From c1a09f33881b7497870084e4935f24d428c516ff Mon Sep 17 00:00:00 2001
From: Vivian Thiebaut <vthiebaut@microsoft.com>
Date: Fri, 21 Feb 2025 14:07:22 -0500
Subject: [PATCH 01/11] Add steps to deploy module to ACR
---
.pipelines/SecretManagement-Official.yml | 166 +++++++++++++++++-
ServiceGroupRoot/RolloutSpec.json | 28 +++
ServiceGroupRoot/ScopeBindings.json | 23 +++
.../SecretManagementToACR.Rollout.json | 60 +++++++
ServiceGroupRoot/ServiceModel.json | 51 ++++++
ServiceGroupRoot/Shell/Run/Run.ps1 | 77 ++++++++
ServiceGroupRoot/buildver.txt | 1 +
7 files changed, 401 insertions(+), 5 deletions(-)
create mode 100644 ServiceGroupRoot/RolloutSpec.json
create mode 100644 ServiceGroupRoot/ScopeBindings.json
create mode 100644 ServiceGroupRoot/SecretManagementToACR.Rollout.json
create mode 100644 ServiceGroupRoot/ServiceModel.json
create mode 100644 ServiceGroupRoot/Shell/Run/Run.ps1
create mode 100644 ServiceGroupRoot/buildver.txt
diff --git a/.pipelines/SecretManagement-Official.yml b/.pipelines/SecretManagement-Official.yml
index 8759e60..08ea6f4 100644
--- a/.pipelines/SecretManagement-Official.yml
+++ b/.pipelines/SecretManagement-Official.yml
@@ -26,11 +26,17 @@ parameters:
default: false
variables:
- system.debug: ${{ parameters.debug }}
- BuildConfiguration: Release
- WindowsContainerImage: onebranch.azurecr.io/windows/ltsc2022/vse2022:latest
- DOTNET_NOLOGO: true
- DOTNET_GENERATE_ASPNET_CERTIFICATE: false
+- name: system.debug
+ value: ${{ parameters.debug }}
+- name: BuildConfiguration
+ value: Release
+- name: WindowsContainerImage
+ value: onebranch.azurecr.io/windows/ltsc2022/vse2022:latest
+- name: DOTNET_NOLOGO
+ value: true
+- name: DOTNET_GENERATE_ASPNET_CERTIFICATE
+ value: false
+- group: SecretManagementAcr
resources:
repositories:
@@ -185,3 +191,153 @@ extends:
packagesToPush: $(drop)/Microsoft.PowerShell.SecretManagement.Library.$(version).nupkg
nuGetFeedType: external
publishFeedCredentials: PowerShellNuGetOrgPush
+ - stage: PrepForEv2
+ condition: ne(variables['Build.Reason'], 'Schedule')
+ dependsOn: build
+ variables:
+ drop: $(Pipeline.Workspace)/drop_build_main
+ version: $[ stageDependencies.build.main.outputs['package.version'] ]
+ jobs:
+ - job: CopyEv2FilesToArtifact
+ displayName: Copy Ev2 Files To Artifact
+ variables:
+ - name: ob_outputDirectory
+ value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT'
+ pool:
+ timeoutInMinutes: 30
+ type: windows
+ steps:
+ - task: onebranch.pipeline.signing@1
+ displayName: Sign 1st Party Files
+ inputs:
+ command: 'sign'
+ signing_profile: external_distribution
+ files_to_sign: '**\*.ps1'
+ search_root: '$(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot/Shell'
+ - download: current
+ displayName: Download artifacts
+ - pwsh: |
+ $modulePath = Join-Path $(drop) -ChildPath 'Microsoft.PowerShell.SecretManagement.$(version).nupkg'
+ $fileExists = Test-Path $modulePath
+ Write-Verbose -Verbose "Module file $modulePath Exists: $fileExists"
+
+ $srcDir = Join-Path '$(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot' -ChildPath 'SrcFiles'
+ New-Item $srcDir -ItemType Directory
+
+ $dest = Join-Path $srcDir -ChildPath 'Microsoft.PowerShell.SecretManagement.$(version).nupkg'
+ Copy-Item -Path $modulePath -Destination $dest
+
+ Get-ChildItem '$(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot/SrcFiles/'
+ displayName: Move artifact to Ev2 folder
+ - pwsh: |
+ $srcPath = Join-Path '$(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot' -ChildPath 'Shell'
+ $pathToRunTarFile = Join-Path '$(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot/Shell' -ChildPath "Run.tar"
+ tar -cvf $pathToRunTarFile -C $srcPath ./Run
+ $tarExists = Test-Path $pathToRunTarFile
+ Write-Verbose -Verbose "Tar file $pathToRunTarFile exists: $tarExists"
+ displayName: Compress Run script into tar file as needed for EV2 Shell extension
+ - pwsh: |
+ $pathToJsonFile = Join-Path -Path '$(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot' -ChildPath 'SecretManagementToACR.Rollout.json'
+ $content = Get-Content -Path $pathToJsonFile | ConvertFrom-Json
+ $envVarArrayLen = $content.shellExtensions.launch.environmentVariables.Length
+
+ [xml]$xml = Get-Content Directory.Build.props
+ $version = $xml.Project.PropertyGroup.ModuleVersion
+
+ for ($i=0; $i -lt $envVarArrayLen; $i++)
+ {
+ $name = $($content.shellExtensions.launch.environmentVariables[$i].name)
+ if ($name -eq "DESTINATION_ACR_NAME")
+ {
+ $content.shellExtensions.launch.environmentVariables[$i].value = '$(acr_name)'
+ Write-Verbose -Verbose "ACR Name: $($content.shellExtensions.launch.environmentVariables[$i].value)"
+ }
+ elseif ($name -eq "DESTINATION_ACR_URI")
+ {
+ $content.shellExtensions.launch.environmentVariables[$i].value = '$(acr_uri)'
+ Write-Verbose -Verbose "ACR URI: $($content.shellExtensions.launch.environmentVariables[$i].value)"
+ }
+ elseif ($name -eq "MI_NAME")
+ {
+ $content.shellExtensions.launch.environmentVariables[$i].value = '$(managed_identity_name)'
+ Write-Verbose -Verbose "MI Name: $($content.shellExtensions.launch.environmentVariables[$i].value)"
+ }
+ elseif ($name -eq "MI_CLIENTID")
+ {
+ $content.shellExtensions.launch.environmentVariables[$i].value = '$(managed_identity_clientid)'
+ Write-Verbose -Verbose "MI Client ID: $($content.shellExtensions.launch.environmentVariables[$i].value)"
+ }
+ elseif($name -eq "SECRET_MANAGEMENT_VERSION")
+ {
+ $content.shellExtensions.launch.environmentVariables[$i].value = $version
+ Write-Verbose -Verbose "Module version: $($content.shellExtensions.launch.environmentVariables[$i].value)"
+ }
+ elseif($name -eq "SECRET_MANAGEMENT_MODULE")
+ {
+ $content.shellExtensions.launch.environmentVariables[$i].reference.path = "SrcFiles\\Microsoft.PowerShell.SecretManagement.$(version).nupkg"
+ Write-Verbose -Verbose "Module Path: $($content.shellExtensions.launch.environmentVariables[$i].reference.path)"
+ }
+ }
+
+ $identityString = "/subscriptions/$(acr_subscription)/resourcegroups/$(acr_resource_group)/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$(managed_identity_name)"
+ $content.shellExtensions.launch.identity.userAssignedIdentities[0] = $identityString
+
+ Remove-Item -Path $pathToJsonFile
+ $content | ConvertTo-Json -Depth 6 | Out-File $pathToJsonFile
+
+ displayName: 'Replace values in SecretManagementToACR.Rollout.json file'
+ - pwsh: |
+ $pathToJsonFile = Join-Path -Path '$(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot' -ChildPath 'RolloutSpec.json'
+ $content = Get-Content -Path $pathToJsonFile | ConvertFrom-Json
+ $content.RolloutMetadata.Notification.Email.To = '$(email_address)'
+
+ Remove-Item -Path $pathToJsonFile
+ $content | ConvertTo-Json -Depth 4 | Out-File $pathToJsonFile
+
+ displayName: 'Replace values in RolloutSpecPath.json'
+ - pwsh: |
+ $pathToJsonFile = Join-Path -Path '$(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot' -ChildPath 'ServiceModel.json'
+ $content = Get-Content -Path $pathToJsonFile | ConvertFrom-Json
+ $content.ServiceResourceGroups[0].AzureResourceGroupName = '$(acr_resource_group)'
+ $content.ServiceResourceGroups[0].AzureSubscriptionId = '$(acr_subscription)'
+
+ Remove-Item -Path $pathToJsonFile
+ $content | ConvertTo-Json -Depth 9 | Out-File $pathToJsonFile
+
+ displayName: 'Replace values in ServiceModel.json'
+ - task: CopyFiles@2
+ inputs:
+ Contents: 'EV2Specs/**'
+ TargetFolder: $(ob_outputDirectory)
+ - stage: 'Prod_release'
+ displayName: Deploy Images to ACR with EV2
+ dependsOn:
+ - PrepForEV2
+ variables:
+ - name: ob_release_environment
+ value: "Production"
+ - name: repoRoot
+ value: $(Build.SourcesDirectory)
+ jobs:
+ - job: Prod_ReleaseJob
+ pool:
+ type: release
+ steps:
+ - task: DownloadPipelineArtifact@2
+ inputs:
+ targetPath: '$(Pipeline.Workspace)'
+ artifact: drop_PrepForEV2_CopyEv2FilesToArtifact
+ displayName: 'Download drop_PrepForEV2_CopyEv2FilesToArtifact artifact that has all files needed'
+ - task: DownloadPipelineArtifact@2
+ inputs:
+ buildType: 'current'
+ targetPath: '$(Pipeline.Workspace)'
+ displayName: 'Download to get EV2 Files'
+ - task: vsrm-ev2.vss-services-ev2.adm-release-task.ExpressV2Internal@1
+ displayName: 'Ev2: Push to ACR'
+ inputs:
+ UseServerMonitorTask: true
+ EndpointProviderType: ApprovalService
+ ApprovalServiceEnvironment: Production
+ ServiceRootPath: '$(Pipeline.Workspace)/drop_PrepForEV2_CopyEv2FilesToArtifact/EV2Specs/ServiceGroupRoot'
+ RolloutSpecPath: '$(Pipeline.Workspace)/drop_PrepForEV2_CopyEv2FilesToArtifact/EV2Specs/ServiceGroupRoot/RolloutSpec.json'
diff --git a/ServiceGroupRoot/RolloutSpec.json b/ServiceGroupRoot/RolloutSpec.json
new file mode 100644
index 0000000..1ca9f35
--- /dev/null
+++ b/ServiceGroupRoot/RolloutSpec.json
@@ -0,0 +1,28 @@
+{
+ "$schema": "https://ev2schema.azure.net/schemas/2020-01-01/rolloutSpecification.json",
+ "contentVersion": "1.0.0.0",
+ "RolloutMetadata": {
+ "ServiceModelPath": "ServiceModel.json",
+ "ScopeBindingsPath": "ScopeBindings.json",
+ "Name": "OneBranch-Demo-Container-Deployment",
+ "RolloutType": "Major",
+ "BuildSource": {
+ "Parameters": {
+ "VersionFile": "buildver.txt"
+ }
+ },
+ "Notification": {
+ "Email": {
+ "To": "default"
+ }
+ }
+ },
+ "OrchestratedSteps": [
+ {
+ "Name": "UploadSecretManagementToACR",
+ "TargetType": "ServiceResource",
+ "TargetName": "SecretManagementToACR",
+ "Actions": ["Shell/Run"]
+ }
+ ]
+ }
diff --git a/ServiceGroupRoot/ScopeBindings.json b/ServiceGroupRoot/ScopeBindings.json
new file mode 100644
index 0000000..d25d5a7
--- /dev/null
+++ b/ServiceGroupRoot/ScopeBindings.json
@@ -0,0 +1,23 @@
+{
+ "$schema": "https://ev2schema.azure.net/schemas/2020-01-01/scopeBindings.json",
+ "contentVersion": "0.0.0.1",
+ "scopeBindings": [
+ {
+ "scopeTagName": "Global",
+ "bindings": [
+ {
+ "find": "__SUBSCRIPTION_ID__",
+ "replaceWith": "$azureSubscriptionId()"
+ },
+ {
+ "find": "__RESOURCE_GROUP__",
+ "replaceWith": "$azureResourceGroup()"
+ },
+ {
+ "find": "__BUILD_VERSION__",
+ "replaceWith": "$buildVersion()"
+ }
+ ]
+ }
+ ]
+ }
diff --git a/ServiceGroupRoot/SecretManagementToACR.Rollout.json b/ServiceGroupRoot/SecretManagementToACR.Rollout.json
new file mode 100644
index 0000000..9521934
--- /dev/null
+++ b/ServiceGroupRoot/SecretManagementToACR.Rollout.json
@@ -0,0 +1,60 @@
+{
+ "$schema": "https://ev2schema.azure.net/schemas/2020-01-01/rolloutParameters.json",
+ "contentVersion": "1.0.0.0",
+ "shellExtensions": [
+ {
+ "name": "Run",
+ "type": "Run",
+ "properties": {
+ "maxExecutionTime": "PT2H"
+ },
+ "package": {
+ "reference": {
+ "path": "Shell/Run.tar"
+ }
+ },
+ "launch": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "pwsh ./Run/Run.ps1"
+ ],
+ "environmentVariables": [
+ {
+ "name": "SECRET_MANAGEMENT_MODULE",
+ "reference":
+ {
+ "path": "SrcFiles\\Microsoft.PowerShell.SecretManagement.nupkg"
+ }
+ },
+ {
+ "name": "DESTINATION_ACR_NAME",
+ "value": "default"
+ },
+ {
+ "name": "MI_NAME",
+ "value": "default"
+ },
+ {
+ "name": "MI_CLIENTID",
+ "value": "default"
+ },
+ {
+ "name": "SECRET_MANAGEMENT_VERSION",
+ "value": "default"
+ },
+ {
+ "name": "DESTINATION_ACR_URI",
+ "value": "default"
+ }
+ ],
+ "identity": {
+ "type": "userAssigned",
+ "userAssignedIdentities": [
+ "default"
+ ]
+ }
+ }
+ }
+ ]
+ }
diff --git a/ServiceGroupRoot/ServiceModel.json b/ServiceGroupRoot/ServiceModel.json
new file mode 100644
index 0000000..871bbd4
--- /dev/null
+++ b/ServiceGroupRoot/ServiceModel.json
@@ -0,0 +1,51 @@
+{
+ "$schema": "https://ev2schema.azure.net/schemas/2020-01-01/serviceModel.json",
+ "contentVersion": "1.0.0.0",
+ "ServiceMetadata": {
+ "ServiceGroup": "OneBranch-SecretManagement",
+ "Environment": "Test"
+ },
+ "ServiceResourceGroupDefinitions": [
+ {
+ "Name": "OneBranch-SecretManagement-RGDef",
+ "ServiceResourceDefinitions": [
+ {
+ "Name": "OneBranch-SecretManagement.Shell-SRDef",
+ "composedOf": {
+ "extension": {
+ "shell": [
+ {
+ "type": "Run",
+ "properties": {
+ "imageName": "adm-mariner-20-l",
+ "imageVersion": "v5"
+ }
+ }
+ ]
+ }
+ }
+ }
+ ]
+ }
+ ],
+ "ServiceResourceGroups": [
+ {
+ "AzureResourceGroupName": "default",
+ "Location": "East US",
+ "InstanceOf": "OneBranch-SecretManagement-RGDef",
+ "AzureSubscriptionId": "default",
+ "scopeTags": [
+ {
+ "name": "Global"
+ }
+ ],
+ "ServiceResources": [
+ {
+ "Name": "SecretManagementToACR",
+ "InstanceOf": "OneBranch-SecretManagement.Shell-SRDef",
+ "RolloutParametersPath": "SecretManagementToACR.Rollout.json"
+ }
+ ]
+ }
+ ]
+ }
diff --git a/ServiceGroupRoot/Shell/Run/Run.ps1 b/ServiceGroupRoot/Shell/Run/Run.ps1
new file mode 100644
index 0000000..b281c41
--- /dev/null
+++ b/ServiceGroupRoot/Shell/Run/Run.ps1
@@ -0,0 +1,77 @@
+# ensure SAS variables were passed in
+if ($env:SECRET_MANAGEMENT_MODULE -eq $null)
+{
+ Write-Verbose -Verbose "SECRET_MANAGEMENT_MODULE variable didn't get passed correctly"
+ return 1
+}
+
+if ($env:SECRET_MANAGEMENT_VERSION -eq $null)
+{
+ Write-Verbose -Verbose "SECRET_MANAGEMENT_VERSION variable didn't get passed correctly"
+ return 1
+}
+
+if ($env:DESTINATION_ACR_NAME -eq $null)
+{
+ Write-Verbose -Verbose "DESTINATION_ACR_NAME variable didn't get passed correctly"
+ return 1
+}
+
+if ($env:DESTINATION_ACR_URI -eq $null)
+{
+ Write-Verbose -Verbose "DESTINATION_ACR_URI variable didn't get passed correctly"
+ return 1
+}
+
+if ($env:MI_CLIENTID -eq $null)
+{
+ Write-Verbose -Verbose "MI_CLIENTID variable didn't get passed correctly"
+ return 1
+}
+
+
+try {
+ Write-Verbose -Verbose "SecretManagement: $env:SECRET_MANAGEMENT_MODULE"
+ Write-Verbose -Verbose "Version: $env:SECRET_MANAGEMENT_VERSION"
+ Write-Verbose -Verbose "acrname: $env:DESTINATION_ACR_NAME"
+ Write-Verbose -Verbose "acruri: $env:DESTINATION_ACR_URI"
+ Write-Verbose -Verbose "MI client Id: $env:MI_CLIENTID"
+
+ $secretManagementFileName = "Microsoft.PowerShell.SecretManagement.$($env:SECRET_MANAGEMENT_VERSION).nupkg"
+
+ Write-Verbose -Verbose "Download files"
+ Invoke-WebRequest -Uri $env:SECRET_MANAGEMENT_MODULE -OutFile $secretManagementFileName
+
+ $moduleExists = Test-Path $secretManagementFileName
+ Write-Verbose -Verbose "Module $secretManagementFileName exists: $moduleExists"
+
+ # Install PSResourceGet 1.1.0-preview2
+ Write-Verbose "Download PSResourceGet version 1.1.0-preview2"
+ Register-PSRepository -Name CFS -SourceLocation "https://pkgs.dev.azure.com/powershell/PowerShell/_packaging/powershell/nuget/v2" -InstallationPolicy Trusted
+ Install-Module -Repository CFS -Name Microsoft.PowerShell.PSResourceGet -RequiredVersion '1.1.0' -Verbose
+ Import-Module Microsoft.PowerShell.PSResourceGet
+ Get-Module
+
+ # Login to Azure CLI using Managed Identity
+ Write-Verbose -Verbose "Login cli using managed identity"
+ az login --identity --username $env:MI_CLIENTID
+
+ # Register the target ACR as a PSResourceGet repository
+ Write-Verbose -Verbose "Register ARC as a PSResourceGet reposirory"
+ Register-PSResourceRepository -Uri $env:DESTINATION_ACR_URI -Name $env:DESTINATION_ACR_NAME -Trusted -Verbose
+
+ Get-PSResourceRepository
+
+ #Publish SecretManagement to ACR
+ Write-Verbose -Verbose "Publish SecretManagement $secretManagementFileName to ACR $env:DESTINATION_ACR_NAME"
+ $prefix = "public/psresource"
+ Publish-PSResource -Repository $env:DESTINATION_ACR_NAME -NupkgPath $secretManagementFileName -ModulePrefix $prefix -Confirm:$false
+}
+catch {
+
+ $_.Exception | Format-List -Force
+
+ return 1
+}
+
+return 0
diff --git a/ServiceGroupRoot/buildver.txt b/ServiceGroupRoot/buildver.txt
new file mode 100644
index 0000000..7f20734
--- /dev/null
+++ b/ServiceGroupRoot/buildver.txt
@@ -0,0 +1 @@
+1.0.1
\ No newline at end of file
From 5a7cdab5747dd511076cf8c83fccfbd3391de311 Mon Sep 17 00:00:00 2001
From: Vivian Thiebaut <vthiebaut@microsoft.com>
Date: Fri, 21 Feb 2025 17:46:46 -0500
Subject: [PATCH 02/11] move servicegrouproot folder to ev2specs
---
{ServiceGroupRoot => Ev2Specs/ServiceGroupRoot}/RolloutSpec.json | 0
.../ServiceGroupRoot}/ScopeBindings.json | 0
.../ServiceGroupRoot}/SecretManagementToACR.Rollout.json | 0
{ServiceGroupRoot => Ev2Specs/ServiceGroupRoot}/ServiceModel.json | 0
{ServiceGroupRoot => Ev2Specs/ServiceGroupRoot}/Shell/Run/Run.ps1 | 0
{ServiceGroupRoot => Ev2Specs/ServiceGroupRoot}/buildver.txt | 0
6 files changed, 0 insertions(+), 0 deletions(-)
rename {ServiceGroupRoot => Ev2Specs/ServiceGroupRoot}/RolloutSpec.json (100%)
rename {ServiceGroupRoot => Ev2Specs/ServiceGroupRoot}/ScopeBindings.json (100%)
rename {ServiceGroupRoot => Ev2Specs/ServiceGroupRoot}/SecretManagementToACR.Rollout.json (100%)
rename {ServiceGroupRoot => Ev2Specs/ServiceGroupRoot}/ServiceModel.json (100%)
rename {ServiceGroupRoot => Ev2Specs/ServiceGroupRoot}/Shell/Run/Run.ps1 (100%)
rename {ServiceGroupRoot => Ev2Specs/ServiceGroupRoot}/buildver.txt (100%)
diff --git a/ServiceGroupRoot/RolloutSpec.json b/Ev2Specs/ServiceGroupRoot/RolloutSpec.json
similarity index 100%
rename from ServiceGroupRoot/RolloutSpec.json
rename to Ev2Specs/ServiceGroupRoot/RolloutSpec.json
diff --git a/ServiceGroupRoot/ScopeBindings.json b/Ev2Specs/ServiceGroupRoot/ScopeBindings.json
similarity index 100%
rename from ServiceGroupRoot/ScopeBindings.json
rename to Ev2Specs/ServiceGroupRoot/ScopeBindings.json
diff --git a/ServiceGroupRoot/SecretManagementToACR.Rollout.json b/Ev2Specs/ServiceGroupRoot/SecretManagementToACR.Rollout.json
similarity index 100%
rename from ServiceGroupRoot/SecretManagementToACR.Rollout.json
rename to Ev2Specs/ServiceGroupRoot/SecretManagementToACR.Rollout.json
diff --git a/ServiceGroupRoot/ServiceModel.json b/Ev2Specs/ServiceGroupRoot/ServiceModel.json
similarity index 100%
rename from ServiceGroupRoot/ServiceModel.json
rename to Ev2Specs/ServiceGroupRoot/ServiceModel.json
diff --git a/ServiceGroupRoot/Shell/Run/Run.ps1 b/Ev2Specs/ServiceGroupRoot/Shell/Run/Run.ps1
similarity index 100%
rename from ServiceGroupRoot/Shell/Run/Run.ps1
rename to Ev2Specs/ServiceGroupRoot/Shell/Run/Run.ps1
diff --git a/ServiceGroupRoot/buildver.txt b/Ev2Specs/ServiceGroupRoot/buildver.txt
similarity index 100%
rename from ServiceGroupRoot/buildver.txt
rename to Ev2Specs/ServiceGroupRoot/buildver.txt
From b578555aa9308873685e06fed62857c63570934f Mon Sep 17 00:00:00 2001
From: Vivian Thiebaut <81188381+vthiebaut10@users.noreply.github.com>
Date: Mon, 24 Mar 2025 15:28:35 -0400
Subject: [PATCH 03/11] Use copy file to simplify pipeline operation
Co-authored-by: Andy Jordan <2226434+andyleejordan@users.noreply.github.com>
---
.pipelines/SecretManagement-Official.yml | 17 ++++-------------
1 file changed, 4 insertions(+), 13 deletions(-)
diff --git a/.pipelines/SecretManagement-Official.yml b/.pipelines/SecretManagement-Official.yml
index 08ea6f4..bcdd667 100644
--- a/.pipelines/SecretManagement-Official.yml
+++ b/.pipelines/SecretManagement-Official.yml
@@ -216,19 +216,10 @@ extends:
search_root: '$(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot/Shell'
- download: current
displayName: Download artifacts
- - pwsh: |
- $modulePath = Join-Path $(drop) -ChildPath 'Microsoft.PowerShell.SecretManagement.$(version).nupkg'
- $fileExists = Test-Path $modulePath
- Write-Verbose -Verbose "Module file $modulePath Exists: $fileExists"
-
- $srcDir = Join-Path '$(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot' -ChildPath 'SrcFiles'
- New-Item $srcDir -ItemType Directory
-
- $dest = Join-Path $srcDir -ChildPath 'Microsoft.PowerShell.SecretManagement.$(version).nupkg'
- Copy-Item -Path $modulePath -Destination $dest
-
- Get-ChildItem '$(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot/SrcFiles/'
- displayName: Move artifact to Ev2 folder
+ - task: CopyFiles@2
+ SourceFolder: $(drop)
+ Contents: Microsoft.PowerShell.SecretManagement.$(version).nupkg
+ TargetFolder: $(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot/SrcFiles/
- pwsh: |
$srcPath = Join-Path '$(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot' -ChildPath 'Shell'
$pathToRunTarFile = Join-Path '$(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot/Shell' -ChildPath "Run.tar"
From 49c6126396996fe0e9ca2ddd2fb552297511ca40 Mon Sep 17 00:00:00 2001
From: Vivian Thiebaut <81188381+vthiebaut10@users.noreply.github.com>
Date: Mon, 24 Mar 2025 15:29:19 -0400
Subject: [PATCH 04/11] Use archive file to simplify pipeline
Co-authored-by: Andy Jordan <2226434+andyleejordan@users.noreply.github.com>
---
.pipelines/SecretManagement-Official.yml | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/.pipelines/SecretManagement-Official.yml b/.pipelines/SecretManagement-Official.yml
index bcdd667..8a74c2c 100644
--- a/.pipelines/SecretManagement-Official.yml
+++ b/.pipelines/SecretManagement-Official.yml
@@ -220,12 +220,13 @@ extends:
SourceFolder: $(drop)
Contents: Microsoft.PowerShell.SecretManagement.$(version).nupkg
TargetFolder: $(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot/SrcFiles/
- - pwsh: |
- $srcPath = Join-Path '$(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot' -ChildPath 'Shell'
- $pathToRunTarFile = Join-Path '$(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot/Shell' -ChildPath "Run.tar"
- tar -cvf $pathToRunTarFile -C $srcPath ./Run
- $tarExists = Test-Path $pathToRunTarFile
- Write-Verbose -Verbose "Tar file $pathToRunTarFile exists: $tarExists"
+ - task: ArchiveFiles@2
+ inputs:
+ rootFolderOrFile: $(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot/Shell/Run
+ includeRootFolder: false
+ archiveType: tar
+ tarCompression: None
+ archiveFile: $(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot/Shell/Run.tar
displayName: Compress Run script into tar file as needed for EV2 Shell extension
- pwsh: |
$pathToJsonFile = Join-Path -Path '$(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot' -ChildPath 'SecretManagementToACR.Rollout.json'
From bb646e2667f9de99bc699e081cb7f027de147db3 Mon Sep 17 00:00:00 2001
From: Vivian Thiebaut <81188381+vthiebaut10@users.noreply.github.com>
Date: Mon, 24 Mar 2025 15:54:29 -0400
Subject: [PATCH 05/11] Update .pipelines/SecretManagement-Official.yml
Co-authored-by: Andy Jordan <2226434+andyleejordan@users.noreply.github.com>
---
.pipelines/SecretManagement-Official.yml | 12 ++----------
1 file changed, 2 insertions(+), 10 deletions(-)
diff --git a/.pipelines/SecretManagement-Official.yml b/.pipelines/SecretManagement-Official.yml
index 8a74c2c..9305774 100644
--- a/.pipelines/SecretManagement-Official.yml
+++ b/.pipelines/SecretManagement-Official.yml
@@ -315,16 +315,8 @@ extends:
pool:
type: release
steps:
- - task: DownloadPipelineArtifact@2
- inputs:
- targetPath: '$(Pipeline.Workspace)'
- artifact: drop_PrepForEV2_CopyEv2FilesToArtifact
- displayName: 'Download drop_PrepForEV2_CopyEv2FilesToArtifact artifact that has all files needed'
- - task: DownloadPipelineArtifact@2
- inputs:
- buildType: 'current'
- targetPath: '$(Pipeline.Workspace)'
- displayName: 'Download to get EV2 Files'
+ - download: current
+ displayName: Download artifacts
- task: vsrm-ev2.vss-services-ev2.adm-release-task.ExpressV2Internal@1
displayName: 'Ev2: Push to ACR'
inputs:
From c1f1433307c8e9f3354c8fecbb1c4702026ea4d8 Mon Sep 17 00:00:00 2001
From: Vivian Thiebaut <vthiebaut@microsoft.com>
Date: Mon, 24 Mar 2025 16:04:50 -0400
Subject: [PATCH 06/11] Refactor environment variable setup
---
.pipelines/SecretManagement-Official.yml | 55 ++++++------------------
1 file changed, 13 insertions(+), 42 deletions(-)
diff --git a/.pipelines/SecretManagement-Official.yml b/.pipelines/SecretManagement-Official.yml
index 9305774..f1a80a1 100644
--- a/.pipelines/SecretManagement-Official.yml
+++ b/.pipelines/SecretManagement-Official.yml
@@ -217,9 +217,9 @@ extends:
- download: current
displayName: Download artifacts
- task: CopyFiles@2
- SourceFolder: $(drop)
- Contents: Microsoft.PowerShell.SecretManagement.$(version).nupkg
- TargetFolder: $(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot/SrcFiles/
+ SourceFolder: $(drop)
+ Contents: Microsoft.PowerShell.SecretManagement.$(version).nupkg
+ TargetFolder: $(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot/SrcFiles/
- task: ArchiveFiles@2
inputs:
rootFolderOrFile: $(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot/Shell/Run
@@ -229,54 +229,25 @@ extends:
archiveFile: $(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot/Shell/Run.tar
displayName: Compress Run script into tar file as needed for EV2 Shell extension
- pwsh: |
- $pathToJsonFile = Join-Path -Path '$(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot' -ChildPath 'SecretManagementToACR.Rollout.json'
+ $pathToJsonFile = '$(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot/SecretManagementToACR.Rollout.json'
$content = Get-Content -Path $pathToJsonFile | ConvertFrom-Json
- $envVarArrayLen = $content.shellExtensions.launch.environmentVariables.Length
- [xml]$xml = Get-Content Directory.Build.props
- $version = $xml.Project.PropertyGroup.ModuleVersion
+ $environmentVariables = @()
- for ($i=0; $i -lt $envVarArrayLen; $i++)
- {
- $name = $($content.shellExtensions.launch.environmentVariables[$i].name)
- if ($name -eq "DESTINATION_ACR_NAME")
- {
- $content.shellExtensions.launch.environmentVariables[$i].value = '$(acr_name)'
- Write-Verbose -Verbose "ACR Name: $($content.shellExtensions.launch.environmentVariables[$i].value)"
- }
- elseif ($name -eq "DESTINATION_ACR_URI")
- {
- $content.shellExtensions.launch.environmentVariables[$i].value = '$(acr_uri)'
- Write-Verbose -Verbose "ACR URI: $($content.shellExtensions.launch.environmentVariables[$i].value)"
- }
- elseif ($name -eq "MI_NAME")
- {
- $content.shellExtensions.launch.environmentVariables[$i].value = '$(managed_identity_name)'
- Write-Verbose -Verbose "MI Name: $($content.shellExtensions.launch.environmentVariables[$i].value)"
- }
- elseif ($name -eq "MI_CLIENTID")
- {
- $content.shellExtensions.launch.environmentVariables[$i].value = '$(managed_identity_clientid)'
- Write-Verbose -Verbose "MI Client ID: $($content.shellExtensions.launch.environmentVariables[$i].value)"
- }
- elseif($name -eq "SECRET_MANAGEMENT_VERSION")
- {
- $content.shellExtensions.launch.environmentVariables[$i].value = $version
- Write-Verbose -Verbose "Module version: $($content.shellExtensions.launch.environmentVariables[$i].value)"
- }
- elseif($name -eq "SECRET_MANAGEMENT_MODULE")
- {
- $content.shellExtensions.launch.environmentVariables[$i].reference.path = "SrcFiles\\Microsoft.PowerShell.SecretManagement.$(version).nupkg"
- Write-Verbose -Verbose "Module Path: $($content.shellExtensions.launch.environmentVariables[$i].reference.path)"
- }
- }
+ $environmentVariables += [PSCustomObject]@{name="DESTINATION_ACR_NAME", value='$(acr_name)'}
+ $environmentVariables += [PSCustomObject]@{name="DESTINATION_ACR_URI", value='$(acr_uri)'}
+ $environmentVariables += [PSCustomObject]@{name="MI_NAME", value='$(managed_identity_name)'}
+ $environmentVariables += [PSCustomObject]@{name="MI_CLIENTID", value='$(managed_identity_clientid)'}
+ $environmentVariables += [PSCustomObject]@{name="SECRET_MANAGEMENT_VERSION", value='$(version)'}
+ $environmentVariables += [PSCustomObject]@{name="SECRET_MANAGEMENT_MODULE", reference=[PSCustomObject]@{path="SrcFiles\\Microsoft.PowerShell.SecretManagement.$(version).nupkg"}'}
+
+ $content.shellExtensions.launch.environmentVariables = $environmentVariables
$identityString = "/subscriptions/$(acr_subscription)/resourcegroups/$(acr_resource_group)/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$(managed_identity_name)"
$content.shellExtensions.launch.identity.userAssignedIdentities[0] = $identityString
Remove-Item -Path $pathToJsonFile
$content | ConvertTo-Json -Depth 6 | Out-File $pathToJsonFile
-
displayName: 'Replace values in SecretManagementToACR.Rollout.json file'
- pwsh: |
$pathToJsonFile = Join-Path -Path '$(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot' -ChildPath 'RolloutSpec.json'
From 4ee9a33bd2aa8414b35252affabc7b75ae4f5f91 Mon Sep 17 00:00:00 2001
From: Vivian Thiebaut <vthiebaut@microsoft.com>
Date: Mon, 24 Mar 2025 16:17:52 -0400
Subject: [PATCH 07/11] Just fix some verbose
---
Ev2Specs/ServiceGroupRoot/Shell/Run/Run.ps1 | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Ev2Specs/ServiceGroupRoot/Shell/Run/Run.ps1 b/Ev2Specs/ServiceGroupRoot/Shell/Run/Run.ps1
index b281c41..749868b 100644
--- a/Ev2Specs/ServiceGroupRoot/Shell/Run/Run.ps1
+++ b/Ev2Specs/ServiceGroupRoot/Shell/Run/Run.ps1
@@ -45,8 +45,8 @@ try {
$moduleExists = Test-Path $secretManagementFileName
Write-Verbose -Verbose "Module $secretManagementFileName exists: $moduleExists"
- # Install PSResourceGet 1.1.0-preview2
- Write-Verbose "Download PSResourceGet version 1.1.0-preview2"
+ # Install PSResourceGet 1.1.0
+ Write-Verbose "Download PSResourceGet version 1.1.0"
Register-PSRepository -Name CFS -SourceLocation "https://pkgs.dev.azure.com/powershell/PowerShell/_packaging/powershell/nuget/v2" -InstallationPolicy Trusted
Install-Module -Repository CFS -Name Microsoft.PowerShell.PSResourceGet -RequiredVersion '1.1.0' -Verbose
Import-Module Microsoft.PowerShell.PSResourceGet
From 9360880ffac9edacc6889899461053e68ebd7d13 Mon Sep 17 00:00:00 2001
From: Vivian Thiebaut <vthiebaut@microsoft.com>
Date: Mon, 24 Mar 2025 16:30:50 -0400
Subject: [PATCH 08/11] Try removing the version file since it doesn't seem to
be used
---
Ev2Specs/ServiceGroupRoot/buildver.txt | 1 -
1 file changed, 1 deletion(-)
delete mode 100644 Ev2Specs/ServiceGroupRoot/buildver.txt
diff --git a/Ev2Specs/ServiceGroupRoot/buildver.txt b/Ev2Specs/ServiceGroupRoot/buildver.txt
deleted file mode 100644
index 7f20734..0000000
--- a/Ev2Specs/ServiceGroupRoot/buildver.txt
+++ /dev/null
@@ -1 +0,0 @@
-1.0.1
\ No newline at end of file
From 54110a6e6b3565e55e0dd556cf60369475e8d256 Mon Sep 17 00:00:00 2001
From: Vivian Thiebaut <vthiebaut@microsoft.com>
Date: Mon, 24 Mar 2025 16:40:18 -0400
Subject: [PATCH 09/11] build version is actually required
---
Ev2Specs/ServiceGroupRoot/buildver.txt | 1 +
1 file changed, 1 insertion(+)
create mode 100644 Ev2Specs/ServiceGroupRoot/buildver.txt
diff --git a/Ev2Specs/ServiceGroupRoot/buildver.txt b/Ev2Specs/ServiceGroupRoot/buildver.txt
new file mode 100644
index 0000000..359a5b9
--- /dev/null
+++ b/Ev2Specs/ServiceGroupRoot/buildver.txt
@@ -0,0 +1 @@
+2.0.0
\ No newline at end of file
From ffe015a298a5dab2edbdbaca88da57d1e63d3c05 Mon Sep 17 00:00:00 2001
From: Vivian Thiebaut <vthiebaut@microsoft.com>
Date: Tue, 25 Mar 2025 16:49:27 -0400
Subject: [PATCH 10/11] fix bugs and typos
---
.pipelines/SecretManagement-Official.yml | 27 +++++++++++++++---------
1 file changed, 17 insertions(+), 10 deletions(-)
diff --git a/.pipelines/SecretManagement-Official.yml b/.pipelines/SecretManagement-Official.yml
index f1a80a1..b677a93 100644
--- a/.pipelines/SecretManagement-Official.yml
+++ b/.pipelines/SecretManagement-Official.yml
@@ -217,16 +217,18 @@ extends:
- download: current
displayName: Download artifacts
- task: CopyFiles@2
- SourceFolder: $(drop)
- Contents: Microsoft.PowerShell.SecretManagement.$(version).nupkg
- TargetFolder: $(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot/SrcFiles/
+ inputs:
+ SourceFolder: $(drop)
+ Contents: Microsoft.PowerShell.SecretManagement.$(version).nupkg
+ TargetFolder: $(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot/SrcFiles/
- task: ArchiveFiles@2
inputs:
rootFolderOrFile: $(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot/Shell/Run
includeRootFolder: false
archiveType: tar
- tarCompression: None
+ tarCompression: none
archiveFile: $(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot/Shell/Run.tar
+ verbose: true
displayName: Compress Run script into tar file as needed for EV2 Shell extension
- pwsh: |
$pathToJsonFile = '$(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot/SecretManagementToACR.Rollout.json'
@@ -234,12 +236,12 @@ extends:
$environmentVariables = @()
- $environmentVariables += [PSCustomObject]@{name="DESTINATION_ACR_NAME", value='$(acr_name)'}
- $environmentVariables += [PSCustomObject]@{name="DESTINATION_ACR_URI", value='$(acr_uri)'}
- $environmentVariables += [PSCustomObject]@{name="MI_NAME", value='$(managed_identity_name)'}
- $environmentVariables += [PSCustomObject]@{name="MI_CLIENTID", value='$(managed_identity_clientid)'}
- $environmentVariables += [PSCustomObject]@{name="SECRET_MANAGEMENT_VERSION", value='$(version)'}
- $environmentVariables += [PSCustomObject]@{name="SECRET_MANAGEMENT_MODULE", reference=[PSCustomObject]@{path="SrcFiles\\Microsoft.PowerShell.SecretManagement.$(version).nupkg"}'}
+ $environmentVariables += [PSCustomObject]@{name="DESTINATION_ACR_NAME"; value='$(acr_name)'}
+ $environmentVariables += [PSCustomObject]@{name="DESTINATION_ACR_URI"; value='$(acr_uri)'}
+ $environmentVariables += [PSCustomObject]@{name="MI_NAME"; value='$(managed_identity_name)'}
+ $environmentVariables += [PSCustomObject]@{name="MI_CLIENTID"; value='$(managed_identity_clientid)'}
+ $environmentVariables += [PSCustomObject]@{name="SECRET_MANAGEMENT_VERSION"; value='$(version)'}
+ $environmentVariables += [PSCustomObject]@{name="SECRET_MANAGEMENT_MODULE"; reference=[PSCustomObject]@{path="SrcFiles\\Microsoft.PowerShell.SecretManagement.$(version).nupkg"}}
$content.shellExtensions.launch.environmentVariables = $environmentVariables
@@ -247,6 +249,11 @@ extends:
$content.shellExtensions.launch.identity.userAssignedIdentities[0] = $identityString
Remove-Item -Path $pathToJsonFile
+
+ $json = $content | ConvertTo-Json -Depth 6
+
+ Write-Verbose -Verbose $json
+
$content | ConvertTo-Json -Depth 6 | Out-File $pathToJsonFile
displayName: 'Replace values in SecretManagementToACR.Rollout.json file'
- pwsh: |
From 391fa53a227530cfcae0818ec983a30036f2d028 Mon Sep 17 00:00:00 2001
From: Vivian Thiebaut <vthiebaut@microsoft.com>
Date: Tue, 25 Mar 2025 16:51:23 -0400
Subject: [PATCH 11/11] remove some debug statements
---
.pipelines/SecretManagement-Official.yml | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/.pipelines/SecretManagement-Official.yml b/.pipelines/SecretManagement-Official.yml
index b677a93..c1eb774 100644
--- a/.pipelines/SecretManagement-Official.yml
+++ b/.pipelines/SecretManagement-Official.yml
@@ -228,7 +228,6 @@ extends:
archiveType: tar
tarCompression: none
archiveFile: $(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot/Shell/Run.tar
- verbose: true
displayName: Compress Run script into tar file as needed for EV2 Shell extension
- pwsh: |
$pathToJsonFile = '$(Build.SourcesDirectory)/EV2Specs/ServiceGroupRoot/SecretManagementToACR.Rollout.json'
@@ -248,12 +247,7 @@ extends:
$identityString = "/subscriptions/$(acr_subscription)/resourcegroups/$(acr_resource_group)/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$(managed_identity_name)"
$content.shellExtensions.launch.identity.userAssignedIdentities[0] = $identityString
- Remove-Item -Path $pathToJsonFile
-
- $json = $content | ConvertTo-Json -Depth 6
-
- Write-Verbose -Verbose $json
-
+ Remove-Item -Path $pathToJsonFile
$content | ConvertTo-Json -Depth 6 | Out-File $pathToJsonFile
displayName: 'Replace values in SecretManagementToACR.Rollout.json file'
- pwsh: |