Tailor for MSAL

Author: rayluo

.ado/azure-pipelines.yml

@@ -53,11 +53,11 @@ parameters:
 
 resources:
   repositories:
-  - repository: dlltracer
-    name: microsoft/dlltracer-python
+  - repository: source_repo
+    name: AzureAD/microsoft-authentication-library-for-python
     type: github
-    ref: main
-    endpoint: zooba
+    ref: main  # Branch to use?
+    #endpoint: github.com_Avery-Dunn  # Name of service connection
   - repository: 1esPipelines
     type: git
     name: 1ESPipelineTemplates/1ESPipelineTemplates
@@ -68,7 +68,7 @@ trigger: none
 
 
 variables:
-  REF: $[ resources.repositories['dlltracer'].ref ]
+  REF: $[ resources.repositories['source_repo'].ref ]
   PIP_DISABLE_PIP_VERSION_CHECK: true
   PIP_NO_COLOR: true
   PIP_NO_INPUT: true
@@ -89,7 +89,7 @@ extends:
     sdl:
       sourceRepositoriesToScan:
         include:
-        - repository: dlltracer
+        - repository: source_repo
 
     customBuildTags:
     - ${{ if eq(parameters.Signed, 'true') }}:

.ado/build.yml

@@ -1,3 +1,4 @@
+# Derived from https://dev.azure.com/mseng/Python/_git/dlltracer-python?path=/build.yml
 parameters:
   Artifact: dist
   pythons: []
@@ -18,7 +19,8 @@ jobs:
     value: $(Build.BinariesDirectory)/layout
 
   steps:
-  - checkout: dlltracer
+  - checkout: self
+    submodules: false
 
   - task: UsePythonVersion@0
     inputs:
@@ -36,26 +38,30 @@ jobs:
         architecture: '${{ py.arch }}'
         addToPath: false
 
-  - task: PipAuthenticate@1
-    inputs:
-      artifactFeeds: Python
-    displayName: 'Authenticate pip for internal feed'
+  #- task: PipAuthenticate@1
+  #  inputs:
+  #    artifactFeeds: Python
+  #  displayName: 'Authenticate pip for internal feed'
 
-  - powershell: |
-      python -m pip install pymsbuild Cython
+  #- powershell: |
+  #    python -m pip install pymsbuild Cython
+  #  displayName: 'Install dependencies'
+  - script: |
+      python -m pip install pymsbuild
     displayName: 'Install dependencies'
 
-  - powershell: |
-      Write-Output "##vso[task.setvariable variable=GITHUB_REF]$(REF)"
-    displayName: 'Update build reference'
-    condition: and(succeeded(), startswith(variables['REF'], 'refs/tags/'))
+  #- powershell: |
+  #    Write-Output "##vso[task.setvariable variable=GITHUB_REF]$(REF)"
+  #  displayName: 'Update build reference'
+  #  condition: and(succeeded(), startswith(variables['REF'], 'refs/tags/'))
 
   ##############################################################################
   # BUILD SDIST and EXTENSION MODULES
   ##############################################################################
 
   # sdist requires no signing/SBOM or special handling, so just build it
-  - powershell: |
+  #- powershell: |
+  - script: |
       python -m pymsbuild sdist -d $(DistDir)
     displayName: 'Build sdist'
 
@@ -91,8 +97,8 @@ jobs:
               "KeyCode" : "${{parameters.SigningKeyCode}}",
               "OperationCode" : "SigntoolSign",
               "Parameters" : {
-                "OpusName" : "dlltracer-python $(REF)",
-                "OpusInfo" : "https://github.com/microsoft/dlltracer-python/",
+                "OpusName" : "microsoft-authentication-library-for-python $(REF)",
+                "OpusInfo" : "https://github.com/AzureAD/microsoft-authentication-library-for-python",
                 "Append" : "/as",
                 "FileDigest" : "/fd \"SHA256\"",
                 "PageHash" : "/NPH",
@@ -152,8 +158,8 @@ jobs:
     displayName: 'Test that SDist will build'
 
   - powershell: |
-      python -m pip install dlltracer
-      if ($?) { python -c "import dlltracer, dlltracer._native" }
+      python -m pip install -r requirements.txt
+      if ($?) { python -c "import msal; print(msal.__version__)" }
     displayName: 'Check that built module will import'
     env:
       PIP_NO_DEPS: 1

.ado/esrp.yml

@@ -0,0 +1,108 @@
+#################################################################################
+#                         OneBranch Pipelines - Official and CI                 #
+# This pipeline was created by EasyStart from a sample located at:              #
+#   https://aka.ms/obpipelines/easystart/samples                                #
+# Documentation:  https://aka.ms/obpipelines                                    #
+# Yaml Schema:    https://aka.ms/obpipelines/yaml/schema                        #
+# Retail Tasks:   https://aka.ms/obpipelines/tasks                              #
+# Support:        https://aka.ms/onebranchsup                                   #
+#################################################################################
+
+trigger: none # https://aka.ms/obpipelines/triggers
+
+parameters: # parameters are shown up in ADO UI in a build queue time
+  - name: 'debug'
+    displayName: 'Enable debug output'
+    type: boolean
+    default: false
+
+variables:
+  CDP_DEFINITION_BUILD_COUNT: $[counter('', 0)] # needed for onebranch.pipeline.version task https://aka.ms/obpipelines/versioning
+  system.debug: ${{ parameters.debug }}
+  ENABLE_PRS_DELAYSIGN: 1
+  ROOT: $(Build.SourcesDirectory)
+  REPOROOT: $(Build.SourcesDirectory)
+  OUTPUTROOT: $(REPOROOT)\out
+  NUGET_XMLDOC_MODE: none
+
+  WindowsContainerImage: 'onebranch.azurecr.io/windows/ltsc2022/vse2022:latest' # https://aka.ms/obpipelines/containers
+
+resources:
+  repositories:
+    - repository: templates
+      type: git
+      name: OneBranch.Pipelines/GovernedTemplates
+      ref: refs/heads/main
+
+extends:
+  template: v2/OneBranch.NonOfficial.CrossPlat.yml@templates # https://aka.ms/obpipelines/templates
+  parameters:
+    cloudvault: # https://aka.ms/obpipelines/cloudvault
+      'enabled': false
+    globalSdl: # https://aka.ms/obpipelines/sdl
+      asyncSdl: # https://aka.ms/obpipelines/asyncsdl
+        enabled: false
+      # tsa:
+      #   enabled: true
+      #   breakOnFailure: true
+      # credscan:
+      #   suppressionsFile: $(Build.SourcesDirectory)\.config\CredScanSuppression.json
+      binskim:
+        break: true # always break the build on binskim issues. You can disable it by setting to 'false'
+      policheck:
+        break: true # always break the build on policheck issues. You can disable it by setting to 'false'
+        exclusionsFile: $(Build.SourcesDirectory)\.config\PolicheckExclusion.xml
+      suppression:
+        suppressionFile: $(Build.SourcesDirectory)\.gdn\global.gdnsuppress #suppressing signing issues for Xamarin dlls
+      perStage:
+        sdl_sources:
+          checkout_all_repos: true
+    featureFlags:
+      WindowsHostVersion: '1ESWindows2022'
+
+    stages:
+      - stage: build
+        jobs:
+          - job: main
+            timeoutInMinutes: 120
+            pool:
+              type: windows  # read more about custom job pool types at https://aka.ms/obpipelines/yaml/jobs
+
+            variables:
+              ob_outputDirectory: '$(Build.ArtifactStagingDirectory)' # this directory is uploaded to pipeline artifacts, reddog and cloudvault. More info at https://aka.ms/obpipelines/artifacts
+              ob_sdl_binskim_break: true # https://aka.ms/obpipelines/sdl
+              ${{ if eq(variables['Build.SourceBranch'], 'refs/heads/main') }}: # conditionally enable symbolsPublishing for default branch only
+                ob_symbolsPublishing_enabled: true # https://aka.ms/obpipelines/symbols
+              ob_symbolsPublishing_searchPattern: '**/*.pdb'
+              ob_symbolsPublishing_indexSources: true
+              ob_symbolsPublishing_symbolsFolder: $(Build.SourcesDirectory)/microsoft-authentication-library-for-java/msal4j-sdk/src
+              ${{ if eq(variables['variables.UploadPackages'], 'true') }}: #Uploads packages to VSTS feed. Only enabled on official build
+                ob_nugetPublishing_enabled: true
+
+            steps:
+              - checkout: self
+                submodules: false
+
+              - script: |
+                  python -m pip install build --user
+                  python -m build --sdist --wheel --outdir "$(Build.ArtifactStagingDirectory)" .
+
+              - task: EsrpRelease@7
+                inputs:
+                  DisplayName: 'Publish to PyPI'
+                  ConnectedServiceName: 'AuthSdkResourceManager'
+                  KeyVaultName: 'buildautomation'
+                  AuthCertName: 'MSALJava-ESRP-Release-Auth-PrivateCA'
+                  SignCertName: 'MSALJava-ESRP-Release-Sign-PublicCA'
+                  ClientId: 'b8d01fe0-7a50-4af7-abce-571ec99e87a0'
+                  Intent: 'PackageDistribution'
+                  ContentType: 'PyPI'
+                  ContentSource: 'Folder'
+                  FolderLocation: '$(Build.ArtifactStagingDirectory)/dist'
+                  waitforreleasecompletion: true
+                  Owners: '[email protected]'
+                  Approvers: '[email protected]'
+                  ServiceEndpointUrl: 'https://api.esrp.microsoft.com'
+                  MainPublisher: 'ESRPRELPACMAN'
+                  DomainTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47'
+

.ado/publish.yml

@@ -18,15 +18,15 @@ jobs:
     displayName: 'Download built distribution'
 
   - ${{ if eq(parameters.Feed, 'pypi') }}:
-    - task: EsrpRelease@4
+    - task: EsrpRelease@7
       displayName: 'ESRP Release to PyPI'
       inputs:
         ConnectedServiceName: 'Python ESRP Release'
         Intent: PackageDistribution
         ContentType: PyPI
         FolderLocation: $(DistDir)
-        Owners: 'stevdo@microsoft.com'
-        Approvers: 'grwheele@microsoft.com'
+        Owners: 'nugetaad@microsoft.com'
+        Approvers: 'rayluo@microsoft.com'
         ServiceEndpointUrl: 'https://api.esrp.microsoft.com'
         MainPublisher: 'Python'
         DomainTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47'