PowerShell
diff --git a/‎.vsts-ci/azure-pipelines-ci.yml‎
Lines changed: 78 additions & 0 deletions b/‎.vsts-ci/azure-pipelines-ci.yml‎
Lines changed: 78 additions & 0 deletions
diff --git a/‎.vsts-ci/azure-pipelines-release.yml‎
Lines changed: 150 additions & 0 deletions b/‎.vsts-ci/azure-pipelines-release.yml‎
Lines changed: 150 additions & 0 deletions
diff --git a/‎.vsts-ci/misc-analysis.yml‎
Lines changed: 19 additions & 0 deletions b/‎.vsts-ci/misc-analysis.yml‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎.vsts-ci/templates/ci-build.yml‎
Lines changed: 16 additions & 0 deletions b/‎.vsts-ci/templates/ci-build.yml‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎.vsts-ci/templates/ci-test.yml‎
Lines changed: 100 additions & 0 deletions b/‎.vsts-ci/templates/ci-test.yml‎
Lines changed: 100 additions & 0 deletions
diff --git a/‎.vsts-ci/templates/credscan.yml‎
Lines changed: 31 additions & 0 deletions b/‎.vsts-ci/templates/credscan.yml‎
Lines changed: 31 additions & 0 deletions
@@ -0,0 +1,78 @@
+name: Build-$(System.PullRequest.PullRequestNumber)-$(Date:yyyyMMdd)$(Rev:.rr)
+trigger:
+  # Batch merge builds together while a merge build is running
+  batch: true
+  branches:
+    include:
+    - master
+pr:
+  branches:
+    include:
+    - master
+    - feature-*
+  paths:
+    exclude:
+      - /.dependabot/*
+      - /.poshchan/*
+      - /.github/**/*
+      - /.vscode/**/*
+      - /.vsts-ci/misc-analysis.yml
+      - /tools/**/*
+      - .editorconfig
+      - .gitattributes
+      - .gitignore
+      - /docs/**/*
+      - /CHANGELOG.md
+      - /CONTRIBUTING.md
+      - /README.md
+      - /LICENSE.txt
+      - /CODE_OF_CONDUCT.md
+
+stages:
+- stage: Build
+  displayName: Build PowerShell Package
+  jobs:
+  - job: BuildPkg
+    displayName: Build Package
+    pool:
+      vmImage: windows-2019
+    steps:
+    - template: templates/ci-build.yml
+    - pwsh: |
+        Write-Verbose "BUILD_OUTPUT_PATH- $env:BUILD_OUTPUT_PATH" -Verbose
+        Write-Verbose "SIGNED_OUTPUT_PATH- $env:SIGNED_OUTPUT_PATH" -Verbose
+        Copy-Item $env:BUILD_OUTPUT_PATH $env:SIGNED_OUTPUT_PATH -Recurse -Force
+      displayName: Build Signing Placeholder
+    - pwsh: |
+        $(Build.SourcesDirectory)/build.ps1 -Publish -Signed
+      displayName: Publish
+      timeoutInMinutes: 10
+
+- stage: Test
+  displayName: Test Package
+  jobs:
+  - template: templates/ci-test.yml
+    parameters:
+      jobName: TestPkgWin
+      displayName: PowerShell Core on Windows
+      imageName: windows-2019
+
+  # Not supported on Windows PowerShell per PSD1
+  # - template: test.yml
+  #   parameters:
+  #     jobName: TestPkgWinPS
+  #     displayName: Windows PowerShell on Windows
+  #     imageName: windows-2019
+  #     powershellExecutable: powershell
+
+  - template: templates/ci-test.yml
+    parameters:
+      jobName: TestPkgUbuntu16
+      displayName: PowerShell Core on Ubuntu 16.04
+      imageName: ubuntu-16.04
+
+  - template: templates/ci-test.yml
+    parameters:
+      jobName: TestPkgWinMacOS
+      displayName: PowerShell Core on macOS
+      imageName: macOS-10.14
@@ -0,0 +1,150 @@
+name: $(BuildDefinitionName)_$(date:yyMM).$(date:dd)$(rev:rrr)
+
+trigger:
+  batch: true
+  branches:
+    include:
+      - master
+  paths:
+    exclude:
+      - /.dependabot/*
+      - /.poshchan/*
+      - /.github/**/*
+      - /.vscode/**/*
+      - /.vsts-ci/misc-analysis.yml
+      - /tools/**/*
+      - .editorconfig
+      - .gitattributes
+      - .gitignore
+      - /docs/**/*
+      - /CHANGELOG.md
+      - /CONTRIBUTING.md
+      - /README.md
+      - /LICENSE.txt
+      - /CODE_OF_CONDUCT.md
+
+stages:
+- stage: Build
+  displayName: Build PowerShell Package
+  jobs:
+  - job: BuildPkg
+    displayName: Build Package
+    pool:
+      name: 'Package ES CodeHub Lab E'
+    steps:
+    - powershell: |
+        $powerShellPath = Join-Path -Path $env:AGENT_TEMPDIRECTORY -ChildPath 'powershell'
+        Invoke-WebRequest -Uri https://raw.githubusercontent.com/PowerShell/PowerShell/master/tools/install-powershell.ps1 -outfile ./install-powershell.ps1
+        ./install-powershell.ps1 -Destination $powerShellPath
+        $vstsCommandString = "vso[task.setvariable variable=PATH]$powerShellPath;$env:PATH"
+        Write-Host "sending " + $vstsCommandString
+        Write-Host "##$vstsCommandString"
+      displayName: Install PowerShell Core
+
+    - task: PkgESSetupBuild@10
+      displayName: 'Package ES - Setup Build'
+      inputs:
+        productName: PSDesiredStateConfiguration
+
+    - template: templates/shouldsign.yml
+
+    - powershell: |
+        Get-ChildItem -Path env:
+      displayName: Capture environment
+      condition: succeededOrFailed()
+
+    - template: templates/ci-build.yml
+
+    - powershell: |
+        Write-Verbose "BUILD_OUTPUT_PATH- $env:BUILD_OUTPUT_PATH" -Verbose
+        Write-Verbose "SIGNED_OUTPUT_PATH- $env:SIGNED_OUTPUT_PATH" -Verbose
+        Copy-Item $env:BUILD_OUTPUT_PATH $env:SIGNED_OUTPUT_PATH -Recurse -Force
+      displayName: Copy unsigned files first
+
+    - task: PkgESCodeSign@10
+      displayName: 'CodeSign tools/releaseBuild/signing.xml'
+      env:
+        SYSTEM_ACCESSTOKEN: $(System.AccessToken)
+      inputs:
+        signConfigXml: tools/releaseBuild/signing.xml
+        inPathRoot: '$(BUILD_OUTPUT_PATH)'
+        outPathRoot: '$(SIGNED_OUTPUT_PATH)'
+      condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true'))
+
+    - task: PowerShell@1
+      displayName: 'Create catalog file'
+      inputs:
+        scriptType: inlineScript
+        inlineScript: |
+          $signedDir = "$env:SIGNED_OUTPUT_PATH\PSDesiredStateConfiguration"
+          New-FileCatalog -CatalogFilePath "$env:SIGNED_OUTPUT_PATH\PSDesiredStateConfiguration\PSDesiredStateConfiguration.cat" -Path "$signedDir"
+
+    - task: PkgESCodeSign@10
+      displayName: 'CodeSign tools/releaseBuild/FileCatalogSigning.xml'
+      env:
+        SYSTEM_ACCESSTOKEN: $(System.AccessToken)
+      inputs:
+        signConfigXml: tools/releaseBuild/FileCatalogSigning.xml
+        inPathRoot: '$(SIGNED_OUTPUT_PATH)'
+        outPathRoot: '$(SIGNED_OUTPUT_PATH)'
+      condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true'))
+
+    - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
+      displayName: 'Component Detection'
+
+    - task: AntiMalware@3
+      inputs:
+        InputType: 'Basic'
+        ScanType: 'CustomScan'
+        FileDirPath: '$(SIGNED_OUTPUT_PATH)'
+        EnableServices: false
+        SupportLogOnError: false
+        TreatSignatureUpdateFailureAs: 'Warning'
+        SignatureFreshness: 'UpToDate'
+        TreatStaleSignatureAs: 'Error'
+
+    - task: PoliCheck@1
+      condition: succeededOrFailed()
+      inputs:
+        targetType: F
+        optionsFC: 0
+        optionsXS: 0
+        optionsPE: '1|2|3|4'
+        optionsHMENABLE: 0
+        optionsFTPATH: '$(Build.SourcesDirectory)\tools\terms\FileTypeSet.xml'
+
+    - task: CredScan@2
+      condition: succeededOrFailed()
+
+    # Publish results as artifacts
+    - task: PublishSecurityAnalysisLogs@3
+      condition: succeededOrFailed()
+      inputs:
+        ArtifactName: 'CodeAnalysisLogs'
+        ArtifactType: 'Container'
+
+    # Publish to TSA server
+    # - task: TSAUpload@1
+    #   condition: succeededOrFailed()
+    #   continueOnError: true
+    #   inputs:
+    #     tsaVersion: 'TsaV2'
+    #     codebase: 'Existing'
+    #     tsaEnvironment: 'PROD'
+    #     codeBaseName: 'PSDesiredStateConfiguration_20190828'
+    #     uploadAPIScan: false
+    #     uploadBinSkim: false
+    #     uploadCredScan: true
+    #     uploadFortifySCA: false
+    #     uploadFxCop: false
+    #     uploadModernCop: false
+    #     uploadPoliCheck: true
+    #     uploadPREfast: false
+    #     uploadRoslyn: false
+    #     uploadTSLint: false
+    #     uploadAsync: true
+
+    - pwsh: |
+        $(Build.SourcesDirectory)/build.ps1 -Publish -Signed
+      displayName: Publish
+      timeoutInMinutes: 10
@@ -0,0 +1,19 @@
+name: PR-$(System.PullRequest.PullRequestNumber)-$(Date:yyyyMMdd)$(Rev:.rr)
+trigger:
+  # Batch merge builds together while a merge build is running
+  batch: true
+  branches:
+    include:
+    - master
+
+pr:
+  branches:
+    include:
+    - master
+
+resources:
+- repo: self
+  clean: true
+
+jobs:
+- template: templates/credscan.yml
@@ -0,0 +1,16 @@
+steps:
+- pwsh: |
+    Install-Module -Name "platyPS","Pester" -Force
+  displayName: Install dependencies
+  timeoutInMinutes: 10
+- pwsh: |
+    Install-Module -Name "PSScriptAnalyzer" -RequiredVersion 1.18.0 -Force
+  displayName: Install PSScriptAnalyzer
+  timeoutInMinutes: 10
+- pwsh: |
+    Install-Module -Name PSPackageProject -Force
+  displayName: Install PSPackageProject module
+  timeoutInMinutes: 10
+- pwsh: |
+    $(Build.SourcesDirectory)/build.ps1 -Build
+  displayName: Build
@@ -0,0 +1,100 @@
+parameters:
+  jobName: TestPkgWin
+  imageName: windows-2019
+  displayName: PowerShell Core on Windows
+  powershellExecutable: pwsh
+
+jobs:
+- job: ${{ parameters.jobName }}
+  pool:
+    vmImage: ${{ parameters.imageName }}
+  displayName: ${{ parameters.displayName }}
+  steps:
+  - ${{ parameters.powershellExecutable }}: |
+      if($IsMacOs)
+      {
+        brew update
+        brew cask install powershell-preview
+        sudo ln -s -f /usr/local/microsoft/powershell/7-preview/pwsh /usr/local/bin/pwsh
+      }
+      elseif($IsLinux)
+      {
+        sudo apt-get update
+        sudo apt-get install powershell-preview
+        sudo ln -s /opt/microsoft/powershell/7-preview/pwsh /usr/local/bin/pwsh
+      }
+      elseif($IsWindows)
+      {
+        Invoke-WebRequest -Uri https://raw.githubusercontent.com/PowerShell/PowerShell/master/tools/install-powershell.ps1 -outfile ./install-powershell.ps1
+        ./install-powershell.ps1 -AddToPath -Preview -Destination C:\powershell-preview
+        $vstsCommandString = "vso[task.setvariable variable=PATH]C:\powershell-preview;$env:PATH"
+        Write-Host "sending " + $vstsCommandString
+        Write-Host "##$vstsCommandString"
+      }
+    displayName: Setup PowerShell preview
+
+  - ${{ parameters.powershellExecutable }}: |
+      $PSVersionTable
+      $vstsCommandString = "vso[task.setvariable variable=PSHOME]$pshome"
+      Write-Host "sending " + $vstsCommandString
+      Write-Host "##$vstsCommandString"
+    displayName: Capture PowerShellVersion
+
+  - ${{ parameters.powershellExecutable }}: |
+        dir env:PATH
+    displayName: Capture Path
+
+  - ${{ parameters.powershellExecutable }}: |
+      Get-PSRepository
+    displayName: Capture PSRepository
+
+  - ${{ parameters.powershellExecutable }}: |
+      Install-Module -Name "platyPS","Pester" -Force
+    displayName: Install dependencies
+    timeoutInMinutes: 10
+
+  - ${{ parameters.powershellExecutable }}: |
+        Install-Module -Name "PSScriptAnalyzer" -RequiredVersion 1.18.0 -Force
+    displayName: Install dependencies
+    timeoutInMinutes: 10
+
+  - ${{ parameters.powershellExecutable }}: |
+      Install-Module -Name PSPackageProject -Force
+    displayName: Install PSPackageProject module
+
+  - task: DownloadBuildArtifacts@0
+    displayName: 'Download artifacts'
+    inputs:
+      buildType: current
+      downloadType: specific
+      itemPattern: '**/*.nupkg'
+      downloadPath: '$(System.ArtifactsDirectory)'
+
+  - ${{ parameters.powershellExecutable }}: |
+      $sourceName = 'pspackageproject-local-repo'
+      Register-PSRepository -Name $sourceName -SourceLocation '$(System.ArtifactsDirectory)' -ErrorAction Ignore
+      $config = Get-PSPackageProjectConfiguration
+      $buildOutputPath = $config.BuildOutputPath
+      $null = New-Item -ItemType Directory -Path $buildOutputPath -Verbose
+      $moduleName = $config.ModuleName
+      Save-Module -Repository $sourceName -Name $moduleName -Path $config.BuildOutputPath
+    displayName: Extract product artifact
+    timeoutInMinutes: 10
+
+  - ${{ parameters.powershellExecutable }}: |
+      Invoke-PSPackageProjectTest -Type Functional
+    displayName: Execute functional tests
+    errorActionPreference: continue
+
+  - ${{ parameters.powershellExecutable }}: |
+      Invoke-PSPackageProjectTest -Type StaticAnalysis
+    displayName: Execute static analysis tests
+    errorActionPreference: continue
+    condition: succeededOrFailed()
+
+
+  - ${{ parameters.powershellExecutable }}: |
+      Unregister-PSRepository -Name 'pspackageproject-local-repo' -ErrorAction Ignore
+    displayName: Unregister temporary PSRepository
+    condition: always()
+    timeoutInMinutes: 10
@@ -0,0 +1,31 @@
+parameters:
+  pool: 'Hosted VS2017'
+  jobName: 'credscan'
+  displayName: Secret Scan
+
+jobs:
+- job: ${{ parameters.jobName }}
+  pool:
+    name: ${{ parameters.pool }}
+
+  displayName: ${{ parameters.displayName }}
+
+  steps:
+  - powershell:  Write-Host "##vso[build.updatebuildnumber]$env:BUILD_SOURCEBRANCHNAME-$env:BUILD_SOURCEVERSION-$((get-date).ToString("yyyyMMddhhmmss"))"
+    displayName: Set Build Name for Non-PR
+    condition: ne(variables['Build.Reason'], 'PullRequest')
+
+  - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
+    displayName: 'Scan for secrets'
+    inputs:
+      debugMode: false
+
+  - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2
+    displayName: 'Publish Secret Scan Logs to Build Artifacts'
+    continueOnError: true
+
+  - task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@1
+    displayName: 'Check for failures'
+    inputs:
+      CredScan: true
+      ToolLogsNotFoundAction: Error