Enable 2.1 official builds in AzDO #28829
Conversation
| inputs: | ||
| artifactName: artifacts-Windows-Installers | ||
| downloadPath: $(Build.StagingDirectory)/downloaded_artifacts/ | ||
| - task: CopyFiles@2 |
| <CharacterSet>Unicode</CharacterSet> | ||
| <OutDir>bin\$(Configuration)\$(PlatformShortname)\</OutDir> | ||
| <IntDir>obj\$(Configuration)\$(PlatformShortname)\</IntDir> | ||
| <OutDir Condition=" '$(OutDir)' == '' ">bin\$(Configuration)\$(PlatformShortname)\</OutDir> |
There was a problem hiding this comment.
@JunTaoLuo @dougbu do you remember why we need this setting here at all? This file is imported very late, and up until this moment outdir points to bin\Release\Installers. Installer signing fails without this change because the files to sign must be in outdir, and this setting changes where outdir points to. My change didn't affect where installers got built to, but I'm wondering if I'm missing something.
|
|
||
| <PropertyGroup> | ||
| <Version>$(AspNetCoreMajorVersion).$(AspNetCoreMinorVersion).$(AspNetCorePatchVersion).$(BuildNumber)</Version> | ||
| <!-- Ugly hack - Wix doesn't accept build numbers larger than 65535, and AzDo's BuildIds are larger than that. |
There was a problem hiding this comment.
This hack kinda sucks, but I couldn't think of anything better - @joeloff @dougbu @JunTaoLuo any ideas?
There was a problem hiding this comment.
I think in TC the build number was literally just a counter. If BuildNumber is used for MSIs, then it doesn't really matter that much because Windows Installer only cares about the first 3 parts. For standalone bundles (EXEs), the 4 part version is considered when evaluating upgrades so having an increasing number is desired.
Are the AzDo numbers incremental as well? Unless it hits something large, e.g. 262140 and the modulus wraps, I guess this would be fine.
There was a problem hiding this comment.
Yeah, AzDO numbers are also incremental. We feed the version into GuidInputs as of #27079. Since the max for any part of the 4-part version is 65535, we'd run into possible issues as soon as any build number got higher than that - it just might happen sooner in AzDO since builds are more frequent there than in TeamCity. But theoretically, the odds of a collision should be the same as the previous odds of an overflow
There was a problem hiding this comment.
And we'll always be incrementing the 3rd part of the 4-part version anyways (each patch)
There was a problem hiding this comment.
I think this is probably the best we can do for now but I'm a little concerned about the modulo logic since it can eventually silently cause issues. Instead of modulo maybe just use subtraction and error out if our build numbers are too large so we would be notified and figure something else out at that time? Though I don't know if that will ever happen, I feel it's safer since it'll fail loudly.
There was a problem hiding this comment.
I think the only risk is if we produce two versions that are exactly the same, which would happen if 2 builds of the same patch were exactly 34,172 AzDO builds apart (which seems unlikely). I believe 2.1.25.1 would still be considered "higher" than 2.1.24.65535 by WiX - @joeloff does that sound right? That is, it isn't strictly an issue if the buildNumbers aren't always increasing?
There was a problem hiding this comment.
This would be an issue if we were producing previews of this branch, because there wouldn't be a guarantee that the versions would always be increasing (e.g. preview1's BuildNumber could be higher than preview2's, and they'd have the same patch number)
|
Not going to claim I'm capable of reviewing this, but very happy to see it. |
Pilchie
added
the
area-infrastructure
dougbu
left a comment
dougbu
left a comment
There was a problem hiding this comment.
Could you explain why the run.* scripts and build.ps1 needed to change❔
Separately, can we now delete .azure/pipelines/pr-validation-temp.ymlvalidation-temp.yml)❔
I was duplicating what we have in extensions where we read As for |
wtgodbe
force-pushed
the
wtgodbe/21Pipeline
branch
from
2894cbe to
0328995
Compare
|
This seems to be working now. Here's a build that was kicked by pipebuild: https://dnceng.visualstudio.com/internal/_build/results?buildId=933230&view=results It pushed assets to this blob location, which looks the same as previous aspnetcore 2.1 blobs: |
This isn't completely necessary. Adding |
Oh, I didn't know that was more secure. I'll give that a try now. |
|
Looks like that worked: https://dotnetfeed.blob.core.windows.net/orchestrated-release-2-1/20201229-10/aspnet/index.json |
wtgodbe
force-pushed
the
wtgodbe/21Pipeline
branch
from
0328995 to
7844ef6
Compare
JunTaoLuo
left a comment
JunTaoLuo
left a comment
There was a problem hiding this comment.
First batch of comments
| BuildScriptArgs: ${{ parameters.buildArgs }} | ||
| BuildConfiguration: ${{ parameters.configuration }} | ||
| BuildDirectory: ${{ parameters.buildDirectory }} | ||
| TeamName: AspNetCore |
There was a problem hiding this comment.
Did we want to start capturing binlogs all the time? Wouldn't this use up a lot of storage?
There was a problem hiding this comment.
I didn't think it was too impactful for 2.1 since we rarely build that branch - but, I could turn it off for public builds like we do in other branches
| <CharacterSet>Unicode</CharacterSet> | ||
| <OutDir>bin\$(Configuration)\$(PlatformShortname)\</OutDir> | ||
| <IntDir>obj\$(Configuration)\$(PlatformShortname)\</IntDir> | ||
| <OutDir Condition=" '$(OutDir)' == '' ">bin\$(Configuration)\$(PlatformShortname)\</OutDir> |
|
|
||
| <PropertyGroup> | ||
| <Version>$(AspNetCoreMajorVersion).$(AspNetCoreMinorVersion).$(AspNetCorePatchVersion).$(BuildNumber)</Version> | ||
| <!-- Ugly hack - Wix doesn't accept build numbers larger than 65535, and AzDo's BuildIds are larger than that. |
There was a problem hiding this comment.
I think this is probably the best we can do for now but I'm a little concerned about the modulo logic since it can eventually silently cause issues. Instead of modulo maybe just use subtraction and error out if our build numbers are too large so we would be notified and figure something else out at that time? Though I don't know if that will ever happen, I feel it's safer since it'll fail loudly.
| <FilesToExcludeFromSigning Remove="@(FilesToExcludeFromSigning)" /> | ||
|
|
||
| <!-- Make sure 3rd party binaries get 3rd party certificate --> | ||
| <CustomFileSignInfo Include="MsgPack.dll" CertificateName="3PartySHA2" /> |
There was a problem hiding this comment.
How was this list generated? I just want to double check but it looks fine.
There was a problem hiding this comment.
I manually looked at the contents of all of the .nupkg's/.zips that we're signing, and cross-referenced with what's in master: https://github.com/dotnet/aspnetcore/blob/master/eng/Signing.props
Migrates our TeamCity build infrastructure for release/2.1 official builds to Azure DevOps.
Notes:
aspnet-internal-toolsrepo entirely, opting instead to use microbuild to do signing at the end of the Windows-SharedFx job (instead of a separate code signing job that checked out and built aspnet-internal-tools)Also called out some relevant things in comments on the file changes, and I still have some general cleanup to do, so this is still a WIP.
CC @Pilchie