Convert build pipeline to 1ES (#1061)

- Convert build pipeline to 1ES - Remove old pipeline - Changes to build.ps1 for new pipeline
2024-06-20 11:35:30 -06:00 · 2024-06-20 11:35:30 -06:00 · f0a96f59ab
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@ -1,127 +0,0 @@
-# Starter pipeline
-# Start with a minimal pipeline that you can customize to build and deploy your code.
-# Add steps that build, run tests, deploy, and more:
-# https://aka.ms/yaml
-
-#trigger:
-#- master
-#- dev
-
-strategy:
-  matrix:
-    linux:
-      imageName: 'MMSUbuntu20.04TLS'
-    windows:
-      imageName: 'MMS2019TLS'
-
-pool:
-    name: '1ES-Hosted-AzFunc'
-    demands:
-      - ImageOverride -equals $(imageName)
-
-variables:
-  Configuration: Release
-  buildNumber: $[ counter('build', 001) ] # Start higher than our AppVeyor versions. Every build (pr or branch) will increment.
-
-steps:
- task: AzureKeyVault@2
-  inputs:
-    azureSubscription: 'Simple Batch(0b894477-1614-4c8d-8a9b-a697a24596b8)'
-    KeyVaultName: 'powershell-worker'
-    SecretsFilter: '*'
-    RunAsPreJob: true
-
- pwsh: |
-    $releaseBranches = @('v4.x/ps7.4', 'v4.x/ps7.2', 'v4.x/ps7.0', 'v3.x/ps7', 'v3.x/ps6', 'v2.x')
-
-    Write-Host "BuildSourceBranch: $($env:BuildSourceBranch)"
-    $branchName = $env:BuildSourceBranch.Replace("refs/heads/", "")
-    Write-Host "BranchName: $branchName"
-
-    $isReleaseBuild = ($releaseBranches -contains $branchName)
-    Write-Host "##vso[task.setvariable variable=IsReleaseBuild]$isReleaseBuild"
-    Write-Host "IsReleaseBuild: $isReleaseBuild"
-  displayName: 'Set IsReleaseBuild variable'
-  env:
-    BuildSourceBranch: $(Build.SourceBranch)
-  condition: eq(variables['UPLOADPACKAGETOPRERELEASEFEED'], 'false')
-
- pwsh: ./build.ps1 -NoBuild -Bootstrap
-  displayName: 'Running ./build.ps1 -NoBuild -Bootstrap'
-
- pwsh: ./Check-CsprojVulnerabilities.ps1
-  displayName: 'Check for security vulnerabilities'
-
- pwsh: |
-      $ErrorActionPreference = "Stop"
-
-      $shouldAddSBOM = $null
-      if ([string]::IsNullOrEmpty($IsReleaseBuild))
-      {
-        Write-Host "IsReleaseBuild is null or empty. Setting shouldAddSBOM to false"
-        $shouldAddSBOM = $false
-      }
-      else
-      {
-        Write-Host "IsReleaseBuild: $IsReleaseBuild"
-        $shouldAddSBOM = ($IsReleaseBuild -eq "true")
-      }
-
-      Write-Host "shouldAddSBOM: $shouldAddSBOM"
-
-      ./build.ps1 -Clean -Configuration Release -BuildNumber "$(buildNumber)" -AddSBOM:$shouldAddSBOM -SBOMUtilSASUrl "$(SBOMUtilSASUrl)"
-  displayName: 'Build worker code'
-
- pwsh: ./build.ps1 -NoBuild -Test
-  displayName: 'Running UnitTest'
-
- pwsh: ./test/E2E/Start-E2ETest.ps1
-  env:
-    AzureWebJobsStorage: $(AzureWebJobsStorage)
-    AzureWebJobsCosmosDBConnectionString: $(AzureWebJobsCosmosDBConnectionString)
-    AzureWebJobsServiceBus: $(AzureWebJobsServiceBus)
-    AzureWebJobsEventHubSender: $(AzureWebJobsEventHubSender)
-    FUNCTIONS_WORKER_RUNTIME : "powershell"
-  displayName: 'Running E2ETest'
-
- task: PublishTestResults@2
-  inputs:
-    testResultsFormat: 'VSTest'
-    testResultsFiles: '**/*.trx'
-    failTaskOnFailedTests: true
-  condition: succeededOrFailed()
-  displayName: 'Publish tests results'
-
- task: CopyFiles@2
-  inputs:
-    SourceFolder: '$(System.DefaultWorkingDirectory)/package'
-    Contents: '**/*.nupkg'
-    TargetFolder: '$(Build.ArtifactStagingDirectory)'
-  displayName: 'Copy package to artifacts directory'
-
- task: NuGetCommand@2
-  condition: and(ne(variables['Build.Reason'], 'PullRequest'), eq(variables['IsReleaseBuild'], 'true'), eq(variables['UPLOADPACKAGETOPRERELEASEFEED'], 'false'))
-  inputs:
-    command: 'push'
-    packagesToPush: '$(Build.ArtifactStagingDirectory)/**/*.nupkg;!$(Build.ArtifactStagingDirectory)/**/*.symbols.nupkg'
-    nuGetFeedType: 'internal'
-    publishVstsFeed: 'e6a70c92-4128-439f-8012-382fe78d6396/c0493cce-bc63-4e11-9fc9-e7c45291f151'
-    allowPackageConflicts: true
-  displayName: 'Push NuGet package'
-
- task: NuGetCommand@2
-  condition: eq(variables['UPLOADPACKAGETOPRERELEASEFEED'], 'true')
-  inputs:
-    command: 'push'
-    packagesToPush: '$(Build.ArtifactStagingDirectory)/**/*.nupkg;!$(Build.ArtifactStagingDirectory)/**/*.symbols.nupkg'
-    nuGetFeedType: 'internal'
-    publishVstsFeed: 'e6a70c92-4128-439f-8012-382fe78d6396/f37f760c-aebd-443e-9714-ce725cd427df'
-    allowPackageConflicts: true
-  displayName: 'Push NuGet package to the AzureFunctionsPreRelease feed'
-
- task: PublishBuildArtifacts@1
-  inputs:
-    PathtoPublish: '$(Build.ArtifactStagingDirectory)'
-    ArtifactName: 'drop'
-    publishLocation: 'Container'
-  displayName: 'Publish build artifacts'
--- a/build.ps1
+++ b/build.ps1
@ -28,13 +28,7 @@ param(
    $Configuration = "Debug",

    [string]
-    $BuildNumber = '0',
-
-    [switch]
-    $AddSBOM,
-
-    [string]
-    $SBOMUtilSASUrl
+    $BuildNumber = '0'
 )

 #Requires -Version 7.0
@ -73,35 +67,6 @@ function Get-FunctionsCoreToolsDir {
    }
 }

-function Install-SBOMUtil
-{
-    if ([string]::IsNullOrEmpty($SBOMUtilSASUrl))
-    {
-        throw "The `$SBOMUtilSASUrl parameter cannot be null or empty when specifying the `$AddSBOM switch"
-    }
-
-    $MANIFESTOOLNAME = "ManifestTool"
-    Write-Log "Installing $MANIFESTOOLNAME..."
-
-    $MANIFESTOOL_DIRECTORY = Join-Path $PSScriptRoot $MANIFESTOOLNAME
-    Remove-Item -Recurse -Force $MANIFESTOOL_DIRECTORY -ErrorAction Ignore
-
-    Invoke-RestMethod -Uri $SBOMUtilSASUrl -OutFile "$MANIFESTOOL_DIRECTORY.zip"
-    Expand-Archive "$MANIFESTOOL_DIRECTORY.zip" -DestinationPath $MANIFESTOOL_DIRECTORY
-
-    $dllName = "Microsoft.ManifestTool.dll"
-    $manifestToolPath = "$MANIFESTOOL_DIRECTORY/$dllName"
-
-    if (-not (Test-Path $manifestToolPath))
-    {
-        throw "$MANIFESTOOL_DIRECTORY does not contain '$dllName'"
-    }
-
-    Write-Log 'Done.'
-
-    return $manifestToolPath
-}
-
 function Deploy-PowerShellWorker {
    $ErrorActionPreference = 'Stop'

@ -179,28 +144,6 @@ if (!$NoBuild.IsPresent) {

    dotnet publish -c $Configuration "/p:BuildNumber=$BuildNumber" $PSScriptRoot

-    if ($AddSBOM)
-    {
-        # Install manifest tool
-        $manifestTool = Install-SBOMUtil
-        Write-Log "manifestTool: $manifestTool "
-
-        # Generate manifest
-        $buildPath = "$PSScriptRoot/src/bin/$Configuration/$TargetFramework/publish"
-        $telemetryFilePath = Join-Path $PSScriptRoot ((New-Guid).Guid + ".json")
-        $packageName = "Microsoft.Azure.Functions.PowerShellWorker.nuspec"
-
-        # Delete the manifest folder if it exists
-        $manifestFolderPath = Join-Path $buildPath "_manifest"
-        if (Test-Path $manifestFolderPath)
-        {
-            Remove-Item $manifestFolderPath -Recurse -Force -ErrorAction Ignore
-        }
-
-        Write-Log "Running: dotnet $manifestTool generate -BuildDropPath $buildPath -BuildComponentPath $buildPath -Verbosity Information -t $telemetryFilePath"
-        & { dotnet $manifestTool generate -BuildDropPath $buildPath -BuildComponentPath $buildPath -Verbosity Information -t $telemetryFilePath -PackageName $packageName }
-    }
-
    dotnet pack -c $Configuration "/p:BuildNumber=$BuildNumber" "$PSScriptRoot/package"
 }

--- a/eng/ci/official.yml
+++ b/eng/ci/official.yml
@ -0,0 +1,48 @@
+trigger:
+  batch: true
+  branches:
+    include:
+      - v4.x/*
+      - v3.x/*
+
+# CI only, does not trigger on PRs.
+pr: none
+
+resources:
+  repositories:
+    - repository: 1es
+      type: git
+      name: 1ESPipelineTemplates/1ESPipelineTemplates
+      ref: refs/tags/release
+
+variables:
+  Configuration: Release
+  buildNumber: $[ counter('build', 4000) ] # Start higher than the versions from the previous pipeline. Every build (pr or branch) will increment.
+
+extends:
+  template: v1/1ES.Official.PipelineTemplate.yml@1es
+  parameters:
+    pool:
+      name: 1es-pool-azfunc
+      image: 1es-windows-2022
+      os: windows
+
+    stages:
+      - stage: WindowsUnitTests
+        dependsOn: []
+        jobs:
+          - template: /eng/ci/templates/test.yml@self
+
+      - stage: LinuxUnitTests
+        dependsOn: []
+        jobs:
+          - template: /eng/ci/templates/test.yml@self
+        pool:
+          name: 1es-pool-azfunc
+          image: 1es-ubuntu-22.04
+          os: linux
+
+      - stage: Build
+        dependsOn: [WindowsUnitTests, LinuxUnitTests]
+        jobs:
+          - template: /eng/ci/templates/build.yml@self
--- a/eng/ci/public.yml
+++ b/eng/ci/public.yml
@ -0,0 +1,45 @@
+trigger:
+  batch: true
+  branches:
+    include:
+    - dev
+    - v4.x/*
+    - v3.x/*
+
+# Only run the tests on PR to official branches - do we want to run them on all PRs?
+pr:
+  branches:
+    include:
+    - '*'
+
+resources:
+  repositories:
+    - repository: 1es
+      type: git
+      name: 1ESPipelineTemplates/1ESPipelineTemplates
+      ref: refs/tags/release
+
+extends:
+  template: v1/1ES.Unofficial.PipelineTemplate.yml
+  parameters:
+    pool:
+      name: 1es-pool-azfunc-public
+      image: 1es-windows-2022
+      os: windows
+
+    stages:
+      - stage: WindowsUnitTests
+        dependsOn: []
+        jobs:
+          - template: /eng/ci/templates/test.yml@self
+        pool:
+          name: 1es-pool-azfunc-public
+
+      - stage: LinuxUnitTests
+        dependsOn: []
+        jobs:
+          - template: /eng/ci/templates/test.yml@self
+        pool:
+          name: 1es-pool-azfunc-public
+          image: 1es-ubuntu-22.04
+          os: linux
--- a/eng/ci/templates/build.yml
+++ b/eng/ci/templates/build.yml
@ -0,0 +1,38 @@
+jobs:
+  - job:
+    templateContext:
+      outputs:
+        - output: nuget
+          packagesToPush: "$(Build.ArtifactStagingDirectory)/*.nupkg"
+          packageParentPath: "$(Build.ArtifactStagingDirectory)"
+          nuGetFeedType: internal
+          publishVstsFeed: "e6a70c92-4128-439f-8012-382fe78d6396/c0493cce-bc63-4e11-9fc9-e7c45291f151"
+          sbomPackageName: "Azure Functions PowerShell Worker"
+          sbomBuildComponentPath: "$(Build.SourcesDirectory)"
+          allowPackageConflicts: true
+        # - output: nuget
+        #   condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/dev'), eq(variables['UPLOADPACKAGETOPRERELEASEFEED'], true))
+        #   packagesToPush: '$(Build.ArtifactStagingDirectory)/*.nupkg'
+        #   packageParentPath: '$(Build.ArtifactStagingDirectory)'
+        #   nuGetFeedType: 'internal'
+        #   publishVstsFeed: 'e6a70c92-4128-439f-8012-382fe78d6396/f37f760c-aebd-443e-9714-ce725cd427df' # AzureFunctionsPreRelease feed
+        #   allowPackageConflicts: true
+    steps:
+      - pwsh: ./build.ps1 -NoBuild -Bootstrap
+        displayName: "Running ./build.ps1 -NoBuild -Bootstrap"
+
+      - pwsh: |
+          $ErrorActionPreference = "Stop"
+
+          ./build.ps1 -Clean -Configuration Release -BuildNumber "$(buildNumber)"
+        displayName: "Build worker code"
+
+      - task: CopyFiles@2
+        inputs:
+          SourceFolder: "$(System.DefaultWorkingDirectory)/package"
+          Contents: |
+            **/*.nuspec
+            **/*.nupkg
+          TargetFolder: "$(Build.ArtifactStagingDirectory)"
+          flattenFolders: true
+        displayName: "Copy package to artifacts directory"
--- a/eng/ci/templates/test.yml
+++ b/eng/ci/templates/test.yml
@ -0,0 +1,34 @@
+jobs:
+  - job: UnitTests
+    steps:
+      - pwsh: ./build.ps1 -NoBuild -Bootstrap
+        displayName: "Running ./build.ps1 -NoBuild -Bootstrap"
+
+      - pwsh: ./Check-CsprojVulnerabilities.ps1
+        displayName: "Check for security vulnerabilities"
+
+      - pwsh: |
+          $ErrorActionPreference = "Stop"
+
+          ./build.ps1 -Clean -Configuration Release -BuildNumber "$(buildNumber)"
+        displayName: "Build worker code"
+
+      - pwsh: ./build.ps1 -NoBuild -Test
+        displayName: "Running UnitTest"
+
+      # - pwsh: ./test/E2E/Start-E2ETest.ps1
+      #   env:
+      #     AzureWebJobsStorage: $(AzureWebJobsStorage)
+      #     AzureWebJobsCosmosDBConnectionString: $(AzureWebJobsCosmosDBConnectionString)
+      #     AzureWebJobsServiceBus: $(AzureWebJobsServiceBus)
+      #     AzureWebJobsEventHubSender: $(AzureWebJobsEventHubSender)
+      #     FUNCTIONS_WORKER_RUNTIME: "powershell"
+      #   displayName: "Running E2ETest"
+
+      - task: PublishTestResults@2
+        inputs:
+          testResultsFormat: "VSTest"
+          testResultsFiles: "**/*.trx"
+          failTaskOnFailedTests: true
+        condition: succeededOrFailed()
+        displayName: "Publish tests results"