mirror of
https://github.com/digital-asset/daml.git
synced 2024-09-20 01:07:18 +03:00
6a1c75cfd4
During the latest attempt at making a snapshot release (#4749), everything seemingly went well except for the step of signing the Windows installer. Based on a very obscure erorr message (Access Denied) and a bit of Google search, my current hypothesis is that the signing fails because the artifact produced by Bazel is read-only. This was not an issue in the previous setup because we were getting the installer from an Azure internal download between different jobs. We are now getting the binary directly from Bazel. This also adds a `set -e` to the relevant Bash snippet, because ideally they should always have one. CHANGELOG_BEGIN CHANGELOG_END
69 lines
2.6 KiB
YAML
69 lines
2.6 KiB
YAML
# Copyright (c) 2020 The DAML Authors. All rights reserved.
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
parameters:
|
|
release_tag: ''
|
|
is_release: ''
|
|
|
|
steps:
|
|
- bash: ci/configure-bazel.sh
|
|
displayName: 'Configure Bazel'
|
|
env:
|
|
IS_FORK: $(System.PullRequest.IsFork)
|
|
# to upload to the bazel cache
|
|
GOOGLE_APPLICATION_CREDENTIALS_CONTENT: $(GOOGLE_APPLICATION_CREDENTIALS_CONTENT)
|
|
|
|
- powershell: '.\ci\windows-diagnostics.ps1'
|
|
displayName: 'Agent diagnostics'
|
|
|
|
- powershell: '.\build.ps1'
|
|
displayName: 'Build'
|
|
env:
|
|
DAML_SDK_RELEASE_VERSION: ${{parameters.release_tag}}
|
|
|
|
- task: PublishBuildArtifacts@1
|
|
condition: failed()
|
|
displayName: 'Publish the bazel test logs'
|
|
inputs:
|
|
pathtoPublish: 'bazel-testlogs/'
|
|
artifactName: 'Test logs'
|
|
|
|
- bash: |
|
|
set -euo pipefail
|
|
INSTALLER=daml-sdk-${{parameters.release_tag}}-windows.exe
|
|
mv "bazel-bin/release/windows-installer/daml-sdk-installer.exe" "$(Build.StagingDirectory)/$INSTALLER"
|
|
chmod +wx "$(Build.StagingDirectory)/$INSTALLER"
|
|
cleanup () {
|
|
rm -f signing_key.pfx
|
|
}
|
|
trap cleanup EXIT
|
|
echo "$SIGNING_KEY" | base64 -d > signing_key.pfx
|
|
MSYS_NO_PATHCONV=1 signtool.exe sign '/f' signing_key.pfx '/fd' sha256 '/tr' "http://timestamp.digicert.com" '/v' "$(Build.StagingDirectory)/$INSTALLER"
|
|
rm signing_key.pfx
|
|
trap - EXIT
|
|
echo "##vso[task.setvariable variable=installer;isOutput=true]$INSTALLER"
|
|
TARBALL=daml-sdk-${{parameters.release_tag}}-windows.tar.gz
|
|
cp bazel-bin/release/sdk-release-tarball.tar.gz '$(Build.StagingDirectory)'/$TARBALL
|
|
echo "##vso[task.setvariable variable=tarball;isOutput=true]$TARBALL"
|
|
name: publish
|
|
env:
|
|
SIGNING_KEY: $(microsoft-code-signing)
|
|
DAML_SDK_RELEASE_VERSION: ${{parameters.release_tag}}
|
|
condition: and(succeeded(),
|
|
eq(${{parameters.is_release}}, 'true'),
|
|
eq(variables['Build.SourceBranchName'], 'master'))
|
|
- task: PublishPipelineArtifact@0
|
|
condition: and(succeeded(),
|
|
eq(${{parameters.is_release}}, 'true'),
|
|
eq(variables['Build.SourceBranchName'], 'master'))
|
|
inputs:
|
|
targetPath: $(Build.StagingDirectory)/$(publish.installer)
|
|
artifactName: $(publish.installer)
|
|
- task: PublishPipelineArtifact@0
|
|
condition: and(succeeded(),
|
|
eq(${{parameters.is_release}}, 'true'),
|
|
eq(variables['Build.SourceBranchName'], 'master'))
|
|
inputs:
|
|
targetPath: $(Build.StagingDirectory)/$(publish.tarball)
|
|
artifactName: $(publish.tarball)
|