SBOM: Fix for conditional logic based on signingCondition (#322)
* Attempt to evaluate signingCondition to include/exclude settings at the time the sbom stage is run * Evaluate signingCondition as part of a condition property and not as a conditional expression * Apply signingCondition to the stages defined for PRs and CIs * Try using two SBOM jobs with opposing conditional logic within the same stage * Unique names for SBOM jobs * SBOM: Execute PR job based on unsignedCondition * Remove closing paren from unsignedCondition * Remove stage name as parameter to condition * Remove succeeded() from original signingCondition * Multi-line conditions * Use single signingCondition * SBOM: Unsigned PR job: Include condition for success of the windows (build) stage * Target production support for the SBOM shared template job name & display name * Ensure SBOM_PR job only executes if the build 'windows' job succeeds by making the SBOM stage dependent on the success of the windows stage * Spell out acronyms in comments
This commit is contained in:
Родитель
4e7630c90c
Коммит
4a316cbf8c
|
@ -6,7 +6,11 @@ variables:
|
|||
provisionator.path: '$(System.DefaultWorkingDirectory)/eng/provisioning/provisioning.csx'
|
||||
provisionator.vs: '$(System.DefaultWorkingDirectory)/eng/provisioning/vs.csx'
|
||||
provisionator.extraArguments: '--v'
|
||||
signingCondition: and(succeeded(), or(eq(variables['Sign'], 'true'), or(eq(variables['Build.SourceBranch'], 'refs/heads/main'), or(startsWith(variables['Build.SourceBranch'],'refs/tags/'), startsWith(variables['Build.SourceBranch'],'refs/heads/release/') ))))
|
||||
signingCondition: or(eq(variables['Sign'], 'true'),
|
||||
or(eq(variables['Build.SourceBranch'], 'refs/heads/main'),
|
||||
or(startsWith(variables['Build.SourceBranch'],'refs/tags/'), startsWith(variables['Build.SourceBranch'],'refs/heads/release/') )
|
||||
)
|
||||
)
|
||||
|
||||
parameters:
|
||||
- name: BuildConfigurations
|
||||
|
@ -62,7 +66,7 @@ resources:
|
|||
type: github
|
||||
name: xamarin/yaml-templates
|
||||
endpoint: xamarin
|
||||
ref: refs/heads/main # still defaults to master even though main is the main branch
|
||||
ref: refs/heads/main
|
||||
|
||||
stages:
|
||||
- stage: windows
|
||||
|
@ -203,19 +207,29 @@ stages:
|
|||
signedArtifactName: nuget
|
||||
signedArtifactPath: signed
|
||||
displayName: Sign Phase
|
||||
condition: ${{ variables['signingCondition'] }}
|
||||
condition: and(succeeded(), ${{ variables['signingCondition'] }} )
|
||||
|
||||
- stage: sbom
|
||||
displayName: 'Software Bill of Materials'
|
||||
${{ if not(variables['signingCondition']) }}:
|
||||
dependsOn: [ 'windows' ]
|
||||
${{ if variables['signingCondition'] }}:
|
||||
dependsOn: [ 'nuget_signing' ]
|
||||
dependsOn: [ 'windows', 'nuget_signing' ]
|
||||
condition: succeeded('windows')
|
||||
jobs:
|
||||
- template: compliance/sbom/job.v1.yml@xamarin-templates
|
||||
parameters:
|
||||
jobName: SBOM_PR
|
||||
jobDisplayName: 'Software Bill of Materials (PR)'
|
||||
artifactNames: ['nuget']
|
||||
artifactMap: ['nuget/Release']
|
||||
packageName: 'Microsoft Maui Graphics'
|
||||
packageFilter: '*.nupkg'
|
||||
condition: not(${{ variables['signingCondition'] }}) # Executed when signing is not enabled such as for pull request builds (PRs)
|
||||
|
||||
- template: compliance/sbom/job.v1.yml@xamarin-templates
|
||||
parameters:
|
||||
jobName: SBOM_CI
|
||||
jobDisplayName: 'Software Bill of Materials (CI)'
|
||||
artifactNames: ['nuget']
|
||||
${{ if variables['signingCondition'] }}:
|
||||
artifactMap: ['nuget/signed']
|
||||
packageName: 'Microsoft Maui Graphics'
|
||||
packageFilter: '*.nupkg'
|
||||
condition: and(succeeded(), ${{ variables['signingCondition'] }} ) # Executed when signing is enabled such as for continuous integration builds (CIs)
|
Загрузка…
Ссылка в новой задаче