Skip to content

Commit

Permalink
Onboarding to ESRP v7 artifact signing (#639)
Browse files Browse the repository at this point in the history
* feature: onboarding to ESRP v7 signing
  • Loading branch information
kikomiss authored Sep 10, 2024
1 parent a4873e0 commit a391158
Showing 1 changed file with 26 additions and 16 deletions.
42 changes: 26 additions & 16 deletions .ado/publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -54,15 +54,16 @@ extends:
image: windows-latest
os: windows
stages:
- stage: stage
- stage: PublishToPyPi
displayName: "\U0001F6EB Build and Publish to PyPi"
jobs:
- job: "Build_Azure_Quantum_Python"
displayName: Build "azure-quantum" package
templateContext:
outputs:
- output: pipelineArtifact
displayName: 'Upload "azure-quantum" artifacts'
targetPath: $(Build.SourcesDirectory)/azure-quantum/target/wheels/
targetPath: $(Build.SourcesDirectory)/azure-quantum/artifacts/
artifactName: azure-quantum-wheels

steps:
Expand All @@ -88,10 +89,14 @@ extends:
- script: |
cd $(Build.SourcesDirectory)/azure-quantum
python setup.py sdist --dist-dir=target/wheels
python setup.py bdist_wheel --dist-dir=target/wheels
python setup.py sdist --dist-dir=artifacts/wheels
python setup.py bdist_wheel --dist-dir=artifacts/wheels
displayName: Build "azure-quantum" package
- script: |
copy set_version.py "$(Build.SourcesDirectory)/azure-quantum/artifacts"
displayName: Copy "set_version.py" to artifacts
- job: "Test_Azure_Quantum_Python"
displayName: Test "azure-quantum" package
steps:
Expand Down Expand Up @@ -156,7 +161,7 @@ extends:
displayName: Set Python version

- script: |
python set_version.py
python $(Pipeline.Workspace)/azure-quantum-wheels/set_version.py
env:
BUILD_TYPE: ${{ parameters.Build_Type }}
RELEASE_TYPE: ${{ parameters.Release_Type }}
Expand All @@ -170,12 +175,12 @@ extends:
)
displayName: Copy built "azure-quantum" package artifacts
inputs:
SourceFolder: '$(Pipeline.Workspace)/azure-quantum-wheels'
SourceFolder: '$(Pipeline.Workspace)/azure-quantum-wheels/wheels'
Contents: '**'
TargetFolder: '$(Build.ArtifactStagingDirectory)/target/wheels'
TargetFolder: '$(Build.ArtifactStagingDirectory)/artifacts/wheels'

- script: |
ls $(Build.ArtifactStagingDirectory)/target/wheels/*
ls $(Build.ArtifactStagingDirectory)/artifacts/wheels/*
displayName: List Py Artifacts to publish
- task: GitHubRelease@1
Expand All @@ -192,18 +197,23 @@ extends:
target: $(Build.SourceVersion)
addChangeLog: False
assets: |
$(Build.ArtifactStagingDirectory)/target/wheels/*
$(Build.ArtifactStagingDirectory)/artifacts/wheels/*
- task: EsrpRelease@4
- task: EsrpRelease@7
condition: ${{ parameters.Publish_Python_Package_To_PyPi }}
displayName: Publish "azure-quantum" package to PyPi
displayName: Sign and publish "azure-quantum" package to PyPi
inputs:
ConnectedServiceName: 'ESRP_Release'
ConnectedServiceName: 'ESRP Signing Connection'
KeyVaultName: 'kv-aqua-esrp-001'
AuthCertName: 'EsrpAuthCert'
SignCertName: 'EsrpSignCert'
ClientId: '832c049d-cd07-4c1c-bfa5-c07250d190cb'
Intent: 'PackageDistribution'
ContentType: 'PyPi'
FolderLocation: '$(Build.ArtifactStagingDirectory)/target/wheels'
Owners: '$(OwnerPersonalAlias)@microsoft.com' # NB: Group email here fails the task with non-actionable output.
FolderLocation: '$(Build.ArtifactStagingDirectory)/artifacts/wheels'
WaitForReleaseCompletion: true
Owners: '$(OwnerPersonalAlias)@microsoft.com' # Group email here fails the task with non-actionable output.
Approvers: 'billti@microsoft.com'
ServiceEndpointUrl: 'https://api.esrp.microsoft.com'
MainPublisher: 'QuantumDevelpmentKit'
DomainTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47'
MainPublisher: 'ESRPRELPACMAN' # Default ESRP v7 publisher. Do not change.
DomainTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47'

0 comments on commit a391158

Please sign in to comment.