Scripts needed to build and sign PSSA via MS VSTS so it can be published in the gallery (#983)

* First set of files for vsts build

* Added scripts for VSTS build

Updated docker file and releasemaker module

* Change vsts build script to be able to put built module anywhere based on _DockerVolume_

Remove a comment

* Revert "Change vsts build script to be able to put built module anywhere based on _DockerVolume_"

This reverts commit 82ebc03.

Author: JamesWTruher

Utils/ReleaseMaker.psm1

@@ -92,7 +92,7 @@ function New-ReleaseBuild
     Push-Location $solutionPath
     try
     {
-        remove-item out/ -recurse -force
+        if ( test-path out ) { remove-item out/ -recurse -force }
         .\buildCoreClr.ps1 -Framework net451 -Configuration Release -Build
         .\buildCoreClr.ps1 -Framework net451 -Configuration PSV3Release -Build
         .\buildCoreClr.ps1 -Framework netstandard2.0 -Configuration Release -Build
@@ -196,4 +196,4 @@ function Set-ContentUtf8NoBom {
 }
 
 Export-ModuleMember -Function New-Release
-Export-ModuleMember -Function New-ReleaseBuild
+Export-ModuleMember -Function New-ReleaseBuild

tools/releaseBuild/Image/DockerFile

@@ -0,0 +1,34 @@
+# escape=`
+#0.3.6 (no powershell 6)
+# FROM microsoft/windowsservercore
+FROM microsoft/dotnet-framework:4.7.1
+LABEL maintainer='PowerShell Team <[email protected]>'
+LABEL description="This Dockerfile for Windows Server Core with git installed via chocolatey."
+
+SHELL ["C:\\windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", "-command"]
+# Install Git, and platyPS
+# Git installs to C:\Program Files\Git
+# nuget installs to C:\ProgramData\chocolatey\bin\NuGet.exe
+COPY dockerInstall.psm1 containerFiles/dockerInstall.psm1
+
+RUN Import-Module PackageManagement; `
+    Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force; `
+    Import-Module ./containerFiles/dockerInstall.psm1; `
+    Install-ChocolateyPackage -PackageName git -Executable git.exe; `
+    Install-ChocolateyPackage -PackageName nuget.commandline -Executable nuget.exe -Cleanup; `
+    Install-Module -Force -Name platyPS; `
+    Invoke-WebRequest -Uri https://raw.githubusercontent.com/dotnet/cli/master/scripts/obtain/dotnet-install.ps1 -outfile C:/dotnet-install.ps1; `
+    C:/dotnet-install.ps1 -Channel Release -Version 2.1.4; `
+    Add-Path C:/Users/ContainerAdministrator/AppData/Local/Microsoft/dotnet;
+
+RUN Import-Module ./containerFiles/dockerInstall.psm1; `
+#   git clone https://Github.com/PowerShell/PSScriptAnalyzer; `
+    Install-ChocolateyPackage -PackageName dotnet4.5;
+
+RUN Import-Module ./containerFiles/dockerInstall.psm1; `
+    Install-ChocolateyPackage -PackageName netfx-4.5.1-devpack;
+
+COPY buildPSSA.ps1 containerFiles/buildPSSA.ps1
+
+ENTRYPOINT ["C:\\windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", "-command"]
+

tools/releaseBuild/Image/buildPSSA.ps1

@@ -0,0 +1,4 @@
+push-location C:/PSScriptAnalyzer
+import-module C:/PSScriptAnalyzer/Utils/ReleaseMaker.psm1
+New-ReleaseBuild
+Copy-Item -Recurse C:/PSScriptAnalyzer/out C:/

tools/releaseBuild/Image/dockerInstall.psm1

@@ -0,0 +1,114 @@
+function Install-ChocolateyPackage
+{
+    param(
+        [Parameter(Mandatory=$true)]
+        [string]
+        $PackageName,
+
+        [Parameter(Mandatory=$false)]
+        [string]
+        $Executable,
+
+        [string[]]
+        $ArgumentList,
+
+        [switch]
+        $Cleanup,
+
+        [int]
+        $ExecutionTimeout = 2700,
+
+        [string]
+        $Version
+    )
+
+    if(-not(Get-Command -name Choco -ErrorAction SilentlyContinue))
+    {
+        Write-Verbose "Installing Chocolatey provider..." -Verbose
+        Invoke-WebRequest https://chocolatey.org/install.ps1 -UseBasicParsing | Invoke-Expression
+    }
+
+    Write-Verbose "Installing $PackageName..." -Verbose
+    $extraCommand = @()
+    if($Version)
+    {
+        $extraCommand += '--version', $version
+    }
+    choco install -y $PackageName --no-progress --execution-timeout=$ExecutionTimeout $ArgumentList $extraCommands
+
+    if($executable)
+    {
+        Write-Verbose "Verifing $Executable is in path..." -Verbose
+        $exeSource = $null
+        $exeSource = Get-ChildItem -path "$env:ProgramFiles\$Executable" -Recurse -ErrorAction SilentlyContinue | Select-Object -First 1 -ExpandProperty FullName
+        if(!$exeSource)
+        {
+            Write-Verbose "Falling back to x86 program files..." -Verbose
+            $exeSource = Get-ChildItem -path "${env:ProgramFiles(x86)}\$Executable" -Recurse -ErrorAction SilentlyContinue | Select-Object -First 1 -ExpandProperty FullName
+        }
+
+        # Don't search the chocolatey program data until more official locations have been searched
+        if(!$exeSource)
+        {
+            Write-Verbose "Falling back to chocolatey..." -Verbose
+            $exeSource = Get-ChildItem -path "$env:ProgramData\chocolatey\$Executable" -Recurse -ErrorAction SilentlyContinue | Select-Object -First 1 -ExpandProperty FullName
+        }
+
+        # all obvious locations are exhausted, use brute force and search from the root of the filesystem
+        if(!$exeSource)
+        {
+            Write-Verbose "Falling back to the root of the drive..." -Verbose
+            $exeSource = Get-ChildItem -path "/$Executable" -Recurse -ErrorAction SilentlyContinue | Select-Object -First 1 -ExpandProperty FullName
+        }
+
+        if(!$exeSource)
+        {
+            throw "$Executable not found"
+        }
+
+        $exePath = Split-Path -Path $exeSource
+        Add-Path -path $exePath
+    }
+
+    if($Cleanup.IsPresent)
+    {
+        Remove-Folder -Folder "$env:temp\chocolatey"
+    }
+}
+
+function Add-Path
+{
+    param
+    (
+        $path
+    )
+    $machinePathString = [System.Environment]::GetEnvironmentVariable('path',[System.EnvironmentVariableTarget]::Machine)
+    $machinePath = $machinePathString -split ';'
+
+    if($machinePath -inotcontains $path)
+    {
+        $newPath = "$machinePathString;$path"
+        Write-Verbose "Adding $path to path..." -Verbose
+        [System.Environment]::SetEnvironmentVariable('path',$newPath,[System.EnvironmentVariableTarget]::Machine)
+        Write-Verbose "Added $path to path." -Verbose
+        $env:Path += ";$newPath"
+    }
+    else
+    {
+        Write-Verbose "$path already in path." -Verbose
+    }
+}
+
+function Remove-Folder
+{
+    param(
+        [string]
+        $Folder
+    )
+
+    Write-Verbose "Cleaning up $Folder..." -Verbose
+    $filter = Join-Path -Path $Folder -ChildPath *
+    [int]$measuredCleanupMB = (Get-ChildItem $filter -Recurse | Measure-Object -Property Length -Sum).Sum / 1MB
+    Remove-Item -recurse -force $filter -ErrorAction SilentlyContinue
+    Write-Verbose "Cleaned up $measuredCleanupMB MB from $Folder" -Verbose
+}

tools/releaseBuild/build.json

@@ -0,0 +1,15 @@
+{
+  "Windows": {
+        "Name": "win7-x64",
+        "RepoDestinationPath": "C:\\PSScriptAnalyzer",
+        "BuildCommand": "C:\\containerFiles\\buildPSSA.ps1",
+        "DockerFile": ".\\tools\\releaseBuild\\Image\\DockerFile",
+        "DockerImageName": "pssa",
+        "BinaryBucket": "release",
+        "PublishAsFolder": true,
+        "AdditionalContextFiles" : [
+            ".\\tools\\releaseBuild\\Image\\buildPSSA.ps1",
+            ".\\tools\\releaseBuild\\Image\\dockerInstall.psm1"
+        ]
+    }
+}

tools/releaseBuild/signing.xml

@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<SignConfigXML>
+  <!-- ****Begin**** BothDual - Dual (Sha256 and Sha1) AuthenticodeDual) and should be StrongName, but we will add this in 6.1.0 ******** -->
+ <job platform="" configuration="" dest="__OUTPATHROOT__\signed" jobname="PowerShell Script Analyzer" approvers="vigarg;gstolt">
+    <file src="__INPATHROOT__\PSScriptAnalyzer\Microsoft.Windows.PowerShell.ScriptAnalyzer.BuiltinRules.dll" signType="AuthenticodeDual" dest="__OUTPATHROOT__\PSScriptAnalyzer\Microsoft.Windows.PowerShell.ScriptAnalyzer.BuiltinRules.dll" />
+    <file src="__INPATHROOT__\PSScriptAnalyzer\Microsoft.Windows.PowerShell.ScriptAnalyzer.dll" signType="AuthenticodeDual" dest="__OUTPATHROOT__\PSScriptAnalyzer\Microsoft.Windows.PowerShell.ScriptAnalyzer.dll" />
+    <file src="__INPATHROOT__\PSScriptAnalyzer\PSScriptAnalyzer.psd1" signType="Authenticode" dest="__OUTPATHROOT__\PSScriptAnalyzer\PSScriptAnalyzer.psd1" />
+    <file src="__INPATHROOT__\PSScriptAnalyzer\PSScriptAnalyzer.psm1" signType="Authenticode" dest="__OUTPATHROOT__\PSScriptAnalyzer\PSScriptAnalyzer.psm1" />
+    <file src="__INPATHROOT__\PSScriptAnalyzer\ScriptAnalyzer.format.ps1xml" signType="Authenticode" dest="__OUTPATHROOT__\PSScriptAnalyzer\ScriptAnalyzer.format.ps1xml" />
+    <file src="__INPATHROOT__\PSScriptAnalyzer\ScriptAnalyzer.types.ps1xml" signType="Authenticode" dest="__OUTPATHROOT__\PSScriptAnalyzer\ScriptAnalyzer.types.ps1xml" />
+    <file src="__INPATHROOT__\PSScriptAnalyzer\Settings\CmdletDesign.psd1" signType="Authenticode" dest="__OUTPATHROOT__\PSScriptAnalyzer\Settings\CmdletDesign.psd1" />
+    <file src="__INPATHROOT__\PSScriptAnalyzer\Settings\CodeFormatting.psd1" signType="Authenticode" dest="__OUTPATHROOT__\PSScriptAnalyzer\Settings\CodeFormatting.psd1" />
+    <file src="__INPATHROOT__\PSScriptAnalyzer\Settings\CodeFormattingAllman.psd1" signType="Authenticode" dest="__OUTPATHROOT__\PSScriptAnalyzer\Settings\CodeFormattingAllman.psd1" />
+    <file src="__INPATHROOT__\PSScriptAnalyzer\Settings\CodeFormattingOTBS.psd1" signType="Authenticode" dest="__OUTPATHROOT__\PSScriptAnalyzer\Settings\CodeFormattingOTBS.psd1" />
+    <file src="__INPATHROOT__\PSScriptAnalyzer\Settings\CodeFormattingStroustrup.psd1" signType="Authenticode" dest="__OUTPATHROOT__\PSScriptAnalyzer\Settings\CodeFormattingStroustrup.psd1" />
+    <file src="__INPATHROOT__\PSScriptAnalyzer\Settings\DSC.psd1" signType="Authenticode" dest="__OUTPATHROOT__\PSScriptAnalyzer\Settings\DSC.psd1" />
+    <file src="__INPATHROOT__\PSScriptAnalyzer\Settings\PSGallery.psd1" signType="Authenticode" dest="__OUTPATHROOT__\PSScriptAnalyzer\Settings\PSGallery.psd1" />
+    <file src="__INPATHROOT__\PSScriptAnalyzer\Settings\ScriptFunctions.psd1" signType="Authenticode" dest="__OUTPATHROOT__\PSScriptAnalyzer\Settings\ScriptFunctions.psd1" />
+    <file src="__INPATHROOT__\PSScriptAnalyzer\Settings\ScriptingStyle.psd1" signType="Authenticode" dest="__OUTPATHROOT__\PSScriptAnalyzer\Settings\ScriptingStyle.psd1" />
+    <file src="__INPATHROOT__\PSScriptAnalyzer\Settings\ScriptSecurity.psd1" signType="Authenticode" dest="__OUTPATHROOT__\PSScriptAnalyzer\Settings\ScriptSecurity.psd1" />
+ </job>
+ <job platform="" configuration="" dest="__OUTPATHROOT__\signed" jobname="PowerShell Script Analyzer core" approvers="vigarg;gstolt">
+    <file src="__INPATHROOT__\PSScriptAnalyzer\coreclr\Microsoft.Windows.PowerShell.ScriptAnalyzer.BuiltinRules.dll" signType="AuthenticodeDual" dest="__OUTPATHROOT__\PSScriptAnalyzer\coreclr\Microsoft.Windows.PowerShell.ScriptAnalyzer.BuiltinRules.dll" />
+    <file src="__INPATHROOT__\PSScriptAnalyzer\coreclr\Microsoft.Windows.PowerShell.ScriptAnalyzer.dll" signType="AuthenticodeDual" dest="__OUTPATHROOT__\PSScriptAnalyzer\coreclr\Microsoft.Windows.PowerShell.ScriptAnalyzer.dll" />
+ </job>
+ <job platform="" configuration="" dest="__OUTPATHROOT__\signed" jobname="PowerShell Script Analyzer PSv3" approvers="vigarg;gstolt">
+    <file src="__INPATHROOT__\PSScriptAnalyzer\PSv3\Microsoft.Windows.PowerShell.ScriptAnalyzer.BuiltinRules.dll" signType="AuthenticodeDual" dest="__OUTPATHROOT__\PSScriptAnalyzer\PSv3\Microsoft.Windows.PowerShell.ScriptAnalyzer.BuiltinRules.dll" />
+    <file src="__INPATHROOT__\PSScriptAnalyzer\PSv3\Microsoft.Windows.PowerShell.ScriptAnalyzer.dll" signType="AuthenticodeDual" dest="__OUTPATHROOT__\PSScriptAnalyzer\PSv3\Microsoft.Windows.PowerShell.ScriptAnalyzer.dll" />
+  </job>
+</SignConfigXML>

tools/releaseBuild/updateSigning.ps1

@@ -0,0 +1,37 @@
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License.
+param(
+    [string] $SigningXmlPath = (Join-Path -Path $PSScriptRoot  -ChildPath 'signing.xml')
+)
+# Script for use in VSTS to update signing.xml
+
+# Parse the signing xml
+$signingXml = [xml](Get-Content $signingXmlPath)
+
+# Get any variables to updating 'signType' in the XML
+# Define a varabile named `<signTypeInXml>SignType' in VSTS to updating that signing type
+# Example:  $env:AuthenticodeSignType='newvalue'
+#      will cause all files with the 'Authenticode' signtype to be updated with the 'newvalue' signtype
+$signTypes = @{}
+Get-ChildItem -Path env:/*SignType | ForEach-Object -Process {
+    $signType = $_.Name.ToUpperInvariant().Replace('SIGNTYPE','')
+    Write-Host "Found SigningType $signType with value $($_.value)"
+    $signTypes[$signType] = $_.Value
+}
+
+# examine each job in the xml
+$signingXml.SignConfigXML.job | ForEach-Object -Process {
+    # examine each file in the job
+    $_.file | ForEach-Object -Process {
+        # if the sign type is one of the variables we found, update it to the new value
+        $signType = $_.SignType.ToUpperInvariant()
+        if($signTypes.ContainsKey($signType))
+        {
+            $newSignType = $signTypes[$signType]
+            Write-Host "Updating $($_.src) to $newSignType"
+            $_.signType = $newSignType
+        }
+    }
+}
+
+$signingXml.Save($signingXmlPath)

tools/releaseBuild/vstsbuild.ps1

@@ -0,0 +1,77 @@
+[cmdletbinding()]
+param(
+    [Parameter(Mandatory=$true,Position=0)]
+    [ValidatePattern("^v\d+\.\d+\.\d+(-\w+(\.\d+)?)?$")]
+    [string]$ReleaseTag
+)
+
+Begin
+{
+    $ErrorActionPreference = 'Stop'
+
+    $gitBinFullPath = (Get-Command -Name git -CommandType Application).Path | Select-Object -First 1
+    if ( ! $gitBinFullPath )
+    {
+        throw "Git is missing! Install from 'https://git-scm.com/download/win'"
+    }
+
+    # clone the release tools
+    $releaseToolsDirName = "PSRelease"
+    $releaseToolsLocation = Join-Path -Path $PSScriptRoot -ChildPath PSRelease
+    if ( Test-Path $releaseToolsLocation )
+    {
+        Remove-Item -Force -Recurse -Path $releaseToolsLocation
+    }
+    & $gitBinFullPath clone -b master --quiet https://github.com/PowerShell/${releaseToolsDirName}.git $releaseToolsLocation
+    Import-Module "$releaseToolsLocation/vstsBuild" -Force
+    Import-Module "$releaseToolsLocation/dockerBasedBuild" -Force
+}
+
+End {
+
+    $AdditionalFiles = .{
+        Join-Path $PSScriptRoot -child "Image/buildPSSA.ps1"
+        Join-Path $PSScriptRoot -child "Image/dockerInstall.psm1"
+        }
+    $buildPackageName = $null
+
+    # defined if building in VSTS
+    if($env:BUILD_STAGINGDIRECTORY)
+    {
+        # Use artifact staging if running in VSTS
+        $destFolder = $env:BUILD_STAGINGDIRECTORY
+    }
+    else
+    {
+        # Use temp as destination if not running in VSTS
+        $destFolder = $env:temp
+    }
+
+    $resolvedRepoRoot = (Resolve-Path (Join-Path -Path $PSScriptRoot -ChildPath "../../")).Path
+
+    try
+    {
+        Write-Verbose "Starting build at $resolvedRepoRoot  ..." -Verbose
+        Clear-VstsTaskState
+
+        $buildParameters = @{
+            ReleaseTag = $ReleaseTag
+        }
+        $buildArgs = @{
+            RepoPath = $resolvedRepoRoot 
+            BuildJsonPath = './tools/releaseBuild/build.json' 
+            Parameters = $buildParameters 
+            AdditionalFiles = $AdditionalFiles
+            Name = "win7-x64"
+        }
+        Invoke-Build @buildArgs
+    }
+    catch
+    {
+        Write-VstsError -Error $_
+    }
+    finally{
+        Write-VstsTaskState
+        exit 0
+    }
+}