Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build: add a OneBranch Official release pipeline #16081

Merged
merged 1 commit into from
Oct 2, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1,127 changes: 1,127 additions & 0 deletions build/config/release.gdnbaselines

Large diffs are not rendered by default.

6 changes: 6 additions & 0 deletions build/config/tsa.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
{
"instanceUrl": "https://microsoft.visualstudio.com",
"projectName": "OS",
"areaPath": "OS\\Windows Client and Services\\ADEPT\\E4D-Engineered for Developers\\SHINE\\Terminal",
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh no they know what our area path is oh no

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh no, they'll think we're engineering for developers oh no

"notificationAliases": ["condev@microsoft.com", "duhowett@microsoft.com"]
}
47 changes: 47 additions & 0 deletions build/pipelines/ob-nightly.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
trigger: none
pr: none
schedules:
- cron: "30 3 * * 2-6" # Run at 03:30 UTC Tuesday through Saturday (After the work day in Pacific, Mon-Fri)
displayName: "Nightly Terminal Build"
branches:
include:
- main
always: false # only run if there's code changes!

parameters:
- name: publishToAzure
displayName: "Deploy to **PUBLIC** Azure Storage"
type: boolean
default: true

name: $(BuildDefinitionName)_$(date:yyMM).$(date:dd)$(rev:rrr)

variables:
- template: templates-v2/variables-nuget-package-version.yml
- template: templates-v2/variables-onebranch-config.yml

extends:
template: templates-v2/pipeline-onebranch-full-release-build.yml
parameters:
official: true
branding: Canary
buildTerminal: true
pgoBuildMode: Optimize
codeSign: true
publishSymbolsToPublic: true
publishVpackToWindows: false
symbolExpiryTime: 15
${{ if eq(true, parameters.publishToAzure) }}:
extraPublishJobs:
- template: job-deploy-to-azure-storage.yml
parameters:
pool: { type: windows }
dependsOn: [PublishSymbols]
storagePublicRootURL: $(AppInstallerRootURL)
subscription: $(AzureSubscriptionName)
storageAccount: $(AzureStorageAccount)
storageContainer: $(AzureStorageContainer)
buildConfiguration: Release
buildPlatforms: [x64, x86, arm64]
environment: production-canary

81 changes: 81 additions & 0 deletions build/pipelines/ob-release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
trigger: none
pr: none

# Expose all of these parameters for user configuration.
parameters:
- name: branding
displayName: "Branding (Build Type)"
type: string
default: Release
values:
- Release
- Preview
- Canary
- Dev
- name: buildTerminal
displayName: "Build Windows Terminal MSIX"
type: boolean
default: true
- name: buildConPTY
displayName: "Build ConPTY NuGet"
type: boolean
default: false
- name: buildWPF
displayName: "Build Terminal WPF Control"
type: boolean
default: false
- name: pgoBuildMode
displayName: "PGO Build Mode"
type: string
default: Optimize
values:
- Optimize
- Instrument
- None
- name: buildConfigurations
displayName: "Build Configurations"
type: object
default:
- Release
- name: buildPlatforms
displayName: "Build Platforms"
type: object
default:
- x64
- x86
- arm64
- name: terminalInternalPackageVersion
displayName: "Terminal Internal Package Version"
type: string
default: '0.0.8'

- name: publishSymbolsToPublic
displayName: "Publish Symbols to MSDL"
type: boolean
default: true
- name: publishVpackToWindows
displayName: "Publish VPack to Windows"
type: boolean
default: false

name: $(BuildDefinitionName)_$(date:yyMM).$(date:dd)$(rev:rrr)

variables:
- template: templates-v2/variables-nuget-package-version.yml
- template: templates-v2/variables-onebranch-config.yml

extends:
template: templates-v2/pipeline-onebranch-full-release-build.yml
parameters:
official: true
branding: ${{ parameters.branding }}
buildTerminal: ${{ parameters.buildTerminal }}
buildConPTY: ${{ parameters.buildConPTY }}
buildWPF: ${{ parameters.buildWPF }}
pgoBuildMode: ${{ parameters.pgoBuildMode }}
buildConfigurations: ${{ parameters.buildConfigurations }}
buildPlatforms: ${{ parameters.buildPlatforms }}
codeSign: true
terminalInternalPackageVersion: ${{ parameters.terminalInternalPackageVersion }}
publishSymbolsToPublic: ${{ parameters.publishSymbolsToPublic }}
publishVpackToWindows: ${{ parameters.publishVpackToWindows }}
14 changes: 14 additions & 0 deletions build/pipelines/templates-v2/job-build-project.yml
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,9 @@ parameters:
- name: publishArtifacts
type: boolean
default: true
- name: removeAllNonSignedFiles
type: boolean
default: false

jobs:
- job: ${{ parameters.jobName }}
Expand Down Expand Up @@ -173,6 +176,7 @@ jobs:
# - Directories ending in Lib (static lib projects that we fully linked into DLLs which may also contain unnecessary resources)
# - All LocalTests_ project outputs, as they were subsumed into TestHostApp
# - All PDB files inside the WindowsTerminal/ output, which do not belong there.
# - console.dll, which apparently breaks XFGCheck? lol.
- pwsh: |-
$binDir = '$(Terminal.BinDir)'
$ImportLibs = Get-ChildItem $binDir -Recurse -File -Filter '*.exp' | ForEach-Object { $_.FullName -Replace "exp$","lib" }
Expand All @@ -189,6 +193,8 @@ jobs:
$Items += Get-ChildItem '$(Terminal.BinDir)' -Filter '*.pdb' -Recurse
}

$Items += Get-ChildItem $binDir -Filter 'console.dll'

$Items | Remove-Item -Recurse -Force -Verbose -ErrorAction:Ignore
displayName: Clean up static libs and extra symbols
errorActionPreference: silentlyContinue # It's OK if this silently fails
Expand Down Expand Up @@ -246,6 +252,14 @@ jobs:
Write-Host "##vso[task.setvariable variable=WindowsTerminalPackagePath]${PackageFilename}"
displayName: Re-pack the new Terminal package after signing

# Some of our governed pipelines explicitly fail builds that have *any* non-codesigned filed (!)
- ${{ if eq(parameters.removeAllNonSignedFiles, true) }}:
- pwsh: |-
Get-ChildItem "$(Terminal.BinDir)" -Recurse -Include "*.dll","*.exe" |
Where-Object { (Get-AuthenticodeSignature $_).Status -Ne "Valid" } |
Remove-Item -Verbose -Force
displayName: Remove all non-signed output files

- ${{ else }}: # No Signing
- ${{ if or(parameters.buildTerminal, parameters.buildEverything) }}:
- pwsh: |-
Expand Down
9 changes: 8 additions & 1 deletion build/pipelines/templates-v2/job-merge-msix-into-bundle.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,9 @@ parameters:
- name: publishArtifacts
type: boolean
default: true
- name: afterBuildSteps
type: stepList
default: []

jobs:
- job: ${{ parameters.jobName }}
Expand Down Expand Up @@ -85,7 +88,9 @@ jobs:
$Components[0] = ([int]$Components[0] + $VersionEpoch)
$BundleVersion = $Components -Join "."
New-Item -Type Directory "$(System.ArtifactsDirectory)/bundle"
.\build\scripts\Create-AppxBundle.ps1 -InputPath 'bin/' -ProjectName CascadiaPackage -BundleVersion $BundleVersion -OutputPath "$(System.ArtifactsDirectory)\bundle\$(BundleStemName)_$(XES_APPXMANIFESTVERSION)_8wekyb3d8bbwe.msixbundle"
$BundlePath = "$(System.ArtifactsDirectory)\bundle\$(BundleStemName)_$(XES_APPXMANIFESTVERSION)_8wekyb3d8bbwe.msixbundle"
.\build\scripts\Create-AppxBundle.ps1 -InputPath 'bin/' -ProjectName CascadiaPackage -BundleVersion $BundleVersion -OutputPath $BundlePath
Write-Host "##vso[task.setvariable variable=MsixBundlePath]${BundlePath}"
displayName: Create msixbundle

- ${{ if eq(parameters.codeSign, true) }}:
Expand Down Expand Up @@ -139,6 +144,8 @@ jobs:
ValidateSignature: true
Verbosity: 'Verbose'

- ${{ parameters.afterBuildSteps }}

- ${{ if eq(parameters.publishArtifacts, true) }}:
- publish: $(JobOutputDirectory)
artifact: $(JobOutputArtifactName)
Expand Down
13 changes: 12 additions & 1 deletion build/pipelines/templates-v2/job-publish-symbols.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,12 @@ parameters:
- name: symbolExpiryTime
type: string
default: 36530 # This is the default from PublishSymbols@2
- name: variables
type: object
default: {}
- name: symbolPatGoesInTaskInputs
type: boolean
default: false

jobs:
- job: ${{ parameters.jobName }}
Expand All @@ -27,6 +33,8 @@ jobs:
${{ else }}:
displayName: Publish Symbols Internally
dependsOn: ${{ parameters.dependsOn }}
variables:
${{ insert }}: ${{ parameters.variables }}
steps:
- checkout: self
clean: true
Expand Down Expand Up @@ -76,11 +84,14 @@ jobs:
SymbolsProduct: 'Windows Terminal Converged Symbols'
SymbolsVersion: '$(XES_APPXMANIFESTVERSION)'
SymbolExpirationInDays: ${{ parameters.symbolExpiryTime }}
${{ if eq(parameters.symbolPatGoesInTaskInputs, true) }}:
Pat: $(ADO_microsoftpublicsymbols_PAT)
# The ADO task does not support indexing of GitHub sources.
# There is a bug which causes this task to fail if LIB includes an inaccessible path (even though it does not depend on it).
# To work around this issue, we just force LIB to be any dir that we know exists.
# Copied from https://github.com/microsoft/icu/blob/f869c214adc87415dfe751d81f42f1bca55dcf5f/build/azure-nuget.yml#L564-L583
env:
LIB: $(Build.SourcesDirectory)
ArtifactServices_Symbol_AccountName: microsoftpublicsymbols
ArtifactServices_Symbol_PAT: $(ADO_microsoftpublicsymbols_PAT)
${{ if ne(parameters.symbolPatGoesInTaskInputs, true) }}:
ArtifactServices_Symbol_PAT: $(ADO_microsoftpublicsymbols_PAT)
23 changes: 1 addition & 22 deletions build/pipelines/templates-v2/pipeline-full-release-build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -61,28 +61,7 @@ parameters:
demands: ImageOverride -equals SHINE-VS17-Latest

variables:
# If we are building a branch called "release-*", change the NuGet suffix
# to "preview". If we don't do that, XES will set the suffix to "release1"
# because it truncates the value after the first period.
# We also want to disable the suffix entirely if we're Release branded while
# on a release branch.
# main is special, however. XES ignores main. Since we never produce actual
# shipping builds from main, we want to force it to have a beta label as
# well.
#
# In effect:
# BRANCH / BRANDING | Release | Preview
# ------------------|----------------------------|-----------------------------
# release-* | 1.12.20220427 | 1.13.20220427-preview
# main | 1.14.20220427-experimental | 1.14.20220427-experimental
# all others | 1.14.20220427-mybranch | 1.14.20220427-mybranch
${{ if startsWith(variables['Build.SourceBranchName'], 'release-') }}:
${{ if eq(parameters.branding, 'Release') }}:
NoNuGetPackBetaVersion: true
${{ else }}:
NuGetPackBetaVersion: preview
${{ elseif eq(variables['Build.SourceBranchName'], 'main') }}:
NuGetPackBetaVersion: experimental
- template: variables-nuget-package-version.yml
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

well this is neat


resources:
repositories:
Expand Down
Loading