Build FIPS Agent chocolatey package (#32070)

.gitlab-ci.yml

@@ -584,8 +584,10 @@ workflow:
     when: always
 
 .on_deploy_stable_or_beta_repo_branch:
+  - !reference [.except_mergequeue]
   - <<: *if_not_stable_or_beta_repo_branch
-    when: never
+    when: manual
+    allow_failure: true
   - <<: *if_deploy
 
 .on_deploy_stable_or_beta_repo_branch_manual:

.gitlab/choco_build/choco_build.yml

@@ -14,8 +14,13 @@ windows_choco_offline_7_x64:
   script:
     - $ErrorActionPreference = "Stop"
     - Get-ChildItem omnibus\pkg
-    - copy omnibus\pkg\*.msi .\chocolatey\tools-offline\
-    - docker run --rm -v "$(Get-Location):c:\mnt" registry.ddbuild.io/ci/datadog-agent-buildimages/windows_1809_${ARCH}${Env:DATADOG_AGENT_WINBUILDIMAGES_SUFFIX}:${Env:DATADOG_AGENT_WINBUILDIMAGES} c:\mnt\tasks\winbuildscripts\chocopack.bat offline
+    - copy omnibus\pkg\*.msi .\chocolatey\datadog-agent\offline\tools\
+    - >
+      docker run --rm
+      -v "$(Get-Location):c:\mnt"
+      -e AWS_NETWORKING=true
+      registry.ddbuild.io/ci/datadog-agent-buildimages/windows_1809_${ARCH}${Env:DATADOG_AGENT_WINBUILDIMAGES_SUFFIX}:${Env:DATADOG_AGENT_WINBUILDIMAGES}
+      powershell.exe -C "C:\mnt\tasks\winbuildscripts\Generate-Chocolatey-Package.ps1 -InstallMethod offline -Flavor $FLAVOR -InstallDeps 1"
     - If ($lastExitCode -ne "0") { throw "Previous command returned $lastExitCode" }
     - copy build-out\*.nupkg omnibus\pkg
   artifacts:
@@ -24,12 +29,11 @@ windows_choco_offline_7_x64:
       - omnibus/pkg
 
 # The online version of the choco job gets the msi package through the gitlab artifacts
-windows_choco_online_7_x64:
+.windows_choco_online_7_x64:
   rules:
     !reference [.on_deploy_stable_or_beta_repo_branch]
   stage: choco_and_install_script_build
   tags: ["runner:windows-docker", "windowsversion:1809"]
-  needs: ["deploy_packages_windows-x64-7"]
   variables:
     ARCH: "x64"
   script:
@@ -43,10 +47,12 @@ windows_choco_online_7_x64:
     - >
       docker run --rm
       -v "$(Get-Location):c:\mnt"
+      -e CI_PROJECT_NAME=${CI_PROJECT_NAME}
       -e CI_PIPELINE_ID=${CI_PIPELINE_ID}
       -e BUCKET_BRANCH="$BUCKET_BRANCH"
+      -e AWS_NETWORKING=true
       registry.ddbuild.io/ci/datadog-agent-buildimages/windows_1809_${ARCH}${Env:DATADOG_AGENT_WINBUILDIMAGES_SUFFIX}:${Env:DATADOG_AGENT_WINBUILDIMAGES}
-      c:\mnt\tasks\winbuildscripts\chocopack.bat online c:\mnt\temp
+      powershell.exe -C "C:\mnt\tasks\winbuildscripts\Generate-Chocolatey-Package.ps1 -InstallMethod online -MSIDirectory c:\mnt\temp -Flavor $FLAVOR -InstallDeps 1"
     - If ($lastExitCode -ne "0") { throw "Previous command returned $lastExitCode" }
     - Remove-Item -Path "temp\" -Recurse -Force
     - copy build-out\*.nupkg omnibus\pkg
@@ -58,3 +64,23 @@ windows_choco_online_7_x64:
       - omnibus/pkg
   # Sometimes Chocolatey is flakey
   retry: 2
+
+windows_choco_online_7_x64:
+  extends: .windows_choco_online_7_x64
+  # On dev/PR branches:
+  #   - if the job is run manually it will create a package, but before the
+  #     package can be installed, the deploy_windows_testing-a7 job must
+  #     be run to push the MSI to the dd-agent-mstesting bucket.
+  needs: ["windows_msi_and_bosh_zip_x64-a7"]
+  variables:
+    FLAVOR: "datadog-agent"
+
+windows_choco_online_7_x64-fips:
+  extends: .windows_choco_online_7_x64
+  # On dev/PR branches:
+  #   - if the job is run manually it will create a package, but before the
+  #     package can be installed, the deploy_windows_testing-a7-fips job must
+  #     be run to push the MSI to the dd-agent-mstesting bucket.
+  needs: ["windows_msi_and_bosh_zip_x64-a7-fips"]
+  variables:
+    FLAVOR: "datadog-fips-agent"

chocolatey/datadog-agent-offline.nuspec → chocolatey/datadog-agent/offline/datadog-agent-offline.nuspec

@@ -26,6 +26,6 @@ For example, to set the API key you may run:
     <releaseNotes>$release_notes$</releaseNotes>
   </metadata>
   <files>
-    <file src="tools-offline\**" target="tools" />
+    <file src="tools\**" target="tools" />
   </files>
 </package>

chocolatey/datadog-agent-online.nuspec → chocolatey/datadog-agent/online/datadog-agent-online.nuspec

@@ -26,6 +26,6 @@ For example, to set the API key you may run:
     <releaseNotes>$release_notes$</releaseNotes>
   </metadata>
   <files>
-    <file src="tools-online\**" target="tools" />
+    <file src="tools\**" target="tools" />
   </files>
 </package>

chocolatey/datadog-fips-agent/online/datadog-fips-agent-online.nuspec

@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
+  <metadata>
+    <id>datadog-fips-agent</id>
+    <version>$version$</version>
+    <packageSourceUrl>https://github.com/DataDog/datadog-agent/tree/main/chocolatey</packageSourceUrl>
+    <owners>Datadog</owners>
+    <title>Datadog FIPS Agent</title>
+    <authors>Datadog</authors>
+    <projectUrl>https://github.com/DataDog/datadog-agent</projectUrl>
+    <iconUrl>https://datadog-prod.imgix.net/img/dd_logo_70x75.png</iconUrl>
+    <copyright>$copyright$</copyright>
+    <licenseUrl>https://raw.githubusercontent.com/DataDog/datadog-agent/main/LICENSE</licenseUrl>
+    <requireLicenseAcceptance>true</requireLicenseAcceptance>
+    <docsUrl>https://docs.datadoghq.com</docsUrl>
+    <tags>datadog agent monitoring admin</tags>
+    <summary>The Datadog FIPS Agent for Microsoft Windows</summary>
+    <description>The Datadog FIPS Agent faithfully collects events and metrics and brings them to Datadog on your behalf so that you can do something useful with your monitoring and performance data.
+
+## Package settings
+
+You may set [custom settings](https://docs.datadoghq.com/agent/basic_agent_usage/windows/?tab=commandline#installation) to the Agent when installing by using the  [`--installer-arguments` option of `choco install`](https://chocolatey.org/docs/getting-started#overriding-default-install-directory-or-other-advanced-install-concepts).
+
+For example, to set the API key you may run:
+`choco install -ia="APIKEY=""YOUR_DATADOG_API_KEY""" datadog-fips-agent`</description>
+    <releaseNotes>$release_notes$</releaseNotes>
+  </metadata>
+  <files>
+    <file src="tools\**" target="tools" />
+  </files>
+</package>

chocolatey/datadog-fips-agent/online/tools/VERIFICATION.txt

@@ -0,0 +1,5 @@
+VERIFICATION
+Verification is intended to assist the Chocolatey moderators and community in verifying that this package's contents are trustworthy.
+
+This package is published by Datadog itself.
+The binaries are identical to other package types for the Datadog FIPS Agent.

chocolatey/datadog-fips-agent/online/tools/chocolateyinstall.ps1

@@ -0,0 +1,27 @@
+$ErrorActionPreference = 'Stop';
+
+$toolsDir   = "$(Split-Path -parent $MyInvocation.MyCommand.Definition)"
+$packageArgs = @{
+  packageName   = $env:ChocolateyPackageName
+  unzipLocation = $toolsDir
+  fileType      = 'msi'
+  # Note: Url is replaced at build time with the full URL to the MSI
+  url64bit      = $__url_from_ci__
+  checksum64    = $__checksum_from_ci__
+  checksumType  = 'sha256'
+  softwareName  = "Datadog FIPS Agent"
+  silentArgs    = "/qn /norestart /l*v `"$($env:TEMP)\$($packageName).$($env:chocolateyPackageVersion).MsiInstall.log`""
+  validExitCodes= @(0, 3010, 1641)
+}
+Install-ChocolateyPackage @packageArgs
+
+$installInfo = @"
+---
+install_method:
+  tool: chocolatey
+  tool_version: chocolatey-$($env:CHOCOLATEY_VERSION)
+  installer_version: chocolatey_package-online
+"@
+
+$appDataDir = (Get-ItemProperty -Path "HKLM:\SOFTWARE\Datadog\Datadog Agent").ConfigRoot
+Out-File -FilePath $appDataDir\install_info -InputObject $installInfo