diff --git a/.buildkite/pipeline-windows-tests.yml b/.buildkite/pipeline-windows-tests.yml index 47e08f95..986a0a27 100644 --- a/.buildkite/pipeline-windows-tests.yml +++ b/.buildkite/pipeline-windows-tests.yml @@ -109,11 +109,3 @@ steps: notify: - github_commit_status: context: "install_python Tests - Basic dry run with Chocolatey available" - - - label: ":windows: prepare_windows_host_for_app_distribution Tests - Skip Windows 10 SDK Installation" - command: .\tests\test_prepare_windows_host_for_app_distribution.ps1 - agents: - queue: windows - notify: - - github_commit_status: - context: "prepare_windows_host_for_app_distribution Tests - Skip Windows 10 SDK Installation" diff --git a/CHANGELOG.md b/CHANGELOG.md index 77c6dd6a..56b11ea6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -34,7 +34,7 @@ _None._ ### Breaking Changes -_None._ +- Removed the `prepare_windows_host_for_app_distribution.ps1` script, given what it was installing is now already pre-provisioned in our custom Windows AMI. [#196] ### New Features diff --git a/bin/prepare_windows_host_for_app_distribution.ps1 b/bin/prepare_windows_host_for_app_distribution.ps1 deleted file mode 100755 index d9fa27a5..00000000 --- a/bin/prepare_windows_host_for_app_distribution.ps1 +++ /dev/null @@ -1,157 +0,0 @@ -# Prepares a `windows` CI agent with all the necessary setup so it can build and distribute a windows app -# -# - Enables long path behavior -# - Disable Windows Defender on the CI agent -# - Install the "Chocolatey" package manager -# - Install Python (required for Node.js native module compilation)(1) -# - Enable dev mode so the agent can support Linux-style symlinks -# - Download Code Signing Certificates(2) -# - Install the Windows 10 SDK if it detected a `.windows-10-sdk-version` file(3) -# - Optionally install native compilation tools (MSVC compiler and CMake)(4) -# -# (1) Python is NOT installed by default. You can install Python by calling the script with `-InstallPython`. -# (2) The certificate it installs is stored in our AWS SecretsManager storage (`windows-code-signing-certificate` secret ID) -# (3) You can skip the Windows 10 SDK installation regardless of whether `.windows-10-sdk-version` is present by calling the script with `-SkipWindows10SDKInstallation`. -# (4) Native compilation tools are NOT installed by default. You can install them by calling the script with `-InstallNativeCompilationTools`. This requires the Windows 10 SDK installation to NOT be skipped, as those are installed in tandem. -# (5) Certificate download can be skipped by setting environment variable `SKIP_CERTIFICATE_DOWNLOAD=true` (useful for testing). -# -# Note: In addition to calling this script, and depending on your client app, you might want to also install `npm` and the `Node.js` packages used by your client app on the agent too. For that part, you should use the `automattic/nvm` Buildkite plugin on the pipeline step's `plugins:` attribute. -# - -param ( - [switch]$SkipWindows10SDKInstallation = $false, - [switch]$InstallPython = $false, - [switch]$InstallNativeCompilationTools = $false -) - -# Stop script execution when a non-terminating error occurs -$ErrorActionPreference = "Stop" - -$amiVersion = [Environment]::GetEnvironmentVariable('AMI_VERSION', 'Machine') -Write-Output "AMI_VERSION is: $amiVersion" -if (![string]::IsNullOrWhiteSpace($amiVersion) -and [version]$amiVersion -ge [version]'0.2') { - Write-Output "Tooling is already pre-installed in AMI versions >= 0.2. Only installing code signing certificate." - & "setup_windows_code_signing.ps1" - Exit 0 -} - -# Validate parameter combinations -if ($InstallNativeCompilationTools -and $SkipWindows10SDKInstallation) { - Write-Output "[!] Invalid parameter combination: -InstallNativeCompilationTools cannot be used with -SkipWindows10SDKInstallation." - Write-Output " Native compilation tools require Windows 10 SDK to be installed." - Exit 1 -} - -Write-Output "--- :windows: Setting up Windows for app distribution" - -Write-Output "Current working directory: $PWD" - -Write-Output "Enable long path behavior" -# See https://docs.microsoft.com/en-us/windows/desktop/fileio/naming-a-file#maximum-path-length-limitation -Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\FileSystem' -Name 'LongPathsEnabled' -Value 1 - -# Disable Windows Defender before starting – otherwise our performance is terrible -Write-Output "Disable Windows Defender..." -$avPreference = @( - @{DisableArchiveScanning = $true} - @{DisableAutoExclusions = $true} - @{DisableBehaviorMonitoring = $true} - @{DisableBlockAtFirstSeen = $true} - @{DisableCatchupFullScan = $true} - @{DisableCatchupQuickScan = $true} - @{DisableIntrusionPreventionSystem = $true} - @{DisableIOAVProtection = $true} - @{DisablePrivacyMode = $true} - @{DisableScanningNetworkFiles = $true} - @{DisableScriptScanning = $true} - @{MAPSReporting = 0} - @{PUAProtection = 0} - @{SignatureDisableUpdateOnStartupWithoutEngine = $true} - @{SubmitSamplesConsent = 2} - @{ScanAvgCPULoadFactor = 5; ExclusionPath = @("D:\", "C:\")} - @{DisableRealtimeMonitoring = $true} - @{ScanScheduleDay = 8} -) - -$avPreference += @( - @{EnableControlledFolderAccess = "Disable"} - @{EnableNetworkProtection = "Disabled"} -) - -$avPreference | Foreach-Object { - $avParams = $_ - Set-MpPreference @avParams -} - -# https://github.com/actions/runner-images/issues/4277 -# https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility?view=o365-worldwide -$atpRegPath = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection' -if (Test-Path $atpRegPath) { - Write-Output "Set Microsoft Defender Antivirus to passive mode" - Set-ItemProperty -Path $atpRegPath -Name 'ForceDefenderPassiveMode' -Value '1' -Type 'DWORD' -} - -# From https://stackoverflow.com/a/46760714 -Write-Output "--- :windows: Setting up Package Manager" -$env:ChocolateyInstall = Convert-Path "$((Get-Command choco).Path)\..\.." -Import-Module "$env:ChocolateyInstall\helpers\chocolateyProfile.psm1" - -# This should avoid issues with symlinks not being supported in Windows. -# -# See how this build failed -# https://buildkite.com/automattic/beeper-desktop/builds/2895#01919738-7c6e-4b82-8d1d-1c1800481740 -Write-Output "--- :windows: :linux: Enable developer mode to use symlinks" - -$developerMode = Get-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux - -if ($developerMode.State -eq 'Enabled') { - Write-Output "Developer Mode is already enabled." -} else { - Write-Output "Enabling Developer Mode..." - try { - Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux -NoRestart - } catch { - Write-Output "Failed to enable Developer Mode. Continuing without it..." - } -} - -if ($InstallPython) { - Write-Output "Run with InstallPython = true. Installing Python for Node.js native module compilation..." - & "$PSScriptRoot\install_python.ps1" - If ($LastExitCode -ne 0) { Exit $LastExitCode } -} else { - Write-Output "Python installation not requested. Skipping Python installation." -} - -if ($env:SKIP_CERTIFICATE_DOWNLOAD -eq "true") { - Write-Output "--- :lock_with_ink_pen: Skipping Code Signing Certificate download" -} else { - & "setup_windows_code_signing.ps1" -} - -# When using Electron Forge and electron2appx, building Appx requires the Windows 10 SDK -# -# See https://github.com/hermit99/electron-windows-store/tree/v2.1.2?tab=readme-ov-file#usage -Write-Output "--- :windows: Checking whether to install Windows 10 SDK..." - -if ($SkipWindows10SDKInstallation) { - Write-Output "Run with SkipWindows10SDKInstallation = true. Skipping Windows 10 SDK installation check." - Exit 0 -} - -$windowsSDKVersionFile = ".windows-10-sdk-version" -if (Test-Path $windowsSDKVersionFile) { - Write-Output "Found $windowsSDKVersionFile file, installing Windows 10 SDK..." - - if ($InstallNativeCompilationTools) { - & "$PSScriptRoot\install_windows_10_sdk.ps1" -InstallNativeCompilationTools - } else { - & "$PSScriptRoot\install_windows_10_sdk.ps1" - } - If ($LastExitCode -ne 0) { Exit $LastExitCode } -} else { - Write-Output "No $windowsSDKVersionFile file found, skipping Windows 10 SDK installation." -} - -Write-Output "Windows host preparation for app distribution completed successfully." -Exit 0 diff --git a/tests/test_prepare_windows_host_for_app_distribution.ps1 b/tests/test_prepare_windows_host_for_app_distribution.ps1 deleted file mode 100644 index 22b71ebe..00000000 --- a/tests/test_prepare_windows_host_for_app_distribution.ps1 +++ /dev/null @@ -1,209 +0,0 @@ -# Tests the prepare_windows_host_for_app_distribution.ps1 script with various parameter combinations. -# -# This test covers multiple scenarios: -# 1. -SkipWindows10SDKInstallation (should skip SDK installation check entirely) -# 2. -SkipWindows10SDKInstallation -InstallNativeCompilationTools (should fail with validation error) -# 3. No .windows-10-sdk-version file with -InstallNativeCompilationTools (should skip installation - no version file available) -# 4. No .windows-10-sdk-version file without -InstallNativeCompilationTools (should skip installation) -# -# Note: These tests focus on parameter validation and decision logic only, -# without performing expensive installations or downloads. - -param ( - [int]$ExpectedExitCode = 0 -) - -# Ensure the output is UTF-8 encoded so we can use emojis... -[System.Console]::OutputEncoding = [System.Text.Encoding]::UTF8 -$emojiGreenCheck = "$([char]0x2705)" -$emojiRedCross = "$([char]0x274C)" - -# Skip certificate download for all tests to avoid AWS credential issues -$env:SKIP_CERTIFICATE_DOWNLOAD = "true" - -Write-Output "Testing prepare_windows_host_for_app_distribution.ps1 with various parameter combinations" - -# Function to clean up test files -function Remove-TestFiles { - if (Test-Path ".windows-10-sdk-version") { - Remove-Item ".windows-10-sdk-version" -Force - } - if (Test-Path "vs_buildtools.exe") { - Remove-Item "vs_buildtools.exe" -Force - } -} - -# Test 1: -SkipWindows10SDKInstallation (should skip both SDK and native tools) -Write-Output "`n--- Test 1: Skip SDK installation without native tools" -Remove-TestFiles - -# Create a valid SDK version file to ensure it's not being used when skip is set -$sdkVersion = "19041" -"$sdkVersion" | Out-File .windows-10-sdk-version - -$output = & "$PSScriptRoot\..\bin\prepare_windows_host_for_app_distribution.ps1" -SkipWindows10SDKInstallation -$exitCode = $LASTEXITCODE - -if ($exitCode -ne $ExpectedExitCode) { - Write-Output "$emojiRedCross Test 1: Expected exit code $ExpectedExitCode, got $exitCode" - Write-Output "Output was:" - Write-Output "$output" - Exit 1 -} else { - Write-Output "$emojiGreenCheck Test 1: Exit code matches expected value ($ExpectedExitCode)" -} - -$expectedSkipMessage = "Skipping Windows 10 SDK installation check" -if ($output -match [regex]::Escape($expectedSkipMessage)) { - Write-Output "$emojiGreenCheck Test 1: Found expected skip message in output" -} else { - Write-Output "$emojiRedCross Test 1: Expected to find skip message, but got:" - Write-Output "$output" - Exit 1 -} - -# Test 2: -SkipWindows10SDKInstallation -InstallNativeCompilationTools (should fail with validation error) -Write-Output "`n--- Test 2: Invalid parameter combination - skip SDK but attempt native compilation tools" -Remove-TestFiles - -# Create a valid SDK version file (irrelevant since validation should fail before processing) -"$sdkVersion" | Out-File .windows-10-sdk-version - -$output = & "$PSScriptRoot\..\bin\prepare_windows_host_for_app_distribution.ps1" -SkipWindows10SDKInstallation -InstallNativeCompilationTools 2>&1 -$exitCode = $LASTEXITCODE - -# Expect the script to fail with a validation error (non-zero exit code) -if ($exitCode -eq 0) { - Write-Output "$emojiRedCross Test 2: Expected script to fail with validation error, but it succeeded with exit code $exitCode" - Write-Output "Output was:" - Write-Output "$output" - Exit 1 -} else { - Write-Output "$emojiGreenCheck Test 2: Script correctly failed with validation error (exit code $exitCode)" -} - -# Check for our validation error message -if ($output -match "Invalid parameter combination") { - Write-Output "$emojiGreenCheck Test 2: Found expected validation error message" -} else { - Write-Output "$emojiRedCross Test 2: Expected validation error not found. Output:" - Write-Output "$output" - Exit 1 -} - -# Test 3: No .windows-10-sdk-version file with -InstallNativeCompilationTools (should skip installation) -Write-Output "`n--- Test 3: No SDK version file with native compilation tools requested" -Remove-TestFiles - -$output = & "$PSScriptRoot\..\bin\prepare_windows_host_for_app_distribution.ps1" -InstallNativeCompilationTools 2>&1 -$exitCode = $LASTEXITCODE - -if ($exitCode -ne $ExpectedExitCode) { - Write-Output "$emojiRedCross Test 3: Expected exit code $ExpectedExitCode, got $exitCode" - Write-Output "Output was:" - Write-Output "$output" - Exit 1 -} else { - Write-Output "$emojiGreenCheck Test 3: Exit code matches expected value ($ExpectedExitCode)" -} - -$expectedNoFileSkipMessage = "No .windows-10-sdk-version file found" -if ($output -match [regex]::Escape($expectedNoFileSkipMessage)) { - Write-Output "$emojiGreenCheck Test 3: Found expected skip message when no version file exists" -} else { - Write-Output "$emojiRedCross Test 3: Expected to find skip message, but got:" - Write-Output "$output" - Exit 1 -} - -# Test 4: No .windows-10-sdk-version file without -InstallNativeCompilationTools (should skip everything) -Write-Output "`n--- Test 4: No SDK version file and no native tools requested" -Remove-TestFiles - -$output = & "$PSScriptRoot\..\bin\prepare_windows_host_for_app_distribution.ps1" -$exitCode = $LASTEXITCODE - -if ($exitCode -ne $ExpectedExitCode) { - Write-Output "$emojiRedCross Test 4: Expected exit code $ExpectedExitCode, got $exitCode" - Write-Output "Output was:" - Write-Output "$output" - Exit 1 -} else { - Write-Output "$emojiGreenCheck Test 4: Exit code matches expected value ($ExpectedExitCode)" -} - -$expectedNoFileSkipMessage = "No .windows-10-sdk-version file found" -if ($output -match [regex]::Escape($expectedNoFileSkipMessage)) { - Write-Output "$emojiGreenCheck Test 4: Found expected no-file skip message" -} else { - Write-Output "$emojiRedCross Test 4: Expected to find no-file skip message, but got:" - Write-Output "$output" - Exit 1 -} - -# -# FIXME: Disabled because I haven't figured out how to set the env var in a way that the scripts can read but doesn't alter the machine. -# Tracked in https://linear.app/a8c/issue/AINFRA-1467 -# -# # Test 5: If CI AMI version is == 0.2, only installs certificates -# Write-Output "`n--- Test 5: If AMI version env == 0.2, only installs certificates" -# Remove-TestFiles - -# # Notice that setting via $env is process bound, which is perfect for unit tests. -# $env:AMI_VERSION = '0.2' - -# # Notice running the command via . so that it runs in the same process and accesses AMI_VERSION -# $output = . "$PSScriptRoot\..\bin\prepare_windows_host_for_app_distribution.ps1" -# $exitCode = $LASTEXITCODE - -# if ($exitCode -ne $ExpectedExitCode) { -# Write-Output "$emojiRedCross Test 5: Expected exit code $ExpectedExitCode, got $exitCode" -# Write-Output "Output was:" -# Write-Output "$output" -# Exit 1 -# } else { -# Write-Output "$emojiGreenCheck Test 5: Exit code matches expected value ($ExpectedExitCode)" -# } - -# $expectedOnlyCertsMessage = "Tooling is already pre-installed in AMI versions >= 0.2. Only installing code signing certificate." -# if ($output -match [regex]::Escape($expectedOnlyCertsMessage)) { -# Write-Output "$emojiGreenCheck Test 5: Found expected message regarding AMI version and what to install." -# } else { -# Write-Output "$emojiRedCross Test 5: Expected to find AMI version acknowledgement, but got:" -# Write-Output "$output" -# Exit 1 -# } - -# # Test 6: If CI AMI version is > 0.2, only installs certificates -# Write-Output "`n--- Test 6: If AMI version env > 0.2, only installs certificates" -# Remove-TestFiles - -# # Notice that setting via $env is process bound, which is perfect for unit tests. -# $env:AMI_VERSION = '1.0' - -# # Notice running the command via . so that it runs in the same process and accesses AMI_VERSION -# $output = . "$PSScriptRoot\..\bin\prepare_windows_host_for_app_distribution.ps1" -# $exitCode = $LASTEXITCODE - -# if ($exitCode -ne $ExpectedExitCode) { -# Write-Output "$emojiRedCross Test 6: Expected exit code $ExpectedExitCode, got $exitCode" -# Write-Output "Output was:" -# Write-Output "$output" -# Exit 1 -# } else { -# Write-Output "$emojiGreenCheck Test 6: Exit code matches expected value ($ExpectedExitCode)" -# } - -# $expectedOnlyCertsMessage = "Tooling is already pre-installed in AMI versions >= 0.2. Only installing code signing certificate." -# if ($output -match [regex]::Escape($expectedOnlyCertsMessage)) { -# Write-Output "$emojiGreenCheck Test 6: Found expected message regarding AMI version and what to install." -# } else { -# Write-Output "$emojiRedCross Test 6: Expected to find AMI version acknowledgement, but got:" -# Write-Output "$output" -# Exit 1 -# } - -# Final clean up -Remove-TestFiles - -Write-Output "`n$emojiGreenCheck All tests completed successfully."