Skip to content

Commit

Permalink
PMC migration to vNext (#403)
Browse files Browse the repository at this point in the history
* PMC migration

* only try one repo

* Update

* Upgrade pyOpenSSL

* debug

* use cli to get key vault certificate

* update

* continue using keyvautl task

* typo

* Enable other deb distro/release

* Enable for the rhel8-amd64

* Enable other rpm distro/release
  • Loading branch information
magodo authored May 24, 2023
1 parent d2a1082 commit f51db41
Showing 1 changed file with 64 additions and 42 deletions.
106 changes: 64 additions & 42 deletions azure-pipelines.yml
Original file line number Diff line number Diff line change
Expand Up @@ -437,30 +437,32 @@ stages:
# REPO_ID: 5d16326637164fbc1139c4e1
# REPO_DISTRO: ubuntu
# REPO_RELEASE: bionic

ubuntu-focal-amd64:
TYPE: deb
ARCH: amd64
REPO_ID: 5e852952e45fffa1beda61fe
REPO_ID: repositories-deb-apt-50a94aad-3f2d-414c-8792-c8914a994b60
REPO_DISTRO: ubuntu
REPO_RELEASE: focal
ubuntu-focal-arm64:
TYPE: deb
ARCH: arm64
REPO_ID: 5e852952e45fffa1beda61fe
REPO_ID: repositories-deb-apt-50a94aad-3f2d-414c-8792-c8914a994b60
REPO_DISTRO: ubuntu
REPO_RELEASE: focal
ubuntu-jammy-amd64:
TYPE: deb
ARCH: amd64
REPO_ID: 61faea6cea3a770ab120ac8a
REPO_ID: repositories-deb-apt-ce5e32e0-a0e2-4e8d-b83b-e353a44ba19d
REPO_DISTRO: ubuntu
REPO_RELEASE: jammy
ubuntu-jammy-arm64:
TYPE: deb
ARCH: arm64
REPO_ID: 61faea6cea3a770ab120ac8a
REPO_ID: repositories-deb-apt-ce5e32e0-a0e2-4e8d-b83b-e353a44ba19d
REPO_DISTRO: ubuntu
REPO_RELEASE: jammy

# debian-buster-amd64:
# TYPE: deb
# ARCH: amd64
Expand Down Expand Up @@ -499,30 +501,32 @@ stages:
# REPO_ID: 5e5ed94a523a8019fe47607e
# REPO_DISTRO: centos
# REPO_RELEASE: 8

rhel-8-x86_64:
TYPE: rpm
ARCH: amd64
REPO_ID: 5d4470e1eebce7156eee5407
REPO_ID: repositories-rpm-rpm-825ad4f6-c3fb-48b0-8f61-acb58e2fff7c
REPO_DISTRO: rhel
REPO_RELEASE: 8
rhel-8-aarch64:
TYPE: rpm
ARCH: arm64
REPO_ID: 5d4470e1eebce7156eee5407
REPO_ID: repositories-rpm-rpm-825ad4f6-c3fb-48b0-8f61-acb58e2fff7c
REPO_DISTRO: rhel
REPO_RELEASE: 8
rhel-9-x86_64:
TYPE: rpm
ARCH: amd64
REPO_ID: 627067cc3ac6d7548f4d66cd
REPO_ID: repositories-rpm-rpm-f225b6b6-c414-4abb-a80d-5b8bdb8bc757
REPO_DISTRO: rhel
REPO_RELEASE: 9
rhel-9-aarch64:
TYPE: rpm
ARCH: arm64
REPO_ID: 627067cc3ac6d7548f4d66cd
REPO_ID: repositories-rpm-rpm-f225b6b6-c414-4abb-a80d-5b8bdb8bc757
REPO_DISTRO: rhel
REPO_RELEASE: 9

# fedora-34-x86_64:
# TYPE: rpm
# ARCH: amd64
Expand Down Expand Up @@ -575,53 +579,71 @@ stages:
pipeline: $(pipelineId)
runVersion: "specific"
runId: ${{ parameters.artifactBuildId }}
- task: DownloadPackage@1
displayName: "Download repoclient"
- task: PipAuthenticate@1
inputs:
packageType: 'upack'
feed: '9b6b54d1-85ce-4ff5-8faa-608b4a183fc6/fe61ad7c-682d-4a30-ae2e-6891a3b27dde'
view: '2e6dbd24-c57a-430c-9148-c2cf257a62ae'
definition: '5dc48a28-dc78-4d14-9a8b-4981783b402d'
version: '2.2.1'
downloadPath: $(system.defaultWorkingDirectory)/dist/tool
artifactFeeds: 'release/aztfy'
- script: |
set -e
sudo apt install -y ./dist/tool/azure-repoapi-client_2.2.1_amd64.deb
mkdir ~/.repoclient
cat << EOF > ~/.repoclient/config.json
{
"server": "azure-apt-cat.cloudapp.net",
"port": "443",
"AADClientId": "$(LINUX_REPO_SP_CLIENT_ID)",
"AADClientSecret": "$(LINUX_REPO_SP_CLIENT_SECRET)",
"AADResource": "https://microsoft.onmicrosoft.com/945999e9-da09-4b5b-878f-b66c414602c0",
"AADTenant": "72f988bf-86f1-41af-91ab-2d7cd011db47",
"AADAuthorityUrl": "https://login.microsoftonline.com",
"repositoryId": "IGNORE"
}
pip install pyOpenSSL --upgrade
pip install pmc-cli
displayName: "Install PMC"
- task: AzureKeyVault@2
displayName: "Get PMC prod certificate"
inputs:
azureSubscription: 'aztfy_pmc'
KeyVaultName: 'aztfy-pmc'
SecretsFilter: 'PMCProdCertificate'
RunAsPreJob: false
- script: |
set -e
pmc_dir=~/.config/pmc
mkdir -p $pmc_dir
echo "$PMC_CERT" > $pmc_dir/aztfexport.pem
cat << EOF > $pmc_dir/settings.toml
[prod]
base_url = "https://pmc-ingest.trafficmanager.net/api/v4"
msal_client_id = "${PMC_CLIENT_ID}"
msal_scope = "api://d48bb382-20ec-41b9-a0ea-07758a21ccd0/.default"
msal_cert_path = "$pmc_dir/aztfexport.pem"
msal_SNIAuth = true
msal_authority = "https://login.microsoftonline.com/MSAzureCloud.onmicrosoft.com"
EOF
pkg=(./dist/pkg/*.${TYPE})
[[ ${#pkg[@]} == 1 ]] || { echo "not exactly one target packages found: $(declare -p pkg)" > 2; exit 1; }
pkg=${pkg[0]}
# Allow error's to occur prior to quit the task, as we are capturing the command output, otherwise, we will have no chance to output that in stdout/stderr.
set +e
ret=$(repoclient package add -r ${REPO_ID} $pkg)
[[ $? == 0 ]] || { echo "Error: repoclient package add failed: $ret" >&2; exit 1; }
echo -e "repoclient package add returns:\n$ret\n"
location=$(jq -r '.Location' <<< $ret)
package_id=${location##*/}
[[ -n $package_id ]] || { echo "Error: empty package id got" >&2; exit 1; }
echo "package id: $package_id"
ret=$(repoclient package check $package_id)
[[ $? == 0 ]] || { echo "Error: repoclient package check failed: $ret" >&2; exit 1; }
echo -e "repoclient package check returns:\n$ret\n"
displayName: "Publish via repoclient"
# Upload package
ret=$(pmc package upload $pkg)
[[ $? == 0 ]] || { echo "Error: pmc package upload failed: $ret" >&2; exit 1; }
echo -e "pmc package upload returns:\n$ret\n"
id=$(jq -r '.[0].id' <<< $ret)
[[ -n $id ]] || { echo "Error: empty package id got" >&2; exit 1; }
echo "package id: $id"
# Link package to repo
args=(repo package update --add-packages $id $REPO_ID)
if [[ $TYPE == deb ]]; then
args+=($REPO_RELEASE)
fi
ret=$(pmc "${args[@]}")
[[ $? == 0 ]] || { echo "Error: pmc repo package update --add-packages: $ret" >&2; exit 1; }
echo -e "pmc repo package update --add-packages returns:\n$ret\n"
# Publish repo
ret=$(pmc repo publish $REPO_ID)
[[ $? == 0 ]] || { echo "Error: pmc repo publish: $ret" >&2; exit 1; }
echo -e "pmc repo publish returns:\n$ret\n"
displayName: "Publish via pmc"
env:
TYPE: $(TYPE)
REPO_ID: $(REPO_ID)
REPO_RELEASE: $(REPO_RELEASE)
PMC_CLIENT_ID: $(PMC_CLIENT_ID)
PMC_CERT: $(PMCProdCertificate)
- script: |
set -e
Expand Down

0 comments on commit f51db41

Please sign in to comment.