Setup OneBranch and package build

Author: andyleejordan

.github/workflows/ci-test.yml

@@ -34,6 +34,10 @@ jobs:
         run: ./build.ps1 -Configuration Release -All
         shell: pwsh
 
+      - name: Package
+        run: ./build.ps1 -BuildNupkg
+        shell: pwsh
+
       - name: Test
         run: ./build.ps1 -Test
         shell: pwsh
@@ -45,6 +49,13 @@ jobs:
         if: matrix.os == 'windows-latest'
         shell: powershell
 
+      - name: Upload build artifacts
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: PSScriptAnalyzer-package-${{ matrix.os }}
+          path: out/**/*.nupkg
+
       - name: Upload test results
         uses: actions/upload-artifact@v4
         if: always()

.pipelines/PSScriptAnalyzer-Official.yml

@@ -0,0 +1,173 @@
+#################################################################################
+#                               OneBranch Pipelines                             #
+# This pipeline was created by EasyStart from a sample located at:              #
+#   https://aka.ms/obpipelines/easystart/samples                                #
+# Documentation:  https://aka.ms/obpipelines                                    #
+# Yaml Schema:    https://aka.ms/obpipelines/yaml/schema                        #
+# Retail Tasks:   https://aka.ms/obpipelines/tasks                              #
+# Support:        https://aka.ms/onebranchsup                                   #
+#################################################################################
+
+trigger: none
+
+schedules:
+- cron: '20 16 * * 4'
+  displayName: Weekly CodeQL
+  branches:
+    include:
+    - main
+  always: true
+
+parameters:
+- name: debug
+  displayName: Enable debug output
+  type: boolean
+  default: false
+
+variables:
+  system.debug: ${{ parameters.debug }}
+  BuildConfiguration: Release
+  WindowsContainerImage: onebranch.azurecr.io/windows/ltsc2022/vse2022:latest
+  DOTNET_NOLOGO: true
+  DOTNET_GENERATE_ASPNET_CERTIFICATE: false
+
+resources:
+  repositories:
+    - repository: templates
+      type: git
+      name: OneBranch.Pipelines/GovernedTemplates
+      ref: refs/heads/main
+
+extends:
+  # https://aka.ms/obpipelines/templates
+  template: v2/OneBranch.Official.CrossPlat.yml@templates
+  parameters:
+    globalSdl: # https://aka.ms/obpipelines/sdl
+      asyncSdl:
+        enabled: true
+        forStages: [build]
+    featureFlags:
+      EnableCDPxPAT: false
+      WindowsHostVersion:
+        Version: 2022
+        Network: Netlock
+    stages:
+    - stage: build
+      jobs:
+      - job: main
+        displayName: Build package
+        pool:
+          type: windows
+        variables:
+          ob_outputDirectory: $(Build.SourcesDirectory)/out
+        steps:
+          - pwsh: |
+              [xml]$xml = Get-Content Engine/Engine.csproj
+              $version = $xml.SelectSingleNode(".//VersionPrefix")."#text"
+              Write-Output "##vso[task.setvariable variable=version;isOutput=true]$version"
+            name: package
+            displayName: Get version from project properties
+          - task: onebranch.pipeline.version@1
+            displayName: Set OneBranch version
+            inputs:
+              system: Custom
+              customVersion: $(package.version)
+          - task: UseDotNet@2
+            displayName: Use .NET SDK
+            inputs:
+              packageType: sdk
+              useGlobalJson: true
+          - pwsh: |
+              Register-PSRepository -Name CFS -SourceLocation "https://pkgs.dev.azure.com/powershell/PowerShell/_packaging/powershell/nuget/v2" -InstallationPolicy Trusted
+              Install-Module -Repository CFS -Name Microsoft.PowerShell.PSResourceGet
+              ./tools/installPSResources.ps1 -PSRepository CFS
+            displayName: Install PSResources
+          - pwsh: ./build.ps1 -Configuration Release -All
+            displayName: Build
+          - task: onebranch.pipeline.signing@1
+            displayName: Sign 1st-party files
+            inputs:
+              command: sign
+              signing_profile: external_distribution
+              search_root: $(Build.SourcesDirectory)/out
+              files_to_sign: |
+                **/Microsoft.*.dll;
+                **/*.psd1;
+                **/*.ps1xml;
+          - task: onebranch.pipeline.signing@1
+            displayName: Sign 3rd-party files
+            inputs:
+              command: sign
+              signing_profile: 135020002
+              search_root: $(Build.SourcesDirectory)/out
+              files_to_sign: |
+                **/Newtonsoft.Json.dll;
+                **/Pluralize.NET.dll;
+          - pwsh: ./build.ps1 -BuildNupkg
+            displayName: Package module
+          - task: onebranch.pipeline.signing@1
+            displayName: Sign NuGet package
+            inputs:
+              command: sign
+              signing_profile: external_distribution
+              search_root: $(Build.SourcesDirectory)/out
+              files_to_sign: |
+                *.nupkg
+    - stage: release
+      dependsOn: build
+      condition: ne(variables['Build.Reason'], 'Schedule')
+      variables:
+        version: $[ stageDependencies.build.main.outputs['package.version'] ]
+        drop: $(Pipeline.Workspace)/drop_build_main
+      jobs:
+      - job: github
+        displayName: Publish draft to GitHub
+        pool:
+          type: windows
+        variables:
+          ob_outputDirectory: $(Build.SourcesDirectory)/out
+        steps:
+        - download: current
+          displayName: Download artifacts
+        - task: GitHubRelease@1
+          displayName: Create GitHub release
+          inputs:
+            gitHubConnection: GitHub
+            repositoryName: PowerShell/PSScriptAnalyzer
+            assets: |
+              $(drop)/PSScriptAnalyzer.$(version).nupkg
+            tagSource: userSpecifiedTag
+            tag: v$(version)
+            isDraft: true
+            addChangeLog: false
+            releaseNotesSource: inline
+            releaseNotesInline: "<!-- TODO: Generate release notes on GitHub! -->"
+      - job: validation
+        displayName: Manual validation
+        pool:
+          type: agentless
+        timeoutInMinutes: 1440
+        steps:
+        - task: ManualValidation@0
+          displayName: Wait 24 hours for validation
+          inputs:
+            notifyUsers: $(Build.RequestedForEmail)
+            instructions: Please validate the release and then publish it!
+            timeoutInMinutes: 1440
+      - job: publish
+        dependsOn: validation
+        displayName: Publish to PowerShell Gallery
+        pool:
+          type: windows
+        variables:
+          ob_outputDirectory: $(Build.SourcesDirectory)/out
+        steps:
+        - download: current
+          displayName: Download artifacts
+        - task: NuGetCommand@2
+          displayName: Publish module to PowerShell Gallery
+          inputs:
+            command: push
+            packagesToPush: $(drop)/PSScriptAnalyzer.$(version).nupkg
+            nuGetFeedType: external
+            publishFeedCredentials: PowerShellGallery

tools/installPSResources.ps1

@@ -1,13 +1,13 @@
 # Copyright (c) Microsoft Corporation.
 # Licensed under the MIT License.
+param(
+    [ValidateSet("PSGallery", "CFS")]
+    [string]$PSRepository = "PSGallery"
+)
 
-$ErrorActionPreference = 'Stop'
-
-Set-PSRepository -Name PSGallery -InstallationPolicy Trusted | Out-Null
-if ($PSVersionTable.PSVersion.Major -lt 6) {
-    throw "The build script requires PowerShell 7!"
+if ($PSRepository -eq "CFS" -and -not (Get-PSResourceRepository -Name CFS -ErrorAction SilentlyContinue)) {
+    Register-PSResourceRepository -Name CFS -Uri "https://pkgs.dev.azure.com/powershell/PowerShell/_packaging/powershell/nuget/v3/index.json"
 }
 
-# TODO: Switch to Install-PSResource when CI uses PowerShell 7.4
-Install-Module -Name platyPS -Scope CurrentUser
-Install-Module -Name Pester -Scope CurrentUser
+Install-PSResource -Repository $PSRepository -TrustRepository -Name platyPS
+Install-PSResource -Repository $PSRepository -TrustRepository -Name Pester