2022-05-17 10:14:59 +00:00
|
|
|
trigger:
|
|
|
|
tags:
|
|
|
|
include:
|
|
|
|
- "v*"
|
2022-07-26 14:40:16 +00:00
|
|
|
exclude:
|
|
|
|
- "v*freebsd"
|
2022-05-17 10:14:59 +00:00
|
|
|
branches:
|
|
|
|
exclude:
|
|
|
|
- "*"
|
|
|
|
pr: none
|
|
|
|
|
|
|
|
pool:
|
|
|
|
vmImage: windows-latest
|
|
|
|
|
|
|
|
stages:
|
|
|
|
- stage: Build
|
|
|
|
jobs:
|
2024-03-19 16:42:08 +00:00
|
|
|
- job: Build
|
2022-05-17 10:14:59 +00:00
|
|
|
displayName: "Build"
|
|
|
|
steps:
|
|
|
|
- task: GoTool@0
|
2024-01-15 10:05:27 +00:00
|
|
|
displayName: "Install Go"
|
2022-05-17 10:14:59 +00:00
|
|
|
inputs:
|
2024-04-05 13:11:11 +00:00
|
|
|
version: '1.21.9'
|
2022-05-17 10:14:59 +00:00
|
|
|
|
|
|
|
- pwsh: |
|
|
|
|
choco install -y make
|
|
|
|
displayName: "Install builds deps"
|
|
|
|
- task: PowerShell@2
|
|
|
|
inputs:
|
|
|
|
targetType: 'inline'
|
|
|
|
pwsh: true
|
|
|
|
#we are not calling make windows_installer because we want to sign the binaries before they are added to the MSI
|
|
|
|
script: |
|
2023-06-23 12:25:29 +00:00
|
|
|
make build BUILD_RE2_WASM=1
|
2024-03-19 16:42:08 +00:00
|
|
|
|
2022-05-17 10:14:59 +00:00
|
|
|
- pwsh: |
|
2023-02-09 12:08:57 +00:00
|
|
|
$build_version=$env:BUILD_SOURCEBRANCHNAME
|
2024-03-19 16:42:08 +00:00
|
|
|
#Override the version if it's set in the pipeline
|
|
|
|
if ( ${env:USERBUILDVERSION} -ne "")
|
|
|
|
{
|
|
|
|
$build_version = ${env:USERBUILDVERSION}
|
|
|
|
}
|
2023-02-09 13:17:49 +00:00
|
|
|
if ($build_version.StartsWith("v"))
|
|
|
|
{
|
|
|
|
$build_version = $build_version.Substring(1)
|
|
|
|
}
|
2022-06-23 13:09:29 +00:00
|
|
|
if ($build_version.Contains("-"))
|
|
|
|
{
|
|
|
|
$build_version = $build_version.Substring(0, $build_version.IndexOf("-"))
|
|
|
|
}
|
2022-05-17 10:14:59 +00:00
|
|
|
Write-Host "##vso[task.setvariable variable=BuildVersion;isOutput=true]$build_version"
|
2023-02-09 12:08:57 +00:00
|
|
|
displayName: GetCrowdsecVersion
|
|
|
|
name: GetCrowdsecVersion
|
|
|
|
- pwsh: |
|
2024-03-19 16:42:08 +00:00
|
|
|
Get-ChildItem -Path .\cmd -Directory | ForEach-Object {
|
|
|
|
$dirName = $_.Name
|
|
|
|
Get-ChildItem -Path .\cmd\$dirName -File -Filter '*.exe' | ForEach-Object {
|
|
|
|
$fileName = $_.Name
|
|
|
|
$destDir = Join-Path $(Build.ArtifactStagingDirectory) cmd\$dirName
|
|
|
|
New-Item -ItemType Directory -Path $destDir -Force
|
|
|
|
Copy-Item -Path .\cmd\$dirName\$fileName -Destination $destDir
|
|
|
|
}
|
|
|
|
}
|
|
|
|
displayName: "Copy binaries to staging directory"
|
|
|
|
- task: PublishPipelineArtifact@1
|
|
|
|
inputs:
|
|
|
|
targetPath: '$(Build.ArtifactStagingDirectory)'
|
|
|
|
artifact: 'unsigned_binaries'
|
|
|
|
displayName: "Upload binaries artifact"
|
|
|
|
|
|
|
|
- stage: Sign
|
|
|
|
dependsOn: Build
|
|
|
|
variables:
|
|
|
|
- group: 'FOSS Build Variables'
|
|
|
|
- name: BuildVersion
|
|
|
|
value: $[ stageDependencies.Build.Build.outputs['GetCrowdsecVersion.BuildVersion'] ]
|
|
|
|
condition: succeeded()
|
|
|
|
jobs:
|
|
|
|
- job: Sign
|
|
|
|
displayName: "Sign"
|
|
|
|
steps:
|
|
|
|
- download: current
|
|
|
|
artifact: unsigned_binaries
|
|
|
|
displayName: "Download binaries artifact"
|
|
|
|
- task: CopyFiles@2
|
|
|
|
inputs:
|
|
|
|
SourceFolder: '$(Pipeline.Workspace)/unsigned_binaries'
|
|
|
|
TargetFolder: '$(Build.SourcesDirectory)'
|
|
|
|
displayName: "Copy binaries to workspace"
|
|
|
|
- task: DotNetCoreCLI@2
|
|
|
|
displayName: "Install SignTool tool"
|
|
|
|
inputs:
|
|
|
|
command: 'custom'
|
|
|
|
custom: 'tool'
|
|
|
|
arguments: install --global sign --version 0.9.0-beta.23127.3
|
|
|
|
- task: AzureKeyVault@2
|
|
|
|
displayName: "Get signing parameters"
|
|
|
|
inputs:
|
|
|
|
azureSubscription: "Azure subscription"
|
|
|
|
KeyVaultName: "$(KeyVaultName)"
|
|
|
|
SecretsFilter: "TenantId,ClientId,ClientSecret,Certificate,KeyVaultUrl"
|
|
|
|
- pwsh: |
|
|
|
|
sign code azure-key-vault `
|
|
|
|
"**/*.exe" `
|
|
|
|
--base-directory "$(Build.SourcesDirectory)/cmd/" `
|
|
|
|
--publisher-name "CrowdSec" `
|
|
|
|
--description "CrowdSec" `
|
|
|
|
--description-url "https://github.com/crowdsecurity/crowdsec" `
|
|
|
|
--azure-key-vault-tenant-id "$(TenantId)" `
|
|
|
|
--azure-key-vault-client-id "$(ClientId)" `
|
|
|
|
--azure-key-vault-client-secret "$(ClientSecret)" `
|
|
|
|
--azure-key-vault-certificate "$(Certificate)" `
|
|
|
|
--azure-key-vault-url "$(KeyVaultUrl)"
|
|
|
|
displayName: "Sign crowdsec binaries"
|
|
|
|
- pwsh: |
|
|
|
|
.\make_installer.ps1 -version '$(BuildVersion)'
|
2022-05-17 10:14:59 +00:00
|
|
|
displayName: "Build Crowdsec MSI"
|
|
|
|
name: BuildMSI
|
2022-10-20 09:12:54 +00:00
|
|
|
- pwsh: |
|
2024-03-19 16:42:08 +00:00
|
|
|
.\make_chocolatey.ps1 -version '$(BuildVersion)'
|
2022-10-20 09:12:54 +00:00
|
|
|
displayName: "Build Chocolatey nupkg"
|
2022-05-17 10:14:59 +00:00
|
|
|
- pwsh: |
|
2024-03-19 16:42:08 +00:00
|
|
|
sign code azure-key-vault `
|
|
|
|
"*.msi" `
|
|
|
|
--base-directory "$(Build.SourcesDirectory)" `
|
|
|
|
--publisher-name "CrowdSec" `
|
|
|
|
--description "CrowdSec" `
|
|
|
|
--description-url "https://github.com/crowdsecurity/crowdsec" `
|
|
|
|
--azure-key-vault-tenant-id "$(TenantId)" `
|
|
|
|
--azure-key-vault-client-id "$(ClientId)" `
|
|
|
|
--azure-key-vault-client-secret "$(ClientSecret)" `
|
|
|
|
--azure-key-vault-certificate "$(Certificate)" `
|
|
|
|
--azure-key-vault-url "$(KeyVaultUrl)"
|
|
|
|
displayName: "Sign MSI package"
|
|
|
|
- pwsh: |
|
|
|
|
sign code azure-key-vault `
|
|
|
|
"*.nupkg" `
|
|
|
|
--base-directory "$(Build.SourcesDirectory)" `
|
|
|
|
--publisher-name "CrowdSec" `
|
|
|
|
--description "CrowdSec" `
|
|
|
|
--description-url "https://github.com/crowdsecurity/crowdsec" `
|
|
|
|
--azure-key-vault-tenant-id "$(TenantId)" `
|
|
|
|
--azure-key-vault-client-id "$(ClientId)" `
|
|
|
|
--azure-key-vault-client-secret "$(ClientSecret)" `
|
|
|
|
--azure-key-vault-certificate "$(Certificate)" `
|
|
|
|
--azure-key-vault-url "$(KeyVaultUrl)"
|
|
|
|
displayName: "Sign nuget package"
|
|
|
|
- task: PublishPipelineArtifact@1
|
2022-05-17 10:14:59 +00:00
|
|
|
inputs:
|
2024-03-19 16:42:08 +00:00
|
|
|
targetPath: '$(Build.SourcesDirectory)/crowdsec_$(BuildVersion).msi'
|
|
|
|
artifact: 'signed_msi_package'
|
|
|
|
displayName: "Upload signed MSI artifact"
|
|
|
|
- task: PublishPipelineArtifact@1
|
2022-10-20 09:12:54 +00:00
|
|
|
inputs:
|
2024-03-19 16:42:08 +00:00
|
|
|
targetPath: '$(Build.SourcesDirectory)/crowdsec.$(BuildVersion).nupkg'
|
|
|
|
artifact: 'signed_nuget_package'
|
|
|
|
displayName: "Upload signed nuget artifact"
|
|
|
|
|
2022-05-17 10:14:59 +00:00
|
|
|
- stage: Publish
|
2024-03-19 16:42:08 +00:00
|
|
|
dependsOn: Sign
|
2022-05-17 10:14:59 +00:00
|
|
|
jobs:
|
|
|
|
- deployment: "Publish"
|
|
|
|
displayName: "Publish to GitHub"
|
|
|
|
environment: github
|
|
|
|
strategy:
|
|
|
|
runOnce:
|
|
|
|
deploy:
|
|
|
|
steps:
|
|
|
|
- bash: |
|
|
|
|
tag=$(curl -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/crowdsecurity/crowdsec/releases | jq -r '. | map(select(.prerelease==true)) | sort_by(.created_at) | reverse | .[0].tag_name')
|
|
|
|
echo "##vso[task.setvariable variable=LatestPreRelease;isOutput=true]$tag"
|
|
|
|
name: GetLatestPrelease
|
|
|
|
- task: GitHubRelease@1
|
|
|
|
inputs:
|
|
|
|
gitHubConnection: "github.com_blotus"
|
|
|
|
repositoryName: '$(Build.Repository.Name)'
|
|
|
|
action: 'edit'
|
|
|
|
tag: '$(GetLatestPrelease.LatestPreRelease)'
|
|
|
|
assetUploadMode: 'replace'
|
|
|
|
addChangeLog: false
|
|
|
|
isPreRelease: true #we force prerelease because the pipeline is invoked on tag creation, which happens when we do a prerelease
|
|
|
|
assets: |
|
2024-03-19 16:42:08 +00:00
|
|
|
$(Pipeline.Workspace)/signed_msi_package/*.msi
|
|
|
|
$(Pipeline.Workspace)/signed_nuget_package/*.nupkg
|
2022-05-17 10:14:59 +00:00
|
|
|
condition: ne(variables['GetLatestPrelease.LatestPreRelease'], '')
|