From 4966968e9e52a06212f71fdbb829ff73f663b461 Mon Sep 17 00:00:00 2001 From: "Peiyao Zhao (from Dev Box)" Date: Fri, 28 Feb 2025 09:48:49 +0800 Subject: [PATCH] update --- - | 0 .../v2/templates/job-build-project-vnext.yml | 472 ++++++++++++++++++ .../templates/steps-build-installer-vnext.yml | 184 +++++++ 3 files changed, 656 insertions(+) create mode 100644 - create mode 100644 .pipelines/v2/templates/job-build-project-vnext.yml create mode 100644 .pipelines/v2/templates/steps-build-installer-vnext.yml diff --git a/- b/- new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/.pipelines/v2/templates/job-build-project-vnext.yml b/.pipelines/v2/templates/job-build-project-vnext.yml new file mode 100644 index 000000000000..8aa945a16f37 --- /dev/null +++ b/.pipelines/v2/templates/job-build-project-vnext.yml @@ -0,0 +1,472 @@ +parameters: + - name: additionalBuildOptions + type: string + default: '' + - name: buildConfigurations + type: object + default: + - Release + - name: buildPlatforms + type: object + default: + - x64 + - arm64 + - name: codeSign + type: boolean + default: false + - name: artifactStem + type: string + default: '' + - name: jobName + type: string + default: 'Build' + - name: condition + type: string + default: '' + - name: dependsOn + type: object + default: [] + - name: pool + type: object + default: [] + - name: beforeBuildSteps + type: stepList + default: [] + - name: variables + type: object + default: {} + - name: publishArtifacts + type: boolean + default: true + - name: signingIdentity + type: object + default: {} + - name: enablePackageCaching + type: boolean + default: false + - name: enableMsBuildCaching + type: boolean + default: false + - name: runTests + type: boolean + default: true + - name: useVSPreview + type: boolean + default: false + - name: versionNumber + type: string + default: '0.0.1' + - name: useLatestWinAppSDK + type: boolean + default: false + - name: winAppSDKVersionNumber + type: string + default: 1.6 + - name: useExperimentalVersion + type: boolean + default: false + - name: csProjectsToPublish + type: object + default: + - 'src/settings-ui/Settings.UI/PowerToys.Settings.csproj' + - 'src/modules/launcher/PowerLauncher/PowerLauncher.csproj' + - 'src/modules/previewpane/MonacoPreviewHandler/MonacoPreviewHandler.csproj' + - 'src/modules/previewpane/MarkdownPreviewHandler/MarkdownPreviewHandler.csproj' + - 'src/modules/previewpane/SvgPreviewHandler/SvgPreviewHandler.csproj' + - 'src/modules/previewpane/SvgThumbnailProvider/SvgThumbnailProvider.csproj' + - 'src/modules/FileLocksmith/FileLocksmithUI/FileLocksmithUI.csproj' + +jobs: +- job: ${{ parameters.jobName }} + ${{ if ne(length(parameters.pool), 0) }}: + pool: ${{ parameters.pool }} + dependsOn: ${{ parameters.dependsOn }} + condition: ${{ parameters.condition }} + strategy: + matrix: + ${{ each config in parameters.buildConfigurations }}: + ${{ each platform in parameters.buildPlatforms }}: + ${{ config }}_${{ platform }}: + BuildConfiguration: ${{ config }} + BuildPlatform: ${{ platform }} + ${{ if eq(platform, 'x86') }}: + OutputBuildPlatform: Win32 + ${{ elseif eq(platform, 'Any CPU') }}: + OutputBuildPlatform: AnyCPU + ${{ else }}: + OutputBuildPlatform: ${{ platform }} + variables: + # Azure DevOps abhors a vacuum + # If these are blank, expansion will fail later on... which will result in direct substitution of the variable *names* + # later on. We'll just... set them to a single space and if we need to, check IsNullOrWhiteSpace. + # Yup. + MSBuildCacheParameters: ' ' + JobOutputDirectory: $(Build.ArtifactStagingDirectory) + LogOutputDirectory: $(Build.ArtifactStagingDirectory)\logs + JobOutputArtifactName: build-$(BuildPlatform)-$(BuildConfiguration)${{ parameters.artifactStem }} + NUGET_RESTORE_MSBUILD_ARGS: /p:Platform=$(BuildPlatform) # Required for nuget to work due to self contained + NODE_OPTIONS: --max_old_space_size=16384 + ${{ if eq(parameters.runTests, true) }}: + MSBuildMainBuildTargets: Build;Test + ${{ else }}: + MSBuildMainBuildTargets: Build + ${{ insert }}: ${{ parameters.variables }} + ${{ if eq(parameters.useLatestWinAppSDK, true) }}: + RestoreAdditionalProjectSourcesArg: '/p:RestoreAdditionalProjectSources="$(Build.SourcesDirectory)\localpackages\NugetPackages"' + ${{ else }}: + RestoreAdditionalProjectSourcesArg: '' + displayName: Build + timeoutInMinutes: 240 + cancelTimeoutInMinutes: 1 + templateContext: # Required when this template is hosted in 1ES PT + outputs: + - output: pipelineArtifact + artifactName: $(JobOutputArtifactName) + targetPath: $(Build.ArtifactStagingDirectory) + steps: + - checkout: self + clean: true + submodules: true + persistCredentials: True + fetchTags: false + fetchDepth: 1 + + - ${{ if eq(parameters.enableMsBuildCaching, true) }}: + - pwsh: |- + $MSBuildCacheParameters = "" + $MSBuildCacheParameters += " -graph" + $MSBuildCacheParameters += " -reportfileaccesses" + $MSBuildCacheParameters += " -p:MSBuildCacheEnabled=true" + $MSBuildCacheParameters += " -p:MSBuildCacheLogDirectory=$(LogOutputDirectory)\MSBuildCacheLogs" + Write-Host "MSBuildCacheParameters: $MSBuildCacheParameters" + Write-Host "##vso[task.setvariable variable=MSBuildCacheParameters]$MSBuildCacheParameters" + displayName: Prepare MSBuildCache variables + + - template: steps-ensure-dotnet-version.yml + parameters: + sdk: true + version: '6.0' + + - template: steps-ensure-dotnet-version.yml + parameters: + sdk: true + version: '8.0' + + - template: steps-ensure-dotnet-version.yml + parameters: + sdk: true + version: '9.0' + + - ${{ if eq(parameters.runTests, true) }}: + - task: VisualStudioTestPlatformInstaller@1 + displayName: Ensure VSTest Platform + + - pwsh: |- + & '.pipelines/applyXamlStyling.ps1' -Passive + displayName: Verify XAML formatting + + - pwsh: |- + & '.pipelines/verifyNugetPackages.ps1' -solution '$(build.sourcesdirectory)\PowerToys.sln' + displayName: Verify Nuget package versions for PowerToys.sln + + - pwsh: |- + & '.pipelines/verifyArm64Configuration.ps1' -solution '$(build.sourcesdirectory)\PowerToys.sln' + & '.pipelines/verifyArm64Configuration.ps1' -solution '$(build.sourcesdirectory)\tools\BugReportTool\BugReportTool.sln' + & '.pipelines/verifyArm64Configuration.ps1' -solution '$(build.sourcesdirectory)\tools\StylesReportTool\StylesReportTool.sln' + & '.pipelines/verifyArm64Configuration.ps1' -solution '$(build.sourcesdirectory)\installer\PowerToysSetup.sln' + displayName: Verify ARM64 configurations + + - ${{ if eq(parameters.enablePackageCaching, true) }}: + - task: Cache@2 + displayName: 'Cache nuget packages (PackageReference)' + inputs: + key: '"PackageReference" | "$(Agent.OS)" | Directory.Packages.props' + restoreKeys: | + "PackageReference" | "$(Agent.OS)" + "PackageReference" + path: $(NUGET_PACKAGES) + + - task: Cache@2 + displayName: 'Cache nuget packages (packages.config)' + inputs: + key: '"packages.config" | "$(Agent.OS)" | **/packages.config' + restoreKeys: | + "packages.config" | "$(Agent.OS)" + "packages.config" + path: packages + + - ${{ if eq(parameters.useLatestWinAppSDK, true)}}: + - template: .\steps-update-winappsdk-and-restore-nuget.yml + parameters: + versionNumber: ${{ parameters.winAppSDKVersionNumber }} + useExperimentalVersion: ${{ parameters.useExperimentalVersion }} + + - ${{ if eq(parameters.useLatestWinAppSDK, false)}}: + - template: .\steps-restore-nuget.yml + + - pwsh: |- + & "$(build.sourcesdirectory)\.pipelines\verifyAndSetLatestVCToolsVersion.ps1" + displayName: Work around DD-1541167 (VCToolsVersion) + ${{ if eq(parameters.useVSPreview, true) }}: + env: + VCWhereExtraVersionTarget: '-prerelease' + + - pwsh: |- + & "$(build.sourcesdirectory)\.pipelines\installWiX.ps1" + displayName: Download and install WiX 3.14 development build + + - ${{ parameters.beforeBuildSteps }} + + - task: VSBuild@1 + ${{ if eq(parameters.runTests, true) }}: + displayName: Build and Test PowerToys main project + ${{ else }}: + displayName: Build PowerToys main project + inputs: + solution: 'PowerToys.sln' + vsVersion: 17.0 + msbuildArgs: >- + -restore -graph + /p:RestorePackagesConfig=true + /p:CIBuild=true + /bl:$(LogOutputDirectory)\build-0-main.binlog + ${{ parameters.additionalBuildOptions }} + $(MSBuildCacheParameters) + /t:$(MSBuildMainBuildTargets) + $(RestoreAdditionalProjectSourcesArg) + platform: $(BuildPlatform) + configuration: $(BuildConfiguration) + msbuildArchitecture: x64 + maximumCpuCount: true + ${{ if eq(parameters.enableMsBuildCaching, true) }}: + env: + SYSTEM_ACCESSTOKEN: $(System.AccessToken) + + - task: VSBuild@1 + displayName: Build BugReportTool + inputs: + solution: '**/tools/BugReportTool/BugReportTool.sln' + vsVersion: 17.0 + msbuildArgs: >- + -restore -graph + /p:RestorePackagesConfig=true + /p:CIBuild=true + /bl:$(LogOutputDirectory)\build-bug-report.binlog + ${{ parameters.additionalBuildOptions }} + $(MSBuildCacheParameters) + $(RestoreAdditionalProjectSourcesArg) + platform: $(BuildPlatform) + configuration: $(BuildConfiguration) + msbuildArchitecture: x64 + maximumCpuCount: true + ${{ if eq(parameters.enableMsBuildCaching, true) }}: + env: + SYSTEM_ACCESSTOKEN: $(System.AccessToken) + + - task: VSBuild@1 + displayName: Build StylesReportTool + inputs: + solution: '**/tools/StylesReportTool/StylesReportTool.sln' + vsVersion: 17.0 + msbuildArgs: >- + -restore -graph + /p:RestorePackagesConfig=true + /p:CIBuild=true + /bl:$(LogOutputDirectory)\build-styles-report.binlog + ${{ parameters.additionalBuildOptions }} + $(MSBuildCacheParameters) + $(RestoreAdditionalProjectSourcesArg) + platform: $(BuildPlatform) + configuration: $(BuildConfiguration) + msbuildArchitecture: x64 + maximumCpuCount: true + ${{ if eq(parameters.enableMsBuildCaching, true) }}: + env: + SYSTEM_ACCESSTOKEN: $(System.AccessToken) + + - ${{ each project in parameters.csProjectsToPublish }}: + - task: VSBuild@1 + displayName: Publish ${{ project }} for Packaging + inputs: + solution: ${{ project }} + vsVersion: 17.0 + msbuildArgs: >- + /target:Publish + /graph + /p:Configuration=$(BuildConfiguration);Platform=$(BuildPlatform);AppxBundle=Never + /p:VCRTForwarders-IncludeDebugCRT=false + /p:PowerToysRoot=$(Build.SourcesDirectory) + /p:PublishProfile=InstallationPublishProfile.pubxml + /bl:$(LogOutputDirectory)\publish-${{ join('_',split(project, '/')) }}.binlog + $(RestoreAdditionalProjectSourcesArg) + platform: $(BuildPlatform) + configuration: $(BuildConfiguration) + msbuildArchitecture: x64 + maximumCpuCount: true + + ### HACK: On ARM64 builds, building an app with Windows App SDK copies the x64 WebView2 dll instead of the ARM64 one. This task makes sure the right dll is used. + - task: CopyFiles@2 + displayName: HACK Copy core WebView2 ARM64 dll to output directory + condition: eq(variables['BuildPlatform'],'arm64') + inputs: + contents: packages/Microsoft.Web.WebView2.1.0.2739.15/runtimes/win-ARM64/native_uap/Microsoft.Web.WebView2.Core.dll + targetFolder: $(Build.SourcesDirectory)/ARM64/Release/WinUI3Apps/ + flattenFolders: True + OverWrite: True + + # Check if deps.json files don't reference different dll versions. + - pwsh: |- + & '.pipelines/verifyDepsJsonLibraryVersions.ps1' -targetDir '$(build.sourcesdirectory)\$(BuildPlatform)\$(BuildConfiguration)' + displayName: Audit deps.json files for all applications + + # Check if asset files on the main application paths are playing nice and avoiding basic conflicts. + - pwsh: |- + & '.pipelines/verifyPossibleAssetConflicts.ps1' -targetDir '$(build.sourcesdirectory)\$(BuildPlatform)\$(BuildConfiguration)' + displayName: Audit base applications path asset conflicts + + - pwsh: |- + & '.pipelines/verifyPossibleAssetConflicts.ps1' -targetDir '$(build.sourcesdirectory)\$(BuildPlatform)\$(BuildConfiguration)\WinUI3Apps' + displayName: Audit WinAppSDK applications path asset conflicts + + # To streamline the pipeline and prevent errors, skip this step during compatibility tests with the latest WinAppSDK. + - ${{ if eq(parameters.useLatestWinAppSDK, false) }}: + - pwsh: |- + & '.pipelines/verifyNoticeMdAgainstNugetPackages.ps1' -path '$(build.sourcesdirectory)\' + displayName: Verify NOTICE.md and NuGet packages match + + - ${{ if eq(parameters.runTests, true) }}: + # Publish test results which ran in MSBuild + - task: PublishTestResults@2 + displayName: 'Publish Test Results' + inputs: + testResultsFormat: VSTest + testResultsFiles: '**/*.trx' + condition: ne(variables['BuildPlatform'],'arm64') + + # Native dlls + - task: VSTest@2 + condition: ne(variables['BuildPlatform'],'arm64') # No arm64 agents to run the tests. + displayName: 'Native Tests' + inputs: + platform: '$(BuildPlatform)' + configuration: '$(BuildConfiguration)' + testSelector: 'testAssemblies' + testAssemblyVer2: | + **\KeyboardManagerEngineTest.dll + **\KeyboardManagerEditorTest.dll + **\UnitTests-CommonLib.dll + **\PowerRenameUnitTests.dll + **\UnitTests-FancyZones.dll + !**\obj\** + + - ${{ if eq(parameters.codeSign, true) }}: + - template: steps-esrp-signing.yml + parameters: + displayName: Sign Core PowerToys + signingIdentity: ${{ parameters.signingIdentity }} + inputs: + FolderPath: '$(BuildPlatform)/$(BuildConfiguration)' + signType: batchSigning + batchSignPolicyFile: '$(build.sourcesdirectory)\.pipelines\ESRPSigning_core.json' + ciPolicyFile: '$(build.sourcesdirectory)\.pipelines\CIPolicy.xml' + + - template: steps-esrp-signing.yml + parameters: + displayName: Sign DSC files + signingIdentity: ${{ parameters.signingIdentity }} + inputs: + FolderPath: 'src/dsc/Microsoft.PowerToys.Configure' + signType: batchSigning + batchSignPolicyFile: '$(build.sourcesdirectory)\.pipelines\ESRPSigning_DSC.json' + ciPolicyFile: '$(build.sourcesdirectory)\.pipelines\CIPolicy.xml' + + - template: steps-build-installer.yml + parameters: + codeSign: ${{ parameters.codeSign }} + signingIdentity: ${{ parameters.signingIdentity }} + versionNumber: ${{ parameters.versionNumber }} + additionalBuildOptions: ${{ parameters.additionalBuildOptions }} + + - template: steps-build-installer.yml + parameters: + codeSign: ${{ parameters.codeSign }} + signingIdentity: ${{ parameters.signingIdentity }} + versionNumber: ${{ parameters.versionNumber }} + additionalBuildOptions: ${{ parameters.additionalBuildOptions }} + buildUserInstaller: true # NOTE: This is the distinction between the above and below rules + + # This saves ~1GiB per architecture. We won't need these later. + # Removes: + # - All .pdbs from any static libs .libs (which were only used during linking) + - pwsh: |- + $binDir = '$(Build.SourcesDirectory)' + $ImportLibs = Get-ChildItem $binDir -Recurse -File -Filter '*.exp' | ForEach-Object { $_.FullName -Replace "exp$","lib" } + $StaticLibs = Get-ChildItem $binDir -Recurse -File -Filter '*.lib' | Where-Object FullName -NotIn $ImportLibs + + $Items = @() + $Items += Get-Item ($StaticLibs.FullName -Replace "lib$","pdb") -ErrorAction:Ignore + + $Items | Remove-Item -Recurse -Force -Verbose -ErrorAction:Ignore + displayName: Clean up static libs PDBs + errorActionPreference: silentlyContinue # It's OK if this silently fails + + - task: CopyFiles@2 + displayName: Stage Installers + inputs: + contents: "**/PowerToys*Setup-*.exe" + flattenFolders: True + targetFolder: $(JobOutputDirectory) + + - task: CopyFiles@2 + displayName: Stage Symbols + inputs: + contents: |- + **\*.pdb + !**\vc143.pdb + !**\*test*.pdb + flattenFolders: True + targetFolder: $(JobOutputDirectory)/symbols-$(BuildPlatform)/ + + - pwsh: |- + $p = "$(JobOutputDirectory)\" + $userHash = ((Get-Item $p\PowerToysUserSetup*.exe | Get-FileHash).Hash); + $machineHash = ((Get-Item $p\PowerToysSetup*.exe | Get-FileHash).Hash); + $userPlat = "hash_user_$(BuildPlatform).txt"; + $machinePlat = "hash_machine_$(BuildPlatform).txt"; + $combinedUserPath = $p + $userPlat; + $combinedMachinePath = $p + $machinePlat; + + echo $p + + echo $userPlat + echo $userHash + echo $combinedUserPath + + echo $machinePlat + echo $machineHash + echo $combinedMachinePath + + $userHash | out-file -filepath $combinedUserPath + $machineHash | out-file -filepath $combinedMachinePath + displayName: Calculate file hashes + + # Publishing the GPO files + - pwsh: |- + New-Item "$(JobOutputDirectory)/gpo" -Type Directory + Copy-Item src\gpo\assets\* "$(JobOutputDirectory)/gpo" -Recurse + displayName: Stage GPO files + + # Running the tests may result in future jobs consuming artifacts out of this build + - ${{ if eq(parameters.runTests, true) }}: + - task: CopyFiles@2 + displayName: Stage entire build output + inputs: + sourceFolder: '$(Build.SourcesDirectory)' + contents: '$(BuildPlatform)/$(BuildConfiguration)/**/*' + targetFolder: '$(JobOutputDirectory)\$(BuildPlatform)\$(BuildConfiguration)' + + - ${{ if eq(parameters.publishArtifacts, true) }}: + - publish: $(JobOutputDirectory) + artifact: $(JobOutputArtifactName) + displayName: Publish all outputs + condition: always() \ No newline at end of file diff --git a/.pipelines/v2/templates/steps-build-installer-vnext.yml b/.pipelines/v2/templates/steps-build-installer-vnext.yml new file mode 100644 index 000000000000..4e62d82e8928 --- /dev/null +++ b/.pipelines/v2/templates/steps-build-installer-vnext.yml @@ -0,0 +1,184 @@ +parameters: + - name: versionNumber + type: string + default: "0.0.1" + - name: buildUserInstaller + type: boolean + default: false + - name: codeSign + type: boolean + default: false + - name: signingIdentity + type: object + default: {} + - name: additionalBuildOptions + type: string + default: '' + +steps: + - pwsh: |- + & git clean -xfd -e *exe -- .\installer\ + displayName: ${{replace(replace(parameters.buildUserInstaller,'True','👤'),'False','💻')}} Clean installer to reduce cross-contamination + + - pwsh: |- + $IsPerUser = $${{ parameters.buildUserInstaller }} + $InstallerBuildSlug = "MachineSetup" + $InstallerBasename = "PowerToysSetupVNext" + If($IsPerUser) { + $InstallerBuildSlug = "UserSetup" + $InstallerBasename = "PowerToysUserSetup" + } + $InstallerBasename += "-${{ parameters.versionNumber }}-$(BuildPlatform)" + Write-Host "##vso[task.setvariable variable=InstallerBuildSlug]$InstallerBuildSlug" + Write-Host "##vso[task.setvariable variable=InstallerRelativePath]$(BuildPlatform)\$(BuildConfiguration)\$InstallerBuildSlug" + Write-Host "##vso[task.setvariable variable=InstallerBasename]$InstallerBasename" + displayName: ${{replace(replace(parameters.buildUserInstaller,'True','👤'),'False','💻')}} Prepare Installer variables + + # This dll needs to be built and signed before building the MSI. + - task: VSBuild@1 + displayName: ${{replace(replace(parameters.buildUserInstaller,'True','👤'),'False','💻')}} Build PowerToysSetupCustomActions + inputs: + solution: "**/installer/PowerToysSetupVNext.sln" + vsVersion: 17.0 + msbuildArgs: >- + /t:PowerToysSetupCustomActions + /p:RunBuildEvents=true;PerUser=${{parameters.buildUserInstaller}};RestorePackagesConfig=true;CIBuild=true + -restore -graph + /bl:$(LogOutputDirectory)\installer-$(InstallerBuildSlug)-actions.binlog + ${{ parameters.additionalBuildOptions }} + platform: $(BuildPlatform) + configuration: $(BuildConfiguration) + clean: true + msbuildArchitecture: x64 + maximumCpuCount: true + + - ${{ if eq(parameters.codeSign, true) }}: + - template: steps-esrp-signing.yml + parameters: + displayName: ${{replace(replace(parameters.buildUserInstaller,'True','👤'),'False','💻')}} Sign PowerToysSetupCustomActions + signingIdentity: ${{ parameters.signingIdentity }} + inputs: + FolderPath: 'installer/PowerToysSetupCustomActions/$(InstallerRelativePath)' + signType: batchSigning + batchSignPolicyFile: '$(build.sourcesdirectory)\.pipelines\ESRPSigning_installer.json' + ciPolicyFile: '$(build.sourcesdirectory)\.pipelines\CIPolicy.xml' + + ## INSTALLER START + #### MSI BUILDING AND SIGNING + - task: VSBuild@1 + displayName: ${{replace(replace(parameters.buildUserInstaller,'True','👤'),'False','💻')}} Build MSI + inputs: + solution: "**/installer/PowerToysSetupVNext.sln" + vsVersion: 17.0 + msbuildArgs: >- + -restore + /t:PowerToysInstaller + /p:RunBuildEvents=false;PerUser=${{parameters.buildUserInstaller}};BuildProjectReferences=false;CIBuild=true + /bl:$(LogOutputDirectory)\installer-$(InstallerBuildSlug)-msi.binlog + ${{ parameters.additionalBuildOptions }} + platform: $(BuildPlatform) + configuration: $(BuildConfiguration) + clean: false # don't undo our hard work above by deleting the CustomActions dll + msbuildArchitecture: x64 + maximumCpuCount: true + + - script: |- + "C:\Program Files (x86)\WiX Toolset v3.14\bin\dark.exe" -x $(build.sourcesdirectory)\extractedMsi installer\PowerToysSetupVNext\$(InstallerRelativePath)\$(InstallerBasename).msi + dir $(build.sourcesdirectory)\extractedMsi + displayName: "${{replace(replace(parameters.buildUserInstaller,'True','👤'),'False','💻')}} Extract and verify MSI" + + # Check if deps.json files don't reference different dll versions. + - pwsh: |- + & '.pipelines/verifyDepsJsonLibraryVersions.ps1' -targetDir '$(build.sourcesdirectory)\extractedMsi\File' + displayName: ${{replace(replace(parameters.buildUserInstaller,'True','👤'),'False','💻')}} Audit deps.json in MSI extracted files + + - ${{ if eq(parameters.codeSign, true) }}: + - pwsh: |- + & .pipelines/versionAndSignCheck.ps1 -targetDir '$(build.sourcesdirectory)\extractedMsi\File' + & .pipelines/versionAndSignCheck.ps1 -targetDir '$(build.sourcesdirectory)\extractedMsi\Binary' + git clean -xfd ./extractedMsi + displayName: ${{replace(replace(parameters.buildUserInstaller,'True','👤'),'False','💻')}} Verify all binaries are signed and versioned + + - template: steps-esrp-signing.yml + parameters: + displayName: ${{replace(replace(parameters.buildUserInstaller,'True','👤'),'False','💻')}} Sign MSI + signingIdentity: ${{ parameters.signingIdentity }} + inputs: + FolderPath: 'installer/PowerToysSetupVNext/$(InstallerRelativePath)' + signType: batchSigning + batchSignPolicyFile: '$(build.sourcesdirectory)\.pipelines\ESRPSigning_installer.json' + ciPolicyFile: '$(build.sourcesdirectory)\.pipelines\CIPolicy.xml' + + #### END MSI + #### BOOTSTRAP BUILDING AND SIGNING + + - task: VSBuild@1 + displayName: ${{replace(replace(parameters.buildUserInstaller,'True','👤'),'False','💻')}} Build Bootstrapper + inputs: + solution: "**/installer/PowerToysSetupVNext.sln" + vsVersion: 17.0 + msbuildArgs: >- + /t:PowerToysBootstrapper + /p:PerUser=${{parameters.buildUserInstaller}};CIBuild=true + /bl:$(LogOutputDirectory)\installer-$(InstallerBuildSlug)-bootstrapper.binlog + -restore -graph + ${{ parameters.additionalBuildOptions }} + platform: $(BuildPlatform) + configuration: $(BuildConfiguration) + clean: false # don't undo our hard work above by deleting the MSI + msbuildArchitecture: x64 + maximumCpuCount: true + + # The entirety of bundle unpacking/re-packing is unnecessary if we are not code signing it. + - ${{ if eq(parameters.codeSign, true) }}: + - script: |- + "C:\Program Files (x86)\WiX Toolset v3.14\bin\insignia.exe" -ib installer\PowerToysSetupVNext\$(InstallerRelativePath)\$(InstallerBasename).exe -o installer\engine.exe + displayName: "${{replace(replace(parameters.buildUserInstaller,'True','👤'),'False','💻')}} Insignia: Extract Engine from Bundle" + + - template: steps-esrp-signing.yml + parameters: + displayName: ${{replace(replace(parameters.buildUserInstaller,'True','👤'),'False','💻')}} Sign WiX Engine + signingIdentity: ${{ parameters.signingIdentity }} + inputs: + FolderPath: "installer" + Pattern: engine.exe + signConfigType: inlineSignParams + inlineOperation: | + [ + { + "KeyCode": "CP-230012", + "OperationCode": "SigntoolSign", + "Parameters": { + "OpusName": "Microsoft", + "OpusInfo": "http://www.microsoft.com", + "FileDigest": "/fd \"SHA256\"", + "PageHash": "/NPH", + "TimeStamp": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" + }, + "ToolName": "sign", + "ToolVersion": "1.0" + }, + { + "KeyCode": "CP-230012", + "OperationCode": "SigntoolVerify", + "Parameters": {}, + "ToolName": "sign", + "ToolVersion": "1.0" + } + ] + + - script: |- + "C:\Program Files (x86)\WiX Toolset v3.14\bin\insignia.exe" -ab installer\engine.exe installer\PowerToysSetupVNext\$(InstallerRelativePath)\$(InstallerBasename).exe -o installer\PowerToysSetupVNext\$(InstallerRelativePath)\$(InstallerBasename).exe + displayName: "${{replace(replace(parameters.buildUserInstaller,'True','👤'),'False','💻')}} Insignia: Merge Engine into Bundle" + + - template: steps-esrp-signing.yml + parameters: + displayName: ${{replace(replace(parameters.buildUserInstaller,'True','👤'),'False','💻')}} Sign Final Bootstrapper + signingIdentity: ${{ parameters.signingIdentity }} + inputs: + FolderPath: 'installer/PowerToysSetupVNext/$(InstallerRelativePath)' + signType: batchSigning + batchSignPolicyFile: '$(build.sourcesdirectory)\.pipelines\ESRPSigning_installer.json' + ciPolicyFile: '$(build.sourcesdirectory)\.pipelines\CIPolicy.xml' + #### END BOOTSTRAP + ## END INSTALLER