diff --git a/azure-pipelines-public.yml b/azure-pipelines-public.yml new file mode 100644 index 00000000..dd549ed7 --- /dev/null +++ b/azure-pipelines-public.yml @@ -0,0 +1,49 @@ +trigger: + branches: + include: + - main + paths: + exclude: + - README.md + - CODE-OF-CONDUCT.md + - LICENSE + - .github/ + - docs/ + +pr: + branches: + include: + - main + paths: + exclude: + - README.md + - CODE-OF-CONDUCT.md + - LICENSE + - .github/ + - docs/ + - images/ + +variables: + - template: /scripts/azure-pipelines-variables.yml@self + +pool: + vmImage: windows-latest + +jobs: + - job: build + displayName: Build + steps: + - template: /scripts/azure-pipelines-steps-prepare.yml@self + - pwsh: dotnet cake + displayName: Build everything + env: + JavaSdkDirectory: $(JAVA_HOME) + - task: PublishTestResults@2 + condition: always() + inputs: + testResultsFormat: VSTest + testResultsFiles: output/test-results/*.trx + - publish: output + artifact: windows + condition: always() + displayName: Upload Logs diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 3ff641b6..bdba129a 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -1,36 +1,15 @@ -trigger: - branches: - include: - - main - paths: - exclude: - - README.md - - CODE-OF-CONDUCT.md - - LICENSE - - .github/ - - docs/ +# Overridden in the UI +trigger: none +pr: none -pr: - branches: - include: - - main - paths: - exclude: - - README.md - - CODE-OF-CONDUCT.md - - LICENSE - - .github/ - - docs/ - - images/ +parameters: + - name: runCompliance + displayName: 'Run post-build compliance tasks (such as API Scan)' + type: boolean + default: false variables: - BASE_VERSION: 2.0.0 - PREVIEW_LABEL: 'preview' - BUILD_NUMBER: $[counter(format('{0}_{1}_{2}', variables['BASE_VERSION'], variables['Build.SourceBranch'], variables['PREVIEW_LABEL']), 1)] - GIT_SHA: $(Build.SourceVersion) - GIT_BRANCH_NAME: $(Build.SourceBranchName) - Codeql.Enabled: true - Codeql.TSAEnabled: true + - template: /scripts/azure-pipelines-variables.yml@self resources: repositories: @@ -39,66 +18,65 @@ resources: name: xamarin/yaml-templates endpoint: xamarin ref: refs/heads/main + - repository: 1ESPipelineTemplates + type: git + name: 1ESPipelineTemplates/1ESPipelineTemplates + ref: refs/tags/release -stages: +extends: + template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates + parameters: + pool: + name: AzurePipelines-EO + image: 1ESPT-Windows2022 + os: windows + customBuildTags: + - ES365AIMigrationTooling + stages: - - stage: build - displayName: Build - jobs: - - job: build + - stage: build displayName: Build - pool: - vmImage: windows-latest - steps: - # prepare - - pwsh: | - $pr = "pr." + $env:SYSTEM_PULLREQUEST_PULLREQUESTNUMBER - Write-Host "Preview label: $pr" - Write-Host "##vso[task.setvariable variable=PREVIEW_LABEL]$pr" - displayName: Use a special preview label for PRs - condition: eq(variables['Build.Reason'], 'PullRequest') - - pwsh: | - $label = "" - if ($env:BUILD_REASON -ne "PullRequest") { - $label = "+" + $env:BUILD_SOURCEBRANCHNAME - } - $label = "$env:BASE_VERSION-$env:PREVIEW_LABEL.$env:BUILD_NUMBER$label" - Write-Host "Build label: $label" - Write-Host "##vso[build.updatebuildnumber]$label" - displayName: Update the build number with a more readable one - - pwsh: dotnet tool restore - displayName: Restore the dotnet tools - # PUBLIC ONLY: build everything and run tests - - ${{ if ne(variables['System.TeamProject'], 'devdiv') }}: - - pwsh: dotnet cake - displayName: Build everything - - task: PublishTestResults@2 - condition: always() - inputs: - testResultsFormat: VSTest - testResultsFiles: output/test-results/*.trx - - publish: output - artifact: windows - condition: always() - displayName: Upload Logs - # INTERNAL ONLY: just pack nugets - - ${{ if eq(variables['System.TeamProject'], 'devdiv') }}: - - pwsh: dotnet cake --target=pack - displayName: Pack NuGets - - publish: output/nugets - artifact: nuget - displayName: Upload NuGets + jobs: + - job: build + displayName: Build + templateContext: + sdl: + spotBugs: + enabled: false + outputParentDirectory: 'output' + outputs: + - output: pipelineArtifact + displayName: 'Upload NuGets' + artifactName: 'nuget' + targetPath: 'output/nugets' + steps: + - template: /scripts/azure-pipelines-steps-prepare.yml@self + - pwsh: dotnet cake --target=pack + displayName: Pack NuGets + env: + JavaSdkDirectory: $(JAVA_HOME) - # sign the nugets - - ${{ if eq(variables['System.TeamProject'], 'devdiv') }}: - - stage: signing - displayName: Sign NuGets - dependsOn: build - jobs: - - template: sign-artifacts/jobs/v2.yml@internal-templates + - stage: signing + displayName: Sign NuGets + dependsOn: build + jobs: + - template: sign-artifacts/jobs/v2.yml@internal-templates + parameters: + usePipelineArtifactTasks: true + use1ESTemplate: true + ${{ if or( eq(variables['Build.SourceBranch'], 'refs/heads/main'), startsWith(variables['Build.SourceBranch'], 'refs/heads/release/') ) }}: + signType: 'Real' + ${{ else }}: + signType: 'Test' + + - ${{ if or( eq(variables['Build.Reason'], 'Schedule'), parameters.runCompliance ) }}: + - template: security/apiscan/v0.yml@internal-templates parameters: - usePipelineArtifactTasks: true - ${{ if eq(variables['Build.SourceBranch'], 'refs/heads/main') }}: - signType: 'Real' - ${{ if not(eq(variables['Build.SourceBranch'], 'refs/heads/main')) }}: - signType: 'Test' + windowsPoolName: AzurePipelines-EO + windowsImageOverride: 1ESPT-Windows2022 + stageDependsOn: + - build + scanArtifacts: + - nuget + apiScanSoftwareName: SkiaSharp + apiScanSoftwareVersionNum: $(MAJOR_VERSION) diff --git a/scripts/azure-pipelines-steps-prepare.yml b/scripts/azure-pipelines-steps-prepare.yml new file mode 100644 index 00000000..8cf2d071 --- /dev/null +++ b/scripts/azure-pipelines-steps-prepare.yml @@ -0,0 +1,28 @@ +steps: + + - pwsh: | + $pr = "pr." + $env:SYSTEM_PULLREQUEST_PULLREQUESTNUMBER + Write-Host "Preview label: $pr" + Write-Host "##vso[task.setvariable variable=PREVIEW_LABEL]$pr" + displayName: Use a special preview label for PRs + condition: eq(variables['Build.Reason'], 'PullRequest') + + - pwsh: | + $label = "" + if ($env:BUILD_REASON -ne "PullRequest") { + $label = "+" + $env:BUILD_SOURCEBRANCHNAME + } + $label = "$env:BASE_VERSION-$env:PREVIEW_LABEL.$env:BUILD_NUMBER$label" + Write-Host "Build label: $label" + Write-Host "##vso[build.updatebuildnumber]$label" + displayName: Update the build number with a more readable one + + - task: JavaToolInstaller@0 + displayName: Select JDK + inputs: + versionSpec: '17' + jdkArchitectureOption: 'x64' + jdkSourceOption: 'PreInstalled' + + - pwsh: dotnet tool restore + displayName: Restore the dotnet tools diff --git a/scripts/azure-pipelines-variables.yml b/scripts/azure-pipelines-variables.yml new file mode 100644 index 00000000..35d4ee57 --- /dev/null +++ b/scripts/azure-pipelines-variables.yml @@ -0,0 +1,7 @@ +variables: + MAJOR_VERSION: 2 + BASE_VERSION: 2.0.0 + PREVIEW_LABEL: 'preview' + BUILD_NUMBER: $[counter(format('{0}_{1}_{2}', variables['BASE_VERSION'], variables['Build.SourceBranch'], variables['PREVIEW_LABEL']), 1)] + GIT_SHA: $(Build.SourceVersion) + GIT_BRANCH_NAME: $(Build.SourceBranchName)