From f51db41a2cc628b680188680eef50f3955beaa52 Mon Sep 17 00:00:00 2001 From: magodo Date: Wed, 24 May 2023 15:28:08 +0800 Subject: [PATCH] PMC migration to vNext (#403) * PMC migration * only try one repo * Update * Upgrade pyOpenSSL * debug * use cli to get key vault certificate * update * continue using keyvautl task * typo * Enable other deb distro/release * Enable for the rhel8-amd64 * Enable other rpm distro/release --- azure-pipelines.yml | 106 ++++++++++++++++++++++++++------------------ 1 file changed, 64 insertions(+), 42 deletions(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 74fb660..7e74fe1 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -437,30 +437,32 @@ stages: # REPO_ID: 5d16326637164fbc1139c4e1 # REPO_DISTRO: ubuntu # REPO_RELEASE: bionic + ubuntu-focal-amd64: TYPE: deb ARCH: amd64 - REPO_ID: 5e852952e45fffa1beda61fe + REPO_ID: repositories-deb-apt-50a94aad-3f2d-414c-8792-c8914a994b60 REPO_DISTRO: ubuntu REPO_RELEASE: focal ubuntu-focal-arm64: TYPE: deb ARCH: arm64 - REPO_ID: 5e852952e45fffa1beda61fe + REPO_ID: repositories-deb-apt-50a94aad-3f2d-414c-8792-c8914a994b60 REPO_DISTRO: ubuntu REPO_RELEASE: focal ubuntu-jammy-amd64: TYPE: deb ARCH: amd64 - REPO_ID: 61faea6cea3a770ab120ac8a + REPO_ID: repositories-deb-apt-ce5e32e0-a0e2-4e8d-b83b-e353a44ba19d REPO_DISTRO: ubuntu REPO_RELEASE: jammy ubuntu-jammy-arm64: TYPE: deb ARCH: arm64 - REPO_ID: 61faea6cea3a770ab120ac8a + REPO_ID: repositories-deb-apt-ce5e32e0-a0e2-4e8d-b83b-e353a44ba19d REPO_DISTRO: ubuntu REPO_RELEASE: jammy + # debian-buster-amd64: # TYPE: deb # ARCH: amd64 @@ -499,30 +501,32 @@ stages: # REPO_ID: 5e5ed94a523a8019fe47607e # REPO_DISTRO: centos # REPO_RELEASE: 8 + rhel-8-x86_64: TYPE: rpm ARCH: amd64 - REPO_ID: 5d4470e1eebce7156eee5407 + REPO_ID: repositories-rpm-rpm-825ad4f6-c3fb-48b0-8f61-acb58e2fff7c REPO_DISTRO: rhel REPO_RELEASE: 8 rhel-8-aarch64: TYPE: rpm ARCH: arm64 - REPO_ID: 5d4470e1eebce7156eee5407 + REPO_ID: repositories-rpm-rpm-825ad4f6-c3fb-48b0-8f61-acb58e2fff7c REPO_DISTRO: rhel REPO_RELEASE: 8 rhel-9-x86_64: TYPE: rpm ARCH: amd64 - REPO_ID: 627067cc3ac6d7548f4d66cd + REPO_ID: repositories-rpm-rpm-f225b6b6-c414-4abb-a80d-5b8bdb8bc757 REPO_DISTRO: rhel REPO_RELEASE: 9 rhel-9-aarch64: TYPE: rpm ARCH: arm64 - REPO_ID: 627067cc3ac6d7548f4d66cd + REPO_ID: repositories-rpm-rpm-f225b6b6-c414-4abb-a80d-5b8bdb8bc757 REPO_DISTRO: rhel REPO_RELEASE: 9 + # fedora-34-x86_64: # TYPE: rpm # ARCH: amd64 @@ -575,30 +579,34 @@ stages: pipeline: $(pipelineId) runVersion: "specific" runId: ${{ parameters.artifactBuildId }} - - task: DownloadPackage@1 - displayName: "Download repoclient" + - task: PipAuthenticate@1 inputs: - packageType: 'upack' - feed: '9b6b54d1-85ce-4ff5-8faa-608b4a183fc6/fe61ad7c-682d-4a30-ae2e-6891a3b27dde' - view: '2e6dbd24-c57a-430c-9148-c2cf257a62ae' - definition: '5dc48a28-dc78-4d14-9a8b-4981783b402d' - version: '2.2.1' - downloadPath: $(system.defaultWorkingDirectory)/dist/tool + artifactFeeds: 'release/aztfy' - script: | set -e - sudo apt install -y ./dist/tool/azure-repoapi-client_2.2.1_amd64.deb - mkdir ~/.repoclient - cat << EOF > ~/.repoclient/config.json - { - "server": "azure-apt-cat.cloudapp.net", - "port": "443", - "AADClientId": "$(LINUX_REPO_SP_CLIENT_ID)", - "AADClientSecret": "$(LINUX_REPO_SP_CLIENT_SECRET)", - "AADResource": "https://microsoft.onmicrosoft.com/945999e9-da09-4b5b-878f-b66c414602c0", - "AADTenant": "72f988bf-86f1-41af-91ab-2d7cd011db47", - "AADAuthorityUrl": "https://login.microsoftonline.com", - "repositoryId": "IGNORE" - } + pip install pyOpenSSL --upgrade + pip install pmc-cli + displayName: "Install PMC" + - task: AzureKeyVault@2 + displayName: "Get PMC prod certificate" + inputs: + azureSubscription: 'aztfy_pmc' + KeyVaultName: 'aztfy-pmc' + SecretsFilter: 'PMCProdCertificate' + RunAsPreJob: false + - script: | + set -e + pmc_dir=~/.config/pmc + mkdir -p $pmc_dir + echo "$PMC_CERT" > $pmc_dir/aztfexport.pem + cat << EOF > $pmc_dir/settings.toml + [prod] + base_url = "https://pmc-ingest.trafficmanager.net/api/v4" + msal_client_id = "${PMC_CLIENT_ID}" + msal_scope = "api://d48bb382-20ec-41b9-a0ea-07758a21ccd0/.default" + msal_cert_path = "$pmc_dir/aztfexport.pem" + msal_SNIAuth = true + msal_authority = "https://login.microsoftonline.com/MSAzureCloud.onmicrosoft.com" EOF pkg=(./dist/pkg/*.${TYPE}) [[ ${#pkg[@]} == 1 ]] || { echo "not exactly one target packages found: $(declare -p pkg)" > 2; exit 1; } @@ -606,22 +614,36 @@ stages: # Allow error's to occur prior to quit the task, as we are capturing the command output, otherwise, we will have no chance to output that in stdout/stderr. set +e - ret=$(repoclient package add -r ${REPO_ID} $pkg) - [[ $? == 0 ]] || { echo "Error: repoclient package add failed: $ret" >&2; exit 1; } - echo -e "repoclient package add returns:\n$ret\n" - - location=$(jq -r '.Location' <<< $ret) - package_id=${location##*/} - [[ -n $package_id ]] || { echo "Error: empty package id got" >&2; exit 1; } - echo "package id: $package_id" - - ret=$(repoclient package check $package_id) - [[ $? == 0 ]] || { echo "Error: repoclient package check failed: $ret" >&2; exit 1; } - echo -e "repoclient package check returns:\n$ret\n" - displayName: "Publish via repoclient" + + # Upload package + ret=$(pmc package upload $pkg) + [[ $? == 0 ]] || { echo "Error: pmc package upload failed: $ret" >&2; exit 1; } + echo -e "pmc package upload returns:\n$ret\n" + + id=$(jq -r '.[0].id' <<< $ret) + [[ -n $id ]] || { echo "Error: empty package id got" >&2; exit 1; } + echo "package id: $id" + + # Link package to repo + args=(repo package update --add-packages $id $REPO_ID) + if [[ $TYPE == deb ]]; then + args+=($REPO_RELEASE) + fi + ret=$(pmc "${args[@]}") + [[ $? == 0 ]] || { echo "Error: pmc repo package update --add-packages: $ret" >&2; exit 1; } + echo -e "pmc repo package update --add-packages returns:\n$ret\n" + + # Publish repo + ret=$(pmc repo publish $REPO_ID) + [[ $? == 0 ]] || { echo "Error: pmc repo publish: $ret" >&2; exit 1; } + echo -e "pmc repo publish returns:\n$ret\n" + displayName: "Publish via pmc" env: TYPE: $(TYPE) REPO_ID: $(REPO_ID) + REPO_RELEASE: $(REPO_RELEASE) + PMC_CLIENT_ID: $(PMC_CLIENT_ID) + PMC_CERT: $(PMCProdCertificate) - script: | set -e