From 984a878ffbef29d60fbce159b25e189f1b7be7c5 Mon Sep 17 00:00:00 2001 From: Vladimir Morozov Date: Tue, 17 Mar 2026 17:54:12 -0700 Subject: [PATCH] Speed up the publish pipeline (#15785) --- .ado/publish.yml | 191 ++++++++---------- .ado/release.yml | 63 +++++- .ado/templates/checkout-shallow.yml | 2 +- .ado/templates/esrp-codesign-binaries.yml | 45 +++++ .ado/templates/esrp-codesign-nuget.yml | 39 ++++ .ado/templates/prep-and-pack-nuget.yml | 6 - .ado/templates/prep-and-pack-single.yml | 99 +-------- ...-959c3f60-0f33-4ac8-a081-dc6452e2d455.json | 7 + ...Microsoft.ReactNative.NewArch.Publish.slnf | 13 ++ .../PropertySheets/CIBuildOptimizations.props | 29 +++ vnext/ReactWindows-Desktop.Publish.slnf | 14 ++ 11 files changed, 291 insertions(+), 217 deletions(-) create mode 100644 .ado/templates/esrp-codesign-binaries.yml create mode 100644 .ado/templates/esrp-codesign-nuget.yml create mode 100644 change/react-native-windows-959c3f60-0f33-4ac8-a081-dc6452e2d455.json create mode 100644 vnext/Microsoft.ReactNative.NewArch.Publish.slnf create mode 100644 vnext/PropertySheets/CIBuildOptimizations.props create mode 100644 vnext/ReactWindows-Desktop.Publish.slnf diff --git a/.ado/publish.yml b/.ado/publish.yml index 71406cfa8f3..d49989c10f7 100644 --- a/.ado/publish.yml +++ b/.ado/publish.yml @@ -1,10 +1,6 @@ name: 0.0.$(Date:yyMM.d)$(Rev:rrr) parameters: -- name: performBeachballCheck - displayName: Perform Beachball Check (Disable when promoting) - type: boolean - default: true - name: AgentPool type: object default: @@ -76,26 +72,13 @@ parameters: BuildConfiguration: Release BuildPlatform: ARM64 UseFabric: true - - Name: X64DebugFabric - BuildConfiguration: Debug - BuildPlatform: x64 UseFabric: true - - Name: X86DebugFabric - BuildConfiguration: Debug - BuildPlatform: x86 UseFabric: true - - Name: Arm64DebugFabric - BuildConfiguration: Debug - BuildPlatform: ARM64 UseFabric: true variables: - template: variables/windows.yml - group: RNW Secrets - - name: FailCGOnAlert - value: false - - name: EnableCodesign - value: true trigger: none pr: none @@ -110,54 +93,50 @@ extends: template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates parameters: pool: ${{ parameters.AgentPool.Medium }} - customBuildTags: - - ES365AIMigrationTooling + featureFlags: + autoEnablePREfastWithNewRuleset: false # PREfast produces 0 actionable findings; auto-enable injects /analyze into every C++ TU, generating ~2656 SARIF files that Guardian uploads for ~19 min per native build sdl: credscan: suppressionsFile: $(Build.SourcesDirectory)\.ado\config\CredScanSuppressions.json spotBugs: enabled: false # We don't have any java, but random packages in node_modules do + prefast: + enabled: false stages: - stage: RNWPublish jobs: - - job: RnwPublishPrep - displayName: React-Native-Windows Publish Prep + # Set version variables + - job: SetVersionVars + displayName: Set Version Variables pool: ${{ parameters.AgentPool.Medium }} - timeoutInMinutes: 120 - cancelTimeoutInMinutes: 5 + timeoutInMinutes: 15 steps: - - template: .ado/templates/checkout-full.yml@self + - template: .ado/templates/checkout-shallow.yml@self + + - template: .ado/templates/set-version-vars.yml@self parameters: - persistCredentials: false + buildEnvironment: Continuous - - powershell: gci env:/BUILD_* - displayName: Show build information + # We new npmPack.js in Release pipeline to detect already published NPM packages and avoid publishing them again + - script: copy ".ado\scripts\npmPack.js" "$(Build.StagingDirectory)\versionEnvVars\npmPack.js" + displayName: Include npmPack.js in VersionEnvVars artifact - - template: .ado/templates/prepare-js-env.yml@self + templateContext: + outputs: + - output: pipelineArtifact + displayName: 'Publish version variables' + targetPath: $(Build.StagingDirectory)/versionEnvVars + artifactName: VersionEnvVars - - template: .ado/templates/run-compliance-prebuild.yml@self - - - script: if not exist %USERPROFILE%\AppData\Roaming\npm (mkdir %USERPROFILE%\AppData\Roaming\npm) - displayName: Fix missing npm config - - - pwsh: | - npx beachball check --verbose 2>&1 | Tee-Object -Variable beachballOutput - $beachballErrors = $beachballOutput | Where-Object { $_ -match "ERROR: *"} - $beachballErrors | ForEach { Write-Host "##vso[task.logissue type=error]$_" } - if ( $beachballErrors.Count -gt 0) { throw "Beachball check found $($beachballErrors.Count) errors." } - displayName: Beachball Check - condition: ${{ parameters.performBeachballCheck }} - - - job: RnwNpmPublish - displayName: React-Native-Windows Npm Pack - dependsOn: RnwPublishPrep - pool: - name: Azure-Pipelines-1ESPT-ExDShared - image: windows-latest - os: windows - timeoutInMinutes: 120 + # Create NPM packages + - job: RnwNpmPack + displayName: Create NPM packages + pool: ${{ parameters.AgentPool.Medium }} + timeoutInMinutes: 60 cancelTimeoutInMinutes: 5 steps: + - template: .ado/templates/checkout-shallow.yml@self + - template: .ado/templates/prepare-js-env.yml@self parameters: agentImage: HostedImage @@ -168,21 +147,6 @@ extends: - script: dir /s "$(Pipeline.Workspace)\published-packages" displayName: Show created npm packages - - template: .ado/templates/set-version-vars.yml@self - parameters: - buildEnvironment: Continuous - - - script: echo NpmDistTag is $(NpmDistTag) - displayName: Show NPM dist tag - - - script: copy ".ado\scripts\npmPack.js" "$(Build.StagingDirectory)\versionEnvVars\npmPack.js" - displayName: Include npmPack.js in VersionEnvVars artifact - - - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0 - displayName: 📒 Generate Manifest Npm - inputs: - BuildDropPath: $(System.DefaultWorkingDirectory) - templateContext: outputs: - output: pipelineArtifact @@ -190,23 +154,23 @@ extends: condition: succeededOrFailed() targetPath: $(Pipeline.Workspace)/published-packages artifactName: NpmPackedTarballs - - output: pipelineArtifact - displayName: "📒 Publish Manifest Npm" - artifactName: SBom-$(System.JobAttempt) - targetPath: $(System.DefaultWorkingDirectory)/_manifest - sbomEnabled: false # This output is in fact an SBOM itself - - output: pipelineArtifact - displayName: 'Publish version variables' - targetPath: $(Build.StagingDirectory)/versionEnvVars - artifactName: VersionEnvVars + # Run linting + - template: .ado/jobs/linting.yml@self + parameters: + buildEnvironment: Continuous + AgentPool: ${{ parameters.AgentPool }} + + # Create and sign Destop DLLs - ${{ each matrix in parameters.desktopBuildMatrix }}: - job: RnwNativeBuildDesktop${{ matrix.Name }} displayName: Build Desktop ${{ matrix.Name }} - dependsOn: RnwNpmPublish + dependsOn: SetVersionVars pool: ${{ parameters.AgentPool.Large }} timeoutInMinutes: 360 # CodeQL requires 3x usual build timeout steps: + - template: .ado/templates/checkout-shallow.yml@self + - template: .ado/templates/prepare-js-env.yml@self - template: .ado/templates/prepare-build-env.yml@self @@ -220,10 +184,11 @@ extends: - template: .ado/templates/msbuild-sln.yml@self parameters: solutionDir: vnext - solutionName: ReactWindows-Desktop.sln + solutionName: ReactWindows-Desktop.Publish.slnf buildPlatform: ${{ matrix.BuildPlatform }} buildConfiguration: ${{ matrix.BuildConfiguration }} oneESMode: true ## Files are only copied to staging, not published + msbuildArguments: /p:ForceImportAfterCppTargets=$(Build.SourcesDirectory)\vnext\PropertySheets\CIBuildOptimizations.props - template: .ado/templates/publish-build-artifacts.yml@self parameters: @@ -232,14 +197,20 @@ extends: buildPlatform: ${{ matrix.BuildPlatform }} buildConfiguration: ${{ matrix.BuildConfiguration }} contents: | - React.Windows.Desktop\** - React.Windows.Desktop.DLL\** - React.Windows.Desktop.Test.DLL\** + React.Windows.Desktop\Microsoft.ReactNative.winmd + React.Windows.Desktop.DLL\react-native-win32.* - - template: .ado/templates/component-governance.yml@self + - template: .ado/templates/esrp-codesign-binaries.yml@self + parameters: + displayName: 'CodeSign Desktop Binaries' + folderPath: $(Build.StagingDirectory)/NuGet/Desktop/${{ matrix.BuildPlatform }}/${{ matrix.BuildConfiguration }} + pattern: | + **/react-native-win32.dll templateContext: sdl: + prefast: + enabled: false binskim: analyzeTargetGlob: '$(Build.SourcesDirectory)\vnext\target\${{ matrix.BuildPlatform }}\${{ matrix.BuildConfiguration }}\React.Windows.Desktop.DLL\react-native-win32.dll' outputs: @@ -258,13 +229,16 @@ extends: artifactName: Desktop.${{matrix.buildPlatform}}.${{matrix.buildConfiguration}} targetPath: $(Build.StagingDirectory)/NuGet/Desktop/${{matrix.buildPlatform}}/${{matrix.buildConfiguration}} + # Create and sign Universal DLLs - ${{ each matrix in parameters.universalBuildMatrix }}: - job: RnwNativeBuildUniversal${{ matrix.Name }} displayName: Build Universal ${{ matrix.Name }} - dependsOn: RnwNpmPublish + dependsOn: SetVersionVars pool: ${{ parameters.AgentPool.Large }} timeoutInMinutes: 360 # CodeQL requires 3x usual build timeout steps: + - template: .ado/templates/checkout-shallow.yml@self + - template: .ado/templates/prepare-js-env.yml@self - template: .ado/templates/prepare-build-env.yml@self @@ -279,12 +253,13 @@ extends: parameters: solutionDir: vnext ${{ if eq(matrix.UseFabric, true) }}: - solutionName: Microsoft.ReactNative.NewArch.sln + solutionName: Microsoft.ReactNative.NewArch.Publish.slnf ${{ else }}: solutionName: Microsoft.ReactNative.sln buildPlatform: ${{ matrix.BuildPlatform }} buildConfiguration: ${{ matrix.BuildConfiguration }} oneESMode: true ## Files are only copied to staging, not published + msbuildArguments: /p:ForceImportAfterCppTargets=$(Build.SourcesDirectory)\vnext\PropertySheets\CIBuildOptimizations.props - task: PowerShell@2 displayName: Make AnyCPU Reference Assemblies @@ -302,15 +277,22 @@ extends: buildPlatform: ${{ matrix.BuildPlatform }} buildConfiguration: ${{ matrix.BuildConfiguration }} contents: | - Microsoft.ReactNative\** - Microsoft.ReactNative.Managed\** - Microsoft.ReactNative.Managed.CodeGen\** - Microsoft.ReactNative.CsWinRT\** + Microsoft.ReactNative\Microsoft.ReactNative.* + Microsoft.ReactNative.CsWinRT\Microsoft.ReactNative.Projection.* - - template: .ado/templates/component-governance.yml@self + - template: .ado/templates/esrp-codesign-binaries.yml@self + parameters: + displayName: 'CodeSign Microsoft.ReactNative Binaries' + folderPath: $(Build.StagingDirectory)/NuGet/ReactWindows/${{ matrix.BuildPlatform }}/${{ matrix.BuildConfiguration }} + pattern: | + **/Microsoft.ReactNative.dll + **/Microsoft.ReactNative.winmd + **/Microsoft.ReactNative.Projection.dll templateContext: sdl: + prefast: + enabled: false binskim: analyzeTargetGlob: '$(Build.SourcesDirectory)\vnext\target\${{ matrix.BuildPlatform }}\${{ matrix.BuildConfiguration }}\Microsoft.ReactNative\Microsoft.ReactNative.dll' outputs: @@ -334,16 +316,18 @@ extends: artifactName: ReactWindows.${{ matrix.BuildPlatform }}.${{ matrix.BuildConfiguration }} targetPath: $(Build.StagingDirectory)/NuGet/ReactWindows/${{ matrix.BuildPlatform }}/${{ matrix.BuildConfiguration }} + # Create Nuget packages - job: RNWNuget + displayName: Pack NuGet dependsOn: - - RnwNpmPublish + - RnwNpmPack + - Linting - ${{ each matrix in parameters.desktopBuildMatrix }}: - RnwNativeBuildDesktop${{ matrix.Name }} - ${{ each matrix in parameters.universalBuildMatrix }}: - RnwNativeBuildUniversal${{ matrix.Name }} - displayName: Sign Binaries and Publish NuGet pool: ${{ parameters.AgentPool.Medium }} - timeoutInMinutes: 120 # Protect against the long CodeSign task + timeoutInMinutes: 60 # Protect against the long CodeSign task steps: - template: .ado/templates/checkout-shallow.yml@self @@ -352,7 +336,7 @@ extends: - template: .ado/templates/apply-published-version-vars.yml@self - # The commit tag in the nuspec requires that we use at least nuget 5.8 (because things break with nuget versions before and Vs 16.8 or later) + # The commit tag in the nuspec requires that we use at least nuget 5.8 (because things break with nuget versions before and VS 16.8 or later) - task: NuGetToolInstaller@1 inputs: versionSpec: ">=5.8.0" @@ -367,8 +351,6 @@ extends: packMicrosoftReactNativeCxx: true packMicrosoftReactNativeManaged: true packMicrosoftReactNativeManagedCodeGen: true - ${{ if or(eq(variables['EnableCodesign'], 'true'), endsWith(variables['Build.SourceBranchName'], '-stable')) }}: # Sign if EnableCodeSign or on *-stable release builds - signMicrosoft: true slices: - platform: x64 configuration: Release @@ -383,8 +365,6 @@ extends: publishCommitId: $(publishCommitId) npmVersion: $(npmVersion) packDesktop: true - ${{ if or(eq(variables['EnableCodesign'], 'true'), endsWith(variables['Build.SourceBranchName'], '-stable')) }}: # Sign if EnableCodeSign or on *-stable release builds - signMicrosoft: true slices: - platform: x64 configuration: Release @@ -399,25 +379,12 @@ extends: - platform: ARM64EC configuration: Debug - # Symbol Publishing for Work Item 59264834 - MSRC Compliance - # continueOnError: Duplicate symbols are expected when the pipeline - # is re-run for the same version. The symbols already exist on the - # server, so it is safe to continue. - - task: PublishSymbols@2 - displayName: 'Publish Symbols to Microsoft Symbol Server' - continueOnError: true + - template: .ado/templates/esrp-codesign-nuget.yml@self + parameters: + displayName: 'CodeSign all NuGet packages' + folderPath: $(System.DefaultWorkingDirectory)/NugetRootFinal + pattern: '**/*.nupkg' condition: and(succeeded(), in(variables['Build.Reason'], 'IndividualCI', 'BatchedCI')) - inputs: - UseNetCoreClientTool: true - ConnectedServiceName: Office-React-Native-Windows-Bot - SymbolsFolder: '$(System.DefaultWorkingDirectory)\NugetRoot' - SearchPattern: '**/*.pdb' - SymbolServerType: 'TeamServices' - SymbolsProduct: 'ReactNativeWindows' - SymbolsVersion: '$(Build.BuildNumber)' - SymbolsArtifactName: 'ReactNativeWindows-Symbols-$(Build.BuildId)' - DetailedLog: true - TreatNotIndexedAsWarning: false templateContext: sdl: diff --git a/.ado/release.yml b/.ado/release.yml index d8a20a99e4c..769fb4197b5 100644 --- a/.ado/release.yml +++ b/.ado/release.yml @@ -30,8 +30,6 @@ extends: name: Azure-Pipelines-1ESPT-ExDShared image: windows-latest os: windows - customBuildTags: - - ES365AIMigrationTooling-Release stages: - stage: Release displayName: Publish artifacts @@ -73,7 +71,7 @@ extends: Write-Host "Found $tgzCount .tgz files" Write-Host "##vso[task.setvariable variable=HasPackagesToPublish]$($tgzCount -gt 0)" displayName: Check if there are packages to publish - - task: 'SFP.release-tasks.custom-build-release-task.EsrpRelease@10' + - task: 'EsrpRelease@11' displayName: 'ESRP Release to npmjs.com' condition: and(succeeded(), ne(variables['NpmDistTag'], ''), eq(variables['HasPackagesToPublish'], 'true')) inputs: @@ -158,3 +156,62 @@ extends: - script: nuget.exe push .\Microsoft.ReactNative.*.nupkg -Source https://api.nuget.org/v3/index.json -SkipDuplicate -NoSymbol -NonInteractive -Verbosity Detailed displayName: NuGet push (nuget.org) workingDirectory: $(Pipeline.Workspace)/ReactWindows-final-nuget + + - job: PublishSymbols + displayName: Publish PDB Symbols to Symbol Server + timeoutInMinutes: 30 + templateContext: + type: releaseJob + isProduction: true + inputs: + - input: pipelineArtifact + pipeline: 'Publish' + artifactName: 'ReactWindows-final-nuget' + targetPath: '$(Pipeline.Workspace)/ReactWindows-final-nuget' + steps: + - powershell: | + # Extract PDB files from all NuGet packages (.nupkg are ZIP archives) + $nugetDir = "$(Pipeline.Workspace)/ReactWindows-final-nuget" + $symbolsDir = "$(Pipeline.Workspace)/symbols" + New-Item -ItemType Directory -Path $symbolsDir -Force | Out-Null + + $nupkgs = Get-ChildItem "$nugetDir/*.nupkg" + Write-Host "Found $($nupkgs.Count) NuGet packages" + + foreach ($nupkg in $nupkgs) { + Write-Host "Extracting PDBs from: $($nupkg.Name)" + $extractDir = "$symbolsDir/$($nupkg.BaseName)" + # Rename to .zip for Expand-Archive compatibility + $zipPath = "$nugetDir/$($nupkg.BaseName).zip" + Copy-Item $nupkg.FullName $zipPath + Expand-Archive -Path $zipPath -DestinationPath $extractDir -Force + Remove-Item $zipPath + } + + # Show extracted PDBs + $pdbs = Get-ChildItem "$symbolsDir" -Recurse -Filter "*.pdb" + Write-Host "`nFound $($pdbs.Count) PDB files:" + foreach ($pdb in $pdbs) { + Write-Host " $($pdb.FullName) ($([math]::Round($pdb.Length / 1MB, 2)) MB)" + } + + if ($pdbs.Count -eq 0) { + Write-Host "##vso[task.logissue type=warning]No PDB files found in NuGet packages" + } + displayName: Extract PDBs from NuGet packages + + - task: PublishSymbols@2 + displayName: 'Publish Symbols to Microsoft Symbol Server' + continueOnError: true + inputs: + UseNetCoreClientTool: true + ConnectedServiceName: Office-React-Native-Windows-Bot + SymbolsFolder: '$(Pipeline.Workspace)/symbols' + SearchPattern: '**/*.pdb' + SymbolServerType: 'TeamServices' + IndexSources: false # SourceLink is already embedded in PDBs at compile time + SymbolsProduct: 'ReactNativeWindows' + SymbolsVersion: '$(Build.BuildNumber)' + SymbolsArtifactName: 'ReactNativeWindows-Symbols-$(Build.BuildId)' + DetailedLog: true + TreatNotIndexedAsWarning: false diff --git a/.ado/templates/checkout-shallow.yml b/.ado/templates/checkout-shallow.yml index 21460b9c88d..20c685f9395 100644 --- a/.ado/templates/checkout-shallow.yml +++ b/.ado/templates/checkout-shallow.yml @@ -2,7 +2,7 @@ # without full history. steps: - checkout: self - fetchDepth: 10 # Buffer to avoid race condition with AZP jobs started against merge branch + fetchDepth: 1 clean: false submodules: false lfs: false diff --git a/.ado/templates/esrp-codesign-binaries.yml b/.ado/templates/esrp-codesign-binaries.yml new file mode 100644 index 00000000000..9c8c03adcf5 --- /dev/null +++ b/.ado/templates/esrp-codesign-binaries.yml @@ -0,0 +1,45 @@ +parameters: + - name: displayName + type: string + - name: folderPath + type: string + - name: pattern + type: string + +steps: + - task: EsrpCodeSigning@6 + displayName: ${{ parameters.displayName }} + inputs: + ConnectedServiceName: 'ESRP-CodeSigning-OGX-JSHost-RNW' + AppRegistrationClientId: '0a35e01f-eadf-420a-a2bf-def002ba898d' + AppRegistrationTenantId: 'cdc5aeea-15c5-4db6-b079-fcadd2505dc2' + AuthAKVName: 'OGX-JSHost-KV' + AuthCertName: 'OGX-JSHost-Auth4' + AuthSignCertName: 'OGX-JSHost-Sign3' + FolderPath: ${{ parameters.folderPath }} + Pattern: ${{ parameters.pattern }} + UseMinimatch: true + signConfigType: inlineSignParams + inlineOperation: | + [ + { + "KeyCode" : "CP-230012", + "OperationCode" : "SigntoolSign", + "Parameters" : { + "OpusName" : "Microsoft", + "OpusInfo" : "http://www.microsoft.com", + "FileDigest" : "/fd \"SHA256\"", + "PageHash" : "/PH", + "TimeStamp" : "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" + }, + "ToolName" : "sign", + "ToolVersion" : "1.0" + }, + { + "KeyCode" : "CP-230012", + "OperationCode" : "SigntoolVerify", + "Parameters" : {}, + "ToolName" : "sign", + "ToolVersion" : "1.0" + } + ] diff --git a/.ado/templates/esrp-codesign-nuget.yml b/.ado/templates/esrp-codesign-nuget.yml new file mode 100644 index 00000000000..3666061449f --- /dev/null +++ b/.ado/templates/esrp-codesign-nuget.yml @@ -0,0 +1,39 @@ +parameters: + - name: displayName + type: string + - name: folderPath + type: string + - name: pattern + type: string + +steps: + - task: EsrpCodeSigning@6 + displayName: ${{ parameters.displayName }} + inputs: + ConnectedServiceName: 'ESRP-CodeSigning-OGX-JSHost-RNW' + AppRegistrationClientId: '0a35e01f-eadf-420a-a2bf-def002ba898d' + AppRegistrationTenantId: 'cdc5aeea-15c5-4db6-b079-fcadd2505dc2' + AuthAKVName: 'OGX-JSHost-KV' + AuthCertName: 'OGX-JSHost-Auth4' + AuthSignCertName: 'OGX-JSHost-Sign3' + FolderPath: ${{ parameters.folderPath }} + Pattern: ${{ parameters.pattern }} + UseMinimatch: true + signConfigType: inlineSignParams + inlineOperation: | + [ + { + "KeyCode" : "CP-401405", + "OperationCode" : "NuGetSign", + "Parameters" : {}, + "ToolName" : "sign", + "ToolVersion" : "1.0" + }, + { + "KeyCode" : "CP-401405", + "OperationCode" : "NuGetVerify", + "Parameters" : {}, + "ToolName" : "sign", + "ToolVersion" : "1.0" + } + ] diff --git a/.ado/templates/prep-and-pack-nuget.yml b/.ado/templates/prep-and-pack-nuget.yml index 95628d46e89..38a167e3378 100644 --- a/.ado/templates/prep-and-pack-nuget.yml +++ b/.ado/templates/prep-and-pack-nuget.yml @@ -35,9 +35,6 @@ parameters: type: boolean default: false - - name: signMicrosoft - type: boolean - default: false steps: - pwsh: | @@ -102,8 +99,6 @@ steps: outputPackage: Microsoft.ReactNative slices: $(releaseSlices) packageVersion: ${{parameters.npmVersion}} - codesignBinaries: ${{ parameters.signMicrosoft }} - codesignNuget: ${{ parameters.signMicrosoft }} buildProperties: CommitId=${{parameters.publishCommitId}};nugetroot=${{parameters.nugetroot}};baseconfiguration=Release;baseplatform=$(releaseBasePlatform) @@ -113,7 +108,6 @@ steps: outputPackage: Microsoft.ReactNative.Cxx packageVersion: ${{parameters.npmVersion}} buildProperties: CommitId=${{parameters.publishCommitId}};nugetroot=${{parameters.nugetroot}};baseconfiguration=$(baseConfiguration);baseplatform=$(basePlatform) - codesignNuget: ${{ parameters.signMicrosoft }} - ${{ if eq(parameters.packMicrosoftReactNativeManaged, true) }}: - ${{ if containsValue(parameters.slices.*.configuration, 'Release') }}: diff --git a/.ado/templates/prep-and-pack-single.yml b/.ado/templates/prep-and-pack-single.yml index e07757bdbfd..cdc7d7f4081 100644 --- a/.ado/templates/prep-and-pack-single.yml +++ b/.ado/templates/prep-and-pack-single.yml @@ -2,7 +2,7 @@ parameters: # Required: Name to publish the NuGet Package As - name: outputPackage type: string - + # Required: NPM-matching version - name: packageVersion type: string @@ -12,33 +12,17 @@ parameters: type: string default: '' - # Optional: Pattern of binaries within the artifact to sign as part of this - # NuGet package. Defaults to .dll, .winmd, .exe matching the nuspec name - - name: binariesToSign - type: string - default: '' - # Optional: Excludes platform-specific files from the NuSpec of they are not # included in slices - name: slices type: string default: '' - # Optional: Properties to pass to nuspec + # Optional: Properties to pass to nuspec - name: buildProperties type: string default: '' - # Optional: Whether to sign binaries - - name: codesignBinaries - type: boolean - default: false - - # Optional: Whether to sign the NuGet packag - - name: codesignNuget - type: boolean - default: false - steps: - powershell: gci $(System.DefaultWorkingDirectory)/NugetRoot @@ -54,50 +38,8 @@ steps: displayName: '${{ parameters.outputPackage }} - Strip slices from nuspec' workingDirectory: $(System.DefaultWorkingDirectory)/NugetRoot - - ${{ if eq(parameters.codesignBinaries, true) }}: - - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5 - displayName: '${{ parameters.outputPackage }} CodeSign Binaries' - inputs: - ConnectedServiceName: 'ESRP-CodeSigning-OGX-JSHost-RNW' - AppRegistrationClientId: '0a35e01f-eadf-420a-a2bf-def002ba898d' - AppRegistrationTenantId: 'cdc5aeea-15c5-4db6-b079-fcadd2505dc2' - AuthAKVName: 'OGX-JSHost-KV' - AuthCertName: 'OGX-JSHost-Auth4' - AuthSignCertName: 'OGX-JSHost-Sign3' - FolderPath: $(System.DefaultWorkingDirectory)/NugetRoot - # Recursively finds files matching these patterns: - ${{ if ne(parameters.binariesToSign, '') }}: - Pattern: ${{ parameters.binariesToSign }} - ${{ else }}: - Pattern: | - **/${{ coalesce(parameters.nuspec, parameters.outputPackage) }}.dll - **/${{ coalesce(parameters.nuspec, parameters.outputPackage) }}.winmd - **/${{ coalesce(parameters.nuspec, parameters.outputPackage) }}.exe - UseMinimatch: true - signConfigType: inlineSignParams - inlineOperation: | - [ - { - "KeyCode" : "CP-230012", - "OperationCode" : "SigntoolSign", - "Parameters" : { - "OpusName" : "Microsoft", - "OpusInfo" : "http://www.microsoft.com", - "FileDigest" : "/fd \"SHA256\"", - "PageHash" : "/PH", - "TimeStamp" : "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" - }, - "ToolName" : "sign", - "ToolVersion" : "1.0" - }, - { - "KeyCode" : "CP-230012", - "OperationCode" : "SigntoolVerify", - "Parameters" : {}, - "ToolName" : "sign", - "ToolVersion" : "1.0" - } - ] + # Binary signing is done in build jobs (ESRP CodeSign before artifact upload) + # NuGet signing is done in batch in publish.yml (single ESRP call for all .nupkg) # NuGetCommand@2 workaround: https://developercommunity.visualstudio.com/content/problem/288534/vsts-yaml-build-failure-the-task-name-nugetcommand.html - task: 333b11bd-d341-40d9-afcf-b32d5ce6f23b@2 @@ -109,39 +51,6 @@ steps: packDestination: $(System.DefaultWorkingDirectory)/NugetRootFinal buildProperties: version=${{ parameters.packageVersion }};id=${{ parameters.outputPackage }};${{ parameters.buildProperties }} - - ${{ if eq(parameters.codesignNuget, true) }}: - - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5 - displayName: '${{ parameters.outputPackage }} CodeSign NuGet' - inputs: - ConnectedServiceName: 'ESRP-CodeSigning-OGX-JSHost-RNW' - AppRegistrationClientId: '0a35e01f-eadf-420a-a2bf-def002ba898d' - AppRegistrationTenantId: 'cdc5aeea-15c5-4db6-b079-fcadd2505dc2' - AuthAKVName: 'OGX-JSHost-KV' - AuthCertName: 'OGX-JSHost-Auth4' - AuthSignCertName: 'OGX-JSHost-Sign3' - FolderPath: $(System.DefaultWorkingDirectory)/NugetRootFinal - Pattern: | - **/${{ parameters.outputPackage }}.${{ parameters.packageVersion }}.nupkg - UseMinimatch: true - signConfigType: inlineSignParams - inlineOperation: | - [ - { - "KeyCode" : "CP-401405", - "OperationCode" : "NuGetSign", - "Parameters" : {}, - "ToolName" : "sign", - "ToolVersion" : "1.0" - }, - { - "KeyCode" : "CP-401405", - "OperationCode" : "NuGetVerify", - "Parameters" : {}, - "ToolName" : "sign", - "ToolVersion" : "1.0" - } - ] - - powershell: gci $(System.DefaultWorkingDirectory)/NugetRootFinal displayName: List files in NugetRootFinal diff --git a/change/react-native-windows-959c3f60-0f33-4ac8-a081-dc6452e2d455.json b/change/react-native-windows-959c3f60-0f33-4ac8-a081-dc6452e2d455.json new file mode 100644 index 00000000000..9b547c58d34 --- /dev/null +++ b/change/react-native-windows-959c3f60-0f33-4ac8-a081-dc6452e2d455.json @@ -0,0 +1,7 @@ +{ + "type": "prerelease", + "comment": "Speed up the publish pipeline", + "packageName": "react-native-windows", + "email": "vmorozov@microsoft.com", + "dependentChangeType": "patch" +} diff --git a/vnext/Microsoft.ReactNative.NewArch.Publish.slnf b/vnext/Microsoft.ReactNative.NewArch.Publish.slnf new file mode 100644 index 00000000000..39839fab846 --- /dev/null +++ b/vnext/Microsoft.ReactNative.NewArch.Publish.slnf @@ -0,0 +1,13 @@ +{ + "solution": { + "path": "Microsoft.ReactNative.NewArch.sln", + "projects": [ + "Common\\Common.vcxproj", + "Folly\\Folly.vcxproj", + "fmt\\fmt.vcxproj", + "Microsoft.ReactNative\\Microsoft.ReactNative.vcxproj", + "Microsoft.ReactNative.CsWinRT\\Microsoft.ReactNative.CsWinRT.csproj", + "ReactCommon\\ReactCommon.vcxproj" + ] + } +} diff --git a/vnext/PropertySheets/CIBuildOptimizations.props b/vnext/PropertySheets/CIBuildOptimizations.props new file mode 100644 index 00000000000..61d0244f890 --- /dev/null +++ b/vnext/PropertySheets/CIBuildOptimizations.props @@ -0,0 +1,29 @@ + + + + + false + false + false + + + + false + false + %(AdditionalOptions) /MP + + + diff --git a/vnext/ReactWindows-Desktop.Publish.slnf b/vnext/ReactWindows-Desktop.Publish.slnf new file mode 100644 index 00000000000..0261a90d017 --- /dev/null +++ b/vnext/ReactWindows-Desktop.Publish.slnf @@ -0,0 +1,14 @@ +{ + "solution": { + "path": "ReactWindows-Desktop.sln", + "projects": [ + "Common\\Common.vcxproj", + "Desktop\\React.Windows.Desktop.vcxproj", + "Desktop.DLL\\React.Windows.Desktop.DLL.vcxproj", + "Folly\\Folly.vcxproj", + "FollyWin32\\FollyWin32.vcxproj", + "ReactCommon\\ReactCommon.vcxproj", + "fmt\\fmt.vcxproj" + ] + } +}