PowerShell
diff --git a/‎.pipelines/Build-Official.yml‎
Lines changed: 2 additions & 7 deletions b/‎.pipelines/Build-Official.yml‎
Lines changed: 2 additions & 7 deletions
diff --git a/‎.pipelines/Package-Official.yml‎
Lines changed: 0 additions & 13 deletions b/‎.pipelines/Package-Official.yml‎
Lines changed: 0 additions & 13 deletions
diff --git a/‎.pipelines/Release-Official.yml‎
Lines changed: 156 additions & 0 deletions b/‎.pipelines/Release-Official.yml‎
Lines changed: 156 additions & 0 deletions
diff --git a/‎.pipelines/templates/linux-build.yml‎
Lines changed: 0 additions & 4 deletions b/‎.pipelines/templates/linux-build.yml‎
Lines changed: 0 additions & 4 deletions
diff --git a/‎.pipelines/templates/mac-build.yml‎
Lines changed: 0 additions & 4 deletions b/‎.pipelines/templates/mac-build.yml‎
Lines changed: 0 additions & 4 deletions
diff --git a/‎.pipelines/templates/module-build.yml‎
Lines changed: 0 additions & 4 deletions b/‎.pipelines/templates/module-build.yml‎
Lines changed: 0 additions & 4 deletions
diff --git a/‎.pipelines/templates/module-package.yml‎
Lines changed: 3 additions & 0 deletions b/‎.pipelines/templates/module-package.yml‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎.pipelines/templates/release-msix-bundle.yml‎
Lines changed: 114 additions & 0 deletions b/‎.pipelines/templates/release-msix-bundle.yml‎
Lines changed: 114 additions & 0 deletions
@@ -19,12 +19,8 @@ variables:
     value: 1
   - name: POWERSHELL_TELEMETRY_OPTOUT
     value: 1
-  - name: nugetMultiFeedWarnLevel
-    value: none
-  - name: NugetSecurityAnalysisWarningLevel
-    value: none
-  - name: skipNugetSecurityAnalysis
-    value: true
+  - name: DOTNET_NOLOGO
+    value: 1
   - name: branchCounterKey
     value: $[format('{0:yyyyMMdd}-{1}', pipeline.startTime,variables['Build.SourceBranch'])]
   - name: branchCounter
@@ -68,7 +64,6 @@ extends:
         ignoreDirectories: 'docs,test,tools'
       asyncSdl:
         enabled: true
-        forStages: [prep, macos, linux, windows]
         credscan:
           enabled: true
           scanFolder: $(Build.SourcesDirectory)
 
@@ -20,18 +20,8 @@ variables:
     value: ${{ parameters.debug }}
   - name: ENABLE_PRS_DELAYSIGN
     value: 1
-  - name: ROOT
-    value: $(Build.SourcesDirectory)
   - name: ForceAzureBlobDelete
     value: ${{ parameters.ForceAzureBlobDelete }}
-  - name: NUGET_XMLDOC_MODE
-    value: none
-  - name: nugetMultiFeedWarnLevel
-    value: none
-  - name: NugetSecurityAnalysisWarningLevel
-    value: none
-  - name: skipNugetSecurityAnalysis
-    value: true
   - name: ob_outputDirectory
     value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT'
   - name: WindowsContainerImage
@@ -52,8 +42,6 @@ resources:
       trigger:
         branches:
           include:
-            - main
-            - obp-*
             - release-*
 
   repositories:
@@ -89,7 +77,6 @@ extends:
         ignoreDirectories: 'docs,shell,test,tools'
       asyncSdl:
         enabled: true
-        forStages: ['build']
         credscan:
           enabled: true
           scanFolder:  $(Build.SourcesDirectory)
 
@@ -0,0 +1,156 @@
+trigger: none
+
+parameters: # parameters are shown up in ADO UI in a build queue time
+  - name: 'debug'
+    displayName: 'Enable debug output'
+    type: boolean
+    default: false
+
+variables:
+  - name: CDP_DEFINITION_BUILD_COUNT
+    value: $[counter('', 0)]
+  - name: system.debug
+    value: ${{ parameters.debug }}
+  - name: ob_outputDirectory
+    value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT'
+  - name: WindowsContainerImage
+    value: 'onebranch.azurecr.io/windows/ltsc2022/vse2022:latest'
+  - name: LinuxContainerImage
+    value: mcr.microsoft.com/onebranch/cbl-mariner/build:2.0
+
+resources:
+  repositories:
+    - repository: templates
+      type: git
+      name: OneBranch.Pipelines/GovernedTemplates
+      ref: refs/heads/main
+
+  pipelines:
+    - pipeline: AIShellPackagePipeline
+      source: 'AIShell-Package-Official'
+      trigger:
+        branches:
+          include:
+            - release-*
+
+extends:
+  template: v2/OneBranch.Official.CrossPlat.yml@templates
+  parameters:
+    cloudvault:
+      enabled: false
+    featureFlags:
+      LinuxHostVersion:
+        Network: KS3
+      WindowsHostVersion:
+        Version: 2022
+        # Azure container/blob operations get blocked when using KS3
+        Network: KS2
+    globalSdl:
+      asyncSdl:
+        enabled: true
+        tsaOptionsFile: .config\tsaoptions.json
+
+    stages:
+    - stage: msixbundle
+      displayName: 'Create MSIX Bundle'
+      jobs:
+      - template: /.pipelines/templates/release-msix-bundle.yml@self
+
+    - stage: ManualValidation
+      dependsOn: []
+      displayName: Manual Validation
+      jobs:
+      - template: /.pipelines/templates/wait-for-approval.yml@self
+        parameters:
+          displayName: Validate Windows Packages
+          jobName: ValidateWinPkg
+          instructions: |
+            Validate zip package on Windows
+      - template: /.pipelines/templates/wait-for-approval.yml@self
+        parameters:
+          displayName: Validate OSX Packages
+          jobName: ValidateOsxPkg
+          instructions: |
+            Validate tar.gz package on macOS
+      - template: /.pipelines/templates/wait-for-approval.yml@self
+        parameters:
+          displayName: Validate Linux Packages
+          jobName: ValidateLinuxPkg
+          instructions: |
+            Validate tar.gz package on Linux
+      - template: /.pipelines/templates/wait-for-approval.yml@self
+        parameters:
+          displayName: Validate AIShell module
+          jobName: ValidateModule
+          instructions: |
+            Validate AIShell module
+      - template: /.pipelines/templates/wait-for-approval.yml@self
+        parameters:
+          displayName: Validate NuGet SDK
+          jobName: ValidateSDK
+          instructions: |
+            Validate NuGet SDK package
+
+    - stage: UpdateChangeLog
+      displayName: Update the changelog
+      dependsOn:
+        - ManualValidation
+        - msixbundle
+      jobs:
+      - template: /.pipelines/templates/wait-for-approval.yml@self
+        parameters:
+          displayName: Make sure the changelog is updated
+          jobName: MergeChangeLog
+          instructions: |
+            Update and merge the changelog for the release.
+            This step is required for creating GitHub draft release.
+
+    - stage: PublishGitHubRelease
+      displayName: Publish GitHub Release
+      dependsOn: BlobPublic
+      jobs:
+      - template: /.pipelines/templates/release-publish-github.yml@self
+
+    - stage: PublishNuGet
+      displayName: Publish NuGet
+      dependsOn: PublishGitHubRelease
+      jobs:
+      - template: /.pipelines/templates/release-publish-nuget.yml@self
+        parameters:
+          publish: false
+
+    - stage: PublishModule
+      displayName: Publish Module
+      dependsOn: PublishGitHubRelease
+      jobs:
+      - template: /.pipelines/templates/release-publish-module.yml@self
+        parameters:
+          publish: false
+
+    - stage: PublishMsix
+      dependsOn: PublishGitHubRelease
+      displayName: Publish MSIX to store
+      jobs:
+      - template: /.pipelines/templates/wait-for-approval.yml@self
+        parameters:
+          displayName: Publish the MSIX Bundle package to store
+          jobName: PublishMsix
+          instructions: |
+            Ask Steve to release MSIX bundle package to Store
+
+    - stage: ReleaseDone
+      displayName: Finish Release
+      dependsOn: ['PublishMsix', 'PublishModule', 'PublishNuGet']
+      jobs:
+      - template: /.pipelines/templates/wait-for-approval.yml@self
+        parameters:
+          displayName: Retain Build
+          jobName: RetainBuild
+          instructions: |
+            Retain the build
+      - template: /.pipelines/templates/wait-for-approval.yml@self
+        parameters:
+          displayName: Delete release branch
+          jobName: DeleteBranch
+          instructions: |
+            Delete release
@@ -12,8 +12,6 @@ jobs:
     value: false
   - name: NugetSecurityAnalysisWarningLevel
     value: none
-  - name: DOTNET_NOLOGO
-    value: 1
   - group: DotNetPrivateBuildAccess
   - name: ob_outputDirectory
     value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT'
@@ -113,8 +111,6 @@ jobs:
     value: false
   - name: NugetSecurityAnalysisWarningLevel
     value: none
-  - name: DOTNET_NOLOGO
-    value: 1
   - group: DotNetPrivateBuildAccess
   - group: certificate_logical_to_actual
   - name: ob_outputDirectory
 
@@ -14,8 +14,6 @@ jobs:
   variables:
   - name: HOMEBREW_NO_ANALYTICS
     value: 1
-  - name: DOTNET_NOLOGO
-    value: 1
   - name: runCodesignValidationInjection
     value: false
   - name: NugetSecurityAnalysisWarningLevel
@@ -78,8 +76,6 @@ jobs:
   variables:
   - name: NugetSecurityAnalysisWarningLevel
     value: none
-  - name: DOTNET_NOLOGO
-    value: 1
   - group: DotNetPrivateBuildAccess
   - group: certificate_logical_to_actual
   - name: ob_outputDirectory
 
@@ -9,8 +9,6 @@ jobs:
     value: false
   - name: NugetSecurityAnalysisWarningLevel
     value: none
-  - name: DOTNET_NOLOGO
-    value: 1
   - group: DotNetPrivateBuildAccess
   - name: ob_outputDirectory
     value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT'
@@ -106,8 +104,6 @@ jobs:
     value: false
   - name: NugetSecurityAnalysisWarningLevel
     value: none
-  - name: DOTNET_NOLOGO
-    value: 1
   - group: DotNetPrivateBuildAccess
   - group: certificate_logical_to_actual
   - name: ob_outputDirectory
 
@@ -57,6 +57,9 @@ jobs:
       $moduleFolder = "$(Pipeline.Workspace)/AIShellBuildPipeline/AIShell"
       $null = New-Item -ItemType Directory -Path $moduleFolder -Force
 
+      Write-Verbose -Verbose "Delete SBOM files ..."
+      Remove-Item -Path "$signedFilePath/_manifest" -Recurse -Force
+
       Write-Verbose -Verbose "Move module files to the 'AIShell' module folder: "
       Copy-Item -Path "$signedFilePath/*" -Destination $moduleFolder -Recurse -Force -Verbose
       Get-ChildItem $moduleFolder -Recurse | Out-String -Width 500 -Stream
 
@@ -0,0 +1,114 @@
+jobs:
+- job: CreateMSIXBundle
+  displayName: Create .msixbundle file
+  pool:
+    type: windows
+
+  variables:
+    - group: msixTools
+    - group: 'Azure Blob variable group'
+    - name: ob_outputDirectory
+      value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT'
+
+  steps:
+    - download: AIShellPackagePipeline
+      artifact: drop_windows_package_arm64
+      displayName: Download arm64 msix
+      patterns: '**/*.msix'
+
+    - download: AIShellPackagePipeline
+      artifact: drop_windows_package_x64
+      displayName: Download x64 msix
+      patterns: '**/*.msix'
+
+    - download: AIShellPackagePipeline
+      artifact: drop_windows_package_x86
+      displayName: Download x86 msix
+      patterns: '**/*.msix'
+
+    - pwsh: |
+        $cmd = Get-Command makeappx.exe -ErrorAction Ignore
+        if ($cmd) {
+            Write-Verbose -Verbose 'makeappx available in PATH'
+            $exePath = $cmd.Source
+        } else {
+            $toolsDir = '$(Pipeline.Workspace)\releasePipeline\tools'
+            New-Item $toolsDir -Type Directory -Force > $null
+            Invoke-RestMethod -Uri '$(makeappUrl)' -OutFile "$toolsDir\makeappx.zip"
+            Expand-Archive "$toolsDir\makeappx.zip" -DestinationPath "$toolsDir\makeappx" -Force
+            $exePath = "$toolsDir\makeappx\makeappx.exe"
+
+            Write-Verbose -Verbose 'makeappx was installed:'
+            Get-ChildItem -Path $toolsDir -Recurse
+        }
+
+        $vstsCommandString = "vso[task.setvariable variable=MakeAppxPath]$exePath"
+        Write-Host "sending " + $vstsCommandString
+        Write-Host "##$vstsCommandString"
+      displayName: Install makeappx tool
+      retryCountOnTaskFailure: 1
+
+    - pwsh: |
+        $sourceDir = '$(Pipeline.Workspace)\releasePipeline\msix'
+        $null = New-Item -Path $sourceDir -ItemType Directory -Force
+
+        $msixFiles = Get-ChildItem -Path "$(Pipeline.Workspace)\AIShellPackagePipeline\*.msix" -Recurse
+        foreach ($msixFile in $msixFiles) {
+            $null = Copy-Item -Path $msixFile.FullName -Destination $sourceDir -Force -Verbose
+        }
+
+        $file = Get-ChildItem $sourceDir | Select-Object -First 1
+        $prefix = ($file.BaseName -split "-win")[0]
+        $pkgName = "$prefix.msixbundle"
+        Write-Verbose -Verbose "Creating $pkgName"
+
+        $makeappx = '$(MakeAppxPath)'
+        $outputDir = "$sourceDir\output"
+        New-Item $outputDir -Type Directory -Force > $null
+        & $makeappx bundle /d $sourceDir /p "$outputDir\$pkgName"
+
+        Get-ChildItem -Path $sourceDir -Recurse | Out-String -Width 500 -Stream
+
+        $vstsCommandString = "vso[task.setvariable variable=BundleDir]$outputDir"
+        Write-Host "sending " + $vstsCommandString
+        Write-Host "##$vstsCommandString"
+      displayName: Create MsixBundle
+      retryCountOnTaskFailure: 1
+
+    - pwsh: |
+        $azureRmModule = Get-InstalledModule AzureRM -ErrorAction SilentlyContinue -Verbose
+        if ($azureRmModule) {
+          Write-Host 'AzureRM module exists. Removing it'
+          Uninstall-AzureRm
+          Write-Host 'AzureRM module removed'
+        }
+
+        Install-Module -Name Az.Storage -Force -AllowClobber -Scope CurrentUser -Verbose
+      displayName: Remove AzRM modules and install Az.Storage
+
+    - task: AzurePowerShell@5
+      displayName: Upload msix to blob
+      inputs:
+        azureSubscription: az-blob-cicd-infra
+        scriptType: inlineScript
+        azurePowerShellVersion: LatestVersion
+        pwsh: true
+        inline: |
+          $containerName = 'aish'
+          $storageAccount = '$(PSInfraStorageAccount)'
+
+          $storageContext = New-AzStorageContext -StorageAccountName $storageAccount -UseConnectedAccount
+
+          if ($env:BundleDir) {
+            $bundleFile = (Get-Item "$env:BundleDir\*.msixbundle").FullName
+            $fileName = $bundleFile | Split-Path -Leaf
+
+            $version = [System.IO.Path]::GetFileNameWithoutExtension($fileName).Replace('AIShell-', '')
+            $blobName = "$version/$fileName"
+
+            Write-Verbose -Verbose "Uploading $bundleFile to $containerName/$blobName"
+            $null = Set-AzStorageBlobContent -File $bundleFile -Container $containerName -Blob $blobName -Context $storageContext
+          }
+          else{
+            throw "BundleDir not found"
+          }