188 строки
8.0 KiB
YAML
188 строки
8.0 KiB
YAML
variables:
|
|
# For $(DncEngInternalBuildPool) used below
|
|
- template: /eng/common/templates-official/variables/pool-providers.yml@self
|
|
# Cannot use key:value syntax in root defined variables
|
|
- name: _TeamName
|
|
value: DotNetCore
|
|
- name: _PublishUsingPipelines
|
|
value: true
|
|
- name: _DotNetArtifactsCategory
|
|
value: .NETCore
|
|
- name: AzdoOrgUri
|
|
value: https://dev.azure.com/dnceng
|
|
- name: AzdoProject
|
|
value: internal
|
|
- group: SDL_Settings
|
|
|
|
trigger:
|
|
batch: true
|
|
branches:
|
|
include:
|
|
- main
|
|
- production
|
|
|
|
resources:
|
|
repositories:
|
|
- repository: 1ESPipelineTemplates
|
|
type: git
|
|
name: 1ESPipelineTemplates/1ESPipelineTemplates
|
|
ref: refs/tags/release
|
|
|
|
extends:
|
|
template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
|
|
parameters:
|
|
pool:
|
|
name: $(DncEngInternalBuildPool)
|
|
image: 1es-windows-2019
|
|
os: windows
|
|
|
|
customBuildTags:
|
|
- ES365AIMigrationTooling
|
|
|
|
stages:
|
|
- stage: build
|
|
dependsOn: []
|
|
displayName: Build
|
|
jobs:
|
|
- template: /eng/common/templates-official/jobs/jobs.yml@self
|
|
parameters:
|
|
artifacts:
|
|
publish:
|
|
logs: true
|
|
${{ if in(variables['Build.SourceBranch'], 'refs/heads/main', 'refs/heads/production') }}:
|
|
artifacts: true
|
|
manifests: true
|
|
enableTelemetry: true
|
|
enableMicrobuild: false
|
|
enablePublishTestResults: false
|
|
enablePublishUsingPipelines: ${{ variables._PublishUsingPipelines }}
|
|
|
|
jobs:
|
|
- job: Windows_NT
|
|
timeoutInMinutes: 90
|
|
|
|
pool:
|
|
name: $(DncEngInternalBuildPool)
|
|
image: 1es-windows-2022
|
|
os: windows
|
|
|
|
variables:
|
|
# DotNet-Symbol-Server-Pats provides: microsoft-symbol-server-pat, symweb-symbol-server-pat
|
|
# Publish-Build-Assets provides: MaestroAppClientId, MaestroStagingAppClientId, BotAccount-dotnet-maestro-bot-PAT
|
|
- group: DotNet-Symbol-Server-Pats
|
|
- group: Publish-Build-Assets
|
|
- _InternalBuildArgs: /p:DotNetSignType=$(_SignType) /p:TeamName=$(_TeamName)
|
|
/p:DotNetPublishUsingPipelines=$(_PublishUsingPipelines)
|
|
/p:DotNetArtifactsCategory=$(_DotNetArtifactsCategory)
|
|
/p:DotNetSymbolServerTokenMsdl=$(microsoft-symbol-server-pat)
|
|
/p:DotNetSymbolServerTokenSymWeb=$(symweb-symbol-server-pat)
|
|
/p:OfficialBuildId=$(BUILD.BUILDNUMBER)
|
|
|
|
- _BuildConfig: Release
|
|
- _PublishType: blob
|
|
- _SignType: test
|
|
|
|
steps:
|
|
- checkout: self
|
|
clean: true
|
|
|
|
- ${{ if eq(variables['Build.SourceBranch'], 'refs/heads/production')}}:
|
|
- template: /eng/common/templates-official/steps/retain-build.yml@self
|
|
parameters:
|
|
AzdoOrgUri: $(AzdoOrgUri)
|
|
AzdoProject: $(AzdoProject)
|
|
BuildId: $(Build.BuildId)
|
|
|
|
- template: /eng/templates/steps/build.yml@self
|
|
parameters:
|
|
configuration: $(_BuildConfig)
|
|
buildArgs: $(_InternalBuildArgs)
|
|
|
|
- task: ComponentGovernanceComponentDetection@0
|
|
displayName: Component Governance Detection
|
|
inputs:
|
|
# `.packages` directory is used by some tools running during build.
|
|
# By default ComponentDetection scans this directory and sometimes reports
|
|
# vulnerabilities for packages that are not part of the published product.
|
|
# We can ignore this directory because actual vulnerabilities
|
|
# that we are interested in will be found by the tool
|
|
# when scanning .csproj and package.json files.
|
|
ignoreDirectories: .packages
|
|
|
|
# Prepare service fabric artifact
|
|
- task: ServiceFabricUpdateManifests@2
|
|
displayName: Update Service Fabric manifests
|
|
inputs:
|
|
applicationPackagePath: $(Build.ArtifactStagingDirectory)\ServiceFabric\MaestroApplication\applicationpackage
|
|
|
|
- powershell: |
|
|
robocopy src/Maestro/MaestroApplication/PublishProfiles $(Build.ArtifactStagingDirectory)\ServiceFabric\MaestroApplication\projectartifacts\PublishProfiles /S *.xml
|
|
robocopy src/Maestro/MaestroApplication/ApplicationParameters $(Build.ArtifactStagingDirectory)\ServiceFabric\MaestroApplication\projectartifacts\ApplicationParameters /S *.xml
|
|
robocopy src/Maestro/MaestroApplication/ApplicationPackageRoot $(Build.ArtifactStagingDirectory)\ServiceFabric\MaestroApplication\projectartifacts\ApplicationPackageRoot /S *.xml
|
|
exit 0
|
|
displayName: Copy Maestro Project Artifacts
|
|
|
|
# Prepare release utilities artifact
|
|
- task: CopyFiles@2
|
|
displayName: Prepare Release Utilities
|
|
inputs:
|
|
sourceFolder: $(Build.SourcesDirectory)\eng
|
|
contents: '*'
|
|
targetFolder: $(Build.ArtifactStagingDirectory)\eng
|
|
|
|
- task: CopyFiles@2
|
|
displayName: Prepare Maestro Scenario Tests
|
|
inputs:
|
|
sourceFolder: $(Build.SourcesDirectory)\artifacts\bin\Maestro.ScenarioTests\$(_BuildConfig)\net6.0\publish
|
|
contents: '*'
|
|
targetFolder: $(Build.ArtifactStagingDirectory)\publish
|
|
|
|
# These artifacts are published at the very end of the job. If this is not desirable a dedicated task should be used.
|
|
# https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/1es-pipeline-templates/features/outputs#supported-outputs
|
|
templateContext:
|
|
# Having published artifacts under one directory guarantees that 1ES scans them only once, saving some build time.
|
|
outputParentDirectory: $(Build.ArtifactStagingDirectory)
|
|
outputs:
|
|
- output: pipelineArtifact
|
|
path: $(Build.ArtifactStagingDirectory)\ServiceFabric\MaestroApplication
|
|
artifact: MaestroApplication
|
|
displayName: Publish MaestroApplication
|
|
condition: always()
|
|
|
|
- output: pipelineArtifact
|
|
path: $(Build.ArtifactStagingDirectory)\eng
|
|
artifact: ReleaseUtilities
|
|
displayName: Publish Release Utilities Artifact
|
|
condition: always()
|
|
|
|
- output: pipelineArtifact
|
|
path: $(Build.ArtifactStagingDirectory)\publish
|
|
artifact: Maestro.ScenarioTests
|
|
displayName: Publish Maestro Scenario Tests
|
|
condition: always()
|
|
|
|
- template: /eng/templates/stages/deploy.yaml@self
|
|
parameters:
|
|
isProd: ${{ eq(variables['Build.SourceBranch'], 'refs/heads/production') }}
|
|
|
|
- ${{ if in(variables['Build.SourceBranch'], 'refs/heads/main', 'refs/heads/production') }}:
|
|
- template: /eng/common/templates-official/post-build/post-build.yml@self
|
|
parameters:
|
|
enableSymbolValidation: true
|
|
enableSigningValidation: false
|
|
artifactsPublishingAdditionalParameters: '/p:CheckEolTargetFramework=false'
|
|
symbolPublishingAdditionalParameters: '/p:CheckEolTargetFramework=false'
|
|
SDLValidationParameters:
|
|
enable: true
|
|
params: '-SourceToolsList @("policheck","credscan")
|
|
-TsaInstanceURL $(_TsaInstanceURL)
|
|
-TsaProjectName $(_TsaProjectName)
|
|
-TsaNotificationEmail $(_TsaNotificationEmail)
|
|
-TsaCodebaseAdmin $(_TsaCodebaseAdmin)
|
|
-TsaBugAreaPath $(_TsaBugAreaPath)
|
|
-TsaIterationPath $(_TsaIterationPath)
|
|
-TsaRepositoryName "Arcade-Services"
|
|
-TsaCodebaseName "Arcade-Services"
|
|
-TsaPublish $True
|
|
-PoliCheckAdditionalRunConfigParams @("UserExclusionPath < $(Build.SourcesDirectory)/eng/PoliCheckExclusions.xml")'
|