8000 Add Software Bill of Materials to the main packages (#16202) · daxian-dbw/PowerShell@6c73fe0 · GitHub
[go: up one dir, main page]
Skip to content

Commit 6c73fe0

Browse files
TravisEz13daxian-dbw
TravisEz13
authored and
daxian-dbw
committed
Add Software Bill of Materials to the main packages (PowerShell#16202)
1 parent a1c1aeb commit 6c73fe0

File tree

16 files changed

+726
-139
lines changed

16 files changed

+726
-139
lines changed

.vsts-ci/windows/templates/windows-packaging.yml

Lines changed: 44 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,20 +1,40 @@
11
parameters:
2-
pool: 'Hosted VS2017'
3-
jobName: 'win_packaging'
4-
architecture: 'x64'
5-
channel: 'preview'
6-
parentJobs: []
2+
- name: pool
3+
default: 'Hosted VS2017'
4+
- name: jobName
5+
default: 'win_packaging'
6+
- name: architecture
7+
default: 'x64'
8+
- name: channel
9+
default: 'preview'
710

811
jobs:
912
- job: ${{ parameters.jobName }}_${{ parameters.channel }}_${{ parameters.architecture }}
10-
dependsOn:
11-
${{ parameters.parentJobs }}
13+
14+
variables:
15+
- name: repoFolder
16+
value: PowerShell
17+
- name: repoPath
18+
value: $(Agent.BuildDirectory)\$(repoFolder)
19+
- name: complianceRepoFolder
20+
value: compliance
21+
- name: complianceRepoPath
22+
value: $(Agent.BuildDirectory)\$(complianceRepoFolder)
23+
1224
pool:
1325
name: ${{ parameters.pool }}
1426

1527
displayName: Windows Packaging - ${{ parameters.architecture }} - ${{ parameters.channel }}
1628

1729
steps:
30+
- checkout: self
31+
clean: true
32+
path: $(repoFolder)
33+
34+
- checkout: ComplianceRepo
35+
clean: true
36+
path: $(complianceRepoFolder)
37+
1838
- powershell: |
1939
Get-ChildItem -Path env:
2040
displayName: Capture environment
@@ -27,9 +47,24 @@ jobs:
2747
Invoke-CIInstall -SkipUser
2848
displayName: Bootstrap
2949
condition: succeeded()
50+
workingDirectory: $(repoPath)
51+
52+
- pwsh: |
53+
Import-Module .\tools\ci.psm1
54+
New-CodeCoverageAndTestPackage
55+
Invoke-CIFinish -Runtime win7-${{ parameters.architecture }} -channel ${{ parameters.channel }} -Stage Build
56+
displayName: Build
57+
workingDirectory: $(repoPath)
58+
59+
- template: Sbom.yml@ComplianceRepo
60+
parameters:
61+
BuildDropPath: '$(System.ArtifactsDirectory)/mainBuild'
62+
Build_Repository_Uri: $(build.repository.uri)
63+
displayName: SBOM
3064

3165
- pwsh: |
3266
Import-Module .\tools\ci.psm1
3367
New-CodeCoverageAndTestPackage
34-
Invoke-CIFinish -Runtime win7-${{ parameters.architecture }} -channel ${{ parameters.channel }}
35-
displayName: Build and Test Package
68+
Invoke-CIFinish -Runtime win7-${{ parameters.architecture }} -channel ${{ parameters.channel }} -Stage Package
69+
displayName: Package and Test
70+
workingDirectory: $(repoPath)

.vsts-ci/windows/windows-packaging.yml

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -67,10 +67,17 @@ variables:
6767
- name: __SuppressAnsiEscapeSequences
6868
value: 1
6969
- group: fakeNugetKey
70+
- name: SBOMGenerator_Formats
71+
value: spdx:2.2
7072

7173
resources:
72-
- repo: self
73-
clean: true
74+
repositories:
75+
- repository: ComplianceRepo
76+
type: github
77+
endpoint: PowerShell
78+
name: PowerShell/compliance
79+
ref: master
80+
7481
stages:
7582
- stage: PackagingWin
7683
displayName: Packaging for Windows

assets/wix/files.wxs

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3057,6 +3057,16 @@
30573057
<Component Id="cmp2EB55EB6B44F4CF186F0BAFD6B33BCD6">
30583058
<File Id="filC629C6EFCF314F9BB78C56E0876C08EB" KeyPath="yes" Source="$(var.ProductSourcePath)\mscordaccore_$(var.FileArchitecture)_$(var.FileArchitecture)_6.0.21.45113.dll" />
30593059
</Component>
3060+
<Directory Name="_manifest" Id="dir81094D6B916B4BC8B1BA0E1DADB93A02">
3061+
<Directory Name="spdx_2.2" Id="dirA36413FB3A534FDF8657D62728080E9F">
3062+
<Component Id="cmp408A3AF905EB47ADA35FBC5A6B1465A0">
3063+
<File Id="fil2146848B6ACB45FCA8E9C8FEE3BECDD8" KeyPath="yes" Source="$(var.ProductSourcePath)\_manifest\spdx_2.2\manifest.spdx.json" />
3064+
</Component>
3065+
</Directory>
3066+
</Directory>
3067+
<Component Id="cmpA6276F9EAB41411AAAEC496E67A3DBAE">
3068+
<File Id="filC840646CDE814D33B16DA3A5BBDDC88D" KeyPath="yes" Source="$(var.ProductSourcePath)\psoptions.json" />
3069+
</Component>
30603070
</DirectoryRef>
30613071
</Fragment>
30623072
<Fragment>
@@ -4042,6 +4052,8 @@
40424052
<ComponentRef Id="cmpA75DEF5617C54DA1937CB37D5824BF79" />
40434053
<ComponentRef Id="cmp957498053E01454DA1E21E6D7317DCD6" />
40444054
<ComponentRef Id="cmp2EB55EB6B44F4CF186F0BAFD6B33BCD6" />
4055+
<ComponentRef Id="cmp408A3AF905EB47ADA35FBC5A6B1465A0" />
4056+
<ComponentRef Id="cmpA6276F9EAB41411AAAEC496E67A3DBAE" />
40454057
</ComponentGroup>
40464058
</Fragment>
40474059
</Wix>

build.psm1

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -321,7 +321,8 @@ function Start-PSBuild {
321321
[string]$ReleaseTag,
322322
[switch]$Detailed,
323323
[switch]$InteractiveAuth,
324-
[switch]$SkipRoslynAnalyzers
324+
[switch]$SkipRoslynAnalyzers,
325+
[string]$PSOptionsPath
325326
)
326327

327328
if ($ReleaseTag -and $ReleaseTag -notmatch "^v\d+\.\d+\.\d+(-(preview|rc)(\.\d{1,2})?)?$") {
@@ -668,6 +669,15 @@ Fix steps:
668669
if ($CI) {
669670
Restore-PSPester -Destination (Join-Path $publishPath "Modules")
670671
}
672+
673+
if ($PSOptionsPath) {
674+
$resolvedPSOptionsPath = $ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath($PSOptionsPath)
675+
$parent = Split-Path -Path $resolvedPSOptionsPath
676+
if (!(Test-Path $parent)) {
677+
$null = New-Item -ItemType Directory -Path $parent
678+
}
679+
Save-PSOptions -PSOptionsPath $PSOptionsPath -Options $Options
680+
}
671681
}
672682

673683
function Restore-PSPackage

tools/WindowsCI.psm1

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,6 @@
11
# Copyright (c) Microsoft Corporation.
22
# Licensed under the MIT License.
33

4-
if($PSVersionTable.PSEdition -ne 'Desktop')
5-
{
6-
throw 'Must be run from Windows PowerShell'
7-
}
8-
94
function New-LocalUser
105
{
116
<#

tools/ci.psm1

Lines changed: 123 additions & 78 deletions
Original file line numberDiff line numberDiff line change
@@ -442,111 +442,156 @@ function Invoke-CIFinish
442442
{
443443
param(
444444
[string] $Runtime = 'win7-x64',
445-
[string] $Channel = 'preview'
445+
[string] $Channel = 'preview',
446+
[Validateset('Build','Package')]
447+
[string[]] $Stage = ('Build','Package')
446448
)
447449

448-
if($PSEdition -eq 'Core' -and ($IsLinux -or $IsMacOS))
449-
{
450+
if ($PSEdition -eq 'Core' -and ($IsLinux -or $IsMacOS) -and $Stage -contains 'Build') {
450451
return New-LinuxPackage
451452
}
452453

454+
$artifacts = New-Object System.Collections.ArrayList
453455
try {
454-
455-
if($Channel -eq 'preview')
456-
{
457-
$releaseTag = Get-ReleaseTag
458-
459-
$previewVersion = $releaseTag.Split('-')
460-
$previewPrefix = $previewVersion[0]
461-
$previewLabel = $previewVersion[1].replace('.','')
462-
463-
if(Test-DailyBuild)
464-
{
465-
$previewLabel= "daily{0}" -f $previewLabel
456+
$buildFolder = "${env:SYSTEM_ARTIFACTSDIRECTORY}/mainBuild"
457+
458+
if ($Stage -contains "Build") {
459+
if ($Channel -eq 'preview') {
460+
$releaseTag = Get-ReleaseTag
461+
462+
$previewVersion = $releaseTag.Split('-')
463+
$previewPrefix = $previewVersion[0]
464+
$previewLabel = $previewVersion[1].replace('.','')
465+
466+
if(Test-DailyBuild)
467+
{
468+
$previewLabel= "daily{0}" -f $previewLabel
469+
}
470+
471+
$prereleaseIteration = (get-date).Day
472+
$preReleaseVersion = "$previewPrefix-$previewLabel.$prereleaseIteration"
473+
# Build clean before backing to remove files from testing
474+
Start-PSBuild -CrossGen -PSModuleRestore -Configuration 'Release' -ReleaseTag $preReleaseVersion -Clean -Runtime $Runtime -output $buildFolder -PSOptionsPath "${buildFolder}/psoptions.json"
475+
$options = Get-PSOptions
476+
# Remove symbol files.
477+
$filter = Join-Path -Path (Split-Path $options.Output) -ChildPath '*.pdb'
478+
Write-Verbose "Removing symbol files from $filter" -Verbose
479+
Remove-Item $filter -Force -Recurse
480+
}
481+
else {
482+
$releaseTag = Get-ReleaseTag
483+
$releaseTagParts = $releaseTag.split('.')
484+
$preReleaseVersion = $releaseTagParts[0]+ ".9.9"
485+
Write-Verbose "newPSReleaseTag: $preReleaseVersion" -Verbose
486+
Start-PSBuild -CrossGen -PSModuleRestore -Configuration 'Release' -ReleaseTag $preReleaseVersion -Clean -Runtime $Runtime -output $buildFolder -PSOptionsPath "${buildFolder}/psoptions.json"
487+
$options = Get-PSOptions
488+
# Remove symbol files.
489+
$filter = Join-Path -Path (Split-Path $options.Output) -ChildPath '*.pdb'
490+
Write-Verbose "Removing symbol files from $filter" -Verbose
491+
Remove-Item $filter -Force -Recurse
466492
}
467493

468-
$prereleaseIteration = (get-date).Day
469-
$preReleaseVersion = "$previewPrefix-$previewLabel.$prereleaseIteration"
470-
# Build clean before backing to remove files from testing
471-
Start-PSBuild -CrossGen -PSModuleRestore -Configuration 'Release' -ReleaseTag $preReleaseVersion -Clean -Runtime $Runtime
472-
}
473-
else {
474-
$releaseTag = Get-ReleaseTag
475-
$releaseTagParts = $releaseTag.split('.')
476-
$preReleaseVersion = $releaseTagParts[0]+ ".9.9"
477-
Write-Verbose "newPSReleaseTag: $preReleaseVersion" -Verbose
478-
Start-PSBuild -CrossGen -PSModuleRestore -Configuration 'Release' -ReleaseTag $preReleaseVersion -Clean -Runtime $Runtime
494+
# Set a variable, both in the current process and in AzDevOps for the packaging stage to get the release tag
495+
$env:CI_FINISH_RELASETAG=$preReleaseVersion
496+
$vstsCommandString = "vso[task.setvariable variable=CI_FINISH_RELASETAG]$preReleaseVersion"
497+
Write-Verbose -Message "$vstsCommandString" -Verbose
498+
Write-Host -Object "##$vstsCommandString"
499+
500+
$armBuildFolder = "${env:SYSTEM_ARTIFACTSDIRECTORY}/releaseArm32"
501+
502+
# produce win-arm and win-arm64 packages if it is a daily build
503+
Start-PSBuild -Restore -Runtime win-arm -PSModuleRestore -Configuration 'Release' -ReleaseTag $releaseTag -output $armBuildFolder -PSOptionsPath "${armBuildFolder}-meta/psoptions.json" -Crossgen
504+
$options = Get-PSOptions
505+
# Remove symbol files.
506+
$filter = Join-Path -Path (Split-Path $options.Output) -ChildPath '*.pdb'
507+
Write-Verbose "Removing symbol files from $filter" -Verbose
508+
Remove-Item $filter -Force -Recurse
509+
510+
$armBuildFolder = "${env:SYSTEM_ARTIFACTSDIRECTORY}/releaseArm64"
511+
Start-PSBuild -Restore -Runtime win-arm64 -PSModuleRestore -Configuration 'Release' -ReleaseTag $releaseTag -output $armBuildFolder -PSOptionsPath "${armBuildFolder}-meta/psoptions.json" -Crossgen
512+
$options = Get-PSOptions
513+
# Remove symbol files.
514+
$filter = Join-Path -Path (Split-Path $options.Output) -ChildPath '*.pdb'
515+
Write-Verbose "Removing symbol files from $filter" -Verbose
516+
Remove-Item $filter -Force -Recurse
479517
}
480518

481-
# Build packages $preReleaseVersion = "$previewPrefix-$previewLabel.$prereleaseIteration"
482-
$packages = Start-PSPackage -Type msi,nupkg,zip,zip-pdb -ReleaseTag $preReleaseVersion -SkipReleaseChecks -WindowsRuntime $Runtime
483-
484-
$artifacts = New-Object System.Collections.ArrayList
485-
foreach ($package in $packages) {
486-
if (Test-Path $package -ErrorAction Ignore)
487-
{
488-
Write-Log "Package found: $package"
489-
}
490-
else
491-
{
492-
Write-Warning -Message "Package NOT found: $package"
493-
}
494519

495-
if($package -is [string])
496-
{
497-
$null = $artifacts.Add($package)
520+
if ($Stage -contains "Package") {
521+
Restore-PSOptions -PSOptionsPath "${buildFolder}-meta/psoptions.json"
522+
$preReleaseVersion = $env:CI_FINISH_RELASETAG
523+
524+
# Build packages $preReleaseVersion = "$previewPrefix-$previewLabel.$prereleaseIteration"
525+
$packages = Start-PSPackage -Type msi, nupkg, zip, zip-pdb -ReleaseTag $preReleaseVersion -SkipReleaseChecks -WindowsRuntime $Runtime
526+
527+
foreach ($package in $packages) {
528+
if (Test-Path $package -ErrorAction Ignore)
529+
{
530+
Write-Log "Package found: $package"
531+
}
532+
else
533+
{
534+
Write-Warning -Message "Package NOT found: $package"
535+
}
536+
537+
if($package -is [string])
538+
{
539+
$null = $artifacts.Add($package)
540+
}
541+
elseif($package -is [pscustomobject] -and $package.psobject.Properties['msi'])
542+
{
543+
$null = $artifacts.Add($package.msi)
544+
$null = $artifacts.Add($package.wixpdb)
545+
}
498546
}
499-
elseif($package -is [pscustomobject] -and $package.psobject.Properties['msi'])
500-
{
501-
$null = $artifacts.Add($package.msi)
502-
$null = $artifacts.Add($package.wixpdb)
503-
}
504-
}
505547

506-
# the packaging tests find the MSI package using env:PSMsiX64Path
507-
$env:PSMsiX64Path = $artifacts | Where-Object { $_.EndsWith(".msi")}
508-
$architechture = $Runtime.Split('-')[1]
509-
$exePath = New-ExePackage -ProductVersion ($preReleaseVersion -replace '^v') -ProductTargetArchitecture $architechture -MsiLocationPath $env:PSMsiX64Path
510-
Write-Verbose "exe Path: $exePath" -Verbose
511-
$artifacts.Add($exePath)
512-
$env:PSExePath = $exePath
513-
$env:PSMsiChannel = $Channel
514-
$env:PSMsiRuntime = $Runtime
548+
# the packaging tests find the MSI package using env:PSMsiX64Path
549+
$env:PSMsiX64Path = $artifacts | Where-Object { $_.EndsWith(".msi")}
550+
$architechture = $Runtime.Split('-')[1]
551+
$exePath = New-ExePackage -ProductVersion ($preReleaseVersion -replace '^v') -ProductTargetArchitecture $architechture -MsiLocationPath $env:PSMsiX64Path
552+
Write-Verbose "exe Path: $exePath" -Verbose
553+
$artifacts.Add($exePath)
554+
$env:PSExePath = $exePath
555+
$env:PSMsiChannel = $Channel
556+
$env:PSMsiRuntime = $Runtime
515557

516-
# Install the latest Pester and import it
517-
$maximumPesterVersion = '4.99'
518-
Install-Module Pester -Force -SkipPublisherCheck -MaximumVersion $maximumPesterVersion
519-
Import-Module Pester -Force -MaximumVersion $maximumPesterVersion
558+
# Install the latest Pester and import it
559+
$maximumPesterVersion = '4.99'
560+
Install-Module Pester -Force -SkipPublisherCheck -MaximumVersion $maximumPesterVersion
561+
Import-Module Pester -Force -MaximumVersion $maximumPesterVersion
520562

521-
$testResultPath = Join-Path -Path $env:TEMP -ChildPath "win-package-$channel-$runtime.xml"
563+
$testResultPath = Join-Path -Path $env:TEMP -ChildPath "win-package-$channel-$runtime.xml"
522564

523-
# start the packaging tests and get the results
524-
$packagingTestResult = Invoke-Pester -Script (Join-Path $repoRoot '.\test\packaging\windows\') -PassThru -OutputFormat NUnitXml -OutputFile $testResultPath
565+
# start the packaging tests and get the results
566+
$packagingTestResult = Invoke-Pester -Script (Join-Path $repoRoot '.\test\packaging\windows\') -PassThru -OutputFormat NUnitXml -OutputFile $testResultPath
525567

526-
Publish-TestResults -Title "win-package-$channel-$runtime" -Path $testResultPath
568+
Publish-TestResults -Title "win-package-$channel-$runtime" -Path $testResultPath
527569

528-
# fail the CI job if the tests failed, or nothing passed
529-
if(-not $packagingTestResult -is [pscustomobject] -or $packagingTestResult.FailedCount -ne 0 -or $packagingTestResult.PassedCount -eq 0)
530-
{
531-
throw "Packaging tests failed ($($packagingTestResult.FailedCount) failed/$($packagingTestResult.PassedCount) passed)"
532-
}
570+
# fail the CI job if the tests failed, or nothing passed
571+
if(-not $packagingTestResult -is [pscustomobject] -or $packagingTestResult.FailedCount -ne 0 -or $packagingTestResult.PassedCount -eq 0)
572+
{
573+
throw "Packaging tests failed ($($packagingTestResult.FailedCount) failed/$($packagingTestResult.PassedCount) passed)"
574+
}
533575

534-
# only publish assembly nuget packages if it is a daily build and tests passed
535-
if(Test-DailyBuild)
536-
{
537-
$nugetArtifacts = Get-ChildItem $PSScriptRoot\packaging\nugetOutput -ErrorAction SilentlyContinue -Filter *.nupkg | Select-Object -ExpandProperty FullName
538-
if($nugetArtifacts)
576+
# only publish assembly nuget packages if it is a daily build and tests passed
577+
if(Test-DailyBuild)
539578
{
540-
$artifacts.AddRange(@($nugetArtifacts))
579+
$nugetArtifacts = Get-ChildItem $PSScriptRoot\packaging\nugetOutput -ErrorAction SilentlyContinue -Filter *.nupkg | Select-Object -ExpandProperty FullName
580+
if($nugetArtifacts)
581+
{
582+
$artifacts.AddRange(@($nugetArtifacts))
583+
}
541584
}
542585
}
543586

544587
# produce win-arm and win-arm64 packages if it is a daily build
545-
Start-PSBuild -Restore -Runtime win-arm -PSModuleRestore -Configuration 'Release' -ReleaseTag $releaseTag
588+
$armBuildFolder = "${env:SYSTEM_ARTIFACTSDIRECTORY}/releaseArm32"
589+
Restore-PSOptions -PSOptionsPath "${armBuildFolder}-meta/psoptions.json"
546590
$arm32Package = Start-PSPackage -Type zip -WindowsRuntime win-arm -ReleaseTag $releaseTag -SkipReleaseChecks
547591
$artifacts.Add($arm32Package)
548592

549-
Start-PSBuild -Restore -Runtime win-arm64 -PSModuleRestore -Configuration 'Release' -ReleaseTag $releaseTag
593+
$armBuildFolder = "${env:SYSTEM_ARTIFACTSDIRECTORY}/releaseArm64"
594+
Restore-PSOptions -PSOptionsPath "${armBuildFolder}-meta/psoptions.json"
550595
$arm64Package = Start-PSPackage -Type zip -WindowsRuntime win-arm64 -ReleaseTag $releaseTag -SkipReleaseChecks
551596
$artifacts.Add($arm64Package)
552597
}

0 commit comments

Comments
 (0)
0