diff --git a/.azure/pipelines/ci-public.yml b/.azure/pipelines/ci-public.yml index 32c706e48213..f8364184ef97 100644 --- a/.azure/pipelines/ci-public.yml +++ b/.azure/pipelines/ci-public.yml @@ -54,6 +54,8 @@ variables: value: '/p:SkipTestBuild=true /p:PostBuildSign=$(PostBuildSign)' - name: _PublishArgs value: '' +- name: _SignArgs + value: '' # Write binary logs for all main Windows build steps except the x86 one in public and PR builds. - name: WindowsArm64LogArgs value: /bl:artifacts/log/Release/Build.arm64.binlog @@ -242,6 +244,7 @@ stages: buildArgs: --arch arm64 --pack + --sign --all --no-build-java --publish @@ -249,6 +252,7 @@ stages: -p:AssetManifestFileName=aspnetcore-MacOS_arm64.xml $(_BuildArgs) $(_PublishArgs) + $(_SignArgs) $(_InternalRuntimeDownloadArgs) artifacts: - name: MacOS_arm64_Logs_Attempt_$(System.JobAttempt) @@ -258,11 +262,6 @@ stages: - name: MacOS_arm64_Packages path: artifacts/packages/ - - ${{ if ne(variables.PostBuildSign, 'true') }}: - - template: jobs/codesign-xplat.yml - parameters: - inputName: MacOS_arm64 - # Build MacOS x64 - template: jobs/default-build.yml parameters: @@ -272,6 +271,7 @@ stages: timeoutInMinutes: 90 buildArgs: --pack + --sign --all --no-build-java --publish @@ -279,6 +279,7 @@ stages: -p:AssetManifestFileName=aspnetcore-MacOS_x64.xml $(_BuildArgs) $(_PublishArgs) + $(_SignArgs) $(_InternalRuntimeDownloadArgs) artifacts: - name: MacOS_x64_Logs_Attempt_$(System.JobAttempt) @@ -288,11 +289,6 @@ stages: - name: MacOS_x64_Packages path: artifacts/packages/ - - ${{ if ne(variables.PostBuildSign, 'true') }}: - - template: jobs/codesign-xplat.yml - parameters: - inputName: MacOS_x64 - # Build Linux x64 - template: jobs/default-build.yml parameters: @@ -305,11 +301,13 @@ stages: --ci --arch x64 --pack + --sign --build-installers --all --no-build-java -p:OnlyPackPlatformSpecificPackages=true $(_BuildArgs) + $(_SignArgs) $(_InternalRuntimeDownloadArgs) displayName: Run build.sh artifacts: @@ -320,11 +318,6 @@ stages: - name: Linux_x64_Packages path: artifacts/packages/ - - ${{ if ne(variables.PostBuildSign, 'true') }}: - - template: jobs/codesign-xplat.yml - parameters: - inputName: Linux_x64 - # Build Linux ARM - template: jobs/default-build.yml parameters: @@ -334,6 +327,7 @@ stages: buildArgs: --arch arm --pack + --sign --all --no-build-java --publish @@ -341,6 +335,7 @@ stages: -p:AssetManifestFileName=aspnetcore-Linux_arm.xml $(_BuildArgs) $(_PublishArgs) + $(_SignArgs) $(_InternalRuntimeDownloadArgs) artifacts: - name: Linux_arm_Logs_Attempt_$(System.JobAttempt) @@ -350,11 +345,6 @@ stages: - name: Linux_arm_Packages path: artifacts/packages/ - - ${{ if ne(variables.PostBuildSign, 'true') }}: - - template: jobs/codesign-xplat.yml - parameters: - inputName: Linux_arm - # Build Linux ARM64 - template: jobs/default-build.yml parameters: @@ -366,11 +356,13 @@ stages: --ci --arch arm64 --pack + --sign --build-installers --all --no-build-java -p:OnlyPackPlatformSpecificPackages=true $(_BuildArgs) + $(_SignArgs) $(_InternalRuntimeDownloadArgs) displayName: Run build.sh artifacts: @@ -381,11 +373,6 @@ stages: - name: Linux_arm64_Packages path: artifacts/packages/ - - ${{ if ne(variables.PostBuildSign, 'true') }}: - - template: jobs/codesign-xplat.yml - parameters: - inputName: Linux_arm64 - # Build Linux Musl x64 - template: jobs/default-build.yml parameters: @@ -397,6 +384,7 @@ stages: --arch x64 --os-name linux-musl --pack + --sign --all --no-build-java --publish @@ -404,6 +392,7 @@ stages: -p:AssetManifestFileName=aspnetcore-Linux_musl_x64.xml $(_BuildArgs) $(_PublishArgs) + $(_SignArgs) $(_InternalRuntimeDownloadArgs) disableComponentGovernance: true artifacts: @@ -414,11 +403,6 @@ stages: - name: Linux_musl_x64_Packages path: artifacts/packages/ - - ${{ if ne(variables.PostBuildSign, 'true') }}: - - template: jobs/codesign-xplat.yml - parameters: - inputName: Linux_musl_x64 - # Build Linux Musl ARM - template: jobs/default-build.yml parameters: @@ -431,6 +415,7 @@ stages: --arch arm --os-name linux-musl --pack + --sign --all --no-build-java --publish @@ -438,6 +423,7 @@ stages: -p:AssetManifestFileName=aspnetcore-Linux_musl_arm.xml $(_BuildArgs) $(_PublishArgs) + $(_SignArgs) $(_InternalRuntimeDownloadArgs) artifacts: - name: Linux_musl_arm_Logs_Attempt_$(System.JobAttempt) @@ -447,11 +433,6 @@ stages: - name: Linux_musl_arm_Packages path: artifacts/packages/ - - ${{ if ne(variables.PostBuildSign, 'true') }}: - - template: jobs/codesign-xplat.yml - parameters: - inputName: Linux_musl_arm - # Build Linux Musl ARM64 - template: jobs/default-build.yml parameters: @@ -464,6 +445,7 @@ stages: --arch arm64 --os-name linux-musl --pack + --sign --all --no-build-java --publish @@ -471,6 +453,7 @@ stages: -p:AssetManifestFileName=aspnetcore-Linux_musl_arm64.xml $(_BuildArgs) $(_PublishArgs) + $(_SignArgs) $(_InternalRuntimeDownloadArgs) artifacts: - name: Linux_musl_arm64_Logs_Attempt_$(System.JobAttempt) @@ -480,11 +463,6 @@ stages: - name: Linux_musl_arm64_Packages path: artifacts/packages/ - - ${{ if ne(variables.PostBuildSign, 'true') }}: - - template: jobs/codesign-xplat.yml - parameters: - inputName: Linux_musl_arm64 - - ${{ if ne(parameters.skipTests, 'true') }}: # Test jobs - template: jobs/default-build.yml diff --git a/.azure/pipelines/ci.yml b/.azure/pipelines/ci.yml index d59cd69eb6de..915cfa83938f 100644 --- a/.azure/pipelines/ci.yml +++ b/.azure/pipelines/ci.yml @@ -93,8 +93,14 @@ variables: - name: _SignType value: real - ${{ if in(variables['Build.Reason'], 'PullRequest') }}: - - name: _SignType - value: test + - ${{ if eq(variables['Agent.OS'], 'Windows_NT') }}: + - name: _SignType + value: test + - ${{ else }}: + - name: _SignType + value: '' # Test signing is not supported on non-Windows. +- name: _SignArgs + value: /p:DotNetSignType=$(_SignType) # Exclude artifacts & .packages folders from CodeQL scans - name: LGTM_INDEX_FILTERS value: | @@ -288,6 +294,7 @@ extends: # Build MacOS arm64 - template: .azure/pipelines/jobs/default-build.yml@self parameters: + codeSign: true jobName: MacOs_arm64_build jobDisplayName: "Build: macOS arm64" agentOs: macOs @@ -295,6 +302,7 @@ extends: buildArgs: --arch arm64 --pack + --sign --all --no-build-java $(_ArcadePublishNonWindowsArg) @@ -302,6 +310,7 @@ extends: -p:AssetManifestFileName=aspnetcore-MacOS_arm64.xml $(_BuildArgs) $(_PublishArgs) + $(_SignArgs) $(_InternalRuntimeDownloadArgs) artifacts: - name: MacOS_arm64_Logs_Attempt_$(System.JobAttempt) @@ -311,20 +320,17 @@ extends: - name: MacOS_arm64_Packages path: artifacts/packages/ - - ${{ if ne(variables.PostBuildSign, 'true') }}: - - template: .azure/pipelines/jobs/codesign-xplat.yml@self - parameters: - inputName: MacOS_arm64 - # Build MacOS x64 - template: .azure/pipelines/jobs/default-build.yml@self parameters: + codeSign: true jobName: MacOs_x64_build jobDisplayName: "Build: macOS x64" agentOs: macOs timeoutInMinutes: 90 buildArgs: --pack + --sign --all --no-build-java $(_ArcadePublishNonWindowsArg) @@ -332,6 +338,7 @@ extends: -p:AssetManifestFileName=aspnetcore-MacOS_x64.xml $(_BuildArgs) $(_PublishArgs) + $(_SignArgs) $(_InternalRuntimeDownloadArgs) artifacts: - name: MacOS_x64_Logs_Attempt_$(System.JobAttempt) @@ -341,14 +348,10 @@ extends: - name: MacOS_x64_Packages path: artifacts/packages/ - - ${{ if ne(variables.PostBuildSign, 'true') }}: - - template: .azure/pipelines/jobs/codesign-xplat.yml@self - parameters: - inputName: MacOS_x64 - # Build Linux x64 - template: .azure/pipelines/jobs/default-build.yml@self parameters: + codeSign: true jobName: Linux_x64_build jobDisplayName: "Build: Linux x64" agentOs: Linux @@ -356,6 +359,7 @@ extends: buildArgs: --arch x64 --pack + --sign --all --build-installers --no-build-java @@ -364,6 +368,7 @@ extends: -p:AssetManifestFileName=aspnetcore-Linux_x64.xml $(_BuildArgs) $(_PublishArgs) + $(_SignArgs) $(_InternalRuntimeDownloadArgs) artifacts: - name: Linux_x64_Logs_Attempt_$(System.JobAttempt) @@ -373,20 +378,17 @@ extends: - name: Linux_x64_Packages path: artifacts/packages/ - - ${{ if ne(variables.PostBuildSign, 'true') }}: - - template: .azure/pipelines/jobs/codesign-xplat.yml@self - parameters: - inputName: Linux_x64 - # Build Linux ARM - template: .azure/pipelines/jobs/default-build.yml@self parameters: + codeSign: true jobName: Linux_arm_build jobDisplayName: "Build: Linux ARM" agentOs: Linux buildArgs: --arch arm --pack + --sign --all --no-build-java $(_ArcadePublishNonWindowsArg) @@ -394,6 +396,7 @@ extends: -p:AssetManifestFileName=aspnetcore-Linux_arm.xml $(_BuildArgs) $(_PublishArgs) + $(_SignArgs) $(_InternalRuntimeDownloadArgs) artifacts: - name: Linux_arm_Logs_Attempt_$(System.JobAttempt) @@ -403,20 +406,17 @@ extends: - name: Linux_arm_Packages path: artifacts/packages/ - - ${{ if ne(variables.PostBuildSign, 'true') }}: - - template: .azure/pipelines/jobs/codesign-xplat.yml@self - parameters: - inputName: Linux_arm - # Build Linux ARM64 - template: .azure/pipelines/jobs/default-build.yml@self parameters: + codeSign: true jobName: Linux_arm64_build jobDisplayName: "Build: Linux ARM64" agentOs: Linux buildArgs: --arch arm64 --pack + --sign --all --build-installers --no-build-java @@ -425,6 +425,7 @@ extends: -p:AssetManifestFileName=aspnetcore-Linux_arm64.xml $(_BuildArgs) $(_PublishArgs) + $(_SignArgs) $(_InternalRuntimeDownloadArgs) artifacts: - name: Linux_arm64_Logs_Attempt_$(System.JobAttempt) @@ -434,14 +435,10 @@ extends: - name: Linux_arm64_Packages path: artifacts/packages/ - - ${{ if ne(variables.PostBuildSign, 'true') }}: - - template: .azure/pipelines/jobs/codesign-xplat.yml@self - parameters: - inputName: Linux_arm64 - # Build Linux Musl x64 - template: .azure/pipelines/jobs/default-build.yml@self parameters: + codeSign: true jobName: Linux_musl_x64_build jobDisplayName: "Build: Linux Musl x64" agentOs: Linux @@ -450,6 +447,7 @@ extends: --arch x64 --os-name linux-musl --pack + --sign --all --no-build-java $(_ArcadePublishNonWindowsArg) @@ -457,6 +455,7 @@ extends: -p:AssetManifestFileName=aspnetcore-Linux_musl_x64.xml $(_BuildArgs) $(_PublishArgs) + $(_SignArgs) $(_InternalRuntimeDownloadArgs) disableComponentGovernance: true artifacts: @@ -467,14 +466,10 @@ extends: - name: Linux_musl_x64_Packages path: artifacts/packages/ - - ${{ if ne(variables.PostBuildSign, 'true') }}: - - template: .azure/pipelines/jobs/codesign-xplat.yml@self - parameters: - inputName: Linux_musl_x64 - # Build Linux Musl ARM - template: .azure/pipelines/jobs/default-build.yml@self parameters: + codeSign: true jobName: Linux_musl_arm_build jobDisplayName: "Build: Linux Musl ARM" agentOs: Linux @@ -484,6 +479,7 @@ extends: --arch arm --os-name linux-musl --pack + --sign --all --no-build-java $(_ArcadePublishNonWindowsArg) @@ -491,6 +487,7 @@ extends: -p:AssetManifestFileName=aspnetcore-Linux_musl_arm.xml $(_BuildArgs) $(_PublishArgs) + $(_SignArgs) $(_InternalRuntimeDownloadArgs) artifacts: - name: Linux_musl_arm_Logs_Attempt_$(System.JobAttempt) @@ -500,14 +497,10 @@ extends: - name: Linux_musl_arm_Packages path: artifacts/packages/ - - ${{ if ne(variables.PostBuildSign, 'true') }}: - - template: .azure/pipelines/jobs/codesign-xplat.yml@self - parameters: - inputName: Linux_musl_arm - # Build Linux Musl ARM64 - template: .azure/pipelines/jobs/default-build.yml@self parameters: + codeSign: true jobName: Linux_musl_arm64_build jobDisplayName: "Build: Linux Musl ARM64" agentOs: Linux @@ -517,6 +510,7 @@ extends: --arch arm64 --os-name linux-musl --pack + --sign --all --no-build-java $(_ArcadePublishNonWindowsArg) @@ -524,6 +518,7 @@ extends: -p:AssetManifestFileName=aspnetcore-Linux_musl_arm64.xml $(_BuildArgs) $(_PublishArgs) + $(_SignArgs) $(_InternalRuntimeDownloadArgs) artifacts: - name: Linux_musl_arm64_Logs_Attempt_$(System.JobAttempt) @@ -533,11 +528,6 @@ extends: - name: Linux_musl_arm64_Packages path: artifacts/packages/ - - ${{ if ne(variables.PostBuildSign, 'true') }}: - - template: .azure/pipelines/jobs/codesign-xplat.yml@self - parameters: - inputName: Linux_musl_arm64 - - ${{ if and(ne(parameters.skipTests, 'true'), in(variables['Build.Reason'], 'PullRequest', 'Manual')) }}: # Test jobs - template: .azure/pipelines/jobs/default-build.yml@self @@ -706,24 +696,14 @@ extends: parameters: dependsOn: - Windows_build - - ${{ if ne(variables.PostBuildSign, 'true') }}: - - CodeSign_Xplat_MacOS_arm64 - - CodeSign_Xplat_MacOS_x64 - - CodeSign_Xplat_Linux_x64 - - CodeSign_Xplat_Linux_arm - - CodeSign_Xplat_Linux_arm64 - - CodeSign_Xplat_Linux_musl_x64 - - CodeSign_Xplat_Linux_musl_arm - - CodeSign_Xplat_Linux_musl_arm64 - - ${{ if eq(variables.PostBuildSign, 'true') }}: - - MacOs_arm64_build - - MacOs_x64_build - - Linux_x64_build - - Linux_arm_build - - Linux_arm64_build - - Linux_musl_x64_build - - Linux_musl_arm_build - - Linux_musl_arm64_build + - MacOs_arm64_build + - MacOs_x64_build + - Linux_x64_build + - Linux_arm_build + - Linux_arm64_build + - Linux_musl_x64_build + - Linux_musl_arm_build + - Linux_musl_arm64_build # In addition to the dependencies above that provide assets, ensure the build was successful overall. - ${{ if in(variables['Build.Reason'], 'Manual') }}: - Code_check diff --git a/.azure/pipelines/jobs/codesign-xplat.yml b/.azure/pipelines/jobs/codesign-xplat.yml deleted file mode 100644 index 13ff68a3ecd1..000000000000 --- a/.azure/pipelines/jobs/codesign-xplat.yml +++ /dev/null @@ -1,61 +0,0 @@ -# This runs code signing for .nupkg files built on MacOS or Linux -parameters: - inputName: '' - -jobs: -- template: default-build.yml@self - parameters: - codeSign: true - dependsOn: - - ${{ parameters.inputName }}_build - condition: and(in(variables._SignType, 'test', 'real'), in(dependencies.${{ parameters.inputName }}_build.result, 'Succeeded', 'SucceededWithIssues')) - jobName: CodeSign_Xplat_${{ parameters.inputName }} - jobDisplayName: "Code-sign ${{ parameters.inputName }} packages" - agentOs: Windows - installNodeJs: false - steps: - - task: DownloadPipelineArtifact@2 - displayName: Download ${{ parameters.inputName }} artifacts - inputs: - artifactName: ${{ parameters.inputName }}_Packages - downloadPath: $(Build.StagingDirectory)/downloaded_packages/ - itemPattern: | - **/*.nupkg - **/*.tar.gz - **/*.deb - **/*.rpm - - task: CopyFiles@2 - displayName: Copy packages to ArtifactsShippingPackagesDir - inputs: - sourceFolder: $(Build.StagingDirectory)/downloaded_packages/ - contents: | - **/*.nupkg - **/*.tar.gz - **/*.deb - **/*.rpm - targetFolder: $(Build.SourcesDirectory)/artifacts/packages/$(BuildConfiguration)/shipping/ - flattenFolders: true - - powershell: .\eng\common\build.ps1 - -ci - -nativeToolsOnMachine - -nobl - -msbuildEngine dotnet - -restore - -sign - -publish - -configuration $(BuildConfiguration) - -projects $(Build.SourcesDirectory)/eng/empty.proj - /p:AssetManifestFileName=aspnetcore-${{ parameters.inputName }}-signed.xml - /p:DotNetSignType=$(_SignType) - /p:PublishInstallerBaseVersion=false - $(_BuildArgs) - $(_PublishArgs) - $(_InternalRuntimeDownloadCodeSignArgs) - displayName: Sign and publish packages - artifacts: - - name: CodeSign_Xplat_${{ parameters.inputName }}_Logs_Attempt_$(System.JobAttempt) - path: artifacts/log/ - publishOnError: true - includeForks: true - - name: ${{ parameters.inputName }}_Packages_Signed - path: artifacts/packages/ diff --git a/.azure/pipelines/jobs/default-build.yml b/.azure/pipelines/jobs/default-build.yml index bab442d4a379..9791b8ac5b95 100644 --- a/.azure/pipelines/jobs/default-build.yml +++ b/.azure/pipelines/jobs/default-build.yml @@ -30,7 +30,7 @@ # condition: string # A condition which can be used to skip the job completely # codeSign: boolean -# This build definition is enabled for code signing. (Only applies to Windows) +# This build definition is enabled for code signing. # buildDirectory: string # Specifies what directory to run build.sh/cmd # isAzDOTestingJob: boolean @@ -303,8 +303,10 @@ jobs: richCodeNavigationLanguage: 'csharp,typescript,java' timeoutInMinutes: ${{ parameters.timeoutInMinutes }} cancelTimeoutInMinutes: ${{ parameters.cancelTimeoutInMinutes }} - ${{ if and(eq(parameters.agentOs, 'Windows'), eq(parameters.codeSign, 'true')) }}: + ${{ if eq(parameters.codeSign, 'true') }}: enableMicrobuild: true + ${{ if ne(parameters.agentOs, 'Windows') }}: + enableMicrobuildForMacAndLinux: true enablePublishBuildAssets: true enablePublishUsingPipelines: ${{ variables._PublishUsingPipelines }} ${{ if and(eq(parameters.isAzDOTestingJob, true), ne(parameters.enablePublishTestResults, false)) }}: