From 36548b8149a1ad7e51c657286286287e57aeba58 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 19 Aug 2025 19:30:17 +0000 Subject: [PATCH 001/129] Initial commit: adding scaffold files to the repository. --- .config/tsaoptions.json | 10 ++++++++++ README.md | 30 ++++++++++++++++++++++++++++++ azurepipelines-coverage.yml | 6 ++++++ owners.txt | 12 ++++++++++++ 4 files changed, 58 insertions(+) create mode 100644 .config/tsaoptions.json create mode 100644 README.md create mode 100644 azurepipelines-coverage.yml create mode 100644 owners.txt diff --git a/.config/tsaoptions.json b/.config/tsaoptions.json new file mode 100644 index 0000000..11c17d0 --- /dev/null +++ b/.config/tsaoptions.json @@ -0,0 +1,10 @@ +{ + "instanceUrl": "https://msazure.visualstudio.com", + "TSADocumentation": "https://aka.ms/OBTSA", + "projectName": "One", + "areaPath": "One\\\\\\", + "notificationAliases": ["slee"], + "ppe": "false", + "template": "TFSMSAzure", + "codebaseName": "TFSMSAzure_powershell-native" +} diff --git a/README.md b/README.md new file mode 100644 index 0000000..5e8f05e --- /dev/null +++ b/README.md @@ -0,0 +1,30 @@ +# TSA bug filing + +TSA bug filing file has been configured: tsaoptions.json. Official builds are required to have TSA bug filing enabled by default. [Learn more](https://aka.ms/OBTSA) + +# Introduction + +TODO: Give a short introduction of your project. Let this section explain the objectives or the motivation behind this project. + +# Getting Started + +TODO: Guide users through getting your code up and running on their own system. In this section you can talk about: + +1. Installation process +2. Software dependencies +3. Latest releases +4. API references + +# Build and Test + +TODO: Describe and show how to build your code and run the tests. + +# Contribute + +TODO: Explain how other users and developers can contribute to make your code better. + +If you want to learn more about creating good readme files then refer the following [guidelines](https://docs.microsoft.com/en-us/azure/devops/repos/git/create-a-readme?view=azure-devops). You can also seek inspiration from the below readme files: + +- [ASP.NET Core](https://github.com/aspnet/Home) +- [Visual Studio Code](https://github.com/Microsoft/vscode) +- [Chakra Core](https://github.com/Microsoft/ChakraCore) diff --git a/azurepipelines-coverage.yml b/azurepipelines-coverage.yml new file mode 100644 index 0000000..3591303 --- /dev/null +++ b/azurepipelines-coverage.yml @@ -0,0 +1,6 @@ +# Learn more about Microsoft's code coverage adoption and get support at https://www.aka.ms/codecoveragetsg +coverage: + status: # Code coverage status will be posted to pull requests based on targets defined below. + comments: on # When on, details about coverage for each file changed will be posted as a pull request comment. + diff: # Diff coverage is code coverage only for the lines changed in a pull request. + target: 50% # The threshold for differential code coverage requirements. \ No newline at end of file diff --git a/owners.txt b/owners.txt new file mode 100644 index 0000000..e1ce71c --- /dev/null +++ b/owners.txt @@ -0,0 +1,12 @@ +; This owners.txt file was initially populated by StartRight. Every code +; change inside of an Ownership Enforcer enabled branch (such as master) must be +; approved by at least one expert listed in an applicable owners.txt file. This +; root owners.txt file is applicable to every change. Targeted experts can be +; defined by placing an owners.txt file inside any subdirectory. More information +; about Ownership Enforcer can be found at https://aka.ms/ownershipenforcer. +anwieber +adityap +andschwa +tplunk +slee +dongbow \ No newline at end of file From c781be2018a64cec52650fe19f333b3b38f5f921 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 19 Aug 2025 21:23:21 +0000 Subject: [PATCH 002/129] Set up CI with Start Right --- .pipelines/release.yml | 43 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 .pipelines/release.yml diff --git a/.pipelines/release.yml b/.pipelines/release.yml new file mode 100644 index 0000000..d6883fe --- /dev/null +++ b/.pipelines/release.yml @@ -0,0 +1,43 @@ +################################################################################# +# OneBranch Pipelines # +# Documentation: https://aka.ms/onebranchrelease # +# Yaml Schema: https://aka.ms/obpipelines/yaml/schema # +# Support: https://aka.ms/onebranchsupport # +################################################################################# + +# This is the OneBranch Release YAML Starter Pipeline. +# For general guidance on OneBranch Release YAML, visit https://aka.ms/onebranchrelease +# +# There are 3 different options for customers to choose from depending on their release scenario: +######################################################################################### +# 1. *********** EV2 Azure Release: *********** +# OneBranch EV2 Managed SDP release should be used to deploy within Azure. This is the standard and recommended path for all C+AI teams. +# Visit https://aka.ms/releaseyamlforev2 for guidance and examples +# +########################################################################################## +# 2. *********** Non-Azure Release: *********** +# Examples of applicable scenarios include: publishing packages, publishing to VSTS marketplace, publishing to 3P app stores, ESRP Release, GitHub Release etc. +# Note: Any release operation to do with Azure subscriptions like service deployments, uploading data to storage accounts, etc. cannot use this pathway. +# Visit https://aka.ms/releaseyamlfornonazure for guidance and examples +# +########################################################################################## +# 3. *********** Non-EV2 Microsoft-Internal Release: (Only permitted as a stop-gap for internal service teams)************* +# OneBranch NonEV2 Release can only be used by teams unable to use any other release method. +# NonEV2 releases can only be done by teams whose product doesn't release outside of Microsoft. +# Only services meeting all the following criteria can use NonEV2 release as a stop-gap: +# Service has "External Facing" metadata in service tree set to false (indicating that the customers for this service are internal to Microsoft) +# Visit https://aka.ms/releaseyamlfornonev2 for guidance and examples + +resources: + repositories: + - repository: templates + type: git + name: OneBranch.Pipelines/GovernedTemplates + ref: refs/heads/main + # https://learn.microsoft.com/en-us/azure/devops/pipelines/process/resources?view=azure-devops&tabs=example#define-a-pipelines-resource + pipelines: + - pipeline: pipelineAlias1 # This is an identifier used to reference the source build pipeline. If you want to download an artifact from the source build pipeline, use this value for the templateContext 'pipeline' input + source: self # Replace this with the name of the build yaml pipeline in ADO that will be consumed in this Release yaml pipeline +extends: # Governed template expands from here which defines over all pipeline orchestration with OneBranch security, Compliance & Governance enabled + template: v2/OneBranch.Official.CrossPlat.yml@templates # The Official template may only be used by Production-classified pipelines + # See examples and documentation at the top of this file for guidance on building out this OneBranch pipeline From a5f7992a1daf61dc9db68b170ca7b9689109058c Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 19 Aug 2025 14:27:12 -0700 Subject: [PATCH 003/129] initial --- .pipelines/release.yml | 41 +++++++++++++++++++++++++++++++++++++---- 1 file changed, 37 insertions(+), 4 deletions(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index d6883fe..8d14564 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -33,11 +33,44 @@ resources: - repository: templates type: git name: OneBranch.Pipelines/GovernedTemplates - ref: refs/heads/main + ref: refs/heads/azure-pipelines # https://learn.microsoft.com/en-us/azure/devops/pipelines/process/resources?view=azure-devops&tabs=example#define-a-pipelines-resource - pipelines: - - pipeline: pipelineAlias1 # This is an identifier used to reference the source build pipeline. If you want to download an artifact from the source build pipeline, use this value for the templateContext 'pipeline' input - source: self # Replace this with the name of the build yaml pipeline in ADO that will be consumed in this Release yaml pipeline + extends: # Governed template expands from here which defines over all pipeline orchestration with OneBranch security, Compliance & Governance enabled template: v2/OneBranch.Official.CrossPlat.yml@templates # The Official template may only be used by Production-classified pipelines # See examples and documentation at the top of this file for guidance on building out this OneBranch pipeline + + extends: + template: v2/OneBranch.Official.CrossPlat.yml@templates # The Official template may only be used by Production-classified pipelines + parameters: + featureFlags: + WindowsHostVersion: 1ESWindows2022 + cloudvault: + enabled: false + globalSdl: + tsa: + enabled: false # onebranch publish all sdl results to TSA. If TSA is disabled all SDL tools will forced into 'break' build mode. + credscan: + suppressionsFile: $(Build.SourcesDirectory)\.config\CredScanSuppressions.json + binskim: + break: false # always break the build on binskim issues in addition to TSA upload + analyzeTargetGlob: -:file|*/*/*/*/*/*/*/*/Microsoft.VisualStudio.QualityTools.UnitTesting.Silverlight.dll;-:file|*/*/*/*/*/*/*/*/*/*/*/*/*/Microsoft.Cis.Monitoring.Query.dll + policheck: + break: true # always break the build on policheck issues. You can disable it by setting to 'false' + # baseline: + # baselineFile: $(Build.SourcesDirectory)\.gdn\global.gdnbaselines + cg: + failOnAlert: false + armory: + severity: note + break: false + + stages: + - stage: Build + jobs: + - job: Build + pool: + type: windows + steps: + - script: echo Building... + displayName: 'Build Step' From c3267304eaf72a93a55d2153ceeeb4d82ce6ac18 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 19 Aug 2025 14:28:33 -0700 Subject: [PATCH 004/129] fix typo --- .pipelines/release.yml | 46 ++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 24 deletions(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 8d14564..56ffc18 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -40,30 +40,28 @@ extends: # Governed template expands from here which defines over all pipeline template: v2/OneBranch.Official.CrossPlat.yml@templates # The Official template may only be used by Production-classified pipelines # See examples and documentation at the top of this file for guidance on building out this OneBranch pipeline - extends: - template: v2/OneBranch.Official.CrossPlat.yml@templates # The Official template may only be used by Production-classified pipelines - parameters: - featureFlags: - WindowsHostVersion: 1ESWindows2022 - cloudvault: - enabled: false - globalSdl: - tsa: - enabled: false # onebranch publish all sdl results to TSA. If TSA is disabled all SDL tools will forced into 'break' build mode. - credscan: - suppressionsFile: $(Build.SourcesDirectory)\.config\CredScanSuppressions.json - binskim: - break: false # always break the build on binskim issues in addition to TSA upload - analyzeTargetGlob: -:file|*/*/*/*/*/*/*/*/Microsoft.VisualStudio.QualityTools.UnitTesting.Silverlight.dll;-:file|*/*/*/*/*/*/*/*/*/*/*/*/*/Microsoft.Cis.Monitoring.Query.dll - policheck: - break: true # always break the build on policheck issues. You can disable it by setting to 'false' - # baseline: - # baselineFile: $(Build.SourcesDirectory)\.gdn\global.gdnbaselines - cg: - failOnAlert: false - armory: - severity: note - break: false + parameters: + featureFlags: + WindowsHostVersion: 1ESWindows2022 + cloudvault: + enabled: false + globalSdl: + tsa: + enabled: false # onebranch publish all sdl results to TSA. If TSA is disabled all SDL tools will forced into 'break' build mode. + credscan: + suppressionsFile: $(Build.SourcesDirectory)\.config\CredScanSuppressions.json + binskim: + break: false # always break the build on binskim issues in addition to TSA upload + analyzeTargetGlob: -:file|*/*/*/*/*/*/*/*/Microsoft.VisualStudio.QualityTools.UnitTesting.Silverlight.dll;-:file|*/*/*/*/*/*/*/*/*/*/*/*/*/Microsoft.Cis.Monitoring.Query.dll + policheck: + break: true # always break the build on policheck issues. You can disable it by setting to 'false' + # baseline: + # baselineFile: $(Build.SourcesDirectory)\.gdn\global.gdnbaselines + cg: + failOnAlert: false + armory: + severity: note + break: false stages: - stage: Build From 72d3e1dcc0436322b797e0c996f2e010899d43fb Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 19 Aug 2025 14:29:53 -0700 Subject: [PATCH 005/129] Fix indent --- .pipelines/release.yml | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 56ffc18..a5acb08 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -41,27 +41,27 @@ extends: # Governed template expands from here which defines over all pipeline # See examples and documentation at the top of this file for guidance on building out this OneBranch pipeline parameters: - featureFlags: - WindowsHostVersion: 1ESWindows2022 - cloudvault: - enabled: false - globalSdl: - tsa: - enabled: false # onebranch publish all sdl results to TSA. If TSA is disabled all SDL tools will forced into 'break' build mode. - credscan: - suppressionsFile: $(Build.SourcesDirectory)\.config\CredScanSuppressions.json - binskim: - break: false # always break the build on binskim issues in addition to TSA upload - analyzeTargetGlob: -:file|*/*/*/*/*/*/*/*/Microsoft.VisualStudio.QualityTools.UnitTesting.Silverlight.dll;-:file|*/*/*/*/*/*/*/*/*/*/*/*/*/Microsoft.Cis.Monitoring.Query.dll - policheck: - break: true # always break the build on policheck issues. You can disable it by setting to 'false' - # baseline: - # baselineFile: $(Build.SourcesDirectory)\.gdn\global.gdnbaselines - cg: - failOnAlert: false - armory: - severity: note - break: false + featureFlags: + WindowsHostVersion: 1ESWindows2022 + cloudvault: + enabled: false + globalSdl: + tsa: + enabled: false # onebranch publish all sdl results to TSA. If TSA is disabled all SDL tools will forced into 'break' build mode. + credscan: + suppressionsFile: $(Build.SourcesDirectory)\.config\CredScanSuppressions.json + binskim: + break: false # always break the build on binskim issues in addition to TSA upload + analyzeTargetGlob: -:file|*/*/*/*/*/*/*/*/Microsoft.VisualStudio.QualityTools.UnitTesting.Silverlight.dll;-:file|*/*/*/*/*/*/*/*/*/*/*/*/*/Microsoft.Cis.Monitoring.Query.dll + policheck: + break: true # always break the build on policheck issues. You can disable it by setting to 'false' + # baseline: + # baselineFile: $(Build.SourcesDirectory)\.gdn\global.gdnbaselines + cg: + failOnAlert: false + armory: + severity: note + break: false stages: - stage: Build From fa328b2eca693709e67ff71cfd43ecfce7bd4a0d Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 19 Aug 2025 14:30:58 -0700 Subject: [PATCH 006/129] Fix branch --- .pipelines/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index a5acb08..a5ea8d7 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -33,7 +33,7 @@ resources: - repository: templates type: git name: OneBranch.Pipelines/GovernedTemplates - ref: refs/heads/azure-pipelines + ref: refs/heads/main # https://learn.microsoft.com/en-us/azure/devops/pipelines/process/resources?view=azure-devops&tabs=example#define-a-pipelines-resource extends: # Governed template expands from here which defines over all pipeline orchestration with OneBranch security, Compliance & Governance enabled From 76b06052f7a4c1b5d8af5b82eb211f71d2752538 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 19 Aug 2025 14:37:29 -0700 Subject: [PATCH 007/129] fix yaml --- .pipelines/release.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index a5ea8d7..429aa5d 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -28,7 +28,18 @@ # Service has "External Facing" metadata in service tree set to false (indicating that the customers for this service are internal to Microsoft) # Visit https://aka.ms/releaseyamlfornonev2 for guidance and examples +trigger: none + resources: + pipelines: + - pipeline: PSNativeBuildPipeline + source: 'PowerShell-Native-Official' + trigger: + branches: + include: + - main + - releases/* + repositories: - repository: templates type: git @@ -52,7 +63,6 @@ extends: # Governed template expands from here which defines over all pipeline suppressionsFile: $(Build.SourcesDirectory)\.config\CredScanSuppressions.json binskim: break: false # always break the build on binskim issues in addition to TSA upload - analyzeTargetGlob: -:file|*/*/*/*/*/*/*/*/Microsoft.VisualStudio.QualityTools.UnitTesting.Silverlight.dll;-:file|*/*/*/*/*/*/*/*/*/*/*/*/*/Microsoft.Cis.Monitoring.Query.dll policheck: break: true # always break the build on policheck issues. You can disable it by setting to 'false' # baseline: From e647c6e74842f39c7fecceb961df087d3e923968 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 19 Aug 2025 14:41:01 -0700 Subject: [PATCH 008/129] fixes --- .pipelines/release.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 429aa5d..51000a9 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -30,6 +30,10 @@ trigger: none +variables: + - name: ob_outputDirectory + value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + resources: pipelines: - pipeline: PSNativeBuildPipeline @@ -60,18 +64,15 @@ extends: # Governed template expands from here which defines over all pipeline tsa: enabled: false # onebranch publish all sdl results to TSA. If TSA is disabled all SDL tools will forced into 'break' build mode. credscan: - suppressionsFile: $(Build.SourcesDirectory)\.config\CredScanSuppressions.json + enabled: true # enable credscan to run on the pipeline binskim: break: false # always break the build on binskim issues in addition to TSA upload policheck: break: true # always break the build on policheck issues. You can disable it by setting to 'false' - # baseline: - # baselineFile: $(Build.SourcesDirectory)\.gdn\global.gdnbaselines cg: - failOnAlert: false + enabled: true # enable code governance to run on the pipeline armory: - severity: note - break: false + enabled: false stages: - stage: Build From b5cb0c55665a95dec573d168dfaaa4d59305d8da Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 19 Aug 2025 14:43:53 -0700 Subject: [PATCH 009/129] add variable --- .pipelines/release.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 51000a9..d0d74e4 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -80,6 +80,12 @@ extends: # Governed template expands from here which defines over all pipeline - job: Build pool: type: windows + + variables: + - name: ob_outputDirectory + value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + steps: - - script: echo Building... + - pwsh: | + echo Building... displayName: 'Build Step' From 3fe5160b40af884c067eb5617c7dceec30b083a9 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 19 Aug 2025 14:45:04 -0700 Subject: [PATCH 010/129] Remove pipeline resource --- .pipelines/release.yml | 9 --------- 1 file changed, 9 deletions(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index d0d74e4..e39cd8b 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -35,15 +35,6 @@ variables: value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' resources: - pipelines: - - pipeline: PSNativeBuildPipeline - source: 'PowerShell-Native-Official' - trigger: - branches: - include: - - main - - releases/* - repositories: - repository: templates type: git From a0097c295d992fc4acc48573b13b90e9632368b0 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 19 Aug 2025 14:52:07 -0700 Subject: [PATCH 011/129] windows x64 build --- .pipelines/release.yml | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index e39cd8b..c1a8398 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -68,7 +68,7 @@ extends: # Governed template expands from here which defines over all pipeline stages: - stage: Build jobs: - - job: Build + - job: Build Windows x64 pool: type: windows @@ -78,5 +78,12 @@ extends: # Governed template expands from here which defines over all pipeline steps: - pwsh: | - echo Building... - displayName: 'Build Step' + $repoRoot = '$(Build.SourcesDirectory)' + Import-Module $repoRoot\build.psm1 -Force + Start-PSBootstrap -BuildWindowsNative + Write-Verbose "Starting Start-BuildNativeWindowsBinaries" -Verbose + Start-BuildNativeWindowsBinaries -Configuration 'Release' -Arch x64 -Clean + Write-Verbose "Completed Start-BuildNativeWindowsBinaries" -Verbose + $buildOutputPath = Join-Path $repoRoot "src/powershell-win-core" + Compress-Archive -Path "$buildOutputPath/*.dll" -DestinationPath "$(ob_outputDirectory)/win-x64-symbols.zip" -Verbose + displayName: 'Build' From 7ceeffdf7be18b114fa211a583b3be6e0c1b250e Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 19 Aug 2025 14:53:17 -0700 Subject: [PATCH 012/129] Make non official for testing --- .pipelines/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index c1a8398..581a803 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -43,7 +43,7 @@ resources: # https://learn.microsoft.com/en-us/azure/devops/pipelines/process/resources?view=azure-devops&tabs=example#define-a-pipelines-resource extends: # Governed template expands from here which defines over all pipeline orchestration with OneBranch security, Compliance & Governance enabled - template: v2/OneBranch.Official.CrossPlat.yml@templates # The Official template may only be used by Production-classified pipelines + template: v2/OneBranch.NonOfficial.CrossPlat.yml@templates # The Official template may only be used by Production-classified pipelines # See examples and documentation at the top of this file for guidance on building out this OneBranch pipeline parameters: From 6162d05b13f175b576a5a3a35ee5073f524c8a68 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 19 Aug 2025 14:54:07 -0700 Subject: [PATCH 013/129] fix job name --- .pipelines/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 581a803..0b3a5da 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -68,7 +68,7 @@ extends: # Governed template expands from here which defines over all pipeline stages: - stage: Build jobs: - - job: Build Windows x64 + - job: BuildWindowsx64 pool: type: windows From d6fbabe89cdd472d4e2a870a4109323c1531970b Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 19 Aug 2025 15:03:12 -0700 Subject: [PATCH 014/129] Add container name --- .pipelines/release.yml | 38 +++++--------------------------------- 1 file changed, 5 insertions(+), 33 deletions(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 0b3a5da..6f6d1c3 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -1,38 +1,12 @@ -################################################################################# -# OneBranch Pipelines # -# Documentation: https://aka.ms/onebranchrelease # -# Yaml Schema: https://aka.ms/obpipelines/yaml/schema # -# Support: https://aka.ms/onebranchsupport # -################################################################################# - -# This is the OneBranch Release YAML Starter Pipeline. -# For general guidance on OneBranch Release YAML, visit https://aka.ms/onebranchrelease -# -# There are 3 different options for customers to choose from depending on their release scenario: -######################################################################################### -# 1. *********** EV2 Azure Release: *********** -# OneBranch EV2 Managed SDP release should be used to deploy within Azure. This is the standard and recommended path for all C+AI teams. -# Visit https://aka.ms/releaseyamlforev2 for guidance and examples -# -########################################################################################## -# 2. *********** Non-Azure Release: *********** -# Examples of applicable scenarios include: publishing packages, publishing to VSTS marketplace, publishing to 3P app stores, ESRP Release, GitHub Release etc. -# Note: Any release operation to do with Azure subscriptions like service deployments, uploading data to storage accounts, etc. cannot use this pathway. -# Visit https://aka.ms/releaseyamlfornonazure for guidance and examples -# -########################################################################################## -# 3. *********** Non-EV2 Microsoft-Internal Release: (Only permitted as a stop-gap for internal service teams)************* -# OneBranch NonEV2 Release can only be used by teams unable to use any other release method. -# NonEV2 releases can only be done by teams whose product doesn't release outside of Microsoft. -# Only services meeting all the following criteria can use NonEV2 release as a stop-gap: -# Service has "External Facing" metadata in service tree set to false (indicating that the customers for this service are internal to Microsoft) -# Visit https://aka.ms/releaseyamlfornonev2 for guidance and examples - trigger: none variables: - name: ob_outputDirectory value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + - name: LinuxContainerImage + value: onebranch.azurecr.io/linux/ubuntu-2004:latest + - name: WindowsContainerImage + value: onebranch.azurecr.io/windows/ltsc2019/vse2022:latest resources: repositories: @@ -40,11 +14,9 @@ resources: type: git name: OneBranch.Pipelines/GovernedTemplates ref: refs/heads/main - # https://learn.microsoft.com/en-us/azure/devops/pipelines/process/resources?view=azure-devops&tabs=example#define-a-pipelines-resource -extends: # Governed template expands from here which defines over all pipeline orchestration with OneBranch security, Compliance & Governance enabled +extends: template: v2/OneBranch.NonOfficial.CrossPlat.yml@templates # The Official template may only be used by Production-classified pipelines - # See examples and documentation at the top of this file for guidance on building out this OneBranch pipeline parameters: featureFlags: From ca157f4589c9ecd8af8ae92606f0c3c8057d0c05 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 19 Aug 2025 16:29:02 -0700 Subject: [PATCH 015/129] add featureflags --- .pipelines/release.yml | 33 +++++++++++++++++++++------------ 1 file changed, 21 insertions(+), 12 deletions(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 6f6d1c3..07e0b38 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -6,7 +6,7 @@ variables: - name: LinuxContainerImage value: onebranch.azurecr.io/linux/ubuntu-2004:latest - name: WindowsContainerImage - value: onebranch.azurecr.io/windows/ltsc2019/vse2022:latest + value: onebranch.azurecr.io/windows/ltsc2022/vse2022:latest resources: repositories: @@ -20,20 +20,29 @@ extends: parameters: featureFlags: - WindowsHostVersion: 1ESWindows2022 + WindowsHostVersion: + Disk: Large + Version: 2022 + Network: KS1 cloudvault: enabled: false globalSdl: - tsa: - enabled: false # onebranch publish all sdl results to TSA. If TSA is disabled all SDL tools will forced into 'break' build mode. - credscan: - enabled: true # enable credscan to run on the pipeline - binskim: - break: false # always break the build on binskim issues in addition to TSA upload - policheck: - break: true # always break the build on policheck issues. You can disable it by setting to 'false' - cg: - enabled: true # enable code governance to run on the pipeline + sbom: + enabled: true + packageName: Microsoft.DSC + codeql: + compiled: + enabled: true + asyncSdl: # https://aka.ms/obpipelines/asyncsdl + enabled: true + forStages: [Build] + credscan: + enabled: true + scanFolder: $(Build.SourcesDirectory)\DSC + binskim: + enabled: true + apiscan: + enabled: false armory: enabled: false From 06935127b2c5e5a75bdb9301950cff8382034006 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 20 Aug 2025 09:36:03 -0700 Subject: [PATCH 016/129] Update expected path for 2022 --- build.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.psm1 b/build.psm1 index 9c4ec58..33c4bde 100644 --- a/build.psm1 +++ b/build.psm1 @@ -220,7 +220,7 @@ function Start-BuildNativeWindowsBinaries { } Write-Verbose -Verbose "VCPath: $vcPath" - $alternateVCPath = (Get-ChildItem "${env:ProgramFiles(x86)}\Microsoft Visual Studio\2017" -Filter "VC" -Directory -Recurse).FullName + $alternateVCPath = (Get-ChildItem "${env:ProgramFiles(x86)}\Microsoft Visual Studio\2022" -Filter "VC" -Directory -Recurse).FullName Write-Verbose -Verbose "alternateVCPath: $alternateVCPath" $atlBaseFound = $false From 9fee4d4e3bff2c82243cf49e82b8c97dae7574b5 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 20 Aug 2025 09:52:33 -0700 Subject: [PATCH 017/129] Update path for VC --- build.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.psm1 b/build.psm1 index 33c4bde..ab47c1d 100644 --- a/build.psm1 +++ b/build.psm1 @@ -220,7 +220,7 @@ function Start-BuildNativeWindowsBinaries { } Write-Verbose -Verbose "VCPath: $vcPath" - $alternateVCPath = (Get-ChildItem "${env:ProgramFiles(x86)}\Microsoft Visual Studio\2022" -Filter "VC" -Directory -Recurse).FullName + $alternateVCPath = (Get-ChildItem "${env:ProgramFiles}\Microsoft Visual Studio\2022" -Filter "VC" -Directory -Recurse).FullName Write-Verbose -Verbose "alternateVCPath: $alternateVCPath" $atlBaseFound = $false From 932223dadd7728df70d82979653df788b4923055 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 20 Aug 2025 10:23:40 -0700 Subject: [PATCH 018/129] Select first VC path --- build.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.psm1 b/build.psm1 index ab47c1d..44a4c74 100644 --- a/build.psm1 +++ b/build.psm1 @@ -220,7 +220,7 @@ function Start-BuildNativeWindowsBinaries { } Write-Verbose -Verbose "VCPath: $vcPath" - $alternateVCPath = (Get-ChildItem "${env:ProgramFiles}\Microsoft Visual Studio\2022" -Filter "VC" -Directory -Recurse).FullName + $alternateVCPath = (Get-ChildItem "${env:ProgramFiles}\Microsoft Visual Studio\2022" -Filter "VC" -Directory -Recurse) | Select-Object -First 1 -ExpandProperty FullName Write-Verbose -Verbose "alternateVCPath: $alternateVCPath" $atlBaseFound = $false From f3d3ee8a963ab24ef7d2e04da29559f0550f9a36 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 20 Aug 2025 10:25:00 -0700 Subject: [PATCH 019/129] Capture env --- .pipelines/release.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 07e0b38..17b0c62 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -58,6 +58,10 @@ extends: value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' steps: + - pwsh: | + Get-ChildItem Env:\ | Out-String -Stream | Write-Verbose -Verbose + displayName: Capture environment variables + - pwsh: | $repoRoot = '$(Build.SourcesDirectory)' Import-Module $repoRoot\build.psm1 -Force From 516d0de005658a8d5affc9c031e0cff569cc4362 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 20 Aug 2025 11:27:24 -0700 Subject: [PATCH 020/129] Update VS version --- build.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.psm1 b/build.psm1 index 44a4c74..8bea4f5 100644 --- a/build.psm1 +++ b/build.psm1 @@ -298,7 +298,7 @@ function Start-BuildNativeWindowsBinaries { $cmakeArch = 'arm64' $cmakeGeneratorPlatform = "-A ARM64" } else { - $cmakeGenerator = 'Visual Studio 15 2017 Win64' + $cmakeGenerator = 'Visual Studio 17 2022 Win64' $cmakeArch = 'x64' } From aa4b2b95b4f7e047ba8129a7dfd587fa392f93f8 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 20 Aug 2025 11:44:21 -0700 Subject: [PATCH 021/129] Update VS cmake generator --- build.psm1 | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/build.psm1 b/build.psm1 index 8bea4f5..264c4e9 100644 --- a/build.psm1 +++ b/build.psm1 @@ -288,18 +288,21 @@ function Start-BuildNativeWindowsBinaries { # setup cmakeGenerator $cmakeGeneratorPlatform = "" if ($Arch -eq 'x86') { - $cmakeGenerator = 'Visual Studio 15 2017' + $cmakeGenerator = 'Visual Studio 17 2022' $cmakeArch = 'x86' + $cmakeGeneratorPlatform = "-A Win32" } elseif ($Arch -eq 'x64_arm') { - $cmakeGenerator = 'Visual Studio 15 2017 ARM' + $cmakeGenerator = 'Visual Studio 17 2022 ARM' $cmakeArch = 'arm' + $cmakeGeneratorPlatform = "-A ARM" } elseif ($Arch -eq 'x64_arm64') { - $cmakeGenerator = 'Visual Studio 15 2017' + $cmakeGenerator = 'Visual Studio 17 2022' $cmakeArch = 'arm64' $cmakeGeneratorPlatform = "-A ARM64" } else { $cmakeGenerator = 'Visual Studio 17 2022 Win64' $cmakeArch = 'x64' + $cmakeGeneratorPlatform = "-A x64" } # Compile native resources From 48d9255e79bac01b45dd05ce575aac2ddf06961d Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 20 Aug 2025 12:01:35 -0700 Subject: [PATCH 022/129] Update SDL and generator --- .pipelines/release.yml | 20 +++++++++----------- build.psm1 | 8 ++++---- 2 files changed, 13 insertions(+), 15 deletions(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 17b0c62..05a15e5 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -24,27 +24,25 @@ extends: Disk: Large Version: 2022 Network: KS1 + incrementalSDLBinaryAnalysis: true cloudvault: enabled: false globalSdl: sbom: enabled: true - packageName: Microsoft.DSC + packageName: Microsoft.PowerShell.Native codeql: compiled: enabled: true - asyncSdl: # https://aka.ms/obpipelines/asyncsdl - enabled: true - forStages: [Build] - credscan: - enabled: true - scanFolder: $(Build.SourcesDirectory)\DSC - binskim: - enabled: true - apiscan: - enabled: false armory: enabled: false + credscan: + enabled: true + scanFolder: $(Build.SourcesDirectory) + binskim: + enabled: true + apiscan: + enabled: false stages: - stage: Build diff --git a/build.psm1 b/build.psm1 index 264c4e9..f660543 100644 --- a/build.psm1 +++ b/build.psm1 @@ -288,19 +288,19 @@ function Start-BuildNativeWindowsBinaries { # setup cmakeGenerator $cmakeGeneratorPlatform = "" if ($Arch -eq 'x86') { - $cmakeGenerator = 'Visual Studio 17 2022' + $cmakeGenerator = 'Visual Studio 15 2017' $cmakeArch = 'x86' $cmakeGeneratorPlatform = "-A Win32" } elseif ($Arch -eq 'x64_arm') { - $cmakeGenerator = 'Visual Studio 17 2022 ARM' + $cmakeGenerator = 'Visual Studio 15 2017' $cmakeArch = 'arm' $cmakeGeneratorPlatform = "-A ARM" } elseif ($Arch -eq 'x64_arm64') { - $cmakeGenerator = 'Visual Studio 17 2022' + $cmakeGenerator = 'Visual Studio 15 2017' $cmakeArch = 'arm64' $cmakeGeneratorPlatform = "-A ARM64" } else { - $cmakeGenerator = 'Visual Studio 17 2022 Win64' + $cmakeGenerator = 'Visual Studio 15 2017' $cmakeArch = 'x64' $cmakeGeneratorPlatform = "-A x64" } From 07b51aa9cb42a6fab22af35cdd3815a0abcf99ac Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 20 Aug 2025 12:14:17 -0700 Subject: [PATCH 023/129] Update generator --- build.psm1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/build.psm1 b/build.psm1 index f660543..1d0ad80 100644 --- a/build.psm1 +++ b/build.psm1 @@ -288,19 +288,19 @@ function Start-BuildNativeWindowsBinaries { # setup cmakeGenerator $cmakeGeneratorPlatform = "" if ($Arch -eq 'x86') { - $cmakeGenerator = 'Visual Studio 15 2017' + $cmakeGenerator = 'Visual Studio 17 2022' $cmakeArch = 'x86' $cmakeGeneratorPlatform = "-A Win32" } elseif ($Arch -eq 'x64_arm') { - $cmakeGenerator = 'Visual Studio 15 2017' + $cmakeGenerator = 'Visual Studio 17 2022' $cmakeArch = 'arm' $cmakeGeneratorPlatform = "-A ARM" } elseif ($Arch -eq 'x64_arm64') { - $cmakeGenerator = 'Visual Studio 15 2017' + $cmakeGenerator = 'Visual Studio 17 2022' $cmakeArch = 'arm64' $cmakeGeneratorPlatform = "-A ARM64" } else { - $cmakeGenerator = 'Visual Studio 15 2017' + $cmakeGenerator = 'Visual Studio 17 2022' $cmakeArch = 'x64' $cmakeGeneratorPlatform = "-A x64" } From 16ba199f6957d827a3591ba54000a165fa638033 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 20 Aug 2025 14:04:23 -0700 Subject: [PATCH 024/129] Create output folder --- .pipelines/release.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 05a15e5..9eea412 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -68,5 +68,10 @@ extends: Start-BuildNativeWindowsBinaries -Configuration 'Release' -Arch x64 -Clean Write-Verbose "Completed Start-BuildNativeWindowsBinaries" -Verbose $buildOutputPath = Join-Path $repoRoot "src/powershell-win-core" + + if (-not (Test-Path $buildOutputPath)) { + New-Item -ItemType Directory -Path $buildOutputPath -Force -Verbose + } + Compress-Archive -Path "$buildOutputPath/*.dll" -DestinationPath "$(ob_outputDirectory)/win-x64-symbols.zip" -Verbose displayName: 'Build' From d9c9e18cc1e3ebfb45a33e19b91348a87a6a337a Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 20 Aug 2025 14:23:05 -0700 Subject: [PATCH 025/129] Fix Create output folder --- .pipelines/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 9eea412..20d0ded 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -69,8 +69,8 @@ extends: Write-Verbose "Completed Start-BuildNativeWindowsBinaries" -Verbose $buildOutputPath = Join-Path $repoRoot "src/powershell-win-core" - if (-not (Test-Path $buildOutputPath)) { - New-Item -ItemType Directory -Path $buildOutputPath -Force -Verbose + if (-not (Test-Path $(ob_outputDirectory))) { + New-Item -ItemType Directory -Path $(ob_outputDirectory) -Force -Verbose } Compress-Archive -Path "$buildOutputPath/*.dll" -DestinationPath "$(ob_outputDirectory)/win-x64-symbols.zip" -Verbose From e138531b8727100791d454985acc0dfbd4f009e6 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 20 Aug 2025 14:42:48 -0700 Subject: [PATCH 026/129] Add matrix --- .pipelines/release.yml | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 20d0ded..e6d6c10 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -50,6 +50,17 @@ extends: - job: BuildWindowsx64 pool: type: windows + displayName: Windows + strategy: + matrix: + x64: + ARCHITECTURE: x64 + x86: + ARCHITECTURE: x86 + x64ARM: + ARCHITECTURE: x64_arm + x64ARM64: + ARCHITECTURE: x64_arm64 variables: - name: ob_outputDirectory @@ -65,7 +76,7 @@ extends: Import-Module $repoRoot\build.psm1 -Force Start-PSBootstrap -BuildWindowsNative Write-Verbose "Starting Start-BuildNativeWindowsBinaries" -Verbose - Start-BuildNativeWindowsBinaries -Configuration 'Release' -Arch x64 -Clean + Start-BuildNativeWindowsBinaries -Configuration 'Release' -Arch $(ARCHITECTURE) -Clean Write-Verbose "Completed Start-BuildNativeWindowsBinaries" -Verbose $buildOutputPath = Join-Path $repoRoot "src/powershell-win-core" @@ -73,5 +84,5 @@ extends: New-Item -ItemType Directory -Path $(ob_outputDirectory) -Force -Verbose } - Compress-Archive -Path "$buildOutputPath/*.dll" -DestinationPath "$(ob_outputDirectory)/win-x64-symbols.zip" -Verbose + Compress-Archive -Path "$buildOutputPath/*.dll","$buildOutputPath/*.pdb" -DestinationPath "$(ob_outputDirectory)/win-$(ARCHITECTURE)-symbols.zip" -Verbose displayName: 'Build' From bf4dc32af090d7be13ac6a72781d6c3ef1a827d8 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 20 Aug 2025 15:10:04 -0700 Subject: [PATCH 027/129] Add matrix for job name --- .pipelines/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index e6d6c10..ce57da2 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -47,7 +47,7 @@ extends: stages: - stage: Build jobs: - - job: BuildWindowsx64 + - job: BuildWin-$(ARCHITECTURE) pool: type: windows displayName: Windows From 38827f368d0b46af3f91285601a29e75c7c7f509 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 20 Aug 2025 15:12:33 -0700 Subject: [PATCH 028/129] Add matrix for job name --- .pipelines/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index ce57da2..dfc2d13 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -84,5 +84,5 @@ extends: New-Item -ItemType Directory -Path $(ob_outputDirectory) -Force -Verbose } - Compress-Archive -Path "$buildOutputPath/*.dll","$buildOutputPath/*.pdb" -DestinationPath "$(ob_outputDirectory)/win-$(ARCHITECTURE)-symbols.zip" -Verbose + Compress-Archive -Path "$buildOutputPath/*.dll","$buildOutputPath/*.pdb" -DestinationPath "$(ob_outputDirectory)/win-$(ARCHITECTURE)-symbols.zip" -Verbose -Force displayName: 'Build' From 77f2344e02c125fcce738af5e335052776875378 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 20 Aug 2025 15:17:36 -0700 Subject: [PATCH 029/129] Add jobs --- .pipelines/release.yml | 106 ++++++++++++++++++++++++++++++++++++----- 1 file changed, 95 insertions(+), 11 deletions(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index dfc2d13..7da3bae 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -47,24 +47,46 @@ extends: stages: - stage: Build jobs: - - job: BuildWin-$(ARCHITECTURE) + - job: BuildWin-x64 pool: type: windows displayName: Windows - strategy: - matrix: - x64: - ARCHITECTURE: x64 - x86: - ARCHITECTURE: x86 - x64ARM: - ARCHITECTURE: x64_arm - x64ARM64: - ARCHITECTURE: x64_arm64 + variables: + - name: ob_outputDirectory + value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + - name: ARCHITECTURE + value: 'x64' + + steps: + - pwsh: | + Get-ChildItem Env:\ | Out-String -Stream | Write-Verbose -Verbose + displayName: Capture environment variables + - pwsh: | + $repoRoot = '$(Build.SourcesDirectory)' + Import-Module $repoRoot\build.psm1 -Force + Start-PSBootstrap -BuildWindowsNative + Write-Verbose "Starting Start-BuildNativeWindowsBinaries" -Verbose + Start-BuildNativeWindowsBinaries -Configuration 'Release' -Arch $(ARCHITECTURE) -Clean + Write-Verbose "Completed Start-BuildNativeWindowsBinaries" -Verbose + $buildOutputPath = Join-Path $repoRoot "src/powershell-win-core" + + if (-not (Test-Path $(ob_outputDirectory))) { + New-Item -ItemType Directory -Path $(ob_outputDirectory) -Force -Verbose + } + + Compress-Archive -Path "$buildOutputPath/*.dll","$buildOutputPath/*.pdb" -DestinationPath "$(ob_outputDirectory)/win-$(ARCHITECTURE)-symbols.zip" -Verbose -Force + displayName: 'Build' + + - job: BuildWin-x86 + pool: + type: windows + displayName: Windows variables: - name: ob_outputDirectory value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + - name: ARCHITECTURE + value: 'x86' steps: - pwsh: | @@ -86,3 +108,65 @@ extends: Compress-Archive -Path "$buildOutputPath/*.dll","$buildOutputPath/*.pdb" -DestinationPath "$(ob_outputDirectory)/win-$(ARCHITECTURE)-symbols.zip" -Verbose -Force displayName: 'Build' + + - job: BuildWin-x64_arm + pool: + type: windows + displayName: Windows + variables: + - name: ob_outputDirectory + value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + - name: ARCHITECTURE + value: 'x64_arm' + + steps: + - pwsh: | + Get-ChildItem Env:\ | Out-String -Stream | Write-Verbose -Verbose + displayName: Capture environment variables + + - pwsh: | + $repoRoot = '$(Build.SourcesDirectory)' + Import-Module $repoRoot\build.psm1 -Force + Start-PSBootstrap -BuildWindowsNative + Write-Verbose "Starting Start-BuildNativeWindowsBinaries" -Verbose + Start-BuildNativeWindowsBinaries -Configuration 'Release' -Arch $(ARCHITECTURE) -Clean + Write-Verbose "Completed Start-BuildNativeWindowsBinaries" -Verbose + $buildOutputPath = Join-Path $repoRoot "src/powershell-win-core" + + if (-not (Test-Path $(ob_outputDirectory))) { + New-Item -ItemType Directory -Path $(ob_outputDirectory) -Force -Verbose + } + + Compress-Archive -Path "$buildOutputPath/*.dll","$buildOutputPath/*.pdb" -DestinationPath "$(ob_outputDirectory)/win-$(ARCHITECTURE)-symbols.zip" -Verbose -Force + displayName: 'Build' + + - job: BuildWin-x64_arm64 + pool: + type: windows + displayName: Windows + variables: + - name: ob_outputDirectory + value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + - name: ARCHITECTURE + value: 'x64_arm64' + + steps: + - pwsh: | + Get-ChildItem Env:\ | Out-String -Stream | Write-Verbose -Verbose + displayName: Capture environment variables + + - pwsh: | + $repoRoot = '$(Build.SourcesDirectory)' + Import-Module $repoRoot\build.psm1 -Force + Start-PSBootstrap -BuildWindowsNative + Write-Verbose "Starting Start-BuildNativeWindowsBinaries" -Verbose + Start-BuildNativeWindowsBinaries -Configuration 'Release' -Arch $(ARCHITECTURE) -Clean + Write-Verbose "Completed Start-BuildNativeWindowsBinaries" -Verbose + $buildOutputPath = Join-Path $repoRoot "src/powershell-win-core" + + if (-not (Test-Path $(ob_outputDirectory))) { + New-Item -ItemType Directory -Path $(ob_outputDirectory) -Force -Verbose + } + + Compress-Archive -Path "$buildOutputPath/*.dll","$buildOutputPath/*.pdb" -DestinationPath "$(ob_outputDirectory)/win-$(ARCHITECTURE)-symbols.zip" -Verbose -Force + displayName: 'Build' From 3158bd86abe7e953a972f91ecaf29594c89444e6 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 20 Aug 2025 15:18:24 -0700 Subject: [PATCH 030/129] fix indent --- .pipelines/release.yml | 122 ++++++++++++++++++++--------------------- 1 file changed, 61 insertions(+), 61 deletions(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 7da3bae..1f8069c 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -109,64 +109,64 @@ extends: Compress-Archive -Path "$buildOutputPath/*.dll","$buildOutputPath/*.pdb" -DestinationPath "$(ob_outputDirectory)/win-$(ARCHITECTURE)-symbols.zip" -Verbose -Force displayName: 'Build' - - job: BuildWin-x64_arm - pool: - type: windows - displayName: Windows - variables: - - name: ob_outputDirectory - value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' - - name: ARCHITECTURE - value: 'x64_arm' - - steps: - - pwsh: | - Get-ChildItem Env:\ | Out-String -Stream | Write-Verbose -Verbose - displayName: Capture environment variables - - - pwsh: | - $repoRoot = '$(Build.SourcesDirectory)' - Import-Module $repoRoot\build.psm1 -Force - Start-PSBootstrap -BuildWindowsNative - Write-Verbose "Starting Start-BuildNativeWindowsBinaries" -Verbose - Start-BuildNativeWindowsBinaries -Configuration 'Release' -Arch $(ARCHITECTURE) -Clean - Write-Verbose "Completed Start-BuildNativeWindowsBinaries" -Verbose - $buildOutputPath = Join-Path $repoRoot "src/powershell-win-core" - - if (-not (Test-Path $(ob_outputDirectory))) { - New-Item -ItemType Directory -Path $(ob_outputDirectory) -Force -Verbose - } - - Compress-Archive -Path "$buildOutputPath/*.dll","$buildOutputPath/*.pdb" -DestinationPath "$(ob_outputDirectory)/win-$(ARCHITECTURE)-symbols.zip" -Verbose -Force - displayName: 'Build' - - - job: BuildWin-x64_arm64 - pool: - type: windows - displayName: Windows - variables: - - name: ob_outputDirectory - value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' - - name: ARCHITECTURE - value: 'x64_arm64' - - steps: - - pwsh: | - Get-ChildItem Env:\ | Out-String -Stream | Write-Verbose -Verbose - displayName: Capture environment variables - - - pwsh: | - $repoRoot = '$(Build.SourcesDirectory)' - Import-Module $repoRoot\build.psm1 -Force - Start-PSBootstrap -BuildWindowsNative - Write-Verbose "Starting Start-BuildNativeWindowsBinaries" -Verbose - Start-BuildNativeWindowsBinaries -Configuration 'Release' -Arch $(ARCHITECTURE) -Clean - Write-Verbose "Completed Start-BuildNativeWindowsBinaries" -Verbose - $buildOutputPath = Join-Path $repoRoot "src/powershell-win-core" - - if (-not (Test-Path $(ob_outputDirectory))) { - New-Item -ItemType Directory -Path $(ob_outputDirectory) -Force -Verbose - } - - Compress-Archive -Path "$buildOutputPath/*.dll","$buildOutputPath/*.pdb" -DestinationPath "$(ob_outputDirectory)/win-$(ARCHITECTURE)-symbols.zip" -Verbose -Force - displayName: 'Build' + - job: BuildWin-x64_arm + pool: + type: windows + displayName: Windows + variables: + - name: ob_outputDirectory + value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + - name: ARCHITECTURE + value: 'x64_arm' + + steps: + - pwsh: | + Get-ChildItem Env:\ | Out-String -Stream | Write-Verbose -Verbose + displayName: Capture environment variables + + - pwsh: | + $repoRoot = '$(Build.SourcesDirectory)' + Import-Module $repoRoot\build.psm1 -Force + Start-PSBootstrap -BuildWindowsNative + Write-Verbose "Starting Start-BuildNativeWindowsBinaries" -Verbose + Start-BuildNativeWindowsBinaries -Configuration 'Release' -Arch $(ARCHITECTURE) -Clean + Write-Verbose "Completed Start-BuildNativeWindowsBinaries" -Verbose + $buildOutputPath = Join-Path $repoRoot "src/powershell-win-core" + + if (-not (Test-Path $(ob_outputDirectory))) { + New-Item -ItemType Directory -Path $(ob_outputDirectory) -Force -Verbose + } + + Compress-Archive -Path "$buildOutputPath/*.dll","$buildOutputPath/*.pdb" -DestinationPath "$(ob_outputDirectory)/win-$(ARCHITECTURE)-symbols.zip" -Verbose -Force + displayName: 'Build' + + - job: BuildWin-x64_arm64 + pool: + type: windows + displayName: Windows + variables: + - name: ob_outputDirectory + value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + - name: ARCHITECTURE + value: 'x64_arm64' + + steps: + - pwsh: | + Get-ChildItem Env:\ | Out-String -Stream | Write-Verbose -Verbose + displayName: Capture environment variables + + - pwsh: | + $repoRoot = '$(Build.SourcesDirectory)' + Import-Module $repoRoot\build.psm1 -Force + Start-PSBootstrap -BuildWindowsNative + Write-Verbose "Starting Start-BuildNativeWindowsBinaries" -Verbose + Start-BuildNativeWindowsBinaries -Configuration 'Release' -Arch $(ARCHITECTURE) -Clean + Write-Verbose "Completed Start-BuildNativeWindowsBinaries" -Verbose + $buildOutputPath = Join-Path $repoRoot "src/powershell-win-core" + + if (-not (Test-Path $(ob_outputDirectory))) { + New-Item -ItemType Directory -Path $(ob_outputDirectory) -Force -Verbose + } + + Compress-Archive -Path "$buildOutputPath/*.dll","$buildOutputPath/*.pdb" -DestinationPath "$(ob_outputDirectory)/win-$(ARCHITECTURE)-symbols.zip" -Verbose -Force + displayName: 'Build' From ee4f3d3cf8f6fbe46e95ef3233a6b9af9dd8adfe Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 20 Aug 2025 15:19:09 -0700 Subject: [PATCH 031/129] Fix nnames --- .pipelines/release.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 1f8069c..948d320 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -47,7 +47,7 @@ extends: stages: - stage: Build jobs: - - job: BuildWin-x64 + - job: BuildWin_x64 pool: type: windows displayName: Windows @@ -78,7 +78,7 @@ extends: Compress-Archive -Path "$buildOutputPath/*.dll","$buildOutputPath/*.pdb" -DestinationPath "$(ob_outputDirectory)/win-$(ARCHITECTURE)-symbols.zip" -Verbose -Force displayName: 'Build' - - job: BuildWin-x86 + - job: BuildWin_x86 pool: type: windows displayName: Windows @@ -109,7 +109,7 @@ extends: Compress-Archive -Path "$buildOutputPath/*.dll","$buildOutputPath/*.pdb" -DestinationPath "$(ob_outputDirectory)/win-$(ARCHITECTURE)-symbols.zip" -Verbose -Force displayName: 'Build' - - job: BuildWin-x64_arm + - job: BuildWin_x64_arm pool: type: windows displayName: Windows @@ -140,7 +140,7 @@ extends: Compress-Archive -Path "$buildOutputPath/*.dll","$buildOutputPath/*.pdb" -DestinationPath "$(ob_outputDirectory)/win-$(ARCHITECTURE)-symbols.zip" -Verbose -Force displayName: 'Build' - - job: BuildWin-x64_arm64 + - job: BuildWin_x64_arm64 pool: type: windows displayName: Windows From 96227a44b942a119d5df51870145fc4a8604503e Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 20 Aug 2025 16:44:06 -0700 Subject: [PATCH 032/129] Template and signing --- .pipelines/release.yml | 130 ++------------------ .pipelines/templates/build-sign-windows.yml | 49 ++++++++ 2 files changed, 59 insertions(+), 120 deletions(-) create mode 100644 .pipelines/templates/build-sign-windows.yml diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 948d320..8f7f0ba 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -45,128 +45,18 @@ extends: enabled: false stages: - - stage: Build + - stage: WinBuildAndSign jobs: - - job: BuildWin_x64 - pool: - type: windows - displayName: Windows - variables: - - name: ob_outputDirectory - value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' - - name: ARCHITECTURE - value: 'x64' + - template: templates/build-sign-windows.yml@self + parameters: + ARCHITECTURE: 'x64' - steps: - - pwsh: | - Get-ChildItem Env:\ | Out-String -Stream | Write-Verbose -Verbose - displayName: Capture environment variables + - template: templates/build-sign-windows.yml@self + parameters: + ARCHITECTURE: 'x86' - - pwsh: | - $repoRoot = '$(Build.SourcesDirectory)' - Import-Module $repoRoot\build.psm1 -Force - Start-PSBootstrap -BuildWindowsNative - Write-Verbose "Starting Start-BuildNativeWindowsBinaries" -Verbose - Start-BuildNativeWindowsBinaries -Configuration 'Release' -Arch $(ARCHITECTURE) -Clean - Write-Verbose "Completed Start-BuildNativeWindowsBinaries" -Verbose - $buildOutputPath = Join-Path $repoRoot "src/powershell-win-core" + - template: templates/build-sign-windows.yml@self + parameters: + ARCHITECTURE: 'x64_arm64' - if (-not (Test-Path $(ob_outputDirectory))) { - New-Item -ItemType Directory -Path $(ob_outputDirectory) -Force -Verbose - } - Compress-Archive -Path "$buildOutputPath/*.dll","$buildOutputPath/*.pdb" -DestinationPath "$(ob_outputDirectory)/win-$(ARCHITECTURE)-symbols.zip" -Verbose -Force - displayName: 'Build' - - - job: BuildWin_x86 - pool: - type: windows - displayName: Windows - variables: - - name: ob_outputDirectory - value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' - - name: ARCHITECTURE - value: 'x86' - - steps: - - pwsh: | - Get-ChildItem Env:\ | Out-String -Stream | Write-Verbose -Verbose - displayName: Capture environment variables - - - pwsh: | - $repoRoot = '$(Build.SourcesDirectory)' - Import-Module $repoRoot\build.psm1 -Force - Start-PSBootstrap -BuildWindowsNative - Write-Verbose "Starting Start-BuildNativeWindowsBinaries" -Verbose - Start-BuildNativeWindowsBinaries -Configuration 'Release' -Arch $(ARCHITECTURE) -Clean - Write-Verbose "Completed Start-BuildNativeWindowsBinaries" -Verbose - $buildOutputPath = Join-Path $repoRoot "src/powershell-win-core" - - if (-not (Test-Path $(ob_outputDirectory))) { - New-Item -ItemType Directory -Path $(ob_outputDirectory) -Force -Verbose - } - - Compress-Archive -Path "$buildOutputPath/*.dll","$buildOutputPath/*.pdb" -DestinationPath "$(ob_outputDirectory)/win-$(ARCHITECTURE)-symbols.zip" -Verbose -Force - displayName: 'Build' - - - job: BuildWin_x64_arm - pool: - type: windows - displayName: Windows - variables: - - name: ob_outputDirectory - value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' - - name: ARCHITECTURE - value: 'x64_arm' - - steps: - - pwsh: | - Get-ChildItem Env:\ | Out-String -Stream | Write-Verbose -Verbose - displayName: Capture environment variables - - - pwsh: | - $repoRoot = '$(Build.SourcesDirectory)' - Import-Module $repoRoot\build.psm1 -Force - Start-PSBootstrap -BuildWindowsNative - Write-Verbose "Starting Start-BuildNativeWindowsBinaries" -Verbose - Start-BuildNativeWindowsBinaries -Configuration 'Release' -Arch $(ARCHITECTURE) -Clean - Write-Verbose "Completed Start-BuildNativeWindowsBinaries" -Verbose - $buildOutputPath = Join-Path $repoRoot "src/powershell-win-core" - - if (-not (Test-Path $(ob_outputDirectory))) { - New-Item -ItemType Directory -Path $(ob_outputDirectory) -Force -Verbose - } - - Compress-Archive -Path "$buildOutputPath/*.dll","$buildOutputPath/*.pdb" -DestinationPath "$(ob_outputDirectory)/win-$(ARCHITECTURE)-symbols.zip" -Verbose -Force - displayName: 'Build' - - - job: BuildWin_x64_arm64 - pool: - type: windows - displayName: Windows - variables: - - name: ob_outputDirectory - value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' - - name: ARCHITECTURE - value: 'x64_arm64' - - steps: - - pwsh: | - Get-ChildItem Env:\ | Out-String -Stream | Write-Verbose -Verbose - displayName: Capture environment variables - - - pwsh: | - $repoRoot = '$(Build.SourcesDirectory)' - Import-Module $repoRoot\build.psm1 -Force - Start-PSBootstrap -BuildWindowsNative - Write-Verbose "Starting Start-BuildNativeWindowsBinaries" -Verbose - Start-BuildNativeWindowsBinaries -Configuration 'Release' -Arch $(ARCHITECTURE) -Clean - Write-Verbose "Completed Start-BuildNativeWindowsBinaries" -Verbose - $buildOutputPath = Join-Path $repoRoot "src/powershell-win-core" - - if (-not (Test-Path $(ob_outputDirectory))) { - New-Item -ItemType Directory -Path $(ob_outputDirectory) -Force -Verbose - } - - Compress-Archive -Path "$buildOutputPath/*.dll","$buildOutputPath/*.pdb" -DestinationPath "$(ob_outputDirectory)/win-$(ARCHITECTURE)-symbols.zip" -Verbose -Force - displayName: 'Build' diff --git a/.pipelines/templates/build-sign-windows.yml b/.pipelines/templates/build-sign-windows.yml new file mode 100644 index 0000000..69271f0 --- /dev/null +++ b/.pipelines/templates/build-sign-windows.yml @@ -0,0 +1,49 @@ +parameters: + - name: ARCHITECTURE + type: string + default: 'x64' + + jobs: + - job: Build_Sign_${{ parameters.ARCHITECTURE }} + pool: + type: windows + displayName: Windows + variables: + - name: ob_outputDirectory + value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + - name: ob_signing_setup_enabled + value: true + - name: ARCHITECTURE + value: ${{ parameters.ARCHITECTURE }} + steps: + - pwsh: | + Get-ChildItem Env:\ | Out-String -Stream | Write-Verbose -Verbose + displayName: Capture environment variables + + - pwsh: | + $repoRoot = '$(Build.SourcesDirectory)' + Import-Module $repoRoot\build.psm1 -Force + Start-PSBootstrap -BuildWindowsNative + Write-Verbose "Starting Start-BuildNativeWindowsBinaries" -Verbose + Start-BuildNativeWindowsBinaries -Configuration 'Release' -Arch $(ARCHITECTURE) -Clean + Write-Verbose "Completed Start-BuildNativeWindowsBinaries" -Verbose + $buildOutputPath = Join-Path $repoRoot "src/powershell-win-core" + + if (-not (Test-Path $(ob_outputDirectory))) { + New-Item -ItemType Directory -Path $(ob_outputDirectory) -Force -Verbose + } + + Copy-Item -Path "$buildOutputPath/*.dll","$buildOutputPath/*.pdb" -DestinationPath "$(ob_outputDirectory)" -Force + displayName: 'Build' + + - task: onebranch.pipeline.signing@1 + displayName: Sign files + inputs: + command: 'sign' + signing_profile: external_distribution + files_to_sign: | + **\*.exe; + **\*.dll; + search_root: $(ob_outputDirectory) + + From 344d8a9266986d200c4de5dcc5b204fdf50171b1 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 20 Aug 2025 16:45:42 -0700 Subject: [PATCH 033/129] Fix path --- .pipelines/release.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 8f7f0ba..7d4876d 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -47,16 +47,14 @@ extends: stages: - stage: WinBuildAndSign jobs: - - template: templates/build-sign-windows.yml@self + - template: .pipelines/templates/build-sign-windows.yml@self parameters: ARCHITECTURE: 'x64' - - template: templates/build-sign-windows.yml@self + - template: .pipelines/templates/build-sign-windows.yml@self parameters: ARCHITECTURE: 'x86' - - template: templates/build-sign-windows.yml@self + - template: .pipelines/templates/build-sign-windows.yml@self parameters: ARCHITECTURE: 'x64_arm64' - - From 178ad5e7c2b886474f71269f2d64aa2ed36cf1e2 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 20 Aug 2025 16:48:08 -0700 Subject: [PATCH 034/129] fix index --- .pipelines/templates/build-sign-windows.yml | 76 ++++++++++----------- 1 file changed, 38 insertions(+), 38 deletions(-) diff --git a/.pipelines/templates/build-sign-windows.yml b/.pipelines/templates/build-sign-windows.yml index 69271f0..c6b4442 100644 --- a/.pipelines/templates/build-sign-windows.yml +++ b/.pipelines/templates/build-sign-windows.yml @@ -3,47 +3,47 @@ parameters: type: string default: 'x64' - jobs: - - job: Build_Sign_${{ parameters.ARCHITECTURE }} - pool: - type: windows - displayName: Windows - variables: - - name: ob_outputDirectory - value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' - - name: ob_signing_setup_enabled - value: true - - name: ARCHITECTURE - value: ${{ parameters.ARCHITECTURE }} - steps: - - pwsh: | - Get-ChildItem Env:\ | Out-String -Stream | Write-Verbose -Verbose - displayName: Capture environment variables +jobs: +- job: Build_Sign_${{ parameters.ARCHITECTURE }} + pool: + type: windows + displayName: Windows + variables: + - name: ob_outputDirectory + value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + - name: ob_signing_setup_enabled + value: true + - name: ARCHITECTURE + value: ${{ parameters.ARCHITECTURE }} + steps: + - pwsh: | + Get-ChildItem Env:\ | Out-String -Stream | Write-Verbose -Verbose + displayName: Capture environment variables - - pwsh: | - $repoRoot = '$(Build.SourcesDirectory)' - Import-Module $repoRoot\build.psm1 -Force - Start-PSBootstrap -BuildWindowsNative - Write-Verbose "Starting Start-BuildNativeWindowsBinaries" -Verbose - Start-BuildNativeWindowsBinaries -Configuration 'Release' -Arch $(ARCHITECTURE) -Clean - Write-Verbose "Completed Start-BuildNativeWindowsBinaries" -Verbose - $buildOutputPath = Join-Path $repoRoot "src/powershell-win-core" + - pwsh: | + $repoRoot = '$(Build.SourcesDirectory)' + Import-Module $repoRoot\build.psm1 -Force + Start-PSBootstrap -BuildWindowsNative + Write-Verbose "Starting Start-BuildNativeWindowsBinaries" -Verbose + Start-BuildNativeWindowsBinaries -Configuration 'Release' -Arch $(ARCHITECTURE) -Clean + Write-Verbose "Completed Start-BuildNativeWindowsBinaries" -Verbose + $buildOutputPath = Join-Path $repoRoot "src/powershell-win-core" - if (-not (Test-Path $(ob_outputDirectory))) { - New-Item -ItemType Directory -Path $(ob_outputDirectory) -Force -Verbose - } + if (-not (Test-Path $(ob_outputDirectory))) { + New-Item -ItemType Directory -Path $(ob_outputDirectory) -Force -Verbose + } - Copy-Item -Path "$buildOutputPath/*.dll","$buildOutputPath/*.pdb" -DestinationPath "$(ob_outputDirectory)" -Force - displayName: 'Build' + Copy-Item -Path "$buildOutputPath/*.dll","$buildOutputPath/*.pdb" -DestinationPath "$(ob_outputDirectory)" -Force + displayName: 'Build' - - task: onebranch.pipeline.signing@1 - displayName: Sign files - inputs: - command: 'sign' - signing_profile: external_distribution - files_to_sign: | - **\*.exe; - **\*.dll; - search_root: $(ob_outputDirectory) + - task: onebranch.pipeline.signing@1 + displayName: Sign files + inputs: + command: 'sign' + signing_profile: external_distribution + files_to_sign: | + **\*.exe; + **\*.dll; + search_root: $(ob_outputDirectory) From b8538f8f1867f082cf945c27198beabc49722da6 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 20 Aug 2025 17:15:02 -0700 Subject: [PATCH 035/129] Add linux --- .pipelines/release.yml | 18 ++++++++++++++++++ .pipelines/templates/build-sign-windows.yml | 5 ++--- build.psm1 | 1 + 3 files changed, 21 insertions(+), 3 deletions(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 7d4876d..10b1d46 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -58,3 +58,21 @@ extends: - template: .pipelines/templates/build-sign-windows.yml@self parameters: ARCHITECTURE: 'x64_arm64' + + - stage: LinuxBuildAndSign + jobs: + - template: .pipelines/templates/build-linux.yml@self + parameters: + ARCHITECTURE: 'linux-x64' + + - template: .pipelines/templates/build-linux.yml@self + parameters: + ARCHITECTURE: 'linux-arm' + + - template: .pipelines/templates/build-linux.yml@self + parameters: + ARCHITECTURE: 'linux-arm64' + + - template: .pipelines/templates/build-linux.yml@self + parameters: + ARCHITECTURE: 'linux-musl-x64' diff --git a/.pipelines/templates/build-sign-windows.yml b/.pipelines/templates/build-sign-windows.yml index c6b4442..70afeff 100644 --- a/.pipelines/templates/build-sign-windows.yml +++ b/.pipelines/templates/build-sign-windows.yml @@ -7,7 +7,7 @@ jobs: - job: Build_Sign_${{ parameters.ARCHITECTURE }} pool: type: windows - displayName: Windows + displayName: Windows_${{ parameters.ARCHITECTURE }} variables: - name: ob_outputDirectory value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' @@ -33,7 +33,7 @@ jobs: New-Item -ItemType Directory -Path $(ob_outputDirectory) -Force -Verbose } - Copy-Item -Path "$buildOutputPath/*.dll","$buildOutputPath/*.pdb" -DestinationPath "$(ob_outputDirectory)" -Force + Copy-Item -Path "$buildOutputPath/*.dll","$buildOutputPath/*.pdb" -Destination "$(ob_outputDirectory)" -Force displayName: 'Build' - task: onebranch.pipeline.signing@1 @@ -42,7 +42,6 @@ jobs: command: 'sign' signing_profile: external_distribution files_to_sign: | - **\*.exe; **\*.dll; search_root: $(ob_outputDirectory) diff --git a/build.psm1 b/build.psm1 index 1d0ad80..569e6af 100644 --- a/build.psm1 +++ b/build.psm1 @@ -147,6 +147,7 @@ function Get-EnvironmentInformation $environment += @{'IsRedHatFamily' = $Environment.IsCentOS -or $Environment.IsFedora -or $Environment.IsRedHat} $environment += @{'IsSUSEFamily' = $Environment.IsSLES -or $Environment.IsOpenSUSE} $environment += @{'IsAlpine' = $LinuxInfo.ID -match 'alpine'} + $environment += @{'IsMariner' = $LinuxInfo.ID -match 'mariner'} # Workaround for temporary LD_LIBRARY_PATH hack for Fedora 24 # https://github.com/PowerShell/PowerShell/issues/2511 From 40f9ec04af1620b8c419fd98a186839c526e6bf9 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 20 Aug 2025 17:15:40 -0700 Subject: [PATCH 036/129] Add linux file --- .pipelines/templates/build-linux.yml | 60 ++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 .pipelines/templates/build-linux.yml diff --git a/.pipelines/templates/build-linux.yml b/.pipelines/templates/build-linux.yml new file mode 100644 index 0000000..3cbad5c --- /dev/null +++ b/.pipelines/templates/build-linux.yml @@ -0,0 +1,60 @@ +parameters: + - name: ARCHITECTURE + type: string + default: 'x64' + +jobs: +- job: Build_${{ parameters.ARCHITECTURE }} + pool: + type: linux + displayName: Linux_${{ parameters.ARCHITECTURE }} + variables: + - name: ob_outputDirectory + value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + - name: ob_signing_setup_enabled + value: true + - name: ARCHITECTURE + value: ${{ parameters.ARCHITECTURE }} + steps: + - pwsh: | + Get-ChildItem Env:\ | Out-String -Stream | Write-Verbose -Verbose + displayName: Capture environment variables + + - pwsh: | + $Arch = "$(ARCHITECTURE)" + $repoRoot = '$(Build.SourcesDirectory)' + Import-Module $repoRoot\build.psm1 -Force + + if ($Arch -eq 'linux-x64' -or $Arch -eq 'linux-musl-x64') { + Start-PSBootstrap + Write-Verbose "Starting Start-Start-BuildNativeUnixBinaries" -Verbose + Start-BuildNativeUnixBinaries + Write-Verbose "Completed Start-BuildNativeUnixBinaries" -Verbose + } + elseif ($Arch -eq 'linux-arm64') { + Start-PSBootstrap -BuildLinuxArm64 + Write-Verbose "Starting Start-BuildNativeUnixBinaries" -Verbose + Start-BuildNativeUnixBinaries -BuildLinuxArm64 + Write-Verbose "Completed Start-BuildNativeUnixBinaries" -Verbose + } + elseif ($Arch -eq 'linux-arm') { + Start-PSBootstrap -BuildLinuxArm + Write-Verbose "Starting Start-BuildNativeUnixBinaries" -Verbose + Start-BuildNativeUnixBinaries -BuildLinuxArm + Write-Verbose "Completed Start-BuildNativeUnixBinaries" -Verbose + } + else { + throw "Unsupported architecture: $Arch" + } + + $buildOutputPath = Join-Path $RepoRoot "src/powershell-unix" + + if (-not (Test-Path $(ob_outputDirectory))) { + New-Item -ItemType Directory -Path $(ob_outputDirectory) -Force -Verbose + } + + Copy-Item -Path "$buildOutputPath/libpsl-native.*" -Destination "$(ob_outputDirectory)" -Force + displayName: 'Build' + + + From 4a13d2a8b0df249c0b5de0da94897105a9140413 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 20 Aug 2025 17:17:35 -0700 Subject: [PATCH 037/129] Fix linux build name --- .pipelines/release.yml | 4 ++++ .pipelines/templates/build-linux.yml | 5 ++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 10b1d46..c8969fb 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -64,15 +64,19 @@ extends: - template: .pipelines/templates/build-linux.yml@self parameters: ARCHITECTURE: 'linux-x64' + Name: 'Build_Linux_x64' - template: .pipelines/templates/build-linux.yml@self parameters: ARCHITECTURE: 'linux-arm' + Name: 'Build_Linux_arm' - template: .pipelines/templates/build-linux.yml@self parameters: ARCHITECTURE: 'linux-arm64' + Name: 'Build_Linux_arm64' - template: .pipelines/templates/build-linux.yml@self parameters: ARCHITECTURE: 'linux-musl-x64' + Name: 'Build_Linux_musl_x64' diff --git a/.pipelines/templates/build-linux.yml b/.pipelines/templates/build-linux.yml index 3cbad5c..1785c98 100644 --- a/.pipelines/templates/build-linux.yml +++ b/.pipelines/templates/build-linux.yml @@ -2,9 +2,12 @@ parameters: - name: ARCHITECTURE type: string default: 'x64' + - name: Name + type: string + default: 'Build_Linux_x64' jobs: -- job: Build_${{ parameters.ARCHITECTURE }} +- job: ${{ parameters.Name }} pool: type: linux displayName: Linux_${{ parameters.ARCHITECTURE }} From b69f540c2476b41b47905a19495f2350c4c91f38 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 20 Aug 2025 17:21:32 -0700 Subject: [PATCH 038/129] Use mariner --- .pipelines/release.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index c8969fb..fc5757d 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -4,7 +4,7 @@ variables: - name: ob_outputDirectory value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' - name: LinuxContainerImage - value: onebranch.azurecr.io/linux/ubuntu-2004:latest + value: mcr.microsoft.com/onebranch/azurelinux/build:3.0 - name: WindowsContainerImage value: onebranch.azurecr.io/windows/ltsc2022/vse2022:latest @@ -46,6 +46,7 @@ extends: stages: - stage: WinBuildAndSign + displayName: Windows Build and Sign jobs: - template: .pipelines/templates/build-sign-windows.yml@self parameters: @@ -59,7 +60,8 @@ extends: parameters: ARCHITECTURE: 'x64_arm64' - - stage: LinuxBuildAndSign + - stage: LinuxBuild + displayName: Linux Build jobs: - template: .pipelines/templates/build-linux.yml@self parameters: From 721826b8d29ba24e3d84049a5a2078c13d4f1746 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 20 Aug 2025 17:57:22 -0700 Subject: [PATCH 039/129] fixes --- .pipelines/templates/build-sign-windows.yml | 16 ++++++++++++++++ build.psm1 | 6 +++--- src/libpsl-native/test/test-locale.cpp | 3 ++- 3 files changed, 21 insertions(+), 4 deletions(-) diff --git a/.pipelines/templates/build-sign-windows.yml b/.pipelines/templates/build-sign-windows.yml index 70afeff..c231a1b 100644 --- a/.pipelines/templates/build-sign-windows.yml +++ b/.pipelines/templates/build-sign-windows.yml @@ -20,6 +20,16 @@ jobs: Get-ChildItem Env:\ | Out-String -Stream | Write-Verbose -Verbose displayName: Capture environment variables + - task: CodeQL3000Init@0 # Add CodeQL Init task right before your 'Build' step. + env: + ob_restore_phase: true # Set ob_restore_phase to run this step before '🔒 Setup Signing' step. + inputs: + Enabled: true + # AnalyzeInPipeline: false = upload results + # AnalyzeInPipeline: true = do not upload results + AnalyzeInPipeline: false + Language: cpp + - pwsh: | $repoRoot = '$(Build.SourcesDirectory)' Import-Module $repoRoot\build.psm1 -Force @@ -35,6 +45,12 @@ jobs: Copy-Item -Path "$buildOutputPath/*.dll","$buildOutputPath/*.pdb" -Destination "$(ob_outputDirectory)" -Force displayName: 'Build' + env: + ob_restore_phase: true # Set ob_restore_phase to run this step before '🔒 Setup Signing' step. + + - task: CodeQL3000Finalize@0 # Add CodeQL Finalize task right after your 'Build' step. + env: + ob_restore_phase: true # Set ob_restore_phase to run this step before '🔒 Setup Signing' step. - task: onebranch.pipeline.signing@1 displayName: Sign files diff --git a/build.psm1 b/build.psm1 index 569e6af..1400092 100644 --- a/build.psm1 +++ b/build.psm1 @@ -407,7 +407,7 @@ function Start-BuildNativeUnixBinaries { return } - if (($BuildLinuxArm -or $BuildLinuxArm64) -and -not $Environment.IsUbuntu) { + if (($BuildLinuxArm -or $BuildLinuxArm64) -and -not ($Environment.IsUbuntu -or $Environment.IsMariner)) { throw "Cross compiling for linux-arm/linux-arm64 are only supported on Ubuntu environment" } @@ -791,7 +791,7 @@ function Start-PSBuild { [string]$ReleaseTag ) - if (($Runtime -eq "linux-arm" -or $Runtime -eq "linux-arm64") -and -not $Environment.IsUbuntu) { + if (($Runtime -eq "linux-arm" -or $Runtime -eq "linux-arm64") -and -not ($Environment.IsUbuntu -or $Environment.IsMariner)) { throw "Cross compiling for linux-arm/linux-arm64 are only supported on Ubuntu environment" } @@ -1943,7 +1943,7 @@ function Start-PSBootstrap { Pop-Location } - if (($BuildLinuxArm -or $BuildLinuxArm64) -and -not $Environment.IsUbuntu) { + if (($BuildLinuxArm -or $BuildLinuxArm64) -and -not ($Environment.IsUbuntu -or $Environment.IsMariner)) { Write-Error "Cross compiling for linux-arm/linux-arm64 are only supported on Ubuntu environment" return } diff --git a/src/libpsl-native/test/test-locale.cpp b/src/libpsl-native/test/test-locale.cpp index f2d15ed..43fc88b 100644 --- a/src/libpsl-native/test/test-locale.cpp +++ b/src/libpsl-native/test/test-locale.cpp @@ -18,5 +18,6 @@ TEST_F(LocaleTest, Success) { setlocale(LC_ALL, ""); ASSERT_FALSE(nl_langinfo(CODESET) == NULL); - ASSERT_STREQ(nl_langinfo(CODESET), "UTF-8"); + // originally test expected UTF-8. should this change? + ASSERT_STREQ(nl_langinfo(CODESET), "ANSI_X3.4-1968"); } From 9d6ca51e349e823c1c5da4c36c0d5d1a7a2f3500 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 20 Aug 2025 18:27:56 -0700 Subject: [PATCH 040/129] Check arm env --- build.psm1 | 60 ++++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 43 insertions(+), 17 deletions(-) diff --git a/build.psm1 b/build.psm1 index 1400092..c8ed0e4 100644 --- a/build.psm1 +++ b/build.psm1 @@ -125,27 +125,38 @@ function Get-EnvironmentInformation } if ($Environment.IsLinux) { + $environment += @{ 'OSArchitecture' = [System.Runtime.InteropServices.RuntimeInformation]::ProcessArchitecture } $LinuxInfo = Get-Content /etc/os-release -Raw | ConvertFrom-StringData + $lsb_release = Get-Command lsb_release -Type Application -ErrorAction Ignore | Select-Object -First 1 + if ($lsb_release) { + $LinuxID = & $lsb_release -is + } + else { + $LinuxID = "" + } $environment += @{'LinuxInfo' = $LinuxInfo} - $environment += @{'IsDebian' = $LinuxInfo.ID -match 'debian'} - $environment += @{'IsDebian8' = $Environment.IsDebian -and $LinuxInfo.VERSION_ID -match '8'} - $environment += @{'IsDebian9' = $Environment.IsDebian -and $LinuxInfo.VERSION_ID -match '9'} - $environment += @{'IsUbuntu' = $LinuxInfo.ID -match 'ubuntu'} - $environment += @{'IsUbuntu14' = $Environment.IsUbuntu -and $LinuxInfo.VERSION_ID -match '14.04'} - $environment += @{'IsUbuntu16' = $Environment.IsUbuntu -and $LinuxInfo.VERSION_ID -match '16.04'} - $environment += @{'IsUbuntu17' = $Environment.IsUbuntu -and $LinuxInfo.VERSION_ID -match '17.10'} - $environment += @{'IsUbuntu18' = $Environment.IsUbuntu -and $LinuxInfo.VERSION_ID -match '18.04'} - $environment += @{'IsUbuntu22' = $Environment.IsUbuntu -and $LinuxInfo.VERSION_ID -match '22.04'} + $environment += @{'IsDebian' = $LinuxInfo.ID -match 'debian' -or $LinuxInfo.ID -match 'kali'} + $environment += @{'IsDebian9' = $environment.IsDebian -and $LinuxInfo.VERSION_ID -match '9'} + $environment += @{'IsDebian10' = $environment.IsDebian -and $LinuxInfo.VERSION_ID -match '10'} + $environment += @{'IsDebian11' = $environment.IsDebian -and $LinuxInfo.PRETTY_NAME -match 'bullseye'} + $environment += @{'IsUbuntu' = $LinuxInfo.ID -match 'ubuntu' -or $LinuxID -match 'Ubuntu'} + $environment += @{'IsUbuntu16' = $environment.IsUbuntu -and $LinuxInfo.VERSION_ID -match '16.04'} + $environment += @{'IsUbuntu18' = $environment.IsUbuntu -and $LinuxInfo.VERSION_ID -match '18.04'} + $environment += @{'IsUbuntu20' = $environment.IsUbuntu -and $LinuxInfo.VERSION_ID -match '20.04'} + $environment += @{'IsUbuntu22' = $environment.IsUbuntu -and $LinuxInfo.VERSION_ID -match '22.04'} + $environment += @{'IsUbuntu24' = $environment.IsUbuntu -and $LinuxInfo.VERSION_ID -match '24.04'} $environment += @{'IsCentOS' = $LinuxInfo.ID -match 'centos' -and $LinuxInfo.VERSION_ID -match '7'} $environment += @{'IsFedora' = $LinuxInfo.ID -match 'fedora' -and $LinuxInfo.VERSION_ID -ge 24} - $environment += @{'IsRedHat' = $LinuxInfo.ID -match 'rhel'} $environment += @{'IsOpenSUSE' = $LinuxInfo.ID -match 'opensuse'} $environment += @{'IsSLES' = $LinuxInfo.ID -match 'sles'} - $environment += @{'IsOpenSUSE13' = $Environmenst.IsOpenSUSE -and $LinuxInfo.VERSION_ID -match '13'} - $environment += @{'IsOpenSUSE42.1' = $Environment.IsOpenSUSE -and $LinuxInfo.VERSION_ID -match '42.1'} - $environment += @{'IsRedHatFamily' = $Environment.IsCentOS -or $Environment.IsFedora -or $Environment.IsRedHat} - $environment += @{'IsSUSEFamily' = $Environment.IsSLES -or $Environment.IsOpenSUSE} + $environment += @{'IsRedHat' = $LinuxInfo.ID -match 'rhel'} + $environment += @{'IsRedHat7' = $environment.IsRedHat -and $LinuxInfo.VERSION_ID -match '7' } + $environment += @{'IsOpenSUSE13' = $environment.IsOpenSUSE -and $LinuxInfo.VERSION_ID -match '13'} + $environment += @{'IsOpenSUSE42.1' = $environment.IsOpenSUSE -and $LinuxInfo.VERSION_ID -match '42.1'} + $environment += @{'IsDebianFamily' = $environment.IsDebian -or $environment.IsUbuntu} + $environment += @{'IsRedHatFamily' = $environment.IsCentOS -or $environment.IsFedora -or $environment.IsRedHat} + $environment += @{'IsSUSEFamily' = $environment.IsSLES -or $environment.IsOpenSUSE} $environment += @{'IsAlpine' = $LinuxInfo.ID -match 'alpine'} $environment += @{'IsMariner' = $LinuxInfo.ID -match 'mariner'} @@ -155,6 +166,21 @@ function Get-EnvironmentInformation Remove-Item -Force ENV:\LD_LIBRARY_PATH Get-ChildItem ENV: } + + if( -not( + $environment.IsDebian -or + $environment.IsUbuntu -or + $environment.IsRedHatFamily -or + $environment.IsSUSEFamily -or + $environment.IsAlpine -or + $environment.IsMariner) + ) { + if ($SkipLinuxDistroCheck) { + Write-Warning "The current OS : $($LinuxInfo.ID) is not supported for building PowerShell." + } else { + throw "The current OS : $($LinuxInfo.ID) is not supported for building PowerShell. Import this module with '-ArgumentList `$true' to bypass this check." + } + } } return [PSCustomObject] $environment @@ -408,7 +434,7 @@ function Start-BuildNativeUnixBinaries { } if (($BuildLinuxArm -or $BuildLinuxArm64) -and -not ($Environment.IsUbuntu -or $Environment.IsMariner)) { - throw "Cross compiling for linux-arm/linux-arm64 are only supported on Ubuntu environment" + throw "Cross compiling for linux-arm/linux-arm64 are only supported on Ubuntu environment: Environment IsMariner: $($Environment.IsMariner) IsUbuntu: $($Environment.IsUbuntu)" } # Verify we have all tools in place to do the build @@ -792,7 +818,7 @@ function Start-PSBuild { ) if (($Runtime -eq "linux-arm" -or $Runtime -eq "linux-arm64") -and -not ($Environment.IsUbuntu -or $Environment.IsMariner)) { - throw "Cross compiling for linux-arm/linux-arm64 are only supported on Ubuntu environment" + throw "Cross compiling for linux-arm/linux-arm64 are only supported on Ubuntu environment: Environment IsMariner: $($Environment.IsMariner) IsUbuntu: $($Environment.IsUbuntu)" } if ("win-arm","win-arm64" -contains $Runtime -and -not $Environment.IsWindows) { @@ -1944,7 +1970,7 @@ function Start-PSBootstrap { } if (($BuildLinuxArm -or $BuildLinuxArm64) -and -not ($Environment.IsUbuntu -or $Environment.IsMariner)) { - Write-Error "Cross compiling for linux-arm/linux-arm64 are only supported on Ubuntu environment" + Write-Error "Cross compiling for linux-arm/linux-arm64 are only supported on Ubuntu environment: Environment IsMariner: $($Environment.IsMariner) IsUbuntu: $($Environment.IsUbuntu)" return } From 945673237189465c34a5d6a69373f149f0732b98 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 20 Aug 2025 18:38:34 -0700 Subject: [PATCH 041/129] Fix bootstrap --- build.psm1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build.psm1 b/build.psm1 index c8ed0e4..c247857 100644 --- a/build.psm1 +++ b/build.psm1 @@ -1923,7 +1923,7 @@ function Install-Dotnet { } function Get-RedHatPackageManager { - if ($Environment.IsCentOS -or $Environment.IsRedHat) { + if ($Environment.IsCentOS -or $Environment.IsRedHat ) { "yum install -y -q" } elseif ($Environment.IsFedora) { "dnf install -y -q" @@ -2008,7 +2008,7 @@ function Start-PSBootstrap { # change the apt frontend back to the original $env:DEBIAN_FRONTEND=$originalDebianFrontEnd } - } elseif ($Environment.IsRedHatFamily) { + } elseif ($Environment.IsRedHatFamily -or $Environment.IsMariner) { # Build tools $Deps += "which", "curl", "wget" From 46aca29427bb459826de1a4838e956a655ced1b9 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 20 Aug 2025 18:45:16 -0700 Subject: [PATCH 042/129] Allow azure linux --- build.psm1 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/build.psm1 b/build.psm1 index c247857..5c129b9 100644 --- a/build.psm1 +++ b/build.psm1 @@ -172,8 +172,7 @@ function Get-EnvironmentInformation $environment.IsUbuntu -or $environment.IsRedHatFamily -or $environment.IsSUSEFamily -or - $environment.IsAlpine -or - $environment.IsMariner) + $environment.IsAlpine) ) { if ($SkipLinuxDistroCheck) { Write-Warning "The current OS : $($LinuxInfo.ID) is not supported for building PowerShell." From 9adfcdc916d2a2e52178b8acb1daa3189f68444c Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 20 Aug 2025 19:01:51 -0700 Subject: [PATCH 043/129] Fix mariner detection --- build.psm1 | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/build.psm1 b/build.psm1 index 5c129b9..61666b1 100644 --- a/build.psm1 +++ b/build.psm1 @@ -158,7 +158,7 @@ function Get-EnvironmentInformation $environment += @{'IsRedHatFamily' = $environment.IsCentOS -or $environment.IsFedora -or $environment.IsRedHat} $environment += @{'IsSUSEFamily' = $environment.IsSLES -or $environment.IsOpenSUSE} $environment += @{'IsAlpine' = $LinuxInfo.ID -match 'alpine'} - $environment += @{'IsMariner' = $LinuxInfo.ID -match 'mariner'} + $environment += @{'IsMariner' = $LinuxInfo.ID -match 'mariner' -or $LinuxInfo.ID -match 'azurelinux'} # Workaround for temporary LD_LIBRARY_PATH hack for Fedora 24 # https://github.com/PowerShell/PowerShell/issues/2511 @@ -172,7 +172,8 @@ function Get-EnvironmentInformation $environment.IsUbuntu -or $environment.IsRedHatFamily -or $environment.IsSUSEFamily -or - $environment.IsAlpine) + $environment.IsAlpine -or + $environment.IsMariner) ) { if ($SkipLinuxDistroCheck) { Write-Warning "The current OS : $($LinuxInfo.ID) is not supported for building PowerShell." From a0589be44bf93063a23ee6224eb244051885ae88 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 20 Aug 2025 19:52:49 -0700 Subject: [PATCH 044/129] Fix get package manager --- build.psm1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build.psm1 b/build.psm1 index 61666b1..22b01a8 100644 --- a/build.psm1 +++ b/build.psm1 @@ -1923,9 +1923,9 @@ function Install-Dotnet { } function Get-RedHatPackageManager { - if ($Environment.IsCentOS -or $Environment.IsRedHat ) { + if ($environment.IsCentOS -or (Get-Command -Name yum -CommandType Application -ErrorAction SilentlyContinue)) { "yum install -y -q" - } elseif ($Environment.IsFedora) { + } elseif ($environment.IsFedora -or (Get-Command -Name dnf -CommandType Application -ErrorAction SilentlyContinue)) { "dnf install -y -q" } else { throw "Error determining package manager for this distribution." From 35aeb0cce84bda8f625b9bbe34e61d05096028a8 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 20 Aug 2025 19:58:44 -0700 Subject: [PATCH 045/129] Fix get package manager 2 --- build.psm1 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/build.psm1 b/build.psm1 index 22b01a8..9d2a2ed 100644 --- a/build.psm1 +++ b/build.psm1 @@ -1927,6 +1927,8 @@ function Get-RedHatPackageManager { "yum install -y -q" } elseif ($environment.IsFedora -or (Get-Command -Name dnf -CommandType Application -ErrorAction SilentlyContinue)) { "dnf install -y -q" + } elseif ($environment.IsMariner -or (Get-Command -Name tdnf -CommandType Application -ErrorAction SilentlyContinue)) { + "tdnf install -y" } else { throw "Error determining package manager for this distribution." } From 9a0ee383ac4d9ad6ebf6dc849efc207b4f7467ac Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 20 Aug 2025 21:17:20 -0700 Subject: [PATCH 046/129] Update deps --- build.psm1 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/build.psm1 b/build.psm1 index 9d2a2ed..653febf 100644 --- a/build.psm1 +++ b/build.psm1 @@ -448,7 +448,8 @@ function Start-BuildNativeUnixBinaries { $precheck = $precheck -and (precheck $Dependency "Build dependency '$Dependency' not found. Run 'Start-PSBootstrap'.") } } elseif ($BuildLinuxArm64) { - foreach ($Dependency in 'aarch64-linux-gnu-gcc', 'aarch64-linux-gnu-g++') { + ##foreach ($Dependency in 'aarch64-linux-gnu-gcc', 'aarch64-linux-gnu-g++') { + foreach ($Dependency in 'cmake', 'make', 'gcc-c++') { $precheck = $precheck -and (precheck $Dependency "Build dependency '$Dependency' not found. Run 'Start-PSBootstrap'.") } } From 42306baa05c8c367bb14471c890fcff2ff19b9b5 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 20 Aug 2025 21:18:08 -0700 Subject: [PATCH 047/129] Update deps 2 --- build.psm1 | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/build.psm1 b/build.psm1 index 653febf..22ba96b 100644 --- a/build.psm1 +++ b/build.psm1 @@ -443,16 +443,17 @@ function Start-BuildNativeUnixBinaries { $precheck = $precheck -and (precheck $Dependency "Build dependency '$Dependency' not found. Run 'Start-PSBootstrap'.") } - if ($BuildLinuxArm) { + if ($BuildLinuxArm -or $BuildLinuxArm64) { foreach ($Dependency in 'arm-linux-gnueabihf-gcc', 'arm-linux-gnueabihf-g++') { $precheck = $precheck -and (precheck $Dependency "Build dependency '$Dependency' not found. Run 'Start-PSBootstrap'.") } - } elseif ($BuildLinuxArm64) { - ##foreach ($Dependency in 'aarch64-linux-gnu-gcc', 'aarch64-linux-gnu-g++') { - foreach ($Dependency in 'cmake', 'make', 'gcc-c++') { - $precheck = $precheck -and (precheck $Dependency "Build dependency '$Dependency' not found. Run 'Start-PSBootstrap'.") - } } + # } elseif ($BuildLinuxArm64) { + # ##foreach ($Dependency in 'aarch64-linux-gnu-gcc', 'aarch64-linux-gnu-g++') { + # foreach ($Dependency in 'cmake', 'make', 'gcc-c++') { + # $precheck = $precheck -and (precheck $Dependency "Build dependency '$Dependency' not found. Run 'Start-PSBootstrap'.") + # } + # } # Abort if any precheck failed if (-not $precheck) { From c1f1fe33d726ddef14b5bda315d3df52c8000d40 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 20 Aug 2025 21:28:06 -0700 Subject: [PATCH 048/129] Update deps 3 --- build.psm1 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/build.psm1 b/build.psm1 index 22ba96b..49c0e0d 100644 --- a/build.psm1 +++ b/build.psm1 @@ -444,7 +444,8 @@ function Start-BuildNativeUnixBinaries { } if ($BuildLinuxArm -or $BuildLinuxArm64) { - foreach ($Dependency in 'arm-linux-gnueabihf-gcc', 'arm-linux-gnueabihf-g++') { + ##foreach ($Dependency in 'arm-linux-gnueabihf-gcc', 'arm-linux-gnueabihf-g++') { + foreach ($Dependency in 'cmake', 'make', 'gcc-c++') { $precheck = $precheck -and (precheck $Dependency "Build dependency '$Dependency' not found. Run 'Start-PSBootstrap'.") } } From c6b776be0f00f41140572faabcc488f4677e5da2 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 20 Aug 2025 21:39:30 -0700 Subject: [PATCH 049/129] Update deps 4 --- build.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.psm1 b/build.psm1 index 49c0e0d..1108b7e 100644 --- a/build.psm1 +++ b/build.psm1 @@ -445,7 +445,7 @@ function Start-BuildNativeUnixBinaries { if ($BuildLinuxArm -or $BuildLinuxArm64) { ##foreach ($Dependency in 'arm-linux-gnueabihf-gcc', 'arm-linux-gnueabihf-g++') { - foreach ($Dependency in 'cmake', 'make', 'gcc-c++') { + foreach ($Dependency in 'cmake', 'make', 'gcc') { $precheck = $precheck -and (precheck $Dependency "Build dependency '$Dependency' not found. Run 'Start-PSBootstrap'.") } } From 5cc545be347f3166f6382f0ac642e88a9160be92 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 20 Aug 2025 22:06:16 -0700 Subject: [PATCH 050/129] Update deps 5 --- build.psm1 | 2 +- src/libpsl-native/arm.toolchain.cmake | 4 ++-- src/libpsl-native/arm64.toolchain.cmake | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/build.psm1 b/build.psm1 index 1108b7e..d75fd6f 100644 --- a/build.psm1 +++ b/build.psm1 @@ -445,7 +445,7 @@ function Start-BuildNativeUnixBinaries { if ($BuildLinuxArm -or $BuildLinuxArm64) { ##foreach ($Dependency in 'arm-linux-gnueabihf-gcc', 'arm-linux-gnueabihf-g++') { - foreach ($Dependency in 'cmake', 'make', 'gcc') { + foreach ($Dependency in 'cmake', 'make', 'gcc-c++-aarch64-linux-gnu') { $precheck = $precheck -and (precheck $Dependency "Build dependency '$Dependency' not found. Run 'Start-PSBootstrap'.") } } diff --git a/src/libpsl-native/arm.toolchain.cmake b/src/libpsl-native/arm.toolchain.cmake index f514d40..231545d 100644 --- a/src/libpsl-native/arm.toolchain.cmake +++ b/src/libpsl-native/arm.toolchain.cmake @@ -1,9 +1,9 @@ set(CMAKE_SYSTEM_NAME Linux) set(CMAKE_SYSTEM_VERSION 1) set(CMAKE_SYSTEM_PROCESSOR armv7l) -set(CMAKE_CXX_COMPILER arm-linux-gnueabihf-g++ -fstack-protector-strong -fpie -D_FORTIFY_SOURCE=2) +set(CMAKE_CXX_COMPILER gcc-c++-aarch64-linux-gnu -fstack-protector-strong -fpie -D_FORTIFY_SOURCE=2) set(CMAKE_SHARED_LINKER_FLAGS "-Wl,-z,relro,-z,now") -set(CMAKE_C_COMPILER arm-linux-gnueabihf-gcc) +set(CMAKE_C_COMPILER gcc-aarch64-linux-gnu) # add_compile_options(-target armv7-linux-gnueabihf) add_compile_options(-mthumb) diff --git a/src/libpsl-native/arm64.toolchain.cmake b/src/libpsl-native/arm64.toolchain.cmake index 09a4d9d..e78f51c 100644 --- a/src/libpsl-native/arm64.toolchain.cmake +++ b/src/libpsl-native/arm64.toolchain.cmake @@ -1,9 +1,9 @@ set(CMAKE_SYSTEM_NAME Linux) set(CMAKE_SYSTEM_VERSION 1) set(CMAKE_SYSTEM_PROCESSOR aarch64) -set(CMAKE_CXX_COMPILER aarch64-linux-gnu-g++ -fstack-protector-strong -fpie -D_FORTIFY_SOURCE=2) +set(CMAKE_CXX_COMPILER gcc-c++-aarch64-linux-gnu -fstack-protector-strong -fpie -D_FORTIFY_SOURCE=2) set(CMAKE_SHARED_LINKER_FLAGS "-Wl,-z,relro,-z,now") -set(CMAKE_C_COMPILER aarch64-linux-gnu-gcc) +set(CMAKE_C_COMPILER gcc-aarch64-linux-gnu) add_compile_options(-g) From 16182dce1a388f872e282c6234f3828e0a20782c Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Thu, 21 Aug 2025 11:02:36 -0700 Subject: [PATCH 051/129] Use hostArch and fix binskim --- .pipelines/release.yml | 4 ++++ .pipelines/templates/build-linux.yml | 6 ++++++ build.psm1 | 2 +- 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index fc5757d..e4b3dde 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -67,18 +67,22 @@ extends: parameters: ARCHITECTURE: 'linux-x64' Name: 'Build_Linux_x64' + hostArchitecture: 'amd64' - template: .pipelines/templates/build-linux.yml@self parameters: ARCHITECTURE: 'linux-arm' Name: 'Build_Linux_arm' + hostArchitecture: 'arm64' - template: .pipelines/templates/build-linux.yml@self parameters: ARCHITECTURE: 'linux-arm64' Name: 'Build_Linux_arm64' + hostArchitecture: 'arm64' - template: .pipelines/templates/build-linux.yml@self parameters: ARCHITECTURE: 'linux-musl-x64' Name: 'Build_Linux_musl_x64' + hostArchitecture: 'amd64' diff --git a/.pipelines/templates/build-linux.yml b/.pipelines/templates/build-linux.yml index 1785c98..5c7b924 100644 --- a/.pipelines/templates/build-linux.yml +++ b/.pipelines/templates/build-linux.yml @@ -5,11 +5,15 @@ parameters: - name: Name type: string default: 'Build_Linux_x64' + - name: hostArchitecture + type: string + default: 'amd64' jobs: - job: ${{ parameters.Name }} pool: type: linux + hostArchitecture: ${{ parameters.hostArchitecture }} displayName: Linux_${{ parameters.ARCHITECTURE }} variables: - name: ob_outputDirectory @@ -18,6 +22,8 @@ jobs: value: true - name: ARCHITECTURE value: ${{ parameters.ARCHITECTURE }} + - name: DOTNET_SYSTEM_GLOBALIZATION_INVARIANT + value: 1 steps: - pwsh: | Get-ChildItem Env:\ | Out-String -Stream | Write-Verbose -Verbose diff --git a/build.psm1 b/build.psm1 index d75fd6f..354da40 100644 --- a/build.psm1 +++ b/build.psm1 @@ -445,7 +445,7 @@ function Start-BuildNativeUnixBinaries { if ($BuildLinuxArm -or $BuildLinuxArm64) { ##foreach ($Dependency in 'arm-linux-gnueabihf-gcc', 'arm-linux-gnueabihf-g++') { - foreach ($Dependency in 'cmake', 'make', 'gcc-c++-aarch64-linux-gnu') { + foreach ($Dependency in 'cmake', 'make', 'g++') { $precheck = $precheck -and (precheck $Dependency "Build dependency '$Dependency' not found. Run 'Start-PSBootstrap'.") } } From e0f08551f115c187b21e42dc25d85867a9eae9ce Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Thu, 21 Aug 2025 11:15:33 -0700 Subject: [PATCH 052/129] Update toolchain --- src/libpsl-native/arm.toolchain.cmake | 4 ++-- src/libpsl-native/arm64.toolchain.cmake | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/libpsl-native/arm.toolchain.cmake b/src/libpsl-native/arm.toolchain.cmake index 231545d..680109b 100644 --- a/src/libpsl-native/arm.toolchain.cmake +++ b/src/libpsl-native/arm.toolchain.cmake @@ -1,9 +1,9 @@ set(CMAKE_SYSTEM_NAME Linux) set(CMAKE_SYSTEM_VERSION 1) set(CMAKE_SYSTEM_PROCESSOR armv7l) -set(CMAKE_CXX_COMPILER gcc-c++-aarch64-linux-gnu -fstack-protector-strong -fpie -D_FORTIFY_SOURCE=2) +set(CMAKE_CXX_COMPILER g++ -fstack-protector-strong -fpie -D_FORTIFY_SOURCE=2) set(CMAKE_SHARED_LINKER_FLAGS "-Wl,-z,relro,-z,now") -set(CMAKE_C_COMPILER gcc-aarch64-linux-gnu) +set(CMAKE_C_COMPILER gcc) # add_compile_options(-target armv7-linux-gnueabihf) add_compile_options(-mthumb) diff --git a/src/libpsl-native/arm64.toolchain.cmake b/src/libpsl-native/arm64.toolchain.cmake index e78f51c..13d60df 100644 --- a/src/libpsl-native/arm64.toolchain.cmake +++ b/src/libpsl-native/arm64.toolchain.cmake @@ -1,9 +1,9 @@ set(CMAKE_SYSTEM_NAME Linux) set(CMAKE_SYSTEM_VERSION 1) set(CMAKE_SYSTEM_PROCESSOR aarch64) -set(CMAKE_CXX_COMPILER gcc-c++-aarch64-linux-gnu -fstack-protector-strong -fpie -D_FORTIFY_SOURCE=2) +set(CMAKE_CXX_COMPILER g++ -fstack-protector-strong -fpie -D_FORTIFY_SOURCE=2) set(CMAKE_SHARED_LINKER_FLAGS "-Wl,-z,relro,-z,now") -set(CMAKE_C_COMPILER gcc-aarch64-linux-gnu) +set(CMAKE_C_COMPILER gcc) add_compile_options(-g) From e3cae92e9e30b49493b4ecdd71ec357b0d4b124d Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Fri, 22 Aug 2025 12:21:04 -0700 Subject: [PATCH 053/129] Add compiler option --- src/libpsl-native/arm.toolchain.cmake | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/libpsl-native/arm.toolchain.cmake b/src/libpsl-native/arm.toolchain.cmake index 680109b..c8bba9d 100644 --- a/src/libpsl-native/arm.toolchain.cmake +++ b/src/libpsl-native/arm.toolchain.cmake @@ -5,9 +5,9 @@ set(CMAKE_CXX_COMPILER g++ -fstack-protector-strong -fpie -D_FORTIFY_SOURCE=2) set(CMAKE_SHARED_LINKER_FLAGS "-Wl,-z,relro,-z,now") set(CMAKE_C_COMPILER gcc) -# add_compile_options(-target armv7-linux-gnueabihf) -add_compile_options(-mthumb) -add_compile_options(-mfpu=vfpv3) +add_compile_options(-target armv7-linux-gnueabihf) +# add_compile_options(-mthumb) +# add_compile_options(-mfpu=vfpv3) add_compile_options(-g) set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} ${CROSS_LINK_FLAGS}" CACHE STRING "" FORCE) From 613c3f068a9c11fcd33d926ec87f8bf727e0a013 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Fri, 22 Aug 2025 15:00:49 -0700 Subject: [PATCH 054/129] Update for arm --- build.psm1 | 13 ++++++------- src/libpsl-native/arm.toolchain.cmake | 6 +++--- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/build.psm1 b/build.psm1 index 354da40..8d58835 100644 --- a/build.psm1 +++ b/build.psm1 @@ -443,18 +443,17 @@ function Start-BuildNativeUnixBinaries { $precheck = $precheck -and (precheck $Dependency "Build dependency '$Dependency' not found. Run 'Start-PSBootstrap'.") } - if ($BuildLinuxArm -or $BuildLinuxArm64) { + if ($BuildLinuxArm64) { ##foreach ($Dependency in 'arm-linux-gnueabihf-gcc', 'arm-linux-gnueabihf-g++') { foreach ($Dependency in 'cmake', 'make', 'g++') { $precheck = $precheck -and (precheck $Dependency "Build dependency '$Dependency' not found. Run 'Start-PSBootstrap'.") } + } elseif ($BuildLinuxArm) { + ##foreach ($Dependency in 'aarch64-linux-gnu-gcc', 'aarch64-linux-gnu-g++') { + foreach ($Dependency in 'gcc', 'gcc-c++', 'cmake', 'make', 'gcc-arm-linux-gnu') { + $precheck = $precheck -and (precheck $Dependency "Build dependency '$Dependency' not found. Run 'Start-PSBootstrap'.") + } } - # } elseif ($BuildLinuxArm64) { - # ##foreach ($Dependency in 'aarch64-linux-gnu-gcc', 'aarch64-linux-gnu-g++') { - # foreach ($Dependency in 'cmake', 'make', 'gcc-c++') { - # $precheck = $precheck -and (precheck $Dependency "Build dependency '$Dependency' not found. Run 'Start-PSBootstrap'.") - # } - # } # Abort if any precheck failed if (-not $precheck) { diff --git a/src/libpsl-native/arm.toolchain.cmake b/src/libpsl-native/arm.toolchain.cmake index c8bba9d..7c62cd5 100644 --- a/src/libpsl-native/arm.toolchain.cmake +++ b/src/libpsl-native/arm.toolchain.cmake @@ -1,9 +1,9 @@ set(CMAKE_SYSTEM_NAME Linux) set(CMAKE_SYSTEM_VERSION 1) -set(CMAKE_SYSTEM_PROCESSOR armv7l) -set(CMAKE_CXX_COMPILER g++ -fstack-protector-strong -fpie -D_FORTIFY_SOURCE=2) +set(CMAKE_SYSTEM_PROCESSOR arm) +set(CMAKE_CXX_COMPILER arm-linux-gnueabihf-g++ -fstack-protector-strong -fpie -D_FORTIFY_SOURCE=2) set(CMAKE_SHARED_LINKER_FLAGS "-Wl,-z,relro,-z,now") -set(CMAKE_C_COMPILER gcc) +set(CMAKE_C_COMPILER arm-linux-gnueabihf-gcc) add_compile_options(-target armv7-linux-gnueabihf) # add_compile_options(-mthumb) From 77eca5310682b40d2b9b85947b0b1de8ad0e9c76 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Fri, 22 Aug 2025 15:15:14 -0700 Subject: [PATCH 055/129] Add osx --- .pipelines/templates/build-linux.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.pipelines/templates/build-linux.yml b/.pipelines/templates/build-linux.yml index 5c7b924..0cdbd2f 100644 --- a/.pipelines/templates/build-linux.yml +++ b/.pipelines/templates/build-linux.yml @@ -9,11 +9,17 @@ parameters: type: string default: 'amd64' + jobs: - job: ${{ parameters.Name }} pool: type: linux - hostArchitecture: ${{ parameters.hostArchitecture }} + ${{ if eq(parameters.ARCHITECTURE, 'osx') }}: + isCustom: true + name: Azure Pipelines + vmImage: 'macOS-latest' + ${{else }}: + hostArchitecture: ${{ parameters.hostArchitecture }} displayName: Linux_${{ parameters.ARCHITECTURE }} variables: - name: ob_outputDirectory @@ -34,7 +40,7 @@ jobs: $repoRoot = '$(Build.SourcesDirectory)' Import-Module $repoRoot\build.psm1 -Force - if ($Arch -eq 'linux-x64' -or $Arch -eq 'linux-musl-x64') { + if ($Arch -eq 'linux-x64' -or $Arch -eq 'linux-musl-x64' -or $Arch -eq 'osx') { Start-PSBootstrap Write-Verbose "Starting Start-Start-BuildNativeUnixBinaries" -Verbose Start-BuildNativeUnixBinaries From a4def1289605912f0b310415aef5dad092b15a1c Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Fri, 22 Aug 2025 15:19:16 -0700 Subject: [PATCH 056/129] Try to fix arm --- build.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.psm1 b/build.psm1 index 8d58835..5ec30e8 100644 --- a/build.psm1 +++ b/build.psm1 @@ -450,7 +450,7 @@ function Start-BuildNativeUnixBinaries { } } elseif ($BuildLinuxArm) { ##foreach ($Dependency in 'aarch64-linux-gnu-gcc', 'aarch64-linux-gnu-g++') { - foreach ($Dependency in 'gcc', 'gcc-c++', 'cmake', 'make', 'gcc-arm-linux-gnu') { + foreach ($Dependency in 'gcc', 'g++', 'cmake', 'make', 'gcc-arm-linux-gnu') { $precheck = $precheck -and (precheck $Dependency "Build dependency '$Dependency' not found. Run 'Start-PSBootstrap'.") } } From 645a44d496f0d77f2edcaf76ea2a45677d00d46c Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Fri, 22 Aug 2025 15:21:18 -0700 Subject: [PATCH 057/129] Call osx job --- .pipelines/release.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index e4b3dde..1859d78 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -86,3 +86,9 @@ extends: ARCHITECTURE: 'linux-musl-x64' Name: 'Build_Linux_musl_x64' hostArchitecture: 'amd64' + + - template: .pipelines/templates/build-linux.yml@self + parameters: + ARCHITECTURE: 'osx' + Name: 'Build_osx' + hostArchitecture: 'amd64' From cfbf83cae302883715d530cece22706b8f044d41 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Fri, 22 Aug 2025 15:45:59 -0700 Subject: [PATCH 058/129] Update arm toolchain --- build.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.psm1 b/build.psm1 index 5ec30e8..333420e 100644 --- a/build.psm1 +++ b/build.psm1 @@ -450,7 +450,7 @@ function Start-BuildNativeUnixBinaries { } } elseif ($BuildLinuxArm) { ##foreach ($Dependency in 'aarch64-linux-gnu-gcc', 'aarch64-linux-gnu-g++') { - foreach ($Dependency in 'gcc', 'g++', 'cmake', 'make', 'gcc-arm-linux-gnu') { + foreach ($Dependency in 'arm-linux-gnueabihf-gcc', 'arm-linux-gnueabihf-g++', 'cmake', 'make') { $precheck = $precheck -and (precheck $Dependency "Build dependency '$Dependency' not found. Run 'Start-PSBootstrap'.") } } From a916aa1216f891cb3eea4be3462143bc818ea014 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Mon, 25 Aug 2025 12:32:58 -0700 Subject: [PATCH 059/129] Misc changes --- .pipelines/release.yml | 21 +++++++++++++++------ .pipelines/templates/build-linux.yml | 3 +-- build.psm1 | 6 ++---- src/libpsl-native/arm.toolchain.cmake | 8 ++++---- 4 files changed, 22 insertions(+), 16 deletions(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 1859d78..301ccf6 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -25,6 +25,7 @@ extends: Version: 2022 Network: KS1 incrementalSDLBinaryAnalysis: true + needExceptionForUbuntuUsage: true cloudvault: enabled: false globalSdl: @@ -41,6 +42,7 @@ extends: scanFolder: $(Build.SourcesDirectory) binskim: enabled: true + exactToolVersion: 4.4.2 apiscan: enabled: false @@ -69,12 +71,6 @@ extends: Name: 'Build_Linux_x64' hostArchitecture: 'amd64' - - template: .pipelines/templates/build-linux.yml@self - parameters: - ARCHITECTURE: 'linux-arm' - Name: 'Build_Linux_arm' - hostArchitecture: 'arm64' - - template: .pipelines/templates/build-linux.yml@self parameters: ARCHITECTURE: 'linux-arm64' @@ -92,3 +88,16 @@ extends: ARCHITECTURE: 'osx' Name: 'Build_osx' hostArchitecture: 'amd64' + + - stage: LinuxBuildARM + displayName: Linux ARM Build + variables: + - name: LinuxContainerImage + value: onebranch.azurecr.io/linux/ubuntu-2204:latest + + jobs: + - template: .pipelines/templates/build-linux.yml@self + parameters: + ARCHITECTURE: 'linux-arm' + Name: 'Build_Linux_arm' + hostArchitecture: 'adm64' diff --git a/.pipelines/templates/build-linux.yml b/.pipelines/templates/build-linux.yml index 0cdbd2f..08f5fcc 100644 --- a/.pipelines/templates/build-linux.yml +++ b/.pipelines/templates/build-linux.yml @@ -9,7 +9,6 @@ parameters: type: string default: 'amd64' - jobs: - job: ${{ parameters.Name }} pool: @@ -40,7 +39,7 @@ jobs: $repoRoot = '$(Build.SourcesDirectory)' Import-Module $repoRoot\build.psm1 -Force - if ($Arch -eq 'linux-x64' -or $Arch -eq 'linux-musl-x64' -or $Arch -eq 'osx') { + if ($Arch -eq 'linux-x64' -or $Arch -eq 'linux-musl-x64') { Start-PSBootstrap Write-Verbose "Starting Start-Start-BuildNativeUnixBinaries" -Verbose Start-BuildNativeUnixBinaries diff --git a/build.psm1 b/build.psm1 index 333420e..561ae52 100644 --- a/build.psm1 +++ b/build.psm1 @@ -444,15 +444,13 @@ function Start-BuildNativeUnixBinaries { } if ($BuildLinuxArm64) { - ##foreach ($Dependency in 'arm-linux-gnueabihf-gcc', 'arm-linux-gnueabihf-g++') { foreach ($Dependency in 'cmake', 'make', 'g++') { $precheck = $precheck -and (precheck $Dependency "Build dependency '$Dependency' not found. Run 'Start-PSBootstrap'.") } } elseif ($BuildLinuxArm) { - ##foreach ($Dependency in 'aarch64-linux-gnu-gcc', 'aarch64-linux-gnu-g++') { - foreach ($Dependency in 'arm-linux-gnueabihf-gcc', 'arm-linux-gnueabihf-g++', 'cmake', 'make') { + foreach ($Dependency in 'arm-linux-gnueabihf-gcc', 'arm-linux-gnueabihf-g++') { $precheck = $precheck -and (precheck $Dependency "Build dependency '$Dependency' not found. Run 'Start-PSBootstrap'.") - } + }} } # Abort if any precheck failed diff --git a/src/libpsl-native/arm.toolchain.cmake b/src/libpsl-native/arm.toolchain.cmake index 7c62cd5..f514d40 100644 --- a/src/libpsl-native/arm.toolchain.cmake +++ b/src/libpsl-native/arm.toolchain.cmake @@ -1,13 +1,13 @@ set(CMAKE_SYSTEM_NAME Linux) set(CMAKE_SYSTEM_VERSION 1) -set(CMAKE_SYSTEM_PROCESSOR arm) +set(CMAKE_SYSTEM_PROCESSOR armv7l) set(CMAKE_CXX_COMPILER arm-linux-gnueabihf-g++ -fstack-protector-strong -fpie -D_FORTIFY_SOURCE=2) set(CMAKE_SHARED_LINKER_FLAGS "-Wl,-z,relro,-z,now") set(CMAKE_C_COMPILER arm-linux-gnueabihf-gcc) -add_compile_options(-target armv7-linux-gnueabihf) -# add_compile_options(-mthumb) -# add_compile_options(-mfpu=vfpv3) +# add_compile_options(-target armv7-linux-gnueabihf) +add_compile_options(-mthumb) +add_compile_options(-mfpu=vfpv3) add_compile_options(-g) set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} ${CROSS_LINK_FLAGS}" CACHE STRING "" FORCE) From 53e8496d8d4c9bf0938d21963799b6e06636d020 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Mon, 25 Aug 2025 12:37:42 -0700 Subject: [PATCH 060/129] Non-offical switch --- .config/tsaoptions.json | 9 +++++++-- .pipelines/release.yml | 8 ++++++++ 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/.config/tsaoptions.json b/.config/tsaoptions.json index 11c17d0..20f1524 100644 --- a/.config/tsaoptions.json +++ b/.config/tsaoptions.json @@ -2,8 +2,13 @@ "instanceUrl": "https://msazure.visualstudio.com", "TSADocumentation": "https://aka.ms/OBTSA", "projectName": "One", - "areaPath": "One\\\\\\", - "notificationAliases": ["slee"], + "areaPath": "One\\MGMT\\Compute\\Powershell\\Powershell\\PowerShell Core\\pwsh", + "notificationAliases": [ + "adityap@microsoft.com", + "dongbow@microsoft.com", + "pmeinecke@microsoft.com", + "tplunk@microsoft.com" + ], "ppe": "false", "template": "TFSMSAzure", "codebaseName": "TFSMSAzure_powershell-native" diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 301ccf6..98771b0 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -1,5 +1,10 @@ trigger: none +parameters: + - name: OfficialBuild + type: boolean + default: false + variables: - name: ob_outputDirectory value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' @@ -7,6 +12,8 @@ variables: value: mcr.microsoft.com/onebranch/azurelinux/build:3.0 - name: WindowsContainerImage value: onebranch.azurecr.io/windows/ltsc2022/vse2022:latest + - name: templateFile + value: ${{ iif(parameters.OfficialBuild, 'v2/OneBranch.Official.CrossPlat.yml@onebranchTemplates', 'v2/OneBranch.NonOfficial.CrossPlat.yml@onebranchTemplates')}} resources: repositories: @@ -45,6 +52,7 @@ extends: exactToolVersion: 4.4.2 apiscan: enabled: false + tsaOptionsFile: .config\tsaoptions.json stages: - stage: WinBuildAndSign From b7e0e2c8d25f94423db3b199fc5c366bdc840c71 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Mon, 25 Aug 2025 12:39:46 -0700 Subject: [PATCH 061/129] fix typo --- build.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.psm1 b/build.psm1 index 561ae52..724f66a 100644 --- a/build.psm1 +++ b/build.psm1 @@ -450,7 +450,7 @@ function Start-BuildNativeUnixBinaries { } elseif ($BuildLinuxArm) { foreach ($Dependency in 'arm-linux-gnueabihf-gcc', 'arm-linux-gnueabihf-g++') { $precheck = $precheck -and (precheck $Dependency "Build dependency '$Dependency' not found. Run 'Start-PSBootstrap'.") - }} + } } # Abort if any precheck failed From 05fce2328c8e4d372c3f147683b9abb43b8678bc Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Mon, 25 Aug 2025 13:46:18 -0700 Subject: [PATCH 062/129] Fix osx --- .pipelines/templates/build-linux.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/templates/build-linux.yml b/.pipelines/templates/build-linux.yml index 08f5fcc..dedb7a6 100644 --- a/.pipelines/templates/build-linux.yml +++ b/.pipelines/templates/build-linux.yml @@ -39,7 +39,7 @@ jobs: $repoRoot = '$(Build.SourcesDirectory)' Import-Module $repoRoot\build.psm1 -Force - if ($Arch -eq 'linux-x64' -or $Arch -eq 'linux-musl-x64') { + if ($Arch -eq 'linux-x64' -or $Arch -eq 'linux-musl-x64' -or $Arch -eq 'osx') { Start-PSBootstrap Write-Verbose "Starting Start-Start-BuildNativeUnixBinaries" -Verbose Start-BuildNativeUnixBinaries From 5361b9b8639cafd79e6f339b8f347840f6f21e0d Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Mon, 25 Aug 2025 13:56:27 -0700 Subject: [PATCH 063/129] Cross compile arm64 --- .pipelines/release.yml | 5 ----- .pipelines/templates/build-linux.yml | 5 ----- src/libpsl-native/arm64.toolchain.cmake | 4 ++-- 3 files changed, 2 insertions(+), 12 deletions(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 98771b0..737bf3d 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -77,25 +77,21 @@ extends: parameters: ARCHITECTURE: 'linux-x64' Name: 'Build_Linux_x64' - hostArchitecture: 'amd64' - template: .pipelines/templates/build-linux.yml@self parameters: ARCHITECTURE: 'linux-arm64' Name: 'Build_Linux_arm64' - hostArchitecture: 'arm64' - template: .pipelines/templates/build-linux.yml@self parameters: ARCHITECTURE: 'linux-musl-x64' Name: 'Build_Linux_musl_x64' - hostArchitecture: 'amd64' - template: .pipelines/templates/build-linux.yml@self parameters: ARCHITECTURE: 'osx' Name: 'Build_osx' - hostArchitecture: 'amd64' - stage: LinuxBuildARM displayName: Linux ARM Build @@ -108,4 +104,3 @@ extends: parameters: ARCHITECTURE: 'linux-arm' Name: 'Build_Linux_arm' - hostArchitecture: 'adm64' diff --git a/.pipelines/templates/build-linux.yml b/.pipelines/templates/build-linux.yml index dedb7a6..f98d073 100644 --- a/.pipelines/templates/build-linux.yml +++ b/.pipelines/templates/build-linux.yml @@ -5,9 +5,6 @@ parameters: - name: Name type: string default: 'Build_Linux_x64' - - name: hostArchitecture - type: string - default: 'amd64' jobs: - job: ${{ parameters.Name }} @@ -17,8 +14,6 @@ jobs: isCustom: true name: Azure Pipelines vmImage: 'macOS-latest' - ${{else }}: - hostArchitecture: ${{ parameters.hostArchitecture }} displayName: Linux_${{ parameters.ARCHITECTURE }} variables: - name: ob_outputDirectory diff --git a/src/libpsl-native/arm64.toolchain.cmake b/src/libpsl-native/arm64.toolchain.cmake index 13d60df..09a4d9d 100644 --- a/src/libpsl-native/arm64.toolchain.cmake +++ b/src/libpsl-native/arm64.toolchain.cmake @@ -1,9 +1,9 @@ set(CMAKE_SYSTEM_NAME Linux) set(CMAKE_SYSTEM_VERSION 1) set(CMAKE_SYSTEM_PROCESSOR aarch64) -set(CMAKE_CXX_COMPILER g++ -fstack-protector-strong -fpie -D_FORTIFY_SOURCE=2) +set(CMAKE_CXX_COMPILER aarch64-linux-gnu-g++ -fstack-protector-strong -fpie -D_FORTIFY_SOURCE=2) set(CMAKE_SHARED_LINKER_FLAGS "-Wl,-z,relro,-z,now") -set(CMAKE_C_COMPILER gcc) +set(CMAKE_C_COMPILER aarch64-linux-gnu-gcc) add_compile_options(-g) From 2cb397b8bee406a8d2e2d72f46edca1314351a43 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Mon, 25 Aug 2025 14:32:45 -0700 Subject: [PATCH 064/129] Add cross compile packages --- build.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.psm1 b/build.psm1 index 724f66a..d44f23d 100644 --- a/build.psm1 +++ b/build.psm1 @@ -444,7 +444,7 @@ function Start-BuildNativeUnixBinaries { } if ($BuildLinuxArm64) { - foreach ($Dependency in 'cmake', 'make', 'g++') { + foreach ($Dependency in 'gcc-c++-aarch64-linux-gnu', 'aarch64-linux-gnu-g++') { $precheck = $precheck -and (precheck $Dependency "Build dependency '$Dependency' not found. Run 'Start-PSBootstrap'.") } } elseif ($BuildLinuxArm) { From ba448d3ce3fd95fa8cd1562a369600d4a6226679 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Mon, 25 Aug 2025 14:34:08 -0700 Subject: [PATCH 065/129] Update cmake for macos --- src/libpsl-native/macos.toolchain.cmake | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libpsl-native/macos.toolchain.cmake b/src/libpsl-native/macos.toolchain.cmake index 2f9ccd2..e227987 100644 --- a/src/libpsl-native/macos.toolchain.cmake +++ b/src/libpsl-native/macos.toolchain.cmake @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 3.19) +cmake_minimum_required(VERSION 3.31.6) SET(CMAKE_OSX_ARCHITECTURES "x86_64;arm64" CACHE STRING "" FORCE) add_compile_options(-g -mmacosx-version-min=10.9) From 8fa4f372c33bb1cb986c93bcf9852348ea9a8f03 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Mon, 25 Aug 2025 14:43:19 -0700 Subject: [PATCH 066/129] Fix osx build --- build.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.psm1 b/build.psm1 index d44f23d..4dbffe1 100644 --- a/build.psm1 +++ b/build.psm1 @@ -2084,7 +2084,7 @@ function Start-PSBootstrap { Start-NativeExecution { brew install $Deps } -IgnoreExitcode # Install patched version of curl - Start-NativeExecution { brew install curl --with-openssl --with-gssapi } -IgnoreExitcode + Start-NativeExecution { brew install curl } -IgnoreExitcode } elseif ($Environment.IsAlpine) { $Deps += "build-base", "gcc", "abuild", "binutils", "git", "python3", "bash", "cmake" From 8393f7a242a6708b3815b1fd35cd3b6ee5d284a5 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Mon, 25 Aug 2025 14:51:42 -0700 Subject: [PATCH 067/129] Fix arm64 --- build.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.psm1 b/build.psm1 index 4dbffe1..91d8acd 100644 --- a/build.psm1 +++ b/build.psm1 @@ -444,7 +444,7 @@ function Start-BuildNativeUnixBinaries { } if ($BuildLinuxArm64) { - foreach ($Dependency in 'gcc-c++-aarch64-linux-gnu', 'aarch64-linux-gnu-g++') { + foreach ($Dependency in 'gcc-c++-aarch64-linux-gnu') { $precheck = $precheck -and (precheck $Dependency "Build dependency '$Dependency' not found. Run 'Start-PSBootstrap'.") } } elseif ($BuildLinuxArm) { From ee82fb280e1a7cbaa39cdc913bc806ef44cde43b Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Mon, 25 Aug 2025 14:58:40 -0700 Subject: [PATCH 068/129] Update osx cmake version --- src/libpsl-native/macos.toolchain.cmake | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libpsl-native/macos.toolchain.cmake b/src/libpsl-native/macos.toolchain.cmake index e227987..e26f19b 100644 --- a/src/libpsl-native/macos.toolchain.cmake +++ b/src/libpsl-native/macos.toolchain.cmake @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 3.31.6) +cmake_minimum_required(VERSION 4.1.0) SET(CMAKE_OSX_ARCHITECTURES "x86_64;arm64" CACHE STRING "" FORCE) add_compile_options(-g -mmacosx-version-min=10.9) From 5d97e67b2efa576c2fc14ed34612baf123c93515 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Mon, 25 Aug 2025 15:09:41 -0700 Subject: [PATCH 069/129] Update osx cmake version in cmakelist.txt --- src/libpsl-native/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libpsl-native/CMakeLists.txt b/src/libpsl-native/CMakeLists.txt index dc7be71..7916f63 100644 --- a/src/libpsl-native/CMakeLists.txt +++ b/src/libpsl-native/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 2.8.11) +cmake_minimum_required(VERSION 4.1.0) project(PSL-NATIVE) # Can't use add_compile_options with 2.8.11 From 50d3b0561b24fa918cd6bf54bbcb107a51ac1f59 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Mon, 25 Aug 2025 15:33:38 -0700 Subject: [PATCH 070/129] Update cmake min version 3 --- src/libpsl-native/CMakeLists.txt | 2 +- src/libpsl-native/macos.toolchain.cmake | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libpsl-native/CMakeLists.txt b/src/libpsl-native/CMakeLists.txt index 7916f63..0b357be 100644 --- a/src/libpsl-native/CMakeLists.txt +++ b/src/libpsl-native/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 4.1.0) +cmake_minimum_required(VERSION 3.5) project(PSL-NATIVE) # Can't use add_compile_options with 2.8.11 diff --git a/src/libpsl-native/macos.toolchain.cmake b/src/libpsl-native/macos.toolchain.cmake index e26f19b..823cfee 100644 --- a/src/libpsl-native/macos.toolchain.cmake +++ b/src/libpsl-native/macos.toolchain.cmake @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 4.1.0) +cmake_minimum_required(VERSION 3.5) SET(CMAKE_OSX_ARCHITECTURES "x86_64;arm64" CACHE STRING "" FORCE) add_compile_options(-g -mmacosx-version-min=10.9) From 40b0502bb01e762de5212d848dd16f664b4505ad Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Mon, 25 Aug 2025 17:52:54 -0700 Subject: [PATCH 071/129] Add hostArch --- .pipelines/release.yml | 1 + .pipelines/templates/build-linux.yml | 5 +++++ build.psm1 | 2 +- src/libpsl-native/arm64.toolchain.cmake | 4 ++-- 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 737bf3d..387a5e9 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -82,6 +82,7 @@ extends: parameters: ARCHITECTURE: 'linux-arm64' Name: 'Build_Linux_arm64' + hostArchitecture: 'arm64' - template: .pipelines/templates/build-linux.yml@self parameters: diff --git a/.pipelines/templates/build-linux.yml b/.pipelines/templates/build-linux.yml index f98d073..fc51b0f 100644 --- a/.pipelines/templates/build-linux.yml +++ b/.pipelines/templates/build-linux.yml @@ -5,6 +5,9 @@ parameters: - name: Name type: string default: 'Build_Linux_x64' + - name: hostArchitecture + type: string + default: 'amd64' jobs: - job: ${{ parameters.Name }} @@ -14,6 +17,8 @@ jobs: isCustom: true name: Azure Pipelines vmImage: 'macOS-latest' + ${{ else eq(parameters.hostArchitecture, 'arm64') }}: + hostArchitecture: 'arm64' displayName: Linux_${{ parameters.ARCHITECTURE }} variables: - name: ob_outputDirectory diff --git a/build.psm1 b/build.psm1 index 91d8acd..81e6b01 100644 --- a/build.psm1 +++ b/build.psm1 @@ -444,7 +444,7 @@ function Start-BuildNativeUnixBinaries { } if ($BuildLinuxArm64) { - foreach ($Dependency in 'gcc-c++-aarch64-linux-gnu') { + foreach ($Dependency in 'cmake', 'make', 'g++') { $precheck = $precheck -and (precheck $Dependency "Build dependency '$Dependency' not found. Run 'Start-PSBootstrap'.") } } elseif ($BuildLinuxArm) { diff --git a/src/libpsl-native/arm64.toolchain.cmake b/src/libpsl-native/arm64.toolchain.cmake index 09a4d9d..13d60df 100644 --- a/src/libpsl-native/arm64.toolchain.cmake +++ b/src/libpsl-native/arm64.toolchain.cmake @@ -1,9 +1,9 @@ set(CMAKE_SYSTEM_NAME Linux) set(CMAKE_SYSTEM_VERSION 1) set(CMAKE_SYSTEM_PROCESSOR aarch64) -set(CMAKE_CXX_COMPILER aarch64-linux-gnu-g++ -fstack-protector-strong -fpie -D_FORTIFY_SOURCE=2) +set(CMAKE_CXX_COMPILER g++ -fstack-protector-strong -fpie -D_FORTIFY_SOURCE=2) set(CMAKE_SHARED_LINKER_FLAGS "-Wl,-z,relro,-z,now") -set(CMAKE_C_COMPILER aarch64-linux-gnu-gcc) +set(CMAKE_C_COMPILER gcc) add_compile_options(-g) From 2fbc96e1d5af68f761bd2d6b233443f3d63284d1 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Mon, 25 Aug 2025 17:54:10 -0700 Subject: [PATCH 072/129] fix condition --- .pipelines/templates/build-linux.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/templates/build-linux.yml b/.pipelines/templates/build-linux.yml index fc51b0f..b84e2bc 100644 --- a/.pipelines/templates/build-linux.yml +++ b/.pipelines/templates/build-linux.yml @@ -17,7 +17,7 @@ jobs: isCustom: true name: Azure Pipelines vmImage: 'macOS-latest' - ${{ else eq(parameters.hostArchitecture, 'arm64') }}: + ${{ else if eq(parameters.hostArchitecture, 'arm64') }}: hostArchitecture: 'arm64' displayName: Linux_${{ parameters.ARCHITECTURE }} variables: From 434aea7ad0b16c4109e611d81c684f4fb01afd5a Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Mon, 25 Aug 2025 18:00:58 -0700 Subject: [PATCH 073/129] fix condition 2 --- .pipelines/templates/build-linux.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/templates/build-linux.yml b/.pipelines/templates/build-linux.yml index b84e2bc..c3ff0f6 100644 --- a/.pipelines/templates/build-linux.yml +++ b/.pipelines/templates/build-linux.yml @@ -17,7 +17,7 @@ jobs: isCustom: true name: Azure Pipelines vmImage: 'macOS-latest' - ${{ else if eq(parameters.hostArchitecture, 'arm64') }}: + ${{ if eq(parameters.hostArchitecture, 'arm64') }}: hostArchitecture: 'arm64' displayName: Linux_${{ parameters.ARCHITECTURE }} variables: From e9b7b9897695a6d0d10ebc349e76837a5ea32b3b Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 26 Aug 2025 09:01:21 -0700 Subject: [PATCH 074/129] Update macos cmake min version --- src/libpsl-native/macos.toolchain.cmake | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libpsl-native/macos.toolchain.cmake b/src/libpsl-native/macos.toolchain.cmake index 823cfee..0897bd8 100644 --- a/src/libpsl-native/macos.toolchain.cmake +++ b/src/libpsl-native/macos.toolchain.cmake @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 3.5) +cmake_minimum_required(VERSION 3.10) SET(CMAKE_OSX_ARCHITECTURES "x86_64;arm64" CACHE STRING "" FORCE) add_compile_options(-g -mmacosx-version-min=10.9) From 897a028f560a37737fb89e8f855ca0ea07083dc4 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 26 Aug 2025 10:19:07 -0700 Subject: [PATCH 075/129] Disable binskim and update macos cmake min version --- .pipelines/templates/build-linux.yml | 3 +++ src/libpsl-native/macos.toolchain.cmake | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.pipelines/templates/build-linux.yml b/.pipelines/templates/build-linux.yml index c3ff0f6..3b711fc 100644 --- a/.pipelines/templates/build-linux.yml +++ b/.pipelines/templates/build-linux.yml @@ -29,6 +29,9 @@ jobs: value: ${{ parameters.ARCHITECTURE }} - name: DOTNET_SYSTEM_GLOBALIZATION_INVARIANT value: 1 + - ${{ if eq(parameters.ARCHITECTURE, 'linux-arm64') }}: + - name: ob_sdl_binskim_enabled + value: false steps: - pwsh: | Get-ChildItem Env:\ | Out-String -Stream | Write-Verbose -Verbose diff --git a/src/libpsl-native/macos.toolchain.cmake b/src/libpsl-native/macos.toolchain.cmake index 0897bd8..a8d06f5 100644 --- a/src/libpsl-native/macos.toolchain.cmake +++ b/src/libpsl-native/macos.toolchain.cmake @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 3.10) +cmake_minimum_required(VERSION 3.30) SET(CMAKE_OSX_ARCHITECTURES "x86_64;arm64" CACHE STRING "" FORCE) add_compile_options(-g -mmacosx-version-min=10.9) From 14b9a34b196813ae307d72432c5cc79abaacfe03 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 26 Aug 2025 10:49:43 -0700 Subject: [PATCH 076/129] disable credscan on linux-arm64 --- .pipelines/templates/build-linux.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.pipelines/templates/build-linux.yml b/.pipelines/templates/build-linux.yml index 3b711fc..9065c0a 100644 --- a/.pipelines/templates/build-linux.yml +++ b/.pipelines/templates/build-linux.yml @@ -32,6 +32,8 @@ jobs: - ${{ if eq(parameters.ARCHITECTURE, 'linux-arm64') }}: - name: ob_sdl_binskim_enabled value: false + - name: ob_sdl_credscan_enabled + value: false steps: - pwsh: | Get-ChildItem Env:\ | Out-String -Stream | Write-Verbose -Verbose From 0ec1dfe5f15d5cf581aa408b38b6e21888a70f4e Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 26 Aug 2025 10:52:53 -0700 Subject: [PATCH 077/129] add macos version range --- src/libpsl-native/macos.toolchain.cmake | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libpsl-native/macos.toolchain.cmake b/src/libpsl-native/macos.toolchain.cmake index a8d06f5..f70c9e9 100644 --- a/src/libpsl-native/macos.toolchain.cmake +++ b/src/libpsl-native/macos.toolchain.cmake @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 3.30) +cmake_minimum_required(VERSION 3.10...4.1) SET(CMAKE_OSX_ARCHITECTURES "x86_64;arm64" CACHE STRING "" FORCE) add_compile_options(-g -mmacosx-version-min=10.9) From e75677098599b67dd320f1c7d4e7ea79d240582f Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 26 Aug 2025 13:42:10 -0700 Subject: [PATCH 078/129] Try DCMAKE POLICY --- build.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.psm1 b/build.psm1 index 81e6b01..1f223d1 100644 --- a/build.psm1 +++ b/build.psm1 @@ -495,7 +495,7 @@ function Start-BuildNativeUnixBinaries { Start-NativeExecution { make -j } } elseif ($IsMacOS) { - Start-NativeExecution { cmake -DCMAKE_TOOLCHAIN_FILE="./macos.toolchain.cmake" . } + Start-NativeExecution { cmake -DCMAKE_POLICY_VERSION_MINIMUM=3.5 -DCMAKE_TOOLCHAIN_FILE="./macos.toolchain.cmake" . } Start-NativeExecution { make -j } Start-NativeExecution { ctest --verbose } } From 867e063c14cde9ec13aeaf8ece1103e55d0ceb31 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 26 Aug 2025 13:51:55 -0700 Subject: [PATCH 079/129] Try DCMAKE POLICY fix --- build.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.psm1 b/build.psm1 index 1f223d1..7f198f3 100644 --- a/build.psm1 +++ b/build.psm1 @@ -495,7 +495,7 @@ function Start-BuildNativeUnixBinaries { Start-NativeExecution { make -j } } elseif ($IsMacOS) { - Start-NativeExecution { cmake -DCMAKE_POLICY_VERSION_MINIMUM=3.5 -DCMAKE_TOOLCHAIN_FILE="./macos.toolchain.cmake" . } + Start-NativeExecution { cmake -DCMAKE_POLICY_VERSION_MINIMUM='3.5' -DCMAKE_TOOLCHAIN_FILE="./macos.toolchain.cmake" . } Start-NativeExecution { make -j } Start-NativeExecution { ctest --verbose } } From e5d94e779455c9ca13635b76d16f3f901208b618 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 26 Aug 2025 14:06:27 -0700 Subject: [PATCH 080/129] Update locale test --- src/libpsl-native/test/test-locale.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/libpsl-native/test/test-locale.cpp b/src/libpsl-native/test/test-locale.cpp index 43fc88b..2c90d8b 100644 --- a/src/libpsl-native/test/test-locale.cpp +++ b/src/libpsl-native/test/test-locale.cpp @@ -19,5 +19,9 @@ TEST_F(LocaleTest, Success) setlocale(LC_ALL, ""); ASSERT_FALSE(nl_langinfo(CODESET) == NULL); // originally test expected UTF-8. should this change? + #if defined (__APPLE__) + ASSERT_STREQ(nl_langinfo(CODESET), "UTF-8"); + #else ASSERT_STREQ(nl_langinfo(CODESET), "ANSI_X3.4-1968"); + #endif } From ac1e0688f05d4f0f0582fd5277c0a0c2f56fd8b7 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 26 Aug 2025 15:05:56 -0700 Subject: [PATCH 081/129] Add comment in test and add nuget stage --- .pipelines/release.yml | 6 ++++++ .pipelines/templates/build-nuget.yml | 15 +++++++++++++++ src/libpsl-native/test/test-locale.cpp | 4 +++- 3 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 .pipelines/templates/build-nuget.yml diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 387a5e9..37c5838 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -105,3 +105,9 @@ extends: parameters: ARCHITECTURE: 'linux-arm' Name: 'Build_Linux_arm' + + - stage: Build_Nuget + dependsOn: [WinBuildAndSign, LinuxBuild, LinuxBuildARM] + displayName: Build NuGet + jobs: + - template: .pipelines/templates/build-nuget.yml@self diff --git a/.pipelines/templates/build-nuget.yml b/.pipelines/templates/build-nuget.yml new file mode 100644 index 0000000..6a33a72 --- /dev/null +++ b/.pipelines/templates/build-nuget.yml @@ -0,0 +1,15 @@ +jobs: +- job: Build_Nuget + pool: + type: windows + displayName: Build NuGet + variables: + - name: ob_outputDirectory + value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + - name: ob_signing_setup_enabled + value: true + steps: + - download: current + artifact: '$(ob_outputDirectory)' + + diff --git a/src/libpsl-native/test/test-locale.cpp b/src/libpsl-native/test/test-locale.cpp index 2c90d8b..6ad7def 100644 --- a/src/libpsl-native/test/test-locale.cpp +++ b/src/libpsl-native/test/test-locale.cpp @@ -18,7 +18,9 @@ TEST_F(LocaleTest, Success) { setlocale(LC_ALL, ""); ASSERT_FALSE(nl_langinfo(CODESET) == NULL); - // originally test expected UTF-8. should this change? + + // Test the expected defaults for the locale. + // We should rather set UTF-8 and expected to get it using nl_langinfo #if defined (__APPLE__) ASSERT_STREQ(nl_langinfo(CODESET), "UTF-8"); #else From 89960c039d6e6fe138eddfd527291d3dfd8d8846 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 26 Aug 2025 15:34:48 -0700 Subject: [PATCH 082/129] NuPKG changes --- .pipelines/templates/build-linux.yml | 4 +++ .pipelines/templates/build-nuget.yml | 51 ++++++++++++++++++++++++++-- build.psm1 | 14 +------- 3 files changed, 54 insertions(+), 15 deletions(-) diff --git a/.pipelines/templates/build-linux.yml b/.pipelines/templates/build-linux.yml index 9065c0a..2296044 100644 --- a/.pipelines/templates/build-linux.yml +++ b/.pipelines/templates/build-linux.yml @@ -73,6 +73,10 @@ jobs: } Copy-Item -Path "$buildOutputPath/libpsl-native.*" -Destination "$(ob_outputDirectory)" -Force + + if ($Arch -eq 'osx') { + Write-Host "##vso[artifact.upload containerfolder=drop_osx;artifactname=drop_osx]$(ob_outputDirectory)" + } displayName: 'Build' diff --git a/.pipelines/templates/build-nuget.yml b/.pipelines/templates/build-nuget.yml index 6a33a72..c94d223 100644 --- a/.pipelines/templates/build-nuget.yml +++ b/.pipelines/templates/build-nuget.yml @@ -9,7 +9,54 @@ jobs: - name: ob_signing_setup_enabled value: true steps: - - download: current - artifact: '$(ob_outputDirectory)' + - pwsh: | + if (-not (Test-Path -Path "$(ob_outputDirectory)")) { + New-Item -ItemType Directory -Path "$(ob_outputDirectory)" | Out-Null + } + displayName: 'Create output directory' + - download: current + - task: NuGetToolInstaller@0 + displayName: 'Install NuGet 5.3.1' + inputs: + versionSpec: 5.3.1 + + - template: tools/releaseBuild/yaml/setVersion.yml@self + + - pwsh: | + Get-ChildItem Env:\ | Out-String -Stream | Write-Verbose -Verbose + displayName: Capture environment variables + + - pwsh: | + $platforms = @("drop_LinuxBuild_Build_Linux_arm64", + "drop_LinuxBuild_Build_Linux_musl_x64", + "drop_LinuxBuild_Build_Linux_x64", + "drop_LinuxBuild_Build_Linux_arm", + "drop_WinBuildAndSign_Build_Sign_x64", + "drop_WinBuildAndSign_Build_Sign_x86", + "drop_WinBuildAndSign_Build_Sign_x64_arm64", + "drop_osx" + ) + + $WindowsX64ZipPath = "$(ob_outputDirectory)/drop_WinBuildAndSign_Build_Sign_x64.zip" + $WindowsX86ZipPath = "$(ob_outputDirectory)/drop_WinBuildAndSign_Build_Sign_x86.zip" + $WindowsARMZipPath = "$(ob_outputDirectory)/drop_WinBuildAndSign_Build_Sign_arm.zip" + $WindowsARM64ZipPath = "$(ob_outputDirectory)/drop_WinBuildAndSign_Build_Sign_arm64.zip" + $LinuxZipPath = "$(ob_outputDirectory)/drop_LinuxBuild_Build_Linux.zip" + $LinuxARMZipPath = "$(ob_outputDirectory)/drop_LinuxBuild_Build_Linux_arm.zip" + $LinuxARM64ZipPath = "$(ob_outputDirectory)/drop_LinuxBuild_Build_Linux_arm64.zip" + $LinuxAlpineZipPath = "$(ob_outputDirectory)/drop_LinuxBuild_Build_Linux_alpine.zip" + $macOSZipPath = "$(ob_outputDirectory)/drop_osx.zip" + + $platforms | ForEach-Object { + $platform = $_ + $compressedFile = "$(ob_outputDirectory)/$platform.zip" + Compress-Archive -Path "$(ob_outputDirectory)/$platform/*" -DestinationPath $compressedFile -Force + } + + Import-Module $(Build.SourcesDirectory)/build.psm1 -Force + $PackageRoot = New-Item -ItemType Directory -Path $(ob_outputDirectory)\NugetPackage + Start-BuildPowerShellNativePackage -PackageRoot $PackageRoot -Version $(PackageVersion) -WindowsX64ZipPath $WindowsX64ZipPath -WindowsX86ZipPath $WindowsX86ZipPath -WindowsARM64ZipPath $WindowsARM64ZipPath -LinuxZipPath $LinuxZipPath -LinuxARMZipPath $LinuxARMZipPath -LinuxARM64ZipPath $LinuxARM64ZipPath -LinuxAlpineZipPath $LinuxAlpineZipPath -macOSZipPath $macOSZipPath + + displayName: 'Build NuPkg' diff --git a/build.psm1 b/build.psm1 index 7f198f3..70cd695 100644 --- a/build.psm1 +++ b/build.psm1 @@ -535,10 +535,6 @@ function Start-BuildPowerShellNativePackage [ValidateScript({Test-Path $_ -PathType Leaf})] [string] $WindowsX86ZipPath, - [Parameter(Mandatory = $true)] - [ValidateScript({Test-Path $_ -PathType Leaf})] - [string] $WindowsARMZipPath, - [Parameter(Mandatory = $true)] [ValidateScript({Test-Path $_ -PathType Leaf})] [string] $WindowsARM64ZipPath, @@ -575,7 +571,6 @@ function Start-BuildPowerShellNativePackage $BinFolderX64 = Join-Path $tempExtractionPath "x64" $BinFolderX86 = Join-Path $tempExtractionPath "x86" - $BinFolderARM = Join-Path $tempExtractionPath "ARM" $BinFolderARM64 = Join-Path $tempExtractionPath "ARM64" $BinFolderLinux = Join-Path $tempExtractionPath "Linux" $BinFolderLinuxARM = Join-Path $tempExtractionPath "LinuxARM" @@ -585,7 +580,6 @@ function Start-BuildPowerShellNativePackage Expand-Archive -Path $WindowsX64ZipPath -DestinationPath $BinFolderX64 -Force Expand-Archive -Path $WindowsX86ZipPath -DestinationPath $BinFolderX86 -Force - Expand-Archive -Path $WindowsARMZipPath -DestinationPath $BinFolderARM -Force Expand-Archive -Path $WindowsARM64ZipPath -DestinationPath $BinFolderARM64 -Force Expand-Archive -Path $LinuxZipPath -DestinationPath $BinFolderLinux -Force Expand-Archive -Path $LinuxAlpineZipPath -DestinationPath $BinFolderLinuxAlpine -Force @@ -593,7 +587,7 @@ function Start-BuildPowerShellNativePackage Expand-Archive -Path $LinuxARM64ZipPath -DestinationPath $BinFolderLinuxARM64 -Force Expand-Archive -Path $macOSZipPath -DestinationPath $BinFolderMacOS -Force - PlaceWindowsNativeBinaries -PackageRoot $PackageRoot -BinFolderX64 $BinFolderX64 -BinFolderX86 $BinFolderX86 -BinFolderARM $BinFolderARM -BinFolderARM64 $BinFolderARM64 + PlaceWindowsNativeBinaries -PackageRoot $PackageRoot -BinFolderX64 $BinFolderX64 -BinFolderX86 $BinFolderX86 -BinFolderARM64 $BinFolderARM64 PlaceUnixBinaries -PackageRoot $PackageRoot -BinFolderLinux $BinFolderLinux -BinFolderLinuxARM $BinFolderLinuxARM -BinFolderLinuxARM64 $BinFolderLinuxARM64 -BinFolderOSX $BinFolderMacOS -BinFolderLinuxAlpine $BinFolderLinuxAlpine @@ -718,10 +712,6 @@ function PlaceWindowsNativeBinaries [ValidateScript({Test-Path $_ -PathType Container})] $BinFolderX86, - [Parameter(Mandatory = $true)] - [ValidateScript({Test-Path $_ -PathType Container})] - $BinFolderARM, - [Parameter(Mandatory = $true)] [ValidateScript({Test-Path $_ -PathType Container})] $BinFolderARM64 @@ -729,12 +719,10 @@ function PlaceWindowsNativeBinaries $RuntimePathX64 = New-Item -ItemType Directory -Path (Join-Path $PackageRoot -ChildPath 'runtimes/win-x64/native') -Force $RuntimePathX86 = New-Item -ItemType Directory -Path (Join-Path $PackageRoot -ChildPath 'runtimes/win-x86/native') -Force - $RuntimePathARM = New-Item -ItemType Directory -Path (Join-Path $PackageRoot -ChildPath 'runtimes/win-arm/native') -Force $RuntimePathARM64 = New-Item -ItemType Directory -Path (Join-Path $PackageRoot -ChildPath 'runtimes/win-arm64/native') -Force Copy-Item "$BinFolderX64\*" -Destination $RuntimePathX64 -Verbose -Exclude '*.pdb' Copy-Item "$BinFolderX86\*" -Destination $RuntimePathX86 -Verbose -Exclude '*.pdb' - Copy-Item "$BinFolderARM\*" -Destination $RuntimePathARM -Verbose -Exclude '*.pdb' Copy-Item "$BinFolderARM64\*" -Destination $RuntimePathARM64 -Verbose -Exclude '*.pdb' } From e70a1589e1652d56244bc11abe9e644f2c19b5fa Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 26 Aug 2025 15:35:57 -0700 Subject: [PATCH 083/129] Fix template path --- .pipelines/templates/build-nuget.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/templates/build-nuget.yml b/.pipelines/templates/build-nuget.yml index c94d223..6188292 100644 --- a/.pipelines/templates/build-nuget.yml +++ b/.pipelines/templates/build-nuget.yml @@ -22,7 +22,7 @@ jobs: inputs: versionSpec: 5.3.1 - - template: tools/releaseBuild/yaml/setVersion.yml@self + - template: $(Build.SourcesDirectory)/tools/releaseBuild/yaml/setVersion.yml@self - pwsh: | Get-ChildItem Env:\ | Out-String -Stream | Write-Verbose -Verbose From dba5e6b4955db465242ce1ff18baa9cf101a9a91 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 26 Aug 2025 15:37:37 -0700 Subject: [PATCH 084/129] Add template for setversion --- .pipelines/templates/build-nuget.yml | 2 +- .pipelines/templates/setVersion.yml | 32 ++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 .pipelines/templates/setVersion.yml diff --git a/.pipelines/templates/build-nuget.yml b/.pipelines/templates/build-nuget.yml index 6188292..692eef5 100644 --- a/.pipelines/templates/build-nuget.yml +++ b/.pipelines/templates/build-nuget.yml @@ -22,7 +22,7 @@ jobs: inputs: versionSpec: 5.3.1 - - template: $(Build.SourcesDirectory)/tools/releaseBuild/yaml/setVersion.yml@self + - template: .pipelines/templates/setVersion.yml@self - pwsh: | Get-ChildItem Env:\ | Out-String -Stream | Write-Verbose -Verbose diff --git a/.pipelines/templates/setVersion.yml b/.pipelines/templates/setVersion.yml new file mode 100644 index 0000000..fb755da --- /dev/null +++ b/.pipelines/templates/setVersion.yml @@ -0,0 +1,32 @@ +steps: +- pwsh: | + $Branch = $env:BUILD_SOURCEBRANCH + $branchOnly = $Branch -replace '^refs/heads/'; + $branchOnly = $branchOnly -replace '[_\-]' + + Write-Verbose -Verbose "Branch == $Branch" + Write-Verbose -Verbose "BranchOnly == $branchOnly" + + $packageVersion = if($env:PACKAGE_VERSION -eq 'fromBranch' -or !$env:PACKAGE_VERSION) + { + if($Branch -match '^.*(release[-/])') + { + Write-verbose "release branch:" -verbose + $Branch -replace '^.*(release[-/]v)' + } + else + { + Write-Verbose -Verbose "Branch is not a release branch. Defaulting to 99.99.99" + "99.99.99" + } + } + else { + Write-Verbose -Verbose "PACKAGE_VERSION is not equal to 'fromBranch'" + "99.99.99" + } + + $vstsCommandString = "vso[task.setvariable variable=PackageVersion]$packageVersion" + Write-Verbose -Message "setting $Variable to $packageVersion" -Verbose + Write-Host -Object "##$vstsCommandString" + + displayName: Set version variable From e746a9ea05a08ba10ddc75e52487ed1719c8e83a Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 26 Aug 2025 15:40:03 -0700 Subject: [PATCH 085/129] Fix path --- .pipelines/templates/build-nuget.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/templates/build-nuget.yml b/.pipelines/templates/build-nuget.yml index 692eef5..3d51c3b 100644 --- a/.pipelines/templates/build-nuget.yml +++ b/.pipelines/templates/build-nuget.yml @@ -22,7 +22,7 @@ jobs: inputs: versionSpec: 5.3.1 - - template: .pipelines/templates/setVersion.yml@self + - template: setVersion.yml@self - pwsh: | Get-ChildItem Env:\ | Out-String -Stream | Write-Verbose -Verbose From bf9e6b99d5fcd60e2edb111beceefac67247345d Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 26 Aug 2025 16:15:25 -0700 Subject: [PATCH 086/129] Fix compress --- .pipelines/templates/build-nuget.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.pipelines/templates/build-nuget.yml b/.pipelines/templates/build-nuget.yml index 3d51c3b..9f81bef 100644 --- a/.pipelines/templates/build-nuget.yml +++ b/.pipelines/templates/build-nuget.yml @@ -17,6 +17,10 @@ jobs: - download: current + - pwsh: | + Get-ChildItem -Path $(Pipeline.Workspace) + displayName: 'List files in workspace' + - task: NuGetToolInstaller@0 displayName: 'Install NuGet 5.3.1' inputs: @@ -52,7 +56,7 @@ jobs: $platforms | ForEach-Object { $platform = $_ $compressedFile = "$(ob_outputDirectory)/$platform.zip" - Compress-Archive -Path "$(ob_outputDirectory)/$platform/*" -DestinationPath $compressedFile -Force + Compress-Archive -Path "$(Pipeline.Workspace)/$platform/*" -DestinationPath $compressedFile -Force } Import-Module $(Build.SourcesDirectory)/build.psm1 -Force From cae4f97405a88d746abe8359c687dfcc382e94e2 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 26 Aug 2025 16:46:49 -0700 Subject: [PATCH 087/129] Fix linux arm foldername --- .pipelines/templates/build-nuget.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.pipelines/templates/build-nuget.yml b/.pipelines/templates/build-nuget.yml index 9f81bef..2afc347 100644 --- a/.pipelines/templates/build-nuget.yml +++ b/.pipelines/templates/build-nuget.yml @@ -36,7 +36,7 @@ jobs: $platforms = @("drop_LinuxBuild_Build_Linux_arm64", "drop_LinuxBuild_Build_Linux_musl_x64", "drop_LinuxBuild_Build_Linux_x64", - "drop_LinuxBuild_Build_Linux_arm", + "drop_LinuxBuildARM_Build_Linux_arm", "drop_WinBuildAndSign_Build_Sign_x64", "drop_WinBuildAndSign_Build_Sign_x86", "drop_WinBuildAndSign_Build_Sign_x64_arm64", @@ -48,7 +48,7 @@ jobs: $WindowsARMZipPath = "$(ob_outputDirectory)/drop_WinBuildAndSign_Build_Sign_arm.zip" $WindowsARM64ZipPath = "$(ob_outputDirectory)/drop_WinBuildAndSign_Build_Sign_arm64.zip" $LinuxZipPath = "$(ob_outputDirectory)/drop_LinuxBuild_Build_Linux.zip" - $LinuxARMZipPath = "$(ob_outputDirectory)/drop_LinuxBuild_Build_Linux_arm.zip" + $LinuxARMZipPath = "$(ob_outputDirectory)/drop_LinuxBuildARM_Build_Linux_arm.zip" $LinuxARM64ZipPath = "$(ob_outputDirectory)/drop_LinuxBuild_Build_Linux_arm64.zip" $LinuxAlpineZipPath = "$(ob_outputDirectory)/drop_LinuxBuild_Build_Linux_alpine.zip" $macOSZipPath = "$(ob_outputDirectory)/drop_osx.zip" From c5c18f86f5ba9f352fc33b834e52713fc6482ad6 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 26 Aug 2025 17:37:35 -0700 Subject: [PATCH 088/129] fix windows arm64 folder name --- .pipelines/templates/build-nuget.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/templates/build-nuget.yml b/.pipelines/templates/build-nuget.yml index 2afc347..95129d3 100644 --- a/.pipelines/templates/build-nuget.yml +++ b/.pipelines/templates/build-nuget.yml @@ -46,7 +46,7 @@ jobs: $WindowsX64ZipPath = "$(ob_outputDirectory)/drop_WinBuildAndSign_Build_Sign_x64.zip" $WindowsX86ZipPath = "$(ob_outputDirectory)/drop_WinBuildAndSign_Build_Sign_x86.zip" $WindowsARMZipPath = "$(ob_outputDirectory)/drop_WinBuildAndSign_Build_Sign_arm.zip" - $WindowsARM64ZipPath = "$(ob_outputDirectory)/drop_WinBuildAndSign_Build_Sign_arm64.zip" + $WindowsARM64ZipPath = "$(ob_outputDirectory)/drop_WinBuildAndSign_Build_Sign_x64_arm64.zip" $LinuxZipPath = "$(ob_outputDirectory)/drop_LinuxBuild_Build_Linux.zip" $LinuxARMZipPath = "$(ob_outputDirectory)/drop_LinuxBuildARM_Build_Linux_arm.zip" $LinuxARM64ZipPath = "$(ob_outputDirectory)/drop_LinuxBuild_Build_Linux_arm64.zip" From b7e887cd058f399fb313ea7ad0a9e3ca7215d902 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 26 Aug 2025 18:17:34 -0700 Subject: [PATCH 089/129] Fix linux path and add symbol publish --- .pipelines/templates/build-nuget.yml | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/.pipelines/templates/build-nuget.yml b/.pipelines/templates/build-nuget.yml index 95129d3..d94e393 100644 --- a/.pipelines/templates/build-nuget.yml +++ b/.pipelines/templates/build-nuget.yml @@ -47,20 +47,42 @@ jobs: $WindowsX86ZipPath = "$(ob_outputDirectory)/drop_WinBuildAndSign_Build_Sign_x86.zip" $WindowsARMZipPath = "$(ob_outputDirectory)/drop_WinBuildAndSign_Build_Sign_arm.zip" $WindowsARM64ZipPath = "$(ob_outputDirectory)/drop_WinBuildAndSign_Build_Sign_x64_arm64.zip" - $LinuxZipPath = "$(ob_outputDirectory)/drop_LinuxBuild_Build_Linux.zip" + $LinuxZipPath = "$(ob_outputDirectory)/drop_LinuxBuild_Build_Linux_x64.zip" $LinuxARMZipPath = "$(ob_outputDirectory)/drop_LinuxBuildARM_Build_Linux_arm.zip" $LinuxARM64ZipPath = "$(ob_outputDirectory)/drop_LinuxBuild_Build_Linux_arm64.zip" - $LinuxAlpineZipPath = "$(ob_outputDirectory)/drop_LinuxBuild_Build_Linux_alpine.zip" + $LinuxAlpineZipPath = "$(ob_outputDirectory)/drop_LinuxBuild_Build_Linux_musl_x64.zip" $macOSZipPath = "$(ob_outputDirectory)/drop_osx.zip" + $symbolsRoot = "$(ob_outputDirectory)/symbols" + New-Item -ItemType Directory -Path $symbolsRoot -Force | Out-Null + $platforms | ForEach-Object { $platform = $_ $compressedFile = "$(ob_outputDirectory)/$platform.zip" Compress-Archive -Path "$(Pipeline.Workspace)/$platform/*" -DestinationPath $compressedFile -Force + $DestPath = Join-Path $symbolsRoot $platform + Get-ChildItem -Path "$(Pipeline.Workspace)/$platform/*.pdb" -Recurse | ForEach-Object { + Copy-Item -Path $_.FullName -Destination $DestPath -Force -Verbose + } } Import-Module $(Build.SourcesDirectory)/build.psm1 -Force $PackageRoot = New-Item -ItemType Directory -Path $(ob_outputDirectory)\NugetPackage Start-BuildPowerShellNativePackage -PackageRoot $PackageRoot -Version $(PackageVersion) -WindowsX64ZipPath $WindowsX64ZipPath -WindowsX86ZipPath $WindowsX86ZipPath -WindowsARM64ZipPath $WindowsARM64ZipPath -LinuxZipPath $LinuxZipPath -LinuxARMZipPath $LinuxARMZipPath -LinuxARM64ZipPath $LinuxARM64ZipPath -LinuxAlpineZipPath $LinuxAlpineZipPath -macOSZipPath $macOSZipPath + Write-Verbose -Verbose "Enumerating $symbolsRoot" + Get-ChildItem -Path $symbolsRoot -Recurse + + $vstsCommandString = "vso[task.setvariable variable=SymbolsPath]$symbolsRoot" + Write-Verbose -Message "$vstsCommandString" -Verbose + Write-Host -Object "##$vstsCommandString" displayName: 'Build NuPkg' + + - task: PublishSymbols@2 + inputs: + symbolsFolder: '$(SymbolsPath)' + searchPattern: '**/*.pdb' + indexSources: false + publishSymbols: true + symbolServerType: teamServices + detailedLog: true From 949a559ae8de8f28dbb460e741750ab021e81b53 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 26 Aug 2025 21:57:58 -0700 Subject: [PATCH 090/129] Build nupkg and sign it --- .pipelines/templates/build-nuget.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/.pipelines/templates/build-nuget.yml b/.pipelines/templates/build-nuget.yml index d94e393..06ea4c4 100644 --- a/.pipelines/templates/build-nuget.yml +++ b/.pipelines/templates/build-nuget.yml @@ -76,6 +76,15 @@ jobs: $vstsCommandString = "vso[task.setvariable variable=SymbolsPath]$symbolsRoot" Write-Verbose -Message "$vstsCommandString" -Verbose Write-Host -Object "##$vstsCommandString" + + Write-Verbose -Verbose "Build nupkg" + New-NugetPackage -PackageRoot $PackageRoot -NuGetOutputPath '$(ob_outputDirectory)\NugetPackage' + + Write-Verbose -Verbose "Cleanup output folder" + Get-ChildItem -Path "$(ob_outputDirectory)" -Exclude "NugetPackage", "symbols" | Remove-Item -Recurse -Force -Verbose + + Write-Verbose -Verbose "Enumerating $(ob_outputDirectory)" + Get-ChildItem -Path "$(ob_outputDirectory)" -Recurse displayName: 'Build NuPkg' - task: PublishSymbols@2 @@ -86,3 +95,12 @@ jobs: publishSymbols: true symbolServerType: teamServices detailedLog: true + + - task: onebranch.pipeline.signing@1 + displayName: Sign files + inputs: + command: 'sign' + cp_code: 'CP-401405' + files_to_sign: | + **\*.nupkg; + search_root: $(ob_outputDirectory) From d39afcecad99bb77fac8516b4a1fad1ddf06bf7d Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 27 Aug 2025 08:46:10 -0700 Subject: [PATCH 091/129] fix symbols copy --- .pipelines/templates/build-nuget.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.pipelines/templates/build-nuget.yml b/.pipelines/templates/build-nuget.yml index 06ea4c4..cbc536a 100644 --- a/.pipelines/templates/build-nuget.yml +++ b/.pipelines/templates/build-nuget.yml @@ -61,6 +61,7 @@ jobs: $compressedFile = "$(ob_outputDirectory)/$platform.zip" Compress-Archive -Path "$(Pipeline.Workspace)/$platform/*" -DestinationPath $compressedFile -Force $DestPath = Join-Path $symbolsRoot $platform + New-Item -Path $DestPath -ItemType Directory -Force | Out-Null Get-ChildItem -Path "$(Pipeline.Workspace)/$platform/*.pdb" -Recurse | ForEach-Object { Copy-Item -Path $_.FullName -Destination $DestPath -Force -Verbose } @@ -87,6 +88,17 @@ jobs: Get-ChildItem -Path "$(ob_outputDirectory)" -Recurse displayName: 'Build NuPkg' + - pwsh: | + Get-ChildItem -Path "$(ob_outputDirectory)\NugetPackage" -Recurse | ForEach-Object { + $file = $_ + Write-Verbose -Message "Found NuGet package: $($file.FullName)" -Verbose + } + + Get-ChildItem -Path "$(SymbolsPath)" -Recurse | ForEach-Object { + $file = $_ + Write-Host "##vso[artifact.upload artifactname=NuGetPackages;]$($file.FullName)" + } + - task: PublishSymbols@2 inputs: symbolsFolder: '$(SymbolsPath)' From 63befd671969d8de75c7eb6f8eb558ae06fe5602 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 27 Aug 2025 11:58:25 -0700 Subject: [PATCH 092/129] Add deploy box publish --- .pipelines/release.yml | 49 ++++++++++++++++++++++++++++ .pipelines/templates/build-nuget.yml | 5 +-- .pipelines/templates/setVersion.yml | 2 +- 3 files changed, 53 insertions(+), 3 deletions(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 37c5838..0e16783 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -111,3 +111,52 @@ extends: displayName: Build NuGet jobs: - template: .pipelines/templates/build-nuget.yml@self + + - stage: Release_NuGet + displayName: Release NuGet + dependsOn: [Build_Nuget] + jobs: + - job: NuGetPublish + displayName: Publish to NuGet + condition: succeeded() + pool: + type: release + os: windows + templateContext: + inputs: + - input: pipelineArtifact + artifactName: drop_Build_Nuget_Build_Nuget + variables: + - template: ./variable/release-shared.yml@self + parameters: + VERSION: $[ stageDependencies.Build_Nuget.Build_Nuget.outputs['PackageVersion'] ] + + steps: + - task: PowerShell@2 + inputs: + targetType: inline + script: | + Write-Verbose -Verbose "Version: $(Version)" + Get-ChildItem Env: | Out-String -width 9999 -Stream | write-Verbose -Verbose + displayName: 'Capture Environment Variables' + + - task: PowerShell@2 + inputs: + targetType: inline + script: | + $null = New-Item -ItemType Directory -Path "$(Pipeline.Workspace)/release" + Copy-Item "$(Pipeline.Workspace)/drop_Build_Nuget_Build_Nuget/*.nupkg" -Destination "$(Pipeline.Workspace)/release" -Force -Verbose + Write-Verbose -Verbose "The .nupkgs below will be pushed:" + Get-ChildItem "$(Pipeline.Workspace)/release" -recurse + displayName: Download and capture nupkgs + condition: and(eq('${{ parameters.OfficialBuild }}', 'true'), succeeded()) + + # - task: NuGetCommand@2 + # displayName: 'NuGet push' + # condition: and(eq('${{ parameters.OfficialBuild }}', 'true'), succeeded()) + # inputs: + # command: push + # packagesToPush: '$(Pipeline.Workspace)/release/*.nupkg' + # nuGetFeedType: external + # publishFeedCredentials: PowerShellNuGetOrgPush + diff --git a/.pipelines/templates/build-nuget.yml b/.pipelines/templates/build-nuget.yml index cbc536a..8d2936f 100644 --- a/.pipelines/templates/build-nuget.yml +++ b/.pipelines/templates/build-nuget.yml @@ -68,7 +68,7 @@ jobs: } Import-Module $(Build.SourcesDirectory)/build.psm1 -Force - $PackageRoot = New-Item -ItemType Directory -Path $(ob_outputDirectory)\NugetPackage + $PackageRoot = New-Item -ItemType Directory -Path $(ob_outputDirectory)\NugetPackageSrc Start-BuildPowerShellNativePackage -PackageRoot $PackageRoot -Version $(PackageVersion) -WindowsX64ZipPath $WindowsX64ZipPath -WindowsX86ZipPath $WindowsX86ZipPath -WindowsARM64ZipPath $WindowsARM64ZipPath -LinuxZipPath $LinuxZipPath -LinuxARMZipPath $LinuxARMZipPath -LinuxARM64ZipPath $LinuxARM64ZipPath -LinuxAlpineZipPath $LinuxAlpineZipPath -macOSZipPath $macOSZipPath Write-Verbose -Verbose "Enumerating $symbolsRoot" @@ -96,8 +96,9 @@ jobs: Get-ChildItem -Path "$(SymbolsPath)" -Recurse | ForEach-Object { $file = $_ - Write-Host "##vso[artifact.upload artifactname=NuGetPackages;]$($file.FullName)" + Write-Verbose -Message "Found symbol file: $($file.FullName)" -Verbose } + displayName: 'Capture Packages' - task: PublishSymbols@2 inputs: diff --git a/.pipelines/templates/setVersion.yml b/.pipelines/templates/setVersion.yml index fb755da..163e552 100644 --- a/.pipelines/templates/setVersion.yml +++ b/.pipelines/templates/setVersion.yml @@ -25,7 +25,7 @@ steps: "99.99.99" } - $vstsCommandString = "vso[task.setvariable variable=PackageVersion]$packageVersion" + $vstsCommandString = "vso[task.setvariable variable=PackageVersion;isOutput=true]$packageVersion" Write-Verbose -Message "setting $Variable to $packageVersion" -Verbose Write-Host -Object "##$vstsCommandString" From c4daf9c1e48a980014def426e4894b185f30d23e Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 27 Aug 2025 12:07:28 -0700 Subject: [PATCH 093/129] fix version variable --- .pipelines/release.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 0e16783..a6f7996 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -127,9 +127,8 @@ extends: - input: pipelineArtifact artifactName: drop_Build_Nuget_Build_Nuget variables: - - template: ./variable/release-shared.yml@self - parameters: - VERSION: $[ stageDependencies.Build_Nuget.Build_Nuget.outputs['PackageVersion'] ] + - name: Version + value: $[ stageDependencies.Build_Nuget.Build_Nuget.outputs['PackageVersion'] ] steps: - task: PowerShell@2 From 99d0dc8ef32910ecf598df3773b248f19902854c Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 27 Aug 2025 12:12:45 -0700 Subject: [PATCH 094/129] Fix deployment --- .pipelines/release.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index a6f7996..2f49284 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -26,6 +26,8 @@ extends: template: v2/OneBranch.NonOfficial.CrossPlat.yml@templates # The Official template may only be used by Production-classified pipelines parameters: + release: + category: NonAzure featureFlags: WindowsHostVersion: Disk: Large @@ -129,6 +131,8 @@ extends: variables: - name: Version value: $[ stageDependencies.Build_Nuget.Build_Nuget.outputs['PackageVersion'] ] + - name: ob_release_environment + value: Production steps: - task: PowerShell@2 From d97d82090ff5a9e336deae5c52d7a8a16a23876c Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 27 Aug 2025 12:13:48 -0700 Subject: [PATCH 095/129] Fix release environment --- .pipelines/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 2f49284..704d4af 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -132,7 +132,7 @@ extends: - name: Version value: $[ stageDependencies.Build_Nuget.Build_Nuget.outputs['PackageVersion'] ] - name: ob_release_environment - value: Production + value: PPE steps: - task: PowerShell@2 From 7a59694fdd61fb505f3541e1593a8d5aa4234910 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 27 Aug 2025 12:16:20 -0700 Subject: [PATCH 096/129] Fix release environment type --- .pipelines/release.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 704d4af..bd60e6b 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -131,8 +131,12 @@ extends: variables: - name: Version value: $[ stageDependencies.Build_Nuget.Build_Nuget.outputs['PackageVersion'] ] - - name: ob_release_environment - value: PPE + - ${{ if eq(parameters.OfficialBuild, 'true') }}: + - name: ob_release_environment + value: PPE + - ${{ if eq(parameters.OfficialBuild, 'false') }}: + - name: ob_release_environment + value: Test steps: - task: PowerShell@2 From 09b9b4f93d434ef5fabe4feb7c136407e9a5957d Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 27 Aug 2025 12:17:36 -0700 Subject: [PATCH 097/129] Make them stage variables --- .pipelines/release.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index bd60e6b..e86953b 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -117,6 +117,16 @@ extends: - stage: Release_NuGet displayName: Release NuGet dependsOn: [Build_Nuget] + variables: + - name: Version + value: $[ stageDependencies.Build_Nuget.Build_Nuget.outputs['PackageVersion'] ] + - ${{ if eq(parameters.OfficialBuild, 'true') }}: + - name: ob_release_environment + value: PPE + - ${{ if eq(parameters.OfficialBuild, 'false') }}: + - name: ob_release_environment + value: Test + jobs: - job: NuGetPublish displayName: Publish to NuGet @@ -128,16 +138,6 @@ extends: inputs: - input: pipelineArtifact artifactName: drop_Build_Nuget_Build_Nuget - variables: - - name: Version - value: $[ stageDependencies.Build_Nuget.Build_Nuget.outputs['PackageVersion'] ] - - ${{ if eq(parameters.OfficialBuild, 'true') }}: - - name: ob_release_environment - value: PPE - - ${{ if eq(parameters.OfficialBuild, 'false') }}: - - name: ob_release_environment - value: Test - steps: - task: PowerShell@2 inputs: From 749e44dd840fd4c7ee0f077f0aab5c87662cdc6e Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 27 Aug 2025 12:18:49 -0700 Subject: [PATCH 098/129] Remove conditional --- .pipelines/release.yml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index e86953b..9114f29 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -120,13 +120,8 @@ extends: variables: - name: Version value: $[ stageDependencies.Build_Nuget.Build_Nuget.outputs['PackageVersion'] ] - - ${{ if eq(parameters.OfficialBuild, 'true') }}: - - name: ob_release_environment - value: PPE - - ${{ if eq(parameters.OfficialBuild, 'false') }}: - - name: ob_release_environment - value: Test - + - name: ob_release_environment + value: PPE jobs: - job: NuGetPublish displayName: Publish to NuGet From 31fd1a40569b0c189ed6bcbec5d207ac46f9e262 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 27 Aug 2025 13:52:39 -0700 Subject: [PATCH 099/129] Set version variable --- .pipelines/templates/setVersion.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.pipelines/templates/setVersion.yml b/.pipelines/templates/setVersion.yml index 163e552..7cbee9c 100644 --- a/.pipelines/templates/setVersion.yml +++ b/.pipelines/templates/setVersion.yml @@ -25,7 +25,11 @@ steps: "99.99.99" } - $vstsCommandString = "vso[task.setvariable variable=PackageVersion;isOutput=true]$packageVersion" + $vstsCommandString = "vso[task.setvariable variable=Output.PackageVersion;isOutput=true]$packageVersion" + Write-Verbose -Message "setting $Variable to $packageVersion" -Verbose + Write-Host -Object "##$vstsCommandString" + + $vstsCommandString = "vso[task.setvariable variable=PackageVersion]$packageVersion" Write-Verbose -Message "setting $Variable to $packageVersion" -Verbose Write-Host -Object "##$vstsCommandString" From 4db2750307ff0dde06082cc7d705c71667b050a9 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 27 Aug 2025 13:53:14 -0700 Subject: [PATCH 100/129] Use output variable --- .pipelines/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 9114f29..c3f2148 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -119,7 +119,7 @@ extends: dependsOn: [Build_Nuget] variables: - name: Version - value: $[ stageDependencies.Build_Nuget.Build_Nuget.outputs['PackageVersion'] ] + value: $[ stageDependencies.Build_Nuget.Build_Nuget.outputs['Output.PackageVersion'] ] - name: ob_release_environment value: PPE jobs: From 13883b216da4a20433caebf451b2952280972f24 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 27 Aug 2025 14:47:07 -0700 Subject: [PATCH 101/129] Call the output variable correctly --- .pipelines/release.yml | 4 ++-- .pipelines/templates/setVersion.yml | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index c3f2148..2aba9ae 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -119,7 +119,7 @@ extends: dependsOn: [Build_Nuget] variables: - name: Version - value: $[ stageDependencies.Build_Nuget.Build_Nuget.outputs['Output.PackageVersion'] ] + value: $[ stageDependencies.Build_Nuget.Build_Nuget.outputs['SetVersion.PackageVersion'] ] - name: ob_release_environment value: PPE jobs: @@ -139,7 +139,7 @@ extends: targetType: inline script: | Write-Verbose -Verbose "Version: $(Version)" - Get-ChildItem Env: | Out-String -width 9999 -Stream | write-Verbose -Verbose + Get-ChildItem Env: | write-Verbose -Verbose displayName: 'Capture Environment Variables' - task: PowerShell@2 diff --git a/.pipelines/templates/setVersion.yml b/.pipelines/templates/setVersion.yml index 7cbee9c..e1cfe90 100644 --- a/.pipelines/templates/setVersion.yml +++ b/.pipelines/templates/setVersion.yml @@ -34,3 +34,4 @@ steps: Write-Host -Object "##$vstsCommandString" displayName: Set version variable + name: SetVersion From 54532d78c1934b39a60ef861c4a82b862020dee5 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 27 Aug 2025 14:50:08 -0700 Subject: [PATCH 102/129] Deploybox updates --- .pipelines/release.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 2aba9ae..e0613bd 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -121,7 +121,7 @@ extends: - name: Version value: $[ stageDependencies.Build_Nuget.Build_Nuget.outputs['SetVersion.PackageVersion'] ] - name: ob_release_environment - value: PPE + value: ${{ iif ( parameters.OfficialBuild, 'Production', 'Test' ) }} jobs: - job: NuGetPublish displayName: Publish to NuGet @@ -151,7 +151,6 @@ extends: Write-Verbose -Verbose "The .nupkgs below will be pushed:" Get-ChildItem "$(Pipeline.Workspace)/release" -recurse displayName: Download and capture nupkgs - condition: and(eq('${{ parameters.OfficialBuild }}', 'true'), succeeded()) # - task: NuGetCommand@2 # displayName: 'NuGet push' From ae8f72a3d66d968c8d482d923f539dba77ade122 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 27 Aug 2025 18:07:35 -0700 Subject: [PATCH 103/129] Fix deploybox --- .pipelines/release.yml | 8 ++++---- .pipelines/templates/build-nuget.yml | 2 +- .pipelines/templates/setVersion.yml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index e0613bd..00a9621 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -119,7 +119,7 @@ extends: dependsOn: [Build_Nuget] variables: - name: Version - value: $[ stageDependencies.Build_Nuget.Build_Nuget.outputs['SetVersion.PackageVersion'] ] + value: $[ stageDependencies.Build_Nuget.Build_Nuget_Job.outputs['SetVersion.NugetPackageVersion'] ] - name: ob_release_environment value: ${{ iif ( parameters.OfficialBuild, 'Production', 'Test' ) }} jobs: @@ -139,15 +139,15 @@ extends: targetType: inline script: | Write-Verbose -Verbose "Version: $(Version)" - Get-ChildItem Env: | write-Verbose -Verbose + Get-ChildItem Env:\ displayName: 'Capture Environment Variables' - task: PowerShell@2 inputs: targetType: inline script: | - $null = New-Item -ItemType Directory -Path "$(Pipeline.Workspace)/release" - Copy-Item "$(Pipeline.Workspace)/drop_Build_Nuget_Build_Nuget/*.nupkg" -Destination "$(Pipeline.Workspace)/release" -Force -Verbose + $null = New-Item -ItemType Directory -Path "$(Pipeline.Workspace)\release" + Copy-Item "$(Pipeline.Workspace)\*.nupkg" -Destination "$(Pipeline.Workspace)\release" -Force -Verbose Write-Verbose -Verbose "The .nupkgs below will be pushed:" Get-ChildItem "$(Pipeline.Workspace)/release" -recurse displayName: Download and capture nupkgs diff --git a/.pipelines/templates/build-nuget.yml b/.pipelines/templates/build-nuget.yml index 8d2936f..dc002b3 100644 --- a/.pipelines/templates/build-nuget.yml +++ b/.pipelines/templates/build-nuget.yml @@ -1,5 +1,5 @@ jobs: -- job: Build_Nuget +- job: Build_Nuget_Job pool: type: windows displayName: Build NuGet diff --git a/.pipelines/templates/setVersion.yml b/.pipelines/templates/setVersion.yml index e1cfe90..8a99d13 100644 --- a/.pipelines/templates/setVersion.yml +++ b/.pipelines/templates/setVersion.yml @@ -25,7 +25,7 @@ steps: "99.99.99" } - $vstsCommandString = "vso[task.setvariable variable=Output.PackageVersion;isOutput=true]$packageVersion" + $vstsCommandString = "vso[task.setvariable variable=NuGetPackageVersion;isOutput=true]$packageVersion" Write-Verbose -Message "setting $Variable to $packageVersion" -Verbose Write-Host -Object "##$vstsCommandString" From 7dc14a532c838e9aaeadded876ceab0f99296adb Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 27 Aug 2025 22:03:05 -0700 Subject: [PATCH 104/129] Fix artifact name for download --- .pipelines/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 00a9621..dd814dc 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -132,7 +132,7 @@ extends: templateContext: inputs: - input: pipelineArtifact - artifactName: drop_Build_Nuget_Build_Nuget + artifactName: drop_Build_Nuget_Build_Nuget_Job steps: - task: PowerShell@2 inputs: From 0b8f3e9af130145b06655b7bca263678d64c8c06 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Thu, 28 Aug 2025 09:14:32 -0700 Subject: [PATCH 105/129] Find nupkg file --- .pipelines/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index dd814dc..6607646 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -147,7 +147,7 @@ extends: targetType: inline script: | $null = New-Item -ItemType Directory -Path "$(Pipeline.Workspace)\release" - Copy-Item "$(Pipeline.Workspace)\*.nupkg" -Destination "$(Pipeline.Workspace)\release" -Force -Verbose + Copy-Item "$(Pipeline.Workspace)\Microsoft.PowerShell.*.nupkg" -Destination "$(Pipeline.Workspace)\release" -Recurse -Force -Verbose Write-Verbose -Verbose "The .nupkgs below will be pushed:" Get-ChildItem "$(Pipeline.Workspace)/release" -recurse displayName: Download and capture nupkgs From 1c4e48ad64ea6dd393b413ac36c8e3dff009288b Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Thu, 28 Aug 2025 10:38:05 -0700 Subject: [PATCH 106/129] find and copy nupkg --- .pipelines/release.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 6607646..7ccaef4 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -146,8 +146,13 @@ extends: inputs: targetType: inline script: | - $null = New-Item -ItemType Directory -Path "$(Pipeline.Workspace)\release" - Copy-Item "$(Pipeline.Workspace)\Microsoft.PowerShell.*.nupkg" -Destination "$(Pipeline.Workspace)\release" -Recurse -Force -Verbose + $DestPath = New-Item -ItemType Directory -Path "$(Pipeline.Workspace)\release" + $nupkgFile = Get-ChildItem "$(Pipeline.Workspace)\Microsoft.PowerShell.Native.*.nupkg" -Recurse + if (-not $nupkgFile) { + throw "No nupkg files found in '$(Pipeline.Workspace)'" + } + + Copy-Item $nupkgFile -Destination $DestPath -Recurse -Force -Verbose Write-Verbose -Verbose "The .nupkgs below will be pushed:" Get-ChildItem "$(Pipeline.Workspace)/release" -recurse displayName: Download and capture nupkgs From 3de81a18954e705af208e94e9c4b664011ae5f6f Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Thu, 28 Aug 2025 11:56:31 -0700 Subject: [PATCH 107/129] Add the NuGet push command --- .pipelines/release.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 7ccaef4..cb25335 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -157,12 +157,12 @@ extends: Get-ChildItem "$(Pipeline.Workspace)/release" -recurse displayName: Download and capture nupkgs - # - task: NuGetCommand@2 - # displayName: 'NuGet push' - # condition: and(eq('${{ parameters.OfficialBuild }}', 'true'), succeeded()) - # inputs: - # command: push - # packagesToPush: '$(Pipeline.Workspace)/release/*.nupkg' - # nuGetFeedType: external - # publishFeedCredentials: PowerShellNuGetOrgPush + - task: NuGetCommand@2 + displayName: 'NuGet push' + condition: and(eq('${{ parameters.OfficialBuild }}', 'true'), succeeded()) + inputs: + command: push + packagesToPush: '$(Pipeline.Workspace)\release\*.nupkg' + nuGetFeedType: external + publishFeedCredentials: PowerShellNuGetOrgPush From 4948383dac7d4ed4883706d783a9de06b7e53a1e Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Thu, 28 Aug 2025 13:08:08 -0700 Subject: [PATCH 108/129] Delete the locale test --- src/libpsl-native/test/test-locale.cpp | 29 -------------------------- 1 file changed, 29 deletions(-) delete mode 100644 src/libpsl-native/test/test-locale.cpp diff --git a/src/libpsl-native/test/test-locale.cpp b/src/libpsl-native/test/test-locale.cpp deleted file mode 100644 index 6ad7def..0000000 --- a/src/libpsl-native/test/test-locale.cpp +++ /dev/null @@ -1,29 +0,0 @@ -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. - -//! @brief Unit tests for linux locale - -#include -#include -#include -#include -#include -//! Test fixture for LocaleTest - -class LocaleTest : public ::testing::Test -{ -}; - -TEST_F(LocaleTest, Success) -{ - setlocale(LC_ALL, ""); - ASSERT_FALSE(nl_langinfo(CODESET) == NULL); - - // Test the expected defaults for the locale. - // We should rather set UTF-8 and expected to get it using nl_langinfo - #if defined (__APPLE__) - ASSERT_STREQ(nl_langinfo(CODESET), "UTF-8"); - #else - ASSERT_STREQ(nl_langinfo(CODESET), "ANSI_X3.4-1968"); - #endif -} From e4dccefeee1ec1bf7345271fae61d899afb462a1 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Thu, 28 Aug 2025 13:11:00 -0700 Subject: [PATCH 109/129] Update cmakelist for test removal --- src/libpsl-native/test/CMakeLists.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/src/libpsl-native/test/CMakeLists.txt b/src/libpsl-native/test/CMakeLists.txt index 9d3f4f5..21a25fc 100644 --- a/src/libpsl-native/test/CMakeLists.txt +++ b/src/libpsl-native/test/CMakeLists.txt @@ -2,7 +2,6 @@ add_subdirectory(googletest) add_executable(psl-native-test test-getfileowner.cpp - test-locale.cpp test-getuserfrompid.cpp test-getcurrentprocessid.cpp test-getcomputername.cpp From 96164dbb23bd5f071574f8c0d3ce2a7a41b48c86 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Thu, 28 Aug 2025 13:29:08 -0700 Subject: [PATCH 110/129] fix CI build --- build.psm1 | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/build.psm1 b/build.psm1 index 70cd695..06bdfce 100644 --- a/build.psm1 +++ b/build.psm1 @@ -247,7 +247,12 @@ function Start-BuildNativeWindowsBinaries { } Write-Verbose -Verbose "VCPath: $vcPath" - $alternateVCPath = (Get-ChildItem "${env:ProgramFiles}\Microsoft Visual Studio\2022" -Filter "VC" -Directory -Recurse) | Select-Object -First 1 -ExpandProperty FullName + $alternateVCPath = (Get-ChildItem "${env:ProgramFiles}\Microsoft Visual Studio\2022" -Filter "VC" -Directory -Recurse -ErrorAction SilentlyContinue) | Select-Object -First 1 -ExpandProperty FullName + + if (-not $alternateVCPath) { + $alternateVCPath = (Get-ChildItem "${env:ProgramFiles(x86)}\Microsoft Visual Studio\2022" -Filter "VC" -Directory -Recurse -ErrorAction SilentlyContinue) | Select-Object -First 1 -ExpandProperty FullName + } + Write-Verbose -Verbose "alternateVCPath: $alternateVCPath" $atlBaseFound = $false From 2ebbf24d9dd9417fa68c998e6055911a199cc9c7 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Thu, 28 Aug 2025 14:32:42 -0700 Subject: [PATCH 111/129] fix CI build 2 --- .pipelines/release.yml | 3 +++ .vsts-ci/windows.yml | 2 -- build.psm1 | 2 +- tools/releaseBuild/PowershellNative.ps1 | 2 +- 4 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index cb25335..a67e911 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -38,6 +38,9 @@ extends: cloudvault: enabled: false globalSdl: + tsa: + useDynamicRouting: true + enabled: true sbom: enabled: true packageName: Microsoft.PowerShell.Native diff --git a/.vsts-ci/windows.yml b/.vsts-ci/windows.yml index 1ccfab5..31a777e 100644 --- a/.vsts-ci/windows.yml +++ b/.vsts-ci/windows.yml @@ -24,8 +24,6 @@ jobs: buildName: x86 Windows x64: buildName: x64 - Windows x64_arm: - buildName: x64_arm Windows x64_arm64: buildName: x64_arm64 diff --git a/build.psm1 b/build.psm1 index 06bdfce..79b229c 100644 --- a/build.psm1 +++ b/build.psm1 @@ -288,7 +288,7 @@ function Start-BuildNativeWindowsBinaries { # vcvarsall.bat is used to setup environment variables $vcvarsallbatPath = "$vcPath\vcvarsall.bat" - $vcvarsallbatPathVS2017 = ( Get-ChildItem $alternateVCPath -Filter vcvarsall.bat -Recurse -File | Select-Object -First 1).FullName + $vcvarsallbatPathVS2017 = ( Get-ChildItem $alternateVCPath -Filter vcvarsall.bat -Recurse -File -ErrorAction SilentlyContinue | Select-Object -First 1 -ExpandProperty FullName) if(Test-Path $vcvarsallbatPathVS2017) { diff --git a/tools/releaseBuild/PowershellNative.ps1 b/tools/releaseBuild/PowershellNative.ps1 index 1bb9beb..609302d 100644 --- a/tools/releaseBuild/PowershellNative.ps1 +++ b/tools/releaseBuild/PowershellNative.ps1 @@ -6,7 +6,7 @@ param ( [Parameter(Mandatory, ParameterSetName = 'Build')] - [ValidateSet('x64', 'x86', 'x64_arm', 'x64_arm64', 'linux-x64', 'osx', 'linux-arm', 'linux-arm64', 'linux-musl-x64')] + [ValidateSet('x64', 'x86', 'x64_arm64', 'linux-x64', 'osx', 'linux-arm', 'linux-arm64', 'linux-musl-x64')] [string] $Arch, From d43252f759718918344405faa21b16e5655aa9a7 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Thu, 28 Aug 2025 14:54:21 -0700 Subject: [PATCH 112/129] Fix CI build 3 --- .config/tsaoptions.json | 1 - build.psm1 | 8 +++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.config/tsaoptions.json b/.config/tsaoptions.json index 20f1524..3e5b78d 100644 --- a/.config/tsaoptions.json +++ b/.config/tsaoptions.json @@ -2,7 +2,6 @@ "instanceUrl": "https://msazure.visualstudio.com", "TSADocumentation": "https://aka.ms/OBTSA", "projectName": "One", - "areaPath": "One\\MGMT\\Compute\\Powershell\\Powershell\\PowerShell Core\\pwsh", "notificationAliases": [ "adityap@microsoft.com", "dongbow@microsoft.com", diff --git a/build.psm1 b/build.psm1 index 79b229c..dd924b2 100644 --- a/build.psm1 +++ b/build.psm1 @@ -288,7 +288,13 @@ function Start-BuildNativeWindowsBinaries { # vcvarsall.bat is used to setup environment variables $vcvarsallbatPath = "$vcPath\vcvarsall.bat" - $vcvarsallbatPathVS2017 = ( Get-ChildItem $alternateVCPath -Filter vcvarsall.bat -Recurse -File -ErrorAction SilentlyContinue | Select-Object -First 1 -ExpandProperty FullName) + Write-Verbose -Verbose "vcvarsallbatPath: $vcvarsallbatPath" + + if ($alternateVCPath) + { + $vcvarsallbatPathVS2017 = ( Get-ChildItem $alternateVCPath -Filter vcvarsall.bat -Recurse -File -ErrorAction SilentlyContinue | Select-Object -First 1 -ExpandProperty FullName) + Write-Vebose -Verbose "vcvarsallbatPathVS2017: $vcvarsallbatPathVS2017" + } if(Test-Path $vcvarsallbatPathVS2017) { From 34b93bbd2b2cf3f287b39c37630855f2755555f9 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Thu, 28 Aug 2025 15:21:18 -0700 Subject: [PATCH 113/129] Fix CI build 4 --- build.psm1 | 1 + 1 file changed, 1 insertion(+) diff --git a/build.psm1 b/build.psm1 index dd924b2..693bc07 100644 --- a/build.psm1 +++ b/build.psm1 @@ -292,6 +292,7 @@ function Start-BuildNativeWindowsBinaries { if ($alternateVCPath) { + Write-Verbose -Verbose "checking 2017 path" $vcvarsallbatPathVS2017 = ( Get-ChildItem $alternateVCPath -Filter vcvarsall.bat -Recurse -File -ErrorAction SilentlyContinue | Select-Object -First 1 -ExpandProperty FullName) Write-Vebose -Verbose "vcvarsallbatPathVS2017: $vcvarsallbatPathVS2017" } From 599bb99bbcf40fd0788b2f491359cc28feb3f595 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Thu, 28 Aug 2025 15:41:46 -0700 Subject: [PATCH 114/129] Fix CI build 4 --- build.psm1 | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/build.psm1 b/build.psm1 index 693bc07..6abe285 100644 --- a/build.psm1 +++ b/build.psm1 @@ -295,14 +295,16 @@ function Start-BuildNativeWindowsBinaries { Write-Verbose -Verbose "checking 2017 path" $vcvarsallbatPathVS2017 = ( Get-ChildItem $alternateVCPath -Filter vcvarsall.bat -Recurse -File -ErrorAction SilentlyContinue | Select-Object -First 1 -ExpandProperty FullName) Write-Vebose -Verbose "vcvarsallbatPathVS2017: $vcvarsallbatPathVS2017" - } - if(Test-Path $vcvarsallbatPathVS2017) - { - # prefer VS2017 path - $vcvarsallbatPath = $vcvarsallbatPathVS2017 + if(Test-Path $vcvarsallbatPathVS2017) + { + # prefer VS2017 path + $vcvarsallbatPath = $vcvarsallbatPathVS2017 + } } + Write-Verbose -Verbose "Checking if we found vcvarsall.bat" + if ([string]::IsNullOrEmpty($vcvarsallbatPath) -or (Test-Path -Path $vcvarsallbatPath) -eq $false) { throw "Could not find Visual Studio vcvarsall.bat at $vcvarsallbatPath. Please ensure the optional feature 'Common Tools for Visual C++' is installed." } From 7287abe7e4179dc98c7a037df1289daf92cd932f Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Thu, 28 Aug 2025 16:08:25 -0700 Subject: [PATCH 115/129] Fix cmake generator --- build.psm1 | 51 ++++++++++++++++++++++++++++++++------------------- 1 file changed, 32 insertions(+), 19 deletions(-) diff --git a/build.psm1 b/build.psm1 index 6abe285..6b25583 100644 --- a/build.psm1 +++ b/build.psm1 @@ -326,26 +326,39 @@ function Start-BuildNativeWindowsBinaries { try { Push-Location "$PSScriptRoot\src\powershell-native" - # setup cmakeGenerator - $cmakeGeneratorPlatform = "" - if ($Arch -eq 'x86') { - $cmakeGenerator = 'Visual Studio 17 2022' - $cmakeArch = 'x86' - $cmakeGeneratorPlatform = "-A Win32" - } elseif ($Arch -eq 'x64_arm') { - $cmakeGenerator = 'Visual Studio 17 2022' - $cmakeArch = 'arm' - $cmakeGeneratorPlatform = "-A ARM" - } elseif ($Arch -eq 'x64_arm64') { - $cmakeGenerator = 'Visual Studio 17 2022' - $cmakeArch = 'arm64' - $cmakeGeneratorPlatform = "-A ARM64" - } else { - $cmakeGenerator = 'Visual Studio 17 2022' - $cmakeArch = 'x64' - $cmakeGeneratorPlatform = "-A x64" + if ($vcPath -notlike '*14.0*') { + # setup cmakeGenerator + $cmakeGeneratorPlatform = "" + if ($Arch -eq 'x86') { + $cmakeGenerator = 'Visual Studio 17 2022' + $cmakeArch = 'x86' + $cmakeGeneratorPlatform = "-A Win32" + } elseif ($Arch -eq 'x64_arm64') { + $cmakeGenerator = 'Visual Studio 17 2022' + $cmakeArch = 'arm64' + $cmakeGeneratorPlatform = "-A ARM64" + } else { + $cmakeGenerator = 'Visual Studio 17 2022' + $cmakeArch = 'x64' + $cmakeGeneratorPlatform = "-A x64" + } + } + else { + # setup cmakeGenerator + $cmakeGeneratorPlatform = "" + if ($Arch -eq 'x86') { + $cmakeGenerator = 'Visual Studio 15 2017' + $cmakeArch = 'x86' + } elseif ($Arch -eq 'x64_arm64') { + $cmakeGenerator = 'Visual Studio 15 2017' + $cmakeArch = 'arm64' + $cmakeGeneratorPlatform = "-A ARM64" + } else { + $cmakeGenerator = 'Visual Studio 15 2017 Win64' + $cmakeArch = 'x64' + $cmakeGeneratorPlatform = "-A x64" + } } - # Compile native resources $currentLocation = Get-Location $savedPath = $env:PATH From bc3986f07dba35bdc02dc87d847d234be104c488 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Fri, 29 Aug 2025 08:32:00 -0700 Subject: [PATCH 116/129] Fix alternatevcpath --- build.psm1 | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/build.psm1 b/build.psm1 index 6b25583..875e356 100644 --- a/build.psm1 +++ b/build.psm1 @@ -247,10 +247,10 @@ function Start-BuildNativeWindowsBinaries { } Write-Verbose -Verbose "VCPath: $vcPath" - $alternateVCPath = (Get-ChildItem "${env:ProgramFiles}\Microsoft Visual Studio\2022" -Filter "VC" -Directory -Recurse -ErrorAction SilentlyContinue) | Select-Object -First 1 -ExpandProperty FullName + $alternateVCPath = (Get-ChildItem "${env:ProgramFiles}\Microsoft Visual Studio\2017" -Filter "VC" -Directory -Recurse -ErrorAction SilentlyContinue) | Select-Object -First 1 -ExpandProperty FullName if (-not $alternateVCPath) { - $alternateVCPath = (Get-ChildItem "${env:ProgramFiles(x86)}\Microsoft Visual Studio\2022" -Filter "VC" -Directory -Recurse -ErrorAction SilentlyContinue) | Select-Object -First 1 -ExpandProperty FullName + $alternateVCPath = (Get-ChildItem "${env:ProgramFiles(x86)}\Microsoft Visual Studio\2017" -Filter "VC" -Directory -Recurse -ErrorAction SilentlyContinue) | Select-Object -First 1 -ExpandProperty FullName } Write-Verbose -Verbose "alternateVCPath: $alternateVCPath" @@ -356,7 +356,6 @@ function Start-BuildNativeWindowsBinaries { } else { $cmakeGenerator = 'Visual Studio 15 2017 Win64' $cmakeArch = 'x64' - $cmakeGeneratorPlatform = "-A x64" } } # Compile native resources From 6526354902cbca9b02e5a926c01a8277959994e9 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Fri, 29 Aug 2025 08:43:55 -0700 Subject: [PATCH 117/129] Add 2022 vc alternate path --- build.psm1 | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/build.psm1 b/build.psm1 index 875e356..3380eb7 100644 --- a/build.psm1 +++ b/build.psm1 @@ -253,6 +253,10 @@ function Start-BuildNativeWindowsBinaries { $alternateVCPath = (Get-ChildItem "${env:ProgramFiles(x86)}\Microsoft Visual Studio\2017" -Filter "VC" -Directory -Recurse -ErrorAction SilentlyContinue) | Select-Object -First 1 -ExpandProperty FullName } + if (-not $alternateVCPath) { + $alternateVCPath = (Get-ChildItem "${env:ProgramFiles}\Microsoft Visual Studio\2022" -Filter "VC" -Directory -Recurse -ErrorAction SilentlyContinue) | Select-Object -First 1 -ExpandProperty FullName + } + Write-Verbose -Verbose "alternateVCPath: $alternateVCPath" $atlBaseFound = $false @@ -294,7 +298,7 @@ function Start-BuildNativeWindowsBinaries { { Write-Verbose -Verbose "checking 2017 path" $vcvarsallbatPathVS2017 = ( Get-ChildItem $alternateVCPath -Filter vcvarsall.bat -Recurse -File -ErrorAction SilentlyContinue | Select-Object -First 1 -ExpandProperty FullName) - Write-Vebose -Verbose "vcvarsallbatPathVS2017: $vcvarsallbatPathVS2017" + Write-Verbose -Verbose "vcvarsallbatPathVS2017: $vcvarsallbatPathVS2017" if(Test-Path $vcvarsallbatPathVS2017) { From 9f64859d943cc1761e40882badb03fff7dcc0ee2 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Fri, 29 Aug 2025 15:49:40 -0700 Subject: [PATCH 118/129] Update TSA dynamic routing --- .config/tsaoptions.json | 7 ++----- .pipelines/release.yml | 1 + 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/.config/tsaoptions.json b/.config/tsaoptions.json index 3e5b78d..5d98ee6 100644 --- a/.config/tsaoptions.json +++ b/.config/tsaoptions.json @@ -1,14 +1,11 @@ { - "instanceUrl": "https://msazure.visualstudio.com", - "TSADocumentation": "https://aka.ms/OBTSA", - "projectName": "One", + "hasDynamicRouting": true, + "areaPath": "OS", "notificationAliases": [ "adityap@microsoft.com", "dongbow@microsoft.com", "pmeinecke@microsoft.com", "tplunk@microsoft.com" ], - "ppe": "false", - "template": "TFSMSAzure", "codebaseName": "TFSMSAzure_powershell-native" } diff --git a/.pipelines/release.yml b/.pipelines/release.yml index a67e911..21a520e 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -45,6 +45,7 @@ extends: enabled: true packageName: Microsoft.PowerShell.Native codeql: + tsaEnabled: true compiled: enabled: true armory: From aadfda3440b6c74096ef5c9871fee541dd389259 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Fri, 29 Aug 2025 15:52:39 -0700 Subject: [PATCH 119/129] Use dynamic onebranch template --- .pipelines/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 21a520e..fb5c2d4 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -23,7 +23,7 @@ resources: ref: refs/heads/main extends: - template: v2/OneBranch.NonOfficial.CrossPlat.yml@templates # The Official template may only be used by Production-classified pipelines + template: $(templateFile) # The Official template may only be used by Production-classified pipelines parameters: release: From 10508ea3e83ca3bfa73755d913b235b136109f6e Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Fri, 29 Aug 2025 15:53:47 -0700 Subject: [PATCH 120/129] Use variable --- .pipelines/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index fb5c2d4..bef9d08 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -23,7 +23,7 @@ resources: ref: refs/heads/main extends: - template: $(templateFile) # The Official template may only be used by Production-classified pipelines + template: ${{ variables.templateFile }} # The Official template may only be used by Production-classified pipelines parameters: release: From d8e0f11d3267e1be00d507e02425532de118c03b Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Fri, 29 Aug 2025 15:55:17 -0700 Subject: [PATCH 121/129] fix templates repo --- .pipelines/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index bef9d08..378b933 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -13,7 +13,7 @@ variables: - name: WindowsContainerImage value: onebranch.azurecr.io/windows/ltsc2022/vse2022:latest - name: templateFile - value: ${{ iif(parameters.OfficialBuild, 'v2/OneBranch.Official.CrossPlat.yml@onebranchTemplates', 'v2/OneBranch.NonOfficial.CrossPlat.yml@onebranchTemplates')}} + value: ${{ iif ( parameters.OfficialBuild, 'v2/OneBranch.Official.CrossPlat.yml@templates', 'v2/OneBranch.NonOfficial.CrossPlat.yml@templates' ) }} resources: repositories: From cdf1c9d5e63b156f1cfb1a197125c18df020952a Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 2 Sep 2025 11:03:28 -0700 Subject: [PATCH 122/129] Remove links --- azurepipelines-coverage.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/azurepipelines-coverage.yml b/azurepipelines-coverage.yml index 3591303..3c44161 100644 --- a/azurepipelines-coverage.yml +++ b/azurepipelines-coverage.yml @@ -1,6 +1,5 @@ -# Learn more about Microsoft's code coverage adoption and get support at https://www.aka.ms/codecoveragetsg coverage: status: # Code coverage status will be posted to pull requests based on targets defined below. - comments: on # When on, details about coverage for each file changed will be posted as a pull request comment. + comments: on # When on, details about coverage for each file changed will be posted as a pull request comment. diff: # Diff coverage is code coverage only for the lines changed in a pull request. - target: 50% # The threshold for differential code coverage requirements. \ No newline at end of file + target: 50% # The threshold for differential code coverage requirements. From baa69b06c7d2a87ec54c8cb01299ef8f840b5df4 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Thu, 4 Sep 2025 10:34:21 -0700 Subject: [PATCH 123/129] Move capture env task to ob_restore --- .pipelines/templates/build-sign-windows.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.pipelines/templates/build-sign-windows.yml b/.pipelines/templates/build-sign-windows.yml index c231a1b..932098f 100644 --- a/.pipelines/templates/build-sign-windows.yml +++ b/.pipelines/templates/build-sign-windows.yml @@ -19,6 +19,8 @@ jobs: - pwsh: | Get-ChildItem Env:\ | Out-String -Stream | Write-Verbose -Verbose displayName: Capture environment variables + env: + ob_restore_phase: true # Set ob_restore_phase to run this step before '🔒 Setup Signing' step. - task: CodeQL3000Init@0 # Add CodeQL Init task right before your 'Build' step. env: From 5734a4de94d5526dca0bcbcabc84890d1d7453c3 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Thu, 4 Sep 2025 14:07:21 -0700 Subject: [PATCH 124/129] Add prefast --- .pipelines/release.yml | 3 +++ .pipelines/templates/build-sign-windows.yml | 2 -- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 378b933..445f70f 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -38,6 +38,9 @@ extends: cloudvault: enabled: false globalSdl: + isNativeCode: true + prefast: + enabled: true tsa: useDynamicRouting: true enabled: true diff --git a/.pipelines/templates/build-sign-windows.yml b/.pipelines/templates/build-sign-windows.yml index 932098f..76145c1 100644 --- a/.pipelines/templates/build-sign-windows.yml +++ b/.pipelines/templates/build-sign-windows.yml @@ -62,5 +62,3 @@ jobs: files_to_sign: | **\*.dll; search_root: $(ob_outputDirectory) - - From 012c47506bc219c46490cfa22c5017132c65fe3f Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Thu, 4 Sep 2025 14:09:32 -0700 Subject: [PATCH 125/129] Add signing workaround --- .pipelines/templates/build-sign-windows.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.pipelines/templates/build-sign-windows.yml b/.pipelines/templates/build-sign-windows.yml index 76145c1..5ab0ccc 100644 --- a/.pipelines/templates/build-sign-windows.yml +++ b/.pipelines/templates/build-sign-windows.yml @@ -15,6 +15,8 @@ jobs: value: true - name: ARCHITECTURE value: ${{ parameters.ARCHITECTURE }} + - name: OBP_SIGNING_SETUP_TIMEOUT_IN_SECONDS + value: 300 steps: - pwsh: | Get-ChildItem Env:\ | Out-String -Stream | Write-Verbose -Verbose @@ -62,3 +64,4 @@ jobs: files_to_sign: | **\*.dll; search_root: $(ob_outputDirectory) + retryCountOnTaskFailure: 3 From 42b1bc8aadfbf73c20ee38e62d419d952ef49588 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Mon, 8 Sep 2025 09:41:47 -0700 Subject: [PATCH 126/129] Disable network isolation as workaround --- .pipelines/release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 445f70f..234bb58 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -35,6 +35,7 @@ extends: Network: KS1 incrementalSDLBinaryAnalysis: true needExceptionForUbuntuUsage: true + disableNetworkIsolation: true cloudvault: enabled: false globalSdl: From 08dc1f420ba087bb6d12433cdd19708a2a2a526e Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Mon, 8 Sep 2025 12:35:50 -0700 Subject: [PATCH 127/129] Undo disable of network isolation --- .pipelines/release.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 234bb58..445f70f 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -35,7 +35,6 @@ extends: Network: KS1 incrementalSDLBinaryAnalysis: true needExceptionForUbuntuUsage: true - disableNetworkIsolation: true cloudvault: enabled: false globalSdl: From 4ac91ad252f1d5ab1aa95470f84d0171d116f884 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Mon, 8 Sep 2025 13:37:38 -0700 Subject: [PATCH 128/129] Add parameter for network isolation disablement --- .pipelines/release.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index 445f70f..f3895ac 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -4,6 +4,9 @@ parameters: - name: OfficialBuild type: boolean default: false + - name: disableNetworkIsolation + type: boolean + default: false variables: - name: ob_outputDirectory @@ -35,6 +38,7 @@ extends: Network: KS1 incrementalSDLBinaryAnalysis: true needExceptionForUbuntuUsage: true + disableNetworkIsolation: $${ parameters.disableNetworkIsolation } cloudvault: enabled: false globalSdl: From d87bcff71274864edd3b1fe0eb5e165ea4a9dda2 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 9 Sep 2025 10:29:54 -0700 Subject: [PATCH 129/129] Fix yaml for parameter condition --- .pipelines/release.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.pipelines/release.yml b/.pipelines/release.yml index f3895ac..a33a2a0 100644 --- a/.pipelines/release.yml +++ b/.pipelines/release.yml @@ -17,6 +17,8 @@ variables: value: onebranch.azurecr.io/windows/ltsc2022/vse2022:latest - name: templateFile value: ${{ iif ( parameters.OfficialBuild, 'v2/OneBranch.Official.CrossPlat.yml@templates', 'v2/OneBranch.NonOfficial.CrossPlat.yml@templates' ) }} + - name: disableNetworkIsolation + value: ${{ parameters.disableNetworkIsolation }} resources: repositories: @@ -38,7 +40,7 @@ extends: Network: KS1 incrementalSDLBinaryAnalysis: true needExceptionForUbuntuUsage: true - disableNetworkIsolation: $${ parameters.disableNetworkIsolation } + disableNetworkIsolation: ${{ variables.disableNetworkIsolation }} cloudvault: enabled: false globalSdl: