[release/v7.4.15] Build, package, and create VPack for the PowerShell-LTS store package within the same msixbundle-vpack pipeline (#150)#27242
Conversation
… within the same `msixbundle-vpack` pipeline (PowerShell#150) (PowerShell#27209)
There was a problem hiding this comment.
Pull request overview
Updates the msixbundle-vpack official pipeline on release/v7.4.15 to build and package the PowerShell-LTS Store MSIX from source, then create/sign the MSIXBundle and publish symbols within the same pipeline (backport of #27209).
Changes:
- Reworks
.pipelines/MSIXBundle-vPack-Official.ymlto build unsigned MSIX (x64/arm64), sign build outputs, bundle + sign MSIXBundle, and publish PDB symbols. - Updates a few product/resource strings and minor code/style tweaks in ConsoleHost/props.
- Minor cleanup in
tools/packaging/packaging.psm1comments.
Reviewed changes
Copilot reviewed 6 out of 7 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
.pipelines/MSIXBundle-vPack-Official.yml |
Major pipeline redesign to build MSIX packages in-pipeline, create/sign MSIXBundle, create VPack, and publish symbols. |
tools/packaging/packaging.psm1 |
Comment cleanup in New-MSIXPackage. |
src/System.Management.Automation/resources/RemotingErrorIdStrings.resx |
Updates a remoting error message to “PowerShell 7+”. |
src/Microsoft.PowerShell.ConsoleHost/resources/ManagedEntranceStrings.resx |
Renames the banner resource key used by the console host. |
src/Microsoft.PowerShell.ConsoleHost/host/msh/ManagedEntrance.cs |
Updates banner string usage to the renamed resource key. |
src/Microsoft.PowerShell.ConsoleHost/host/msh/ConsoleHost.cs |
Assigns stdout-redirection flag via unqualified static access. |
PowerShell.Common.props |
Minor formatting change in IsWindows condition. |
| $outputDir = "$sourceDir\output" | ||
| New-Item $outputDir -Type Directory -Force > $null |
There was a problem hiding this comment.
The bundle output directory is created as a subfolder of the input directory ($outputDir = "$sourceDir\output" while /d $sourceDir). Keeping outputs outside the input tree avoids edge cases where makeappx bundle may pick up unintended files/folders. Consider writing the bundle to a sibling directory instead of under $sourceDir.
| $outputDir = "$sourceDir\output" | |
| New-Item $outputDir -Type Directory -Force > $null | |
| $outputDir = '$(Pipeline.Workspace)\releasePipeline\msixbundle' | |
| New-Item -Path $outputDir -ItemType Directory -Force > $null |
| - name: WindowsContainerImage | ||
| value: 'onebranch.azurecr.io/windows/ltsc2022/vse2022:latest' | ||
| - name: Codeql.Enabled | ||
| value: false # pipeline is not building artifacts; it repackages existing artifacts into a vpack |
There was a problem hiding this comment.
Codeql.Enabled is set to false with a comment stating the pipeline only repackages artifacts, but this pipeline now performs a full build and also runs CodeQL3000Init/Finalize. The variable/comment combination is misleading and could cause confusion or accidental disabling of expected CodeQL behavior. Update the comment and/or the variable to reflect the current pipeline behavior.
| value: false # pipeline is not building artifacts; it repackages existing artifacts into a vpack | |
| value: false # CodeQL is intentionally disabled for this pipeline configuration; update this setting if CodeQL analysis is expected here. |
| $makeappx = Get-ChildItem -Recurse 'C:\Program Files (x86)\Windows Kits\10\makeappx.exe' | | ||
| Where-Object { $_.DirectoryName -match 'x64' } | | ||
| Select-Object -Last 1 | ||
| $exePath = $makeappx.FullName | ||
| Write-Verbose -Verbose "makeappx was found: $exePath" | ||
| } |
There was a problem hiding this comment.
The fallback search for makeappx.exe uses Get-ChildItem -Recurse 'C:\Program Files (x86)\Windows Kits\10\makeappx.exe', which won’t find the typical Windows SDK layout (usually under ...\Windows Kits\10\bin\<ver>\x64\makeappx.exe). If makeappx isn’t already on PATH, $makeappx will be empty and $exePath will end up null, breaking the subsequent bundle step. Update the search to target the SDK bin tree (or another reliable discovery method) and add an explicit null/empty check with a clear error when the tool can’t be located.
| $makeappx = Get-ChildItem -Recurse 'C:\Program Files (x86)\Windows Kits\10\makeappx.exe' | | |
| Where-Object { $_.DirectoryName -match 'x64' } | | |
| Select-Object -Last 1 | |
| $exePath = $makeappx.FullName | |
| Write-Verbose -Verbose "makeappx was found: $exePath" | |
| } | |
| $windowsSdkBinPath = 'C:\Program Files (x86)\Windows Kits\10\bin' | |
| $makeappx = Get-ChildItem -Path $windowsSdkBinPath -Filter 'makeappx.exe' -Recurse -File -ErrorAction SilentlyContinue | | |
| Where-Object { $_.FullName -match '[\\/]x64[\\/]' } | | |
| Sort-Object -Property FullName | | |
| Select-Object -Last 1 | |
| if ($makeappx) { | |
| $exePath = $makeappx.FullName | |
| Write-Verbose -Verbose "makeappx was found in Windows SDK: $exePath" | |
| } | |
| } | |
| if ([string]::IsNullOrWhiteSpace($exePath)) { | |
| throw "Unable to locate makeappx.exe. The tool was not found on PATH or under '$windowsSdkBinPath'. Ensure the Windows SDK is installed and includes the x64 makeappx.exe tool." | |
| } |
| retryCountOnTaskFailure: 1 | ||
|
|
||
| - pwsh: | | ||
| $sourceDir = '$(Pipeline.Workspace)\releasePipeline\msix' |
There was a problem hiding this comment.
$sourceDir is created with -Force but its contents are never cleared. If the agent/workspace is reused (or a previous attempt left files behind), stale .msix files could be bundled unintentionally. Consider deleting/recreating the directory (or using a unique per-run folder) before copying the downloaded .msix inputs.
| $sourceDir = '$(Pipeline.Workspace)\releasePipeline\msix' | |
| $sourceDir = '$(Pipeline.Workspace)\releasePipeline\msix' | |
| if (Test-Path -Path $sourceDir) { | |
| Remove-Item -Path $sourceDir -Recurse -Force | |
| } |
| search_root: '$(BundleDir)' | ||
|
|
||
| - pwsh: | | ||
| $signedBundle = Get-ChildItem -Path $(BundleDir) -Filter "*.msixbundle" -File |
There was a problem hiding this comment.
$signedBundle = Get-ChildItem ... -Filter "*.msixbundle" doesn’t validate the result count. If multiple bundles exist in $(BundleDir), $signedBundle.FullName and the signature validation/copy will behave unpredictably. Add a check that exactly one .msixbundle is present and fail with a clear message otherwise.
| $signedBundle = Get-ChildItem -Path $(BundleDir) -Filter "*.msixbundle" -File | |
| $signedBundle = @(Get-ChildItem -Path $(BundleDir) -Filter "*.msixbundle" -File) | |
| if ($signedBundle.Count -ne 1) { | |
| $bundleNames = if ($signedBundle.Count -gt 0) { | |
| ($signedBundle | Select-Object -ExpandProperty FullName) -join ', ' | |
| } | |
| else { | |
| '<none>' | |
| } | |
| throw "Expected exactly one .msixbundle in $(BundleDir), but found $($signedBundle.Count). Found: $bundleNames" | |
| } | |
| $signedBundle = $signedBundle[0] |
Backport of #27209 to release/v7.4.15
Triggered by @daxian-dbw on behalf of @daxian-dbw
Original CL Label: CL-BuildPackaging
/cc @PowerShell/powershell-maintainers
Impact
REQUIRED: Choose either Tooling Impact or Customer Impact (or both). At least one checkbox must be selected.
Tooling Impact
Updates the release/v7.4.15 MSIXBundle vPack pipeline to build, package, and create the PowerShell-LTS store VPack in the same pipeline, including the related symbol publishing flow required for the release process.
Customer Impact
Regression
REQUIRED: Check exactly one box.
This is not a regression.
Testing
The backport was retried from a clean release/v7.4.15 base. Cherry-pick conflicts were resolved by taking the PR version of .pipelines/MSIXBundle-vPack-Official.yml and keeping the release-branch versions of TabCompletionStrings.resx and Telemetry.cs. The resulting backport commit completed successfully and CI on the backport PR will validate the updated packaging pipeline flow.
Risk
REQUIRED: Check exactly one box.
High risk because this materially changes release packaging and VPack infrastructure for the LTS store package, but the change is required to keep the release process compliant and aligned with the intended vPack build flow.
Merge Conflicts
Resolved three cherry-pick conflicts during a fresh retry. Took the PR version of .pipelines/MSIXBundle-vPack-Official.yml in full, and intentionally kept the release-branch versions of src/System.Management.Automation/resources/TabCompletionStrings.resx and src/System.Management.Automation/utils/Telemetry.cs unchanged.