Hw API - automating Dashboard submissions and problems

Dejan_Maksimovic

Hello,

Has anyone gone full through automation of submissions to the HW Dashboard?
At the sixth step (authentication, get new product ID, get new
submission ID, upload file, commit transaction, >> check transaction
status is commited), is there any realistic timeout when we should
just abandon the current submission and make a new one?
Often, I keep getting "commitReceived" for over 10 minutes, yet
sometimes I am done within a few seconds.
To me, it seems the best bet is to retry submission if it is not
commited after ~10 seconds, as it is more likely a new one will be
done in a few seconds?

Peter_Viscarola_(OSR)

For folks who are interested in doing this I’m surprised nobody has shared something useful on GitHub.

This isn’t core tech, it’s dev ops crap. I sure wish our community members would share more.

Peter

Dejan_Maksimovic

Ditto. I am inclined to believe people tried, failed, and gave up.

Anyway, here's how far I got for now... if anyone can add more
information, that'd be wonderful:

Documentation (almost great, but def. the starting point):
https://docs.microsoft.com/en-gb/windows-hardware/drivers/dashboard/dashboard-api

Use the C# sample from the above page:
https://download.microsoft.com/download/C/F/4/CF404E53-87A0-4204-BA13-A64B09A237C1/HardwareApiCSharpSample.zip
not the GitHub sample(https://aka.ms/hpc_async_api_samples) as it does
not provide enough code for the HW Dashboard.

The C# sample generally works, aside from the fact that it incorrectly
says to replace a string with your tenant name
(tenanname.onmicrosoft.com) instead of Tenant ID in the TokenEndpoint.
It should be something like:
https://login.microsoftonline.com//oauth2/token

The Client ID required is NOT the CID from the key generation phase,
but the Azure AD App's main CID (when you click on the app under User
Management->Azure AD Applications for its properties).

However, the API is not consistent.. sometimes the process finishes
within a minute or so (from starting the program, to the point where
it downloads the final signed ZIP), and sometimes it finishes... donno
when, I stop waiting after 20 minutes.
There is also sometimes an inconsistency between what the HW API
program can get, and what is on the portal. I.e. the portal already
has the signed binaries ready for download, but the program does not
get the signedPackage part in the returned JSON RPC message, until
some 5-10 minutes later.


As a last tip, signedPackage must be downloaded as binary; the C#
program above needs to change a few lines in the DonwloadFile routine
(currently it presumes you want to download metadata, so it downloads
it as a string to a JSON file). Here's the change:
``` public static void DownloadFile(string fileName, string sasUrl)
{
byte[] filecontent;

using (var httpClient = new HttpClient())
{
using (var request = new
HttpRequestMessage(HttpMethod.Get, sasUrl))
{
var response = httpClient.SendAsync(request).Result;
filecontent =
response.Content.ReadAsByteArrayAsync().Result;
}
}
System.IO.File.WriteAllBytes(fileName, filecontent);
}
```


Regards, Dejan.


> For folks who are interested in doing this I’m surprised nobody has shared
> something useful on GitHub.
>
> This isn’t core tech, it’s dev ops crap. I sure wish our community members
> would share more.

Dejan_Maksimovic

I remember someone mentioned at least a year ago that they successfully automated the process.
Anyone had success with the portal giving the result within some normal time frame? E.g. I almost never get the signed ZIP back within 30 minutes of starting the automation program. I do not see anything wrong with the program, but not only is the process slow (the actual process always takes >20 minutes), but the program does not get the "Signed" final status for some 10 minutes after the actual process is complete.

I.e. I call the program, it submits a product, and polls for completion until it sees "signedPackage" field in the returned JSON.
Some 20 minutes after, if I manually look at the portal, the process is usually complete (not much sooner when it is done via the program!), and I can manually download the ZIP.
Another ten minutes pass before the program gets the correct final JSON.

Peter_Viscarola_(OSR)

Hmmmm.... I’d guess it usually takes about 20 mins to get the “Package available for download” email for our attestation signing submissions.

Peter

Dejan_Maksimovic

> Hmmmm.... I’d guess it usually takes about 20 mins to get the “Package
> available for download” email for our attestation signing submissions.

Quite bad still, but a full 10 minutes better than what I saw during
automation, ever. And I did some 100 tests in December.

When I manually submit the CAB for attestation, sometimes I get the
signed ZIP within 2-3 minutes..

Yan_Vugenfirer-4

@Peter_Viscarola_(OSR) said:
For folks who are interested in doing this I’m surprised nobody has shared something useful on GitHub.

This isn’t core tech, it’s dev ops crap. I sure wish our community members would share more.

Peter

This MS repo claims to provide needed functionality: "SDCM enables you to create Attestation and WHQL products, submissions, download the resulting signed packages and manage shipping labels to release software on Windows Update".

Peter_Viscarola_(OSR)

Thanks for that pointer. I wonder if anybody has tried this. It certainly doesn't look anything like "simple."

Peter

Dejan_Maksimovic

I used their HardwareApi C# code, which I reckon is essentially
identical, except that this one already has good command line options
for fine tuned automation, and can also load options fron a JSON file.
I do not see a good way to automate different submissions, since the
JSON file generation is manual.

> Thanks for that pointer. I wonder if anybody has tried this. It certainly
> doesn't look anything like "simple."

pwilly

With regards to waiting times for manual attestation signing: It usually takes about 20 minutes, best was about 15 minutes worst a couple of hours (but that happened only twice).