Skip to content

Commit

Permalink
add pipeline for both build and release (#431)
Browse files Browse the repository at this point in the history
  • Loading branch information
@ms-henglu
ms-henglu authored Mar 14, 2024
1 parent 161e660 commit b2911b3
Showing 1 changed file with 251 additions and 0 deletions.
251 changes: 251 additions & 0 deletions .azdo/build-release-pipeline.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,251 @@
parameters:
- name: version
displayName: Release Version (e.g. v0.1.0)
type: string
- name: artifactBuildId
displayName: "Artifact source build id (defaults uses this build)"
type: number
default: 0

variables:
- name: pipelineId
value: 343

stages:
- stage: build
pool:
name: pool-ubuntu-2004
displayName: "Build terraform-provider-azapi"
jobs:
- job: build
displayName: "Build Binaries"
strategy:
matrix:
freebsd-386:
OS: freebsd
ARCH: 386
freebsd-amd64:
OS: freebsd
ARCH: amd64
freebsd-arm:
OS: freebsd
ARCH: arm
freebsd-arm64:
OS: freebsd
ARCH: arm64
windows-386:
OS: windows
ARCH: 386
windows-amd64:
OS: windows
ARCH: amd64
linux-386:
OS: linux
ARCH: 386
linux-amd64:
OS: linux
ARCH: amd64
linux-arm:
OS: linux
ARCH: arm
linux-arm64:
OS: linux
ARCH: arm64
darwin-amd64:
OS: darwin
ARCH: amd64
darwin-arm64:
OS: darwin
ARCH: arm64
steps:
- task: GoTool@0
displayName: "Install Go"
inputs:
version: 1.21.4
- script: |
set -e
mkdir build
name=terraform-provider-azapi
if [[ $OS = windows ]]; then
name=terraform-provider-azapi.exe
fi
GOOS="${OS}" GOARCH="${ARCH}" CGO_ENABLED=0 go build -trimpath -ldflags="-s -w -X 'github.com/Azure/terraform-provider-azapi/version.ProviderVersion=${VERSION}'" -o build/$name
displayName: "Go Build"
env:
OS: $(OS)
ARCH: $(ARCH)
VERSION: ${{ parameters.version }}
- task: UseDotNet@2
displayName: 'Install .NET SDK'
inputs:
packageType: 'sdk'
version: '3.x'
- task: EsrpCodeSigning@1
displayName: "Sign Binary (Windows Only)"
condition: eq(variables.OS, 'windows')
inputs:
ConnectedServiceName: "ESRP Signing Service"
FolderPath: "$(system.defaultWorkingDirectory)/build"
Pattern: "*.exe"
signConfigType: "inlineSignParams"
inlineOperation: |
[
{
"KeyCode" : "CP-230012",
"OperationCode" : "SigntoolSign",
"Parameters" : {
"OpusName" : "Microsoft",
"OpusInfo" : "http://www.microsoft.com",
"PageHash" : "/NPH",
"TimeStamp" : "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256",
"FileDigest": "/fd \"SHA256\""
},
"ToolName" : "sign",
"ToolVersion" : "1.0"
},
{
"KeyCode" : "CP-230012",
"OperationCode" : "SigntoolVerify",
"Parameters" : {},
"ToolName" : "sign",
"ToolVersion" : "1.0"
}
]
SessionTimeout: "60"
MaxConcurrency: "50"
MaxRetryAttempts: "5"
- task: PublishPipelineArtifact@1
displayName: "Publish Binary"
inputs:
targetPath: "$(system.defaultWorkingDirectory)/build"
artifactName: "$(OS)-$(ARCH)"

- stage: github_release
displayName: "Github Draft Release"
pool:
name: pool-ubuntu-2004
jobs:
- job: release
displayName: "Github Release"
steps:
- ${{ if eq(parameters.artifactBuildId, 0) }}:
- task: DownloadPipelineArtifact@2
inputs:
path: $(system.defaultWorkingDirectory)/dist
- ${{ else }}:
- task: DownloadPipelineArtifact@2
inputs:
path: $(system.defaultWorkingDirectory)/dist
source: "specific"
project: "release"
pipeline: $(pipelineId)
runVersion: "specific"
runId: ${{ parameters.artifactBuildId }}
- script: |
set -e
NAME="terraform-provider-azapi"
OS_ARCH=(
"freebsd:amd64"
"freebsd:386"
"freebsd:arm"
"freebsd:arm64"
"windows:amd64"
"windows:386"
"linux:amd64"
"linux:386"
"linux:arm"
"linux:arm64"
"darwin:amd64"
"darwin:arm64"
)
mkdir release
for os_arch in "${OS_ARCH[@]}" ; do
OS=${os_arch%%:*}
ARCH=${os_arch#*:}
name=terraform-provider-azapi
ext=
if [[ $OS = windows ]]; then
ext=.exe
fi
chmod +x dist/${OS}-${ARCH}/${name}${ext}
mv dist/${OS}-${ARCH}/${name}${ext} dist/${OS}-${ARCH}/${name}_${VERSION}${ext}
zip -j release/${NAME}_${VERSION#v}_${OS}_${ARCH}.zip dist/${OS}-${ARCH}/${name}_${VERSION}${ext}
done
cd release
shasum -a 256 *.zip > ${NAME}_${VERSION#v}_SHA256SUMS
cp ${NAME}_${VERSION#v}_SHA256SUMS ${NAME}_${VERSION#v}_SHA256SUMS.sig
displayName: "Prepare Binary Archives & Digests"
env:
VERSION: ${{ parameters.version }}
- task: UseDotNet@2
displayName: 'Install .NET SDK'
inputs:
packageType: 'sdk'
version: '3.x'
- task: EsrpCodeSigning@1
displayName: "Sign Binary Archive Digests"
inputs:
ConnectedServiceName: "ESRP Signing Service"
FolderPath: "$(system.defaultWorkingDirectory)/release"
Pattern: "*_SHA256SUMS.sig"
signConfigType: "inlineSignParams"
inlineOperation: |
[
{
"KeyCode": "CP-461163-Pgp",
"OperationCode": "LinuxSign",
"Parameters": {},
"ToolName": "sign",
"ToolVersion": "1.0"
}
]
SessionTimeout: "60"
MaxConcurrency: "50"
MaxRetryAttempts: "5"
- script: |
set -euo pipefail
echo 'Dearmor GPG Signature'
cd release
file ./*
FILE_NAME=""
files=$(ls)
for filename in $files; do
echo "$filename"
if [ "${filename##*.}"x = "sig"x ]; then
echo "Found signature file"
FILE_NAME="$filename"
break
fi
done
if [ ! "${FILE_NAME}" ]; then
echo "Signature file not found"
exit 1
fi
#cat "${FILE_NAME}"
cp "${FILE_NAME}" "${FILE_NAME}.bak"
gpg --dearmor "${FILE_NAME}"
mv "${FILE_NAME}.gpg" "${FILE_NAME}"
#rm "${FILE_NAME}"
echo "Print file info"
ls -al
displayName: "Dearmor"
env:
VERSION: ${{ parameters.version }}
- task: GitHubRelease@1
displayName: "Draft Github Release"
inputs:
gitHubConnection: 'azapi2azurerm'
repositoryName: '$(Build.Repository.Name)'
action: 'create'
target: '$(Build.SourceVersion)'
tagSource: 'gitTag'
tagPattern: '^v\d+\.\d+\.\d+'
assets: '$(system.defaultWorkingDirectory)/release/*'
isDraft: true
addChangeLog: false

0 comments on commit b2911b3

Please sign in to comment.