailed() - - pwsh: | - Write-Host "Using VPackPublishOverride variable" - $vpackVersion = '${{ parameters.VPackPublishOverride }}' - $vstsCommandString = "vso[task.setvariable variable=ob_createvpack_version]$vpackVersion" - Write-Host "sending " + $vstsCommandString - Write-Host "##$vstsCommandString" - condition: ne('${{ parameters.VPackPublishOverride }}', ' ') - displayName: 'Set ob_createvpack_version with VPackPublishOverride' - - pwsh: | Get-ChildItem -Path env: | Out-String -width 9999 -Stream | write-Verbose -Verbose displayName: Capture Environment condition: succeededOrFailed() - pwsh: | - Write-Verbose "VPack Version: $(ob_createvpack_version)" -Verbose $vpackFiles = Get-ChildItem -Path "$(Pipeline.Workspace)\Symbols_$(Architecture)\*" -Recurse if($vpackFiles.Count -eq 0) { throw "No files found in $(Pipeline.Workspace)\Symbols_$(Architecture)" From 6a84af0039c478ad5780914262ddd30a797f673c Mon Sep 17 00:00:00 2001 From: "Travis Plunk (HE/HIM)" Date: Fri, 29 Aug 2025 10:54:04 -0700 Subject: [PATCH 15/34] Add artifact suffix for architecture in vPack package creation --- .pipelines/PowerShell-vPack-Official.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.pipelines/PowerShell-vPack-Official.yml b/.pipelines/PowerShell-vPack-Official.yml index 0f3f5b2d384..1ef79cbf05a 100644 --- a/.pipelines/PowerShell-vPack-Official.yml +++ b/.pipelines/PowerShell-vPack-Official.yml @@ -107,16 +107,19 @@ extends: architecture: x86 ob_createvpack_packagename: '${{ parameters.vPackName }}.x86' ob_createvpack_description: PowerShell x86 $(version) + ob_artifactSuffix: x86 x64: architecture: x64 ob_createvpack_packagename: '${{ parameters.vPackName }}.x64' ob_createvpack_description: PowerShell x64 $(version) + ob_artifactSuffix: x64 arm64: architecture: arm64 ob_createvpack_packagename: '${{ parameters.vPackName }}.arm64' ob_createvpack_description: PowerShell arm64 $(version) + ob_artifactSuffix: arm64 variables: ob_outputDirectory: '$(BUILD.SOURCESDIRECTORY)\out' From 31dd91c4ebbc0df15366a8ee8a47b42f98dda968 Mon Sep 17 00:00:00 2001 From: "Travis Plunk (HE/HIM)" Date: Fri, 29 Aug 2025 12:30:59 -0700 Subject: [PATCH 16/34] Rename build stage and job, and update artifact naming convention in PowerShell-vPack pipeline --- .pipelines/PowerShell-vPack-Official.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.pipelines/PowerShell-vPack-Official.yml b/.pipelines/PowerShell-vPack-Official.yml index 1ef79cbf05a..230db4ab635 100644 --- a/.pipelines/PowerShell-vPack-Official.yml +++ b/.pipelines/PowerShell-vPack-Official.yml @@ -95,9 +95,9 @@ extends: enabled: false tsaOptionsFile: .config/tsaoptions.json stages: - - stage: Build + - stage: BuildStage jobs: - - job: Build + - job: BuildJob pool: type: windows @@ -107,19 +107,19 @@ extends: architecture: x86 ob_createvpack_packagename: '${{ parameters.vPackName }}.x86' ob_createvpack_description: PowerShell x86 $(version) - ob_artifactSuffix: x86 + ob_artifactBaseName: drop_build_x86 x64: architecture: x64 ob_createvpack_packagename: '${{ parameters.vPackName }}.x64' ob_createvpack_description: PowerShell x64 $(version) - ob_artifactSuffix: x64 + ob_artifactBaseName: drop_build_x64 arm64: architecture: arm64 ob_createvpack_packagename: '${{ parameters.vPackName }}.arm64' ob_createvpack_description: PowerShell arm64 $(version) - ob_artifactSuffix: arm64 + ob_artifactBaseName: drop_build_arm64 variables: ob_outputDirectory: '$(BUILD.SOURCESDIRECTORY)\out' From 1636ca87794800d1f1f37898fa05f9be31739d06 Mon Sep 17 00:00:00 2001 From: "Travis Plunk (HE/HIM)" Date: Fri, 29 Aug 2025 12:38:06 -0700 Subject: [PATCH 17/34] Refactor package naming and description for architecture-specific builds in PowerShell-vPack pipeline --- .pipelines/PowerShell-vPack-Official.yml | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/.pipelines/PowerShell-vPack-Official.yml b/.pipelines/PowerShell-vPack-Official.yml index 230db4ab635..6b4022ac936 100644 --- a/.pipelines/PowerShell-vPack-Official.yml +++ b/.pipelines/PowerShell-vPack-Official.yml @@ -105,21 +105,12 @@ extends: matrix: x86: architecture: x86 - ob_createvpack_packagename: '${{ parameters.vPackName }}.x86' - ob_createvpack_description: PowerShell x86 $(version) - ob_artifactBaseName: drop_build_x86 x64: architecture: x64 - ob_createvpack_packagename: '${{ parameters.vPackName }}.x64' - ob_createvpack_description: PowerShell x64 $(version) - ob_artifactBaseName: drop_build_x64 arm64: architecture: arm64 - ob_createvpack_packagename: '${{ parameters.vPackName }}.arm64' - ob_createvpack_description: PowerShell arm64 $(version) - ob_artifactBaseName: drop_build_arm64 variables: ob_outputDirectory: '$(BUILD.SOURCESDIRECTORY)\out' @@ -128,6 +119,10 @@ extends: ob_createvpack_versionAs: parts ob_createvpack_propsFile: true ob_createvpack_verbose: true + ob_createvpack_packagename: '${{ parameters.vPackName }}.$(architecture)' + ob_createvpack_description: PowerShell $(architecture) $(version) + ob_artifactBaseName: drop_build_$(architecture) + ob_artifactSuffix: $(architecture) ArtifactPlatform: 'windows' steps: From 56596f50e598d60d55ae26d3bb6f5d5819a09b84 Mon Sep 17 00:00:00 2001 From: "Travis Plunk (HE/HIM)" Date: Fri, 29 Aug 2025 12:44:06 -0700 Subject: [PATCH 18/34] Update vPack name format to include OfficialBuild and SourceBranchName in PowerShell-vPack pipeline --- .pipelines/PowerShell-vPack-Official.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/PowerShell-vPack-Official.yml b/.pipelines/PowerShell-vPack-Official.yml index 6b4022ac936..231130ebd93 100644 --- a/.pipelines/PowerShell-vPack-Official.yml +++ b/.pipelines/PowerShell-vPack-Official.yml @@ -24,7 +24,7 @@ parameters: # parameters are shown up in ADO UI in a build queue time type: boolean default: false -name: vPack_$(date:yyMM).$(date:dd)$(rev:rrr) +name: vPack_Prod_$(OfficialBuild)_$(Build.SourceBranchName)_$(date:yyMM).$(date:dd)$(rev:rrr) variables: - name: CDP_DEFINITION_BUILD_COUNT From e55d94ac985dd0ae1c35613bd486f7714eef67bc Mon Sep 17 00:00:00 2001 From: "Travis Plunk (HE/HIM)" Date: Fri, 29 Aug 2025 13:08:46 -0700 Subject: [PATCH 19/34] Fix parameter interpolation in vPack name definition in PowerShell-vPack pipeline --- .pipelines/PowerShell-vPack-Official.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/PowerShell-vPack-Official.yml b/.pipelines/PowerShell-vPack-Official.yml index 231130ebd93..a84fb42c7ab 100644 --- a/.pipelines/PowerShell-vPack-Official.yml +++ b/.pipelines/PowerShell-vPack-Official.yml @@ -24,7 +24,7 @@ parameters: # parameters are shown up in ADO UI in a build queue time type: boolean default: false -name: vPack_Prod_$(OfficialBuild)_$(Build.SourceBranchName)_$(date:yyMM).$(date:dd)$(rev:rrr) +name: vPack_Prod_${{ parameters.OfficialBuild }}_$(Build.SourceBranchName)_$(date:yyMM).$(date:dd)$(rev:rrr) variables: - name: CDP_DEFINITION_BUILD_COUNT From b2d6576e1a62d60cce4bc5df1a1183f1cc7bff57 Mon Sep 17 00:00:00 2001 From: "Travis Plunk (HE/HIM)" Date: Fri, 29 Aug 2025 13:11:23 -0700 Subject: [PATCH 20/34] Remove artifact suffix assignment for architecture in vPack pipeline --- .pipelines/PowerShell-vPack-Official.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.pipelines/PowerShell-vPack-Official.yml b/.pipelines/PowerShell-vPack-Official.yml index a84fb42c7ab..f99e7ba1f9d 100644 --- a/.pipelines/PowerShell-vPack-Official.yml +++ b/.pipelines/PowerShell-vPack-Official.yml @@ -122,7 +122,6 @@ extends: ob_createvpack_packagename: '${{ parameters.vPackName }}.$(architecture)' ob_createvpack_description: PowerShell $(architecture) $(version) ob_artifactBaseName: drop_build_$(architecture) - ob_artifactSuffix: $(architecture) ArtifactPlatform: 'windows' steps: From eac453c32e9b6b3700d748ca70c30466168a8fa0 Mon Sep 17 00:00:00 2001 From: "Travis Plunk (HE/HIM)" Date: Fri, 29 Aug 2025 13:14:31 -0700 Subject: [PATCH 21/34] Update vPack name format to include createVPack parameter in PowerShell-vPack pipeline --- .pipelines/PowerShell-vPack-Official.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/PowerShell-vPack-Official.yml b/.pipelines/PowerShell-vPack-Official.yml index f99e7ba1f9d..fec633bb774 100644 --- a/.pipelines/PowerShell-vPack-Official.yml +++ b/.pipelines/PowerShell-vPack-Official.yml @@ -24,7 +24,7 @@ parameters: # parameters are shown up in ADO UI in a build queue time type: boolean default: false -name: vPack_Prod_${{ parameters.OfficialBuild }}_$(Build.SourceBranchName)_$(date:yyMM).$(date:dd)$(rev:rrr) +name: vPack_$(Build.SourceBranchName)_Prod_${{ parameters.OfficialBuild }}_Create_${{ parameters.createVPack }}_$(date:yyMM).$(date:dd)$(rev:rrr) variables: - name: CDP_DEFINITION_BUILD_COUNT From 70281f8d1a70eb33cf781b9f5ff5da00409ac0b7 Mon Sep 17 00:00:00 2001 From: "Travis Plunk (HE/HIM)" Date: Fri, 29 Aug 2025 13:21:54 -0700 Subject: [PATCH 22/34] Update vPack name format to include vPackName parameter in PowerShell-vPack pipeline --- .pipelines/PowerShell-vPack-Official.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/PowerShell-vPack-Official.yml b/.pipelines/PowerShell-vPack-Official.yml index fec633bb774..da6f6806749 100644 --- a/.pipelines/PowerShell-vPack-Official.yml +++ b/.pipelines/PowerShell-vPack-Official.yml @@ -24,7 +24,7 @@ parameters: # parameters are shown up in ADO UI in a build queue time type: boolean default: false -name: vPack_$(Build.SourceBranchName)_Prod_${{ parameters.OfficialBuild }}_Create_${{ parameters.createVPack }}_$(date:yyMM).$(date:dd)$(rev:rrr) +name: vPack.$(Build.SourceBranchName).Prod.${{ parameters.OfficialBuild }}.Create.${{ parameters.createVPack }}.Name.${{ parameters.vPackName}}.$(date:yyyyMMdd).$(rev:rr) variables: - name: CDP_DEFINITION_BUILD_COUNT From a94d62d240b1d4edf14ee99c4413e608f722bf75 Mon Sep 17 00:00:00 2001 From: "Travis Plunk (HE/HIM)" Date: Fri, 29 Aug 2025 13:26:13 -0700 Subject: [PATCH 23/34] Update vPack name format to use underscores instead of dots in PowerShell-vPack pipeline --- .pipelines/PowerShell-vPack-Official.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/PowerShell-vPack-Official.yml b/.pipelines/PowerShell-vPack-Official.yml index da6f6806749..a055cf0de8c 100644 --- a/.pipelines/PowerShell-vPack-Official.yml +++ b/.pipelines/PowerShell-vPack-Official.yml @@ -24,7 +24,7 @@ parameters: # parameters are shown up in ADO UI in a build queue time type: boolean default: false -name: vPack.$(Build.SourceBranchName).Prod.${{ parameters.OfficialBuild }}.Create.${{ parameters.createVPack }}.Name.${{ parameters.vPackName}}.$(date:yyyyMMdd).$(rev:rr) +name: vPack_$(Build.SourceBranchName)_Prod.${{ parameters.OfficialBuild }}_Create.${{ parameters.createVPack }}_Name.${{ parameters.vPackName}}_$(date:yyyyMMdd).$(rev:rr) variables: - name: CDP_DEFINITION_BUILD_COUNT From 6ab03bfbb369b5990a62145b332484b81a2f0b78 Mon Sep 17 00:00:00 2001 From: Travis Plunk Date: Fri, 29 Aug 2025 14:05:50 -0700 Subject: [PATCH 24/34] Apply suggestion from @TravisEz13 --- .pipelines/PowerShell-vPack-Official.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/PowerShell-vPack-Official.yml b/.pipelines/PowerShell-vPack-Official.yml index a055cf0de8c..4dcb960d9bd 100644 --- a/.pipelines/PowerShell-vPack-Official.yml +++ b/.pipelines/PowerShell-vPack-Official.yml @@ -3,7 +3,7 @@ trigger: none parameters: # parameters are shown up in ADO UI in a build queue time - name: OfficialBuild type: boolean - default: false + default: true - name: 'createVPack' displayName: 'Create and Submit VPack' type: boolean From a51a17ef1109d9a99eb0cb024ba636751d11e1b2 Mon Sep 17 00:00:00 2001 From: "Travis Plunk (HE/HIM)" Date: Fri, 29 Aug 2025 14:24:18 -0700 Subject: [PATCH 25/34] Add version validation for ob_createvpack_*Ver variables in PowerShell-vPack pipeline --- .pipelines/PowerShell-vPack-Official.yml | 28 ++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/.pipelines/PowerShell-vPack-Official.yml b/.pipelines/PowerShell-vPack-Official.yml index a055cf0de8c..6b7c892c580 100644 --- a/.pipelines/PowerShell-vPack-Official.yml +++ b/.pipelines/PowerShell-vPack-Official.yml @@ -139,25 +139,35 @@ extends: UseJson: no - pwsh: | - $mainVersionParts = '$(version)' -split '-' + $version = '$(Version)' + Write-Verbose -Verbose "Version: $version" + if(!$version) { + throw "Version is not set." + } + + $mainVersionParts = $version -split '-' + + Write-Verbose -Verbose "mainVersionParts: $($mainVersionParts[0]) ; $($mainVersionParts[1])" $versionParts = $mainVersionParts[0] -split '.'; $major = $versionParts[0] $minor = $versionParts[1] $patch = $versionParts[2] + $previewPart = $mainVersionParts[1] + Write-Verbose -Verbose "previewPart: $previewPart" Write-Host "major: $major; minor: $minor; patch: $patch;" $vstsCommandString = "vso[task.setvariable variable=ob_createvpack_majorVer]$major" - Write-Host "sending " + $vstsCommandString + Write-Host ("sending " + $vstsCommandString) Write-Host "##$vstsCommandString" $vstsCommandString = "vso[task.setvariable variable=ob_createvpack_minorVer]$minor" - Write-Host "sending " + $vstsCommandString + Write-Host ("sending " + $vstsCommandString) Write-Host "##$vstsCommandString" $vstsCommandString = "vso[task.setvariable variable=ob_createvpack_patchVer]$patch" - Write-Host "sending " + $vstsCommandString + Write-Host ("sending " + $vstsCommandString) Write-Host "##$vstsCommandString" if($previewPart) { $vstsCommandString = "vso[task.setvariable variable=ob_createvpack_prereleaseVer]$previewPart" @@ -168,6 +178,16 @@ extends: env: ob_restore_phase: true + - pwsh: | + #validate ob_createvpack_*Ver variables + $variables = @("ob_createvpack_majorVer", "ob_createvpack_minorVer", "ob_createvpack_patchVer") + foreach ($var in $variables) { + if (-not (get-item "Env:\$var" -ErrorAction SilentlyContinue).value) { + throw "Required variable '`$env:$var' is not set." + } + } + displayName: Validate ob_createvpack_*Ver variables + - pwsh: | if($env:RELEASETAGVAR -match '-') { throw "Don't release a preview build without coordinating with Windows Engineering Build Tools Team" From 452320ec6531565dc23f8d9a1bfc1f3d6398021b Mon Sep 17 00:00:00 2001 From: "Travis Plunk (HE/HIM)" Date: Fri, 29 Aug 2025 14:49:40 -0700 Subject: [PATCH 26/34] Fix version splitting regex to use brackets for better clarity in PowerShell-vPack pipeline --- .pipelines/PowerShell-vPack-Official.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.pipelines/PowerShell-vPack-Official.yml b/.pipelines/PowerShell-vPack-Official.yml index 6b7c892c580..e2b89928258 100644 --- a/.pipelines/PowerShell-vPack-Official.yml +++ b/.pipelines/PowerShell-vPack-Official.yml @@ -148,7 +148,7 @@ extends: $mainVersionParts = $version -split '-' Write-Verbose -Verbose "mainVersionParts: $($mainVersionParts[0]) ; $($mainVersionParts[1])" - $versionParts = $mainVersionParts[0] -split '.'; + $versionParts = $mainVersionParts[0] -split '[.]'; $major = $versionParts[0] $minor = $versionParts[1] $patch = $versionParts[2] @@ -187,6 +187,8 @@ extends: } } displayName: Validate ob_createvpack_*Ver variables + env: + ob_restore_phase: true - pwsh: | if($env:RELEASETAGVAR -match '-') { From 25a725f3bd42cd7c4e2e37fc1a8077bb4cec3c3e Mon Sep 17 00:00:00 2001 From: "Travis Plunk (HE/HIM)" Date: Fri, 29 Aug 2025 16:28:47 -0700 Subject: [PATCH 27/34] Add variables for versioning and output directory in PowerShell-vPack pipeline --- .pipelines/PowerShell-vPack-Official.yml | 28 +++++++++++++++--------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/.pipelines/PowerShell-vPack-Official.yml b/.pipelines/PowerShell-vPack-Official.yml index e2b89928258..8422a351546 100644 --- a/.pipelines/PowerShell-vPack-Official.yml +++ b/.pipelines/PowerShell-vPack-Official.yml @@ -113,6 +113,8 @@ extends: architecture: arm64 variables: + ArtifactPlatform: 'windows' + ob_artifactBaseName: drop_build_$(architecture) ob_outputDirectory: '$(BUILD.SOURCESDIRECTORY)\out' ob_createvpack_enabled: ${{ parameters.createVPack }} ob_createvpack_owneralias: tplunk @@ -121,8 +123,14 @@ extends: ob_createvpack_verbose: true ob_createvpack_packagename: '${{ parameters.vPackName }}.$(architecture)' ob_createvpack_description: PowerShell $(architecture) $(version) - ob_artifactBaseName: drop_build_$(architecture) - ArtifactPlatform: 'windows' + # I think the variables reload after we transition back to the host so this works. 🤷‍♂️ + ob_createvpack_majorVer: $(pwshMajorVersion) + ob_createvpack_minorVer: $(pwshMinorVersion) + ob_createvpack_patchVer: $(pwshPatchVersion) + ${{ if ne(variables['pwshPrereleaseVersion'], '') }}: + ob_createvpack_prereleaseVer: $(pwshPrereleaseVersion) + ${{ else }}: + ob_createvpack_prereleaseVer: $(Build.SourceVersion) steps: - checkout: self @@ -158,19 +166,19 @@ extends: Write-Host "major: $major; minor: $minor; patch: $patch;" - $vstsCommandString = "vso[task.setvariable variable=ob_createvpack_majorVer]$major" + $vstsCommandString = "vso[task.setvariable variable=pwshMajorVersion]$major" Write-Host ("sending " + $vstsCommandString) Write-Host "##$vstsCommandString" - $vstsCommandString = "vso[task.setvariable variable=ob_createvpack_minorVer]$minor" + $vstsCommandString = "vso[task.setvariable variable=pwshMinorVersion]$minor" Write-Host ("sending " + $vstsCommandString) Write-Host "##$vstsCommandString" - $vstsCommandString = "vso[task.setvariable variable=ob_createvpack_patchVer]$patch" + $vstsCommandString = "vso[task.setvariable variable=pwshPatchVersion]$patch" Write-Host ("sending " + $vstsCommandString) Write-Host "##$vstsCommandString" if($previewPart) { - $vstsCommandString = "vso[task.setvariable variable=ob_createvpack_prereleaseVer]$previewPart" + $vstsCommandString = "vso[task.setvariable variable=pwshPrereleaseVersion]$previewPart" } else { Write-Verbose -Verbose "No prerelease part found in version string." } @@ -178,15 +186,15 @@ extends: env: ob_restore_phase: true + # Validate pwsh*Version variables - pwsh: | - #validate ob_createvpack_*Ver variables - $variables = @("ob_createvpack_majorVer", "ob_createvpack_minorVer", "ob_createvpack_patchVer") + $variables = @("pwshMajorVersion", "pwshMinorVersion", "pwshPatchVersion") foreach ($var in $variables) { if (-not (get-item "Env:\$var" -ErrorAction SilentlyContinue).value) { throw "Required variable '`$env:$var' is not set." } } - displayName: Validate ob_createvpack_*Ver variables + displayName: Validate pwsh*Version variables env: ob_restore_phase: true @@ -297,7 +305,7 @@ extends: ### END OF BUILD ### - pwsh: | - Get-ChildItem env:ob_createvpack_*Ver + Get-ChildItem env:/ob_createvpack_*Ver Get-ChildItem -Path "$(Pipeline.Workspace)\Symbols_$(Architecture)\*" -Recurse Get-Content "$(Pipeline.Workspace)\PowerShell\preview.json" -ErrorAction SilentlyContinue | Write-Host displayName: Debug Output Directory and Version From 8fbe198e577e77916a996c1cd56902c4cff09c06 Mon Sep 17 00:00:00 2001 From: Justin Chung <124807742+jshigetomi@users.noreply.github.com> Date: Tue, 2 Sep 2025 14:23:33 -0500 Subject: [PATCH 28/34] Use officialBuild parameter to selectively upload package items to ob_outputdirectory --- .pipelines/templates/obp-file-signing.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/templates/obp-file-signing.yml b/.pipelines/templates/obp-file-signing.yml index d873ccf04ed..c9e146ae853 100644 --- a/.pipelines/templates/obp-file-signing.yml +++ b/.pipelines/templates/obp-file-signing.yml @@ -147,7 +147,7 @@ steps: Import-Module '$(PowerShellRoot)/tools/packaging' -Force $isGlobalTool = '${{ parameters.globalTool }}' -eq 'true' - if (-not $isGlobalTool) { + if (-not $isGlobalTool -and $officialBuild) { $pathForUpload = New-Item -ItemType Directory -Path '$(ob_outputDirectory)/Signed-$(Runtime)' -Force Write-Verbose -Verbose -Message "pathForUpload: $pathForUpload" Copy-Item -Path '${{ parameters.binPath }}\*' -Destination $pathForUpload -Recurse -Force -Verbose From d524ead541bf98d350969bfac78b4169db11acaa Mon Sep 17 00:00:00 2001 From: Justin Chung <124807742+jshigetomi@users.noreply.github.com> Date: Tue, 2 Sep 2025 14:23:33 -0500 Subject: [PATCH 29/34] Use officialBuild parameter to selectively upload package items to ob_outputdirectory From 4cf1ae9dcca5e816ad7614925b64afdbe575ac28 Mon Sep 17 00:00:00 2001 From: Justin Chung <124807742+jshigetomi@users.noreply.github.com> Date: Tue, 2 Sep 2025 18:50:09 -0500 Subject: [PATCH 30/34] Output copy path for task --- .pipelines/templates/obp-file-signing.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.pipelines/templates/obp-file-signing.yml b/.pipelines/templates/obp-file-signing.yml index c9e146ae853..7538df3e821 100644 --- a/.pipelines/templates/obp-file-signing.yml +++ b/.pipelines/templates/obp-file-signing.yml @@ -155,6 +155,9 @@ steps: } else { $pathForUpload = '${{ parameters.binPath }}' + Write-Verbose -Verbose -Message "pathForUpload: $pathForUpload" + Copy-Item -Path '${{ parameters.binPath }}\*' -Destination $pathForUpload -Recurse -Force -Verbose + Write-Verbose -Verbose -Message "Files copied to $pathForUpload" } Write-Verbose "Copying third party signed files to the build folder" From fa1235fdeb4abefbb2901030034f9b020b5295bb Mon Sep 17 00:00:00 2001 From: Justin Chung <124807742+jshigetomi@users.noreply.github.com> Date: Tue, 2 Sep 2025 19:23:16 -0500 Subject: [PATCH 31/34] make another case for vpack case --- .pipelines/PowerShell-vPack-Official.yml | 1 + .pipelines/templates/obp-file-signing.yml | 11 ++++++++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.pipelines/PowerShell-vPack-Official.yml b/.pipelines/PowerShell-vPack-Official.yml index 892c68d039d..2ea8b058793 100644 --- a/.pipelines/PowerShell-vPack-Official.yml +++ b/.pipelines/PowerShell-vPack-Official.yml @@ -301,6 +301,7 @@ extends: binPath: '$(Pipeline.Workspace)/Symbols_$(Architecture)' SigningProfile: $(windows_build_tools_cert_id) OfficialBuild: false + vPackScenario: true ### END OF BUILD ### diff --git a/.pipelines/templates/obp-file-signing.yml b/.pipelines/templates/obp-file-signing.yml index 7538df3e821..391fa4dd3f3 100644 --- a/.pipelines/templates/obp-file-signing.yml +++ b/.pipelines/templates/obp-file-signing.yml @@ -3,6 +3,7 @@ parameters: globalTool: 'false' SigningProfile: 'external_distribution' OfficialBuild: true + vPackScenario: false steps: - pwsh: | @@ -147,18 +148,22 @@ steps: Import-Module '$(PowerShellRoot)/tools/packaging' -Force $isGlobalTool = '${{ parameters.globalTool }}' -eq 'true' - if (-not $isGlobalTool -and $officialBuild) { + if ($vPackScenario) { + Write-Verbose -Verbose -Message "vPackScenario is true, copying to $(ob_outputDirectory)" $pathForUpload = New-Item -ItemType Directory -Path '$(ob_outputDirectory)/Signed-$(Runtime)' -Force Write-Verbose -Verbose -Message "pathForUpload: $pathForUpload" Copy-Item -Path '${{ parameters.binPath }}\*' -Destination $pathForUpload -Recurse -Force -Verbose Write-Verbose -Verbose -Message "Files copied to $pathForUpload" } - else { - $pathForUpload = '${{ parameters.binPath }}' + if (-not $isGlobalTool) { + $pathForUpload = New-Item -ItemType Directory -Path '$(ob_outputDirectory)/Signed-$(Runtime)' -Force Write-Verbose -Verbose -Message "pathForUpload: $pathForUpload" Copy-Item -Path '${{ parameters.binPath }}\*' -Destination $pathForUpload -Recurse -Force -Verbose Write-Verbose -Verbose -Message "Files copied to $pathForUpload" } + else { + $pathForUpload = '${{ parameters.binPath }}' + } Write-Verbose "Copying third party signed files to the build folder" $thirdPartySignedFilesPath = (Get-Item '$(Pipeline.Workspace)/thirdPartyToBeSigned').FullName From 0d033e902d5e2236166573290476b7d6f8ea72c4 Mon Sep 17 00:00:00 2001 From: Justin Chung <124807742+jshigetomi@users.noreply.github.com> Date: Tue, 2 Sep 2025 19:23:31 -0500 Subject: [PATCH 32/34] add else if --- .pipelines/templates/obp-file-signing.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/templates/obp-file-signing.yml b/.pipelines/templates/obp-file-signing.yml index 391fa4dd3f3..e7d66e348b6 100644 --- a/.pipelines/templates/obp-file-signing.yml +++ b/.pipelines/templates/obp-file-signing.yml @@ -155,7 +155,7 @@ steps: Copy-Item -Path '${{ parameters.binPath }}\*' -Destination $pathForUpload -Recurse -Force -Verbose Write-Verbose -Verbose -Message "Files copied to $pathForUpload" } - if (-not $isGlobalTool) { + elseif (-not $isGlobalTool) { $pathForUpload = New-Item -ItemType Directory -Path '$(ob_outputDirectory)/Signed-$(Runtime)' -Force Write-Verbose -Verbose -Message "pathForUpload: $pathForUpload" Copy-Item -Path '${{ parameters.binPath }}\*' -Destination $pathForUpload -Recurse -Force -Verbose From 59da02c4304041d29c4b044902f38205cabfd117 Mon Sep 17 00:00:00 2001 From: Justin Chung <124807742+jshigetomi@users.noreply.github.com> Date: Tue, 2 Sep 2025 20:33:36 -0500 Subject: [PATCH 33/34] cast to boolean --- .pipelines/templates/obp-file-signing.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.pipelines/templates/obp-file-signing.yml b/.pipelines/templates/obp-file-signing.yml index e7d66e348b6..f2b8e7e6dae 100644 --- a/.pipelines/templates/obp-file-signing.yml +++ b/.pipelines/templates/obp-file-signing.yml @@ -144,6 +144,7 @@ steps: - pwsh: | $officialBuild = [System.Convert]::ToBoolean('${{ parameters.OfficialBuild }}') + $vPackScenario = [System.Convert]::ToBoolean('${{ parameters.vPackScenario }}') Import-Module '$(PowerShellRoot)/build.psm1' -Force Import-Module '$(PowerShellRoot)/tools/packaging' -Force $isGlobalTool = '${{ parameters.globalTool }}' -eq 'true' From c95f1cd63215fe96d584838e379d32681af31f43 Mon Sep 17 00:00:00 2001 From: Justin Chung <124807742+jshigetomi@users.noreply.github.com> Date: Tue, 2 Sep 2025 20:57:58 -0500 Subject: [PATCH 34/34] remove signed architecture name --- .pipelines/templates/obp-file-signing.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/templates/obp-file-signing.yml b/.pipelines/templates/obp-file-signing.yml index f2b8e7e6dae..cbe44ad0018 100644 --- a/.pipelines/templates/obp-file-signing.yml +++ b/.pipelines/templates/obp-file-signing.yml @@ -151,7 +151,7 @@ steps: if ($vPackScenario) { Write-Verbose -Verbose -Message "vPackScenario is true, copying to $(ob_outputDirectory)" - $pathForUpload = New-Item -ItemType Directory -Path '$(ob_outputDirectory)/Signed-$(Runtime)' -Force + $pathForUpload = New-Item -ItemType Directory -Path '$(ob_outputDirectory)' -Force Write-Verbose -Verbose -Message "pathForUpload: $pathForUpload" Copy-Item -Path '${{ parameters.binPath }}\*' -Destination $pathForUpload -Recurse -Force -Verbose Write-Verbose -Verbose -Message "Files copied to $pathForUpload"