trigger: branches: include: - main paths: exclude: - version.json - src/version.ts batch: True jobs: - job: Phase_1 displayName: Phase 1 cancelTimeoutInMinutes: 1 pool: vmImage: 'windows-2019' steps: - checkout: self clean: true persistCredentials: true - task: PoliCheck@1 displayName: Run PoliCheck - task: Semmle@0 displayName: Run Semmle (tsandjs) continueOnError: true inputs: sourceCodeDirectory: $(Build.SourcesDirectory)/src language: tsandjs includeNodeModules: false - task: PowerShell@2 displayName: Install Pester 3.4.0 if not present inputs: targetType: inline script: | $path = $env:ProgramFiles + "\WindowsPowerShell\Modules\Pester" $versions = get-childItem -Path $path -ErrorAction Ignore $versions $found = $versions | ?{ $_.Name -eq "3.4.0" } if ($null -eq $found) { Install-Module -Name Pester -RequiredVersion 3.4.0 -SkipPublisherCheck -Force } - task: PowerShell@2 displayName: Run whoami and hostname inputs: targetType: inline script: | whoami hostname - task: NodeTool@0 displayName: 'Use Node 18.20.4' inputs: versionSpec: 18.20.4 - task: Npm@1 displayName: 'npm install @angular/cli' inputs: command: custom customCommand: 'install -g --globalconfig $(Build.SourcesDirectory)/.npmrc @angular/cli@15.2.9 --loglevel verbose' - task: Npm@1 displayName: 'npm install typescript@4.8.2' inputs: command: custom customCommand: 'install -g --globalconfig $(Build.SourcesDirectory)/.npmrc typescript@4.8.2 --loglevel verbose' - task: Npm@1 displayName: npm ci inputs: command: custom verbose: true customCommand: ci - task: PowerShell@2 displayName: Increment package version and update all packages.json with new version and private:false inputs: filePath: build/increment-package-version.ps1 failOnStderr: true - task: gulp@0 displayName: 'gulp build' inputs: gulpFile: gulpfile.ts targets: build arguments: --verbose --prod --junit publishJUnitResults: true testResultsFiles: unittests\junitresults.xml testRunTitle: WAC Build Unit Tests - task: PowerShell@2 displayName: Add package version into psd1 inputs: filePath: build/update-powershell-code.ps1 failOnStderr: true - task: EsrpCodeSigning@2 displayName: ESRP CodeSigning for PowerShellModule inputs: ConnectedServiceName: 62bd045c-f530-473f-b137-6dca47b5ee68 FolderPath: $(Build.SourcesDirectory)\dist\powershell-module Pattern: '*.psm1,*.psd1' signConfigType: inlineSignParams inlineOperation: >- [ { "keyCode": "CP-230012", "operationCode": "SigntoolSign", "parameters": { "OpusName": "Microsoft", "OpusInfo": "http://www.microsoft.com", "FileDigest": "/fd \"SHA256\"", "PageHash": "/NPH", "TimeStamp": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" }, "toolName": "sign", "toolVersion": "1.0" }, { "keyCode": "CP-230012", "operationCode": "SigntoolVerify", "parameters": {}, "toolName": "sign", "toolVersion": "1.0" } ] - task: DeleteFiles@1 displayName: Delete MD files from dist\powershell-module inputs: SourceFolder: $(Build.SourcesDirectory)\dist\powershell-module Contents: '*.md' - task: PowerShell@2 displayName: Commit and push version increment inputs: filePath: build/push-incremented-version.ps1 failOnStderr: false - task: PowerShell@2 displayName: Remove 'private' flag from package.json inputs: targetType: inline script: | # get content of package.json and set private flag to be false. $package = Get-Content package.json | ConvertFrom-Json $package.private = $false ConvertTo-Json $package | Set-Content package.json # create packageVersion variable Write-Host "##vso[task.setvariable variable=packageVersion]$($package.version)" - task: npmAuthenticate@0 displayName: Enable authentication for npm inputs: workingFile: .npmrc - task: Npm@1 displayName: npm publish inputs: command: publish workingDir: .\ verbose: true publishRegistry: useFeed publishFeed: 96fcd20e-1738-40b2-ab8b-0ac8364f4225 - task: gulp@0 displayName: 'gulp pack' inputs: gulpFile: gulpfile.ts targets: pack arguments: --V $(packageVersion) - task: EsrpCodeSigning@2 displayName: ESRP CodeSigning for Nuget Package inputs: ConnectedServiceName: 62bd045c-f530-473f-b137-6dca47b5ee68 FolderPath: $(Build.SourcesDirectory) Pattern: nuget\*.nupkg signConfigType: inlineSignParams inlineOperation: >- [ { "KeyCode" : "CP-401405", "OperationCode" : "NuGetSign", "Parameters" : {}, "ToolName" : "sign", "ToolVersion" : "1.0" }, { "KeyCode" : "CP-401405", "OperationCode" : "NuGetVerify", "Parameters" : {}, "ToolName" : "sign", "ToolVersion" : "1.0" } ] # Note: SBOMs are confidential/internal - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0 displayName: 'SBOM Generation and Telemetry' inputs: BuildDropPath: '$(Build.SourcesDirectory)\dist' PackageName: 'Windows Admin Center - $(Build.Repository.Name)' PackageVersion: '$(packageVersion)' Verbosity: 'Verbose' - task: DropValidatorTask@0 displayName: SBOM Validator and Publisher inputs: BuildDropPath: '$(Build.SourcesDirectory)\dist' OutputPath: '$(Build.SourcesDirectory)\dist\_manifest\sbom-validator-output.json' ValidateSignature: true Verbosity: 'Verbose' - task: PublishBuildArtifacts@1 displayName: Publish SBOM Artifact (for verification) inputs: PathtoPublish: '$(Build.SourcesDirectory)\dist\_manifest' ArtifactName: 'SBOM Artifact' publishLocation: 'Container' - task: NuGetCommand@2 displayName: Publish NuGet Package inputs: command: push searchPatternPush: nuget\*.nupkg feedPublish: 143c79b1-682d-4127-a8fa-fb355fbedfa2 ...