mirror of
https://github.com/digital-asset/daml.git
synced 2024-09-21 01:37:15 +03:00
0c8070bbd5
* Sign the Windows installer * Address review comments * Mention signing in release notes
196 lines
7.7 KiB
YAML
196 lines
7.7 KiB
YAML
# Azure Pipelines file, see https://aka.ms/yaml
|
|
|
|
# Enable builds on all branches
|
|
trigger:
|
|
# Build every commit as our release process relies on
|
|
# the release process being built alone.
|
|
batch: false
|
|
branches:
|
|
include:
|
|
- master
|
|
|
|
# Enable PR triggers that target the master branch
|
|
pr:
|
|
autoCancel: true # cancel previous builds on push
|
|
branches:
|
|
include:
|
|
- master
|
|
|
|
jobs:
|
|
- job: Linux
|
|
timeoutInMinutes: 360
|
|
pool:
|
|
name: 'linux-pool'
|
|
steps:
|
|
- template: ci/build-unix.yml
|
|
parameters:
|
|
name: linux
|
|
- bash: |
|
|
set -euo pipefail
|
|
MESSAGE=$(git log --pretty=format:%s -n1)
|
|
curl -XPOST \
|
|
-i \
|
|
-H 'Content-type: application/json' \
|
|
--data "{\"text\":\"<!here> *FAILED* Linux: <https://dev.azure.com/digitalasset/daml/_build/results?buildId=$(Build.BuildId)|$MESSAGE>\n\"}" \
|
|
$(Slack.URL)
|
|
condition: and(failed(), eq(variables['Build.SourceBranchName'], 'master'))
|
|
|
|
- job: macOS
|
|
timeoutInMinutes: 360
|
|
pool:
|
|
vmImage: 'macOS-10.14'
|
|
steps:
|
|
- template: ci/build-unix.yml
|
|
parameters:
|
|
name: macos
|
|
- bash: |
|
|
set -euo pipefail
|
|
MESSAGE=$(git log --pretty=format:%s -n1)
|
|
curl -XPOST \
|
|
-i \
|
|
-H 'Content-type: application/json' \
|
|
--data "{\"text\":\"<!here> *FAILED* macOS: <https://dev.azure.com/digitalasset/daml/_build/results?buildId=$(Build.BuildId)|$MESSAGE>\n\"}" \
|
|
$(Slack.URL)
|
|
condition: and(failed(), eq(variables['Build.SourceBranchName'], 'master'))
|
|
|
|
- job: Windows
|
|
timeoutInMinutes: 360
|
|
pool:
|
|
name: 'windows-pool'
|
|
steps:
|
|
- template: ci/build-windows.yml
|
|
- bash: |
|
|
set -euo pipefail
|
|
MESSAGE=$(git log --pretty=format:%s -n1)
|
|
curl -XPOST \
|
|
-i \
|
|
-H 'Content-type: application/json' \
|
|
--data "{\"text\":\"<!here> *FAILED* Windows: <https://dev.azure.com/digitalasset/daml/_build/results?buildId=$(Build.BuildId)|$MESSAGE>\n\"}" \
|
|
$(Slack.URL)
|
|
condition: and(failed(), eq(variables['Build.SourceBranchName'], 'master'))
|
|
|
|
- job: perf
|
|
timeoutInMinutes: 60
|
|
pool:
|
|
name: 'linux-pool'
|
|
steps:
|
|
- checkout: self
|
|
- bash: ci/dev-env-install.sh
|
|
displayName: 'Build/Install the Developer Environment'
|
|
- bash: ci/configure-bazel.sh
|
|
displayName: 'Configure Bazel'
|
|
env:
|
|
IS_FORK: $(System.PullRequest.IsFork)
|
|
# to upload to the bazel cache
|
|
GOOGLE_APPLICATION_CREDENTIALS_CONTENT: $(GOOGLE_APPLICATION_CREDENTIALS_CONTENT)
|
|
- bash: |
|
|
set -euo pipefail
|
|
eval "$(./dev-env/bin/dade-assist)"
|
|
bazel run -- //ledger/sandbox-perf -foe true -i1 -f1 -wi 1 -bm avgt -rf csv -rff "$(Build.StagingDirectory)/sandbox-perf.csv"
|
|
- task: PublishBuildArtifacts@1
|
|
condition: succeededOrFailed()
|
|
inputs:
|
|
pathtoPublish: '$(Build.StagingDirectory)'
|
|
artifactName: 'Perf test logs'
|
|
- bash: |
|
|
set -euo pipefail
|
|
MESSAGE=$(git log --pretty=format:%s -n1)
|
|
curl -XPOST \
|
|
-i \
|
|
-H 'Content-type: application/json' \
|
|
--data "{\"text\":\"<!here> *FAILED* perf: <https://dev.azure.com/digitalasset/daml/_build/results?buildId=$(Build.BuildId)|$MESSAGE>\n\"}" \
|
|
$(Slack.URL)
|
|
condition: and(failed(), eq(variables['Build.SourceBranchName'], 'master'))
|
|
|
|
- job: Windows_signing
|
|
# Signing is a separate job so that we can make sure that we only sign on releases.
|
|
# Since the release check is run on Linux, we do not have access to that information
|
|
# in the regular Windows step.
|
|
dependsOn: [ "Windows", "Linux" ]
|
|
pool:
|
|
name: 'windows-pool'
|
|
condition: and(succeeded(), eq(dependencies.Linux.outputs['release.has_released'], 'true'))
|
|
variables:
|
|
unsigned-installer: $[ dependencies.Windows.outputs['publish.artifact-unsigned-windows-installer'] ]
|
|
steps:
|
|
- checkout: self
|
|
persistCredentials: true
|
|
- task: DownloadPipelineArtifact@0
|
|
inputs:
|
|
artifactName: $(unsigned-installer)
|
|
targetPath: $(Build.StagingDirectory)/
|
|
- bash: |
|
|
set -euo pipefail
|
|
INSTALLER=daml-sdk-$(cat VERSION)-windows.exe
|
|
mv "$(Build.StagingDirectory)/$(unsigned-installer)" "$(Build.StagingDirectory)/$INSTALLER"
|
|
chmod +x "$(Build.StagingDirectory)/$INSTALLER"
|
|
echo "$SIGNING_KEY" | base64 -d > signing_key.pfx
|
|
MSYS_NO_PATHCONV=1 signtool.exe sign '/f' signing_key.pfx '/fd' sha256 '/tr' "http://timestamp.digicert.com" '/v' "$(Build.StagingDirectory)/$INSTALLER"
|
|
rm signing_key.pfx
|
|
echo "##vso[task.setvariable variable=artifact-windows-installer;isOutput=true]$INSTALLER"
|
|
echo "##vso[task.setvariable variable=has_released;isOutput=true]true"
|
|
name: signing
|
|
env:
|
|
SIGNING_KEY: $(microsoft-code-signing)
|
|
- task: PublishPipelineArtifact@0
|
|
inputs:
|
|
targetPath: $(Build.StagingDirectory)/$(signing.artifact-windows-installer)
|
|
artifactName: $(signing.artifact-windows-installer)
|
|
- job: release
|
|
dependsOn: [ "Linux", "macOS", "Windows", "Windows_signing", "perf"]
|
|
pool:
|
|
vmImage: "Ubuntu-16.04"
|
|
condition: and(succeeded(),
|
|
eq( dependencies.Linux.outputs['release.has_released'], 'true' ),
|
|
eq( dependencies.macOS.outputs['release.has_released'], 'true' ),
|
|
eq( dependencies.Windows.outputs['release.has_released'], 'true' ))
|
|
variables:
|
|
artifact-linux: $[ dependencies.Linux.outputs['publish.artifact'] ]
|
|
artifact-macos: $[ dependencies.macOS.outputs['publish.artifact'] ]
|
|
artifact-windows: $[ dependencies.Windows.outputs['publish.artifact'] ]
|
|
artifact-windows-installer: $[ dependencies.Windows_signing.outputs['signing.artifact-windows-installer'] ]
|
|
steps:
|
|
- checkout: self
|
|
persistCredentials: true
|
|
- bash: |
|
|
set -euxo pipefail
|
|
git tag v$(cat VERSION)
|
|
git push origin v$(cat VERSION)
|
|
mkdir $(Build.StagingDirectory)/release
|
|
- task: DownloadPipelineArtifact@0
|
|
inputs:
|
|
artifactName: $(artifact-linux)
|
|
targetPath: $(Build.StagingDirectory)/release
|
|
- task: DownloadPipelineArtifact@0
|
|
inputs:
|
|
artifactName: $(artifact-macos)
|
|
targetPath: $(Build.StagingDirectory)/release
|
|
- task: DownloadPipelineArtifact@0
|
|
inputs:
|
|
artifactName: $(artifact-windows)
|
|
targetPath: $(Build.StagingDirectory)/release
|
|
- task: DownloadPipelineArtifact@0
|
|
inputs:
|
|
artifactName: $(artifact-windows-installer)
|
|
targetPath: $(Build.StagingDirectory)/release
|
|
- task: GitHubRelease@0
|
|
inputs:
|
|
gitHubConnection: 'garyverhaegen-da'
|
|
repositoryName: '$(Build.Repository.Name)'
|
|
action: 'create'
|
|
target: '$(Build.SourceVersion)'
|
|
tagSource: 'auto'
|
|
assets: $(Build.StagingDirectory)/release/*
|
|
assetUploadMode: 'replace'
|
|
addChangeLog: false
|
|
isPrerelease: true
|
|
- bash: |
|
|
set -euo pipefail
|
|
MESSAGE=$(git log --pretty=format:%s -n1)
|
|
curl -XPOST \
|
|
-i \
|
|
-H 'Content-type: application/json' \
|
|
--data "{\"text\":\"<!here> *FAILED* Release: <https://dev.azure.com/digitalasset/daml/_build/results?buildId=$(Build.BuildId)|$MESSAGE>\n\"}" \
|
|
$(Slack.URL)
|
|
condition: and(failed(), eq(variables['Build.SourceBranchName'], 'master'))
|