Merge pull request #1530 from PowerShell/andschwa/ado

Update release and CI pipelines

Author: andyleejordan

.github/CODEOWNERS

@@ -1,7 +1,7 @@
 # https://help.github.com/articles/about-codeowners/
 
 # Global reviewers
-* @tylerl0706 @rjmholt
+* @andschwa @rjmholt
 
 # Area: Analysis & Formatting
 src/PowerShellEditorServices/Analysis/                 @rjmholt

.vsts-ci/azure-pipelines-ci.yml

@@ -9,58 +9,49 @@ variables:
     value: 'true'
 
 trigger:
-  batch: true
   branches:
     include:
       - master
-      - legacy/1.x
-  paths:
-    exclude:
-      - /.dependabot/*
-      - /.poshchan/*
-      - /.github/**/*
-      - /.vscode/**/*
-      - /.vsts-ci/misc-analysis.yml
-      - /tools/**/*
-      - .editorconfig
-      - .gitattributes
-      - .gitignore
-      - /docs/**/*
-      - /CHANGELOG.md
-      - /CONTRIBUTING.md
-      - /README.md
-      - /LICENSE
-      - /CODE_OF_CONDUCT.md
 
-# TODO: Setup matrix of image support.
+pr:
+- master
+
 jobs:
-- job: 'PS51_Win10'
-  displayName: PowerShell 5.1 | Windows 10
+- job: PS51_Win2016
+  displayName: PowerShell 5.1 - Windows Server 2016
+  pool:
+    vmImage: vs2017-win2016
+  steps:
+  - template: templates/ci-general.yml
+    parameters:
+      pwsh: false
+
+- job: PS51_Win2019
+  displayName: PowerShell 5.1 - Windows Server 2019
   pool:
-    # TODO: Update this image.
-    vmImage: 'vs2017-win2016'
+    vmImage: windows-2019
   steps:
   - template: templates/ci-general.yml
     parameters:
       pwsh: false
 
-- job: 'PS7_Win10'
-  displayName: PowerShell 7 | Windows 10
+- job: PS7_Win2019
+  displayName: PowerShell 7 - Windows Server 2019
   pool:
-    vmImage: 'windows-2019'
+    vmImage: windows-2019
   steps:
   - template: templates/ci-general.yml
 
-- job: 'PS7_macOS'
-  displayName: PowerShell 7 | macOS
+- job: PS7_macOS
+  displayName: PowerShell 7 - macOS 10.15
   pool:
-    vmImage: 'macOS-10.15'
+    vmImage: macOS-10.15
   steps:
   - template: templates/ci-general.yml
 
-- job: 'PS7_Ubuntu'
-  displayName: PowerShell 7 | Ubuntu
+- job: PS7_Ubuntu
+  displayName: PowerShell 7 - Ubuntu 20.04
   pool:
-    vmImage: 'ubuntu-20.04'
+    vmImage: ubuntu-20.04
   steps:
   - template: templates/ci-general.yml

.vsts-ci/azure-pipelines-release.yml

@@ -11,10 +11,7 @@ variables:
 trigger:
   branches:
     include:
-      - release/*
-  tags:
-    include:
-    - v*
+      - release
 
 resources:
   repositories:
@@ -32,7 +29,7 @@ stages:
   jobs:
   - job: Build
     pool:
-      vmImage: vs2017-win2016
+      vmImage: windows-2019
     steps:
     - template: templates/ci-general.yml
 
@@ -54,7 +51,7 @@ stages:
   - deployment: Publish
     environment: PowerShellEditorServices
     pool:
-      name: 1ES
+      vmImage: ubuntu-latest
     variables:
     - group: Publish
     strategy:

.vsts-ci/misc-analysis.yml

@@ -1,31 +1,25 @@
 name: PR-$(System.PullRequest.PullRequestNumber)-$(Date:yyyyMMdd)$(Rev:.rr)
+
 trigger:
-  # Batch merge builds together while a merge build is running
-  batch: true
   branches:
     include:
     - master
 
 pr:
-  branches:
-    include:
-    - master
-    - legacy/1.x
+- master
 
 resources:
   repositories:
   - repository: ComplianceRepo
     type: github
-    endpoint: ComplianceGHRepo
+    endpoint: GitHub
     name: PowerShell/compliance
 
 jobs:
-- job: Compliance_Job
+- job: Compliance
   pool:
     vmImage: windows-latest
   steps:
   - checkout: self
-    clean: true
   - checkout: ComplianceRepo
-    clean: true
   - template: ci-compliance.yml@ComplianceRepo

.vsts-ci/templates/ci-general.yml

@@ -4,7 +4,7 @@ parameters:
   default: true
 
 steps:
-- pwsh: '$PSVersionTable'
+- pwsh: $PSVersionTable
   displayName: PowerShell version
 
 - task: PowerShell@2
@@ -13,10 +13,20 @@ steps:
     filePath: tools/azurePipelinesBuild.ps1
     pwsh: ${{ parameters.pwsh }}
 
-- publish: module
+# NOTE: We zip the artifacts because they're ~20 MB compressed, but ~300 MB raw,
+# and we have limited pipeline artifact storage space.
+- task: ArchiveFiles@2
+  displayName: Zip pipeline artifacts
+  inputs:
+    rootFolderOrFile: module
+    includeRootFolder: false
+    archiveType: zip
+    archiveFile: PowerShellEditorServices-Build.zip
+    verbose: true
+
+- publish: PowerShellEditorServices-Build.zip
   artifact: PowerShellEditorServices-Build-$(System.JobId)
   displayName: Publish unsigned pipeline artifacts
-  condition: succeededOrFailed()
 
 - task: PublishTestResults@2
   displayName: Publish test results

.vsts-ci/templates/publish-general.yml

@@ -1,15 +1,12 @@
 steps:
 - checkout: self
 - checkout: vscode-powershell
+
 - download: current
   artifact: PowerShellEditorServices
   displayName: Download signed pipeline artifacts
+
 - pwsh: |
-    Set-PSRepository -Name PSGallery -InstallationPolicy Trusted | Out-Null
-    Install-Module -Name PowerShellForGitHub -Scope CurrentUser -Force -Confirm:$false
-    Import-Module '$(Build.SourcesDirectory)/vscode-powershell/tools/ReleaseTools.psm1'
-    Set-GitHubConfiguration -SuppressTelemetryReminder
-    $password = ConvertTo-SecureString -String '$(GitHubToken)' -AsPlainText -Force
-    Set-GitHubAuthentication -Credential (New-Object System.Management.Automation.PSCredential ("token", $password))
-    New-DraftRelease -RepositoryName PowerShellEditorServices -Assets '$(Pipeline.Workspace)/PowerShellEditorServices/PowerShellEditorServices.zip'
+    $(Build.SourcesDirectory)/vscode-powershell/tools/setupReleaseTools.ps1 -Token $(GitHubToken)
+    New-DraftRelease -RepositoryName PowerShellEditorServices -Assets $(Pipeline.Workspace)/PowerShellEditorServices/PowerShellEditorServices.zip
   displayName: Drafting a GitHub Release

.vsts-ci/templates/release-general.yml

@@ -1,15 +1,21 @@
 steps:
-
 - download: current
   displayName: Download unsigned pipeline artifacts
 
+- task: ExtractFiles@1
+  displayName: Extract unsigned artifacts
+  inputs:
+    archiveFilePatterns: $(Pipeline.Workspace)/PowerShellEditorServices-Build-*/PowerShellEditorServices-Build.zip
+    destinationFolder: $(Pipeline.Workspace)/Unsigned
+    cleanDestinationFolder: true
+
 - checkout: ComplianceRepo
 
 # NOTE: The signing templates explicitly copy everything along as they run, so
 # the last output path has every signed (and intentionally unsigned) file.
 - template: EsrpSign.yml@ComplianceRepo
   parameters:
-    buildOutputPath: $(Pipeline.Workspace)/PowerShellEditorServices-Build-*
+    buildOutputPath: $(Pipeline.Workspace)/Unsigned
     signOutputPath: $(Pipeline.Workspace)/FirstPartySigned
     alwaysCopy: true
     certificateId: CP-230012 # Authenticode certificate
@@ -43,7 +49,7 @@ steps:
       **/UnixConsoleEcho.dll
 
 - task: ArchiveFiles@2
-  displayName: Zip finished assets
+  displayName: Zip signed artifacts
   inputs:
     rootFolderOrFile: $(Pipeline.Workspace)/ThirdPartySigned
     includeRootFolder: false
@@ -52,10 +58,6 @@ steps:
     replaceExistingArchive: true
     verbose: true
 
-- publish: PowerShellEditorServices.zip
-  artifact: PowerShellEditorServices
-  displayName: Publish signed pipeline artifacts
-
 - checkout: self
 
 - template: assembly-module-compliance.yml@ComplianceRepo
@@ -74,5 +76,9 @@ steps:
     optionsFTPath: $(Build.SourcesDirectory)/PowerShellEditorServices/tools/terms/FileTypeSet.xml
     # tsa-upload
     codeBaseName: PowerShell_PowerShellEditorServices_20210201
-    # selections
+    # We don't use any Windows APIs directly, so we don't need API scan
     APIScan: false
+
+- publish: PowerShellEditorServices.zip
+  artifact: PowerShellEditorServices
+  displayName: Publish signed pipeline artifacts

tools/azurePipelinesBuild.ps1

@@ -6,9 +6,9 @@ $ErrorActionPreference = 'Stop'
 Set-PSRepository -Name PSGallery -InstallationPolicy Trusted | Out-Null
 if ($IsWindows -or $PSVersionTable.PSVersion.Major -lt 6) {
     # We rely on PowerShellGet's -AllowPrerelease which is in PowerShellGet 1.6 so we need to update PowerShellGet.
-    Get-Module PowerShellGet,PackageManagement | Remove-Module -Force -Verbose
-    powershell -Command { Install-Module -Name PowerShellGet -MinimumVersion 1.6 -Force -Confirm:$false -Verbose }
-    powershell -Command { Install-Module -Name PackageManagement -MinimumVersion 1.1.7.0 -Force -Confirm:$false -Verbose }
+    Get-Module PowerShellGet,PackageManagement | Remove-Module -Force
+    powershell -Command { Install-Module -Name PowerShellGet -MinimumVersion 1.6 -Force }
+    powershell -Command { Install-Module -Name PackageManagement -MinimumVersion 1.1.7.0 -Force }
     Import-Module -Name PowerShellGet -MinimumVersion 1.6 -Force
     Import-Module -Name PackageManagement -MinimumVersion 1.1.7.0 -Force
 }
@@ -17,7 +17,7 @@ if ($IsWindows -or $PSVersionTable.PSVersion.Major -lt 6) {
 Update-Help -Force -ErrorAction SilentlyContinue
 
 # Needed for build and docs gen.
-Install-Module InvokeBuild -MaximumVersion 5.1.0 -Scope CurrentUser
-Install-Module PlatyPS -RequiredVersion 0.9.0 -Scope CurrentUser
+Install-Module -Name InvokeBuild -MaximumVersion 5.1.0 -Scope CurrentUser -Force
+Install-Module -Name PlatyPS -RequiredVersion 0.9.0 -Scope CurrentUser -Force
 
 Invoke-Build -Configuration Release