384 строки
14 KiB
YAML
384 строки
14 KiB
YAML
variables:
|
|
- name: _TeamName
|
|
value: DotNetCore
|
|
- name: _PublishUsingPipelines
|
|
value: true
|
|
- group: AzureDevOps-Artifact-Feeds-Pats
|
|
- group: SDL_Settings
|
|
- ${{ if notin(variables['Build.Reason'], 'Schedule') }}:
|
|
- name: PoolProvider
|
|
value: NetCore1ESPool-Internal
|
|
- ${{ else }}:
|
|
- name: PoolProvider
|
|
value: NetCore1ESPool-Internal-Int
|
|
|
|
trigger:
|
|
batch: true
|
|
branches:
|
|
include:
|
|
- main
|
|
- release/*
|
|
|
|
pr: none
|
|
|
|
schedules:
|
|
- cron: "0 0 * * *"
|
|
displayName: Once a day build using Staging pools (at midnight)
|
|
branches:
|
|
include:
|
|
- main
|
|
always: true
|
|
|
|
resources:
|
|
containers:
|
|
- container: LinuxContainer
|
|
image: mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-fpm
|
|
repositories:
|
|
- repository: 1ESPipelineTemplates
|
|
type: git
|
|
name: 1ESPipelineTemplates/1ESPipelineTemplates
|
|
ref: refs/tags/release
|
|
|
|
extends:
|
|
template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
|
|
parameters:
|
|
pool:
|
|
name: $(PoolProvider)
|
|
image: windows.vs2022.amd64
|
|
os: windows
|
|
|
|
stages:
|
|
- stage: build
|
|
displayName: Build
|
|
jobs:
|
|
- template: /eng/common/templates-official/jobs/jobs.yml@self
|
|
parameters:
|
|
enableMicrobuild: true
|
|
enableMicrobuildForMacAndLinux: true
|
|
enablePublishBuildArtifacts: true
|
|
enablePublishBuildAssets: true
|
|
enablePublishUsingPipelines: ${{ variables._PublishUsingPipelines }}
|
|
enableTelemetry: true
|
|
enableSourceBuild: true
|
|
helixRepo: dotnet/arcade-validation
|
|
jobs:
|
|
- job: Windows_NT
|
|
variables:
|
|
- _InternalBuildArgs: /p:DotNetSignType=$(_SignType)
|
|
/p:TeamName=$(_TeamName)
|
|
/p:DotNetPublishUsingPipelines=$(_PublishUsingPipelines)
|
|
/p:OfficialBuildId=$(BUILD.BUILDNUMBER)
|
|
|
|
strategy:
|
|
matrix:
|
|
Build_Release:
|
|
_BuildConfig: Release
|
|
_SignType: real
|
|
steps:
|
|
- checkout: self
|
|
clean: true
|
|
- task: PowerShell@2
|
|
displayName: Setup Private Feeds Credentials
|
|
condition: eq(variables['Agent.OS'], 'Windows_NT')
|
|
inputs:
|
|
filePath: $(Build.SourcesDirectory)/eng/common/SetupNugetSources.ps1
|
|
arguments: -ConfigFile $(Build.SourcesDirectory)/NuGet.config -Password $Env:Token
|
|
env:
|
|
Token: $(dn-bot-dnceng-artifact-feeds-rw)
|
|
# Use utility script to run script command dependent on agent OS.
|
|
- script: eng\common\cibuild.cmd
|
|
-configuration $(_BuildConfig)
|
|
-prepareMachine
|
|
$(_InternalBuildArgs)
|
|
displayName: Windows Build / Publish
|
|
- task: ComponentGovernanceComponentDetection@0
|
|
displayName: Component Governance scan
|
|
|
|
- job: Linux
|
|
container: LinuxContainer
|
|
pool:
|
|
name: $(PoolProvider)
|
|
image: 1es-ubuntu-2204
|
|
os: linux
|
|
|
|
variables:
|
|
- _InternalBuildArgs: /p:DotNetSignType=$(_SignType)
|
|
/p:TeamName=$(_TeamName)
|
|
/p:DotNetPublishUsingPipelines=$(_PublishUsingPipelines)
|
|
/p:OfficialBuildId=$(BUILD.BUILDNUMBER)
|
|
|
|
strategy:
|
|
matrix:
|
|
# No test signing - it's not supported on Linux and macOS
|
|
Build_Release:
|
|
_BuildConfig: Release
|
|
_SignType: real
|
|
steps:
|
|
- checkout: self
|
|
clean: true
|
|
- task: Bash@3
|
|
displayName: Setup Private Feeds Credentials
|
|
inputs:
|
|
filePath: $(Build.SourcesDirectory)/eng/common/SetupNugetSources.sh
|
|
arguments: $(Build.SourcesDirectory)/NuGet.config $Token
|
|
condition: ne(variables['Agent.OS'], 'Windows_NT')
|
|
env:
|
|
Token: $(dn-bot-dnceng-artifact-feeds-rw)
|
|
# Remove --sign from the script command with https://github.com/dotnet/source-build/issues/4064
|
|
- script: eng/common/cibuild.sh
|
|
--configuration $(_BuildConfig)
|
|
--prepareMachine
|
|
--sign
|
|
$(_InternalBuildArgs)
|
|
displayName: Unix Build / Publish
|
|
- task: ComponentGovernanceComponentDetection@0
|
|
displayName: Component Governance scan
|
|
|
|
- job: MacOS
|
|
pool:
|
|
name: Azure Pipelines
|
|
image: macos-12
|
|
os: macOS
|
|
|
|
variables:
|
|
- _InternalBuildArgs: /p:DotNetSignType=$(_SignType)
|
|
/p:TeamName=$(_TeamName)
|
|
/p:DotNetPublishUsingPipelines=$(_PublishUsingPipelines)
|
|
/p:OfficialBuildId=$(BUILD.BUILDNUMBER)
|
|
|
|
strategy:
|
|
matrix:
|
|
# No test signing - it's not supported on Linux and macOS
|
|
Build_Release:
|
|
_BuildConfig: Release
|
|
_SignType: real
|
|
steps:
|
|
- checkout: self
|
|
clean: true
|
|
- task: Bash@3
|
|
displayName: Setup Private Feeds Credentials
|
|
inputs:
|
|
filePath: $(Build.SourcesDirectory)/eng/common/SetupNugetSources.sh
|
|
arguments: $(Build.SourcesDirectory)/NuGet.config $Token
|
|
condition: ne(variables['Agent.OS'], 'Windows_NT')
|
|
env:
|
|
Token: $(dn-bot-dnceng-artifact-feeds-rw)
|
|
# Remove --sign from the script command with https://github.com/dotnet/source-build/issues/4064
|
|
- script: eng/common/cibuild.sh
|
|
--configuration $(_BuildConfig)
|
|
--prepareMachine
|
|
--sign
|
|
$(_InternalBuildArgs)
|
|
displayName: Unix Build / Publish
|
|
- task: ComponentGovernanceComponentDetection@0
|
|
displayName: Component Governance scan
|
|
|
|
- job: Validate_Helix
|
|
variables:
|
|
- HelixApiAccessToken: ''
|
|
- group: DotNet-HelixApi-Access
|
|
- _BuildConfig: Release
|
|
- name: skipComponentGovernanceDetection
|
|
value: true
|
|
steps:
|
|
- template: /eng/common/templates-official/steps/send-to-helix.yml
|
|
parameters:
|
|
HelixType: test/product/
|
|
XUnitProjects: $(Build.SourcesDirectory)/src/Validation/tests/Validation.Tests.csproj
|
|
XUnitTargetFramework: netcoreapp2.0
|
|
XUnitRunnerVersion: 2.5.1
|
|
XUnitPublishTargetFramework: net9.0
|
|
IncludeDotNetCli: true
|
|
DotNetCliPackageType: sdk
|
|
DotNetCliVersion: 9.0.100-rc.2.24474.11
|
|
EnableXUnitReporter: true
|
|
WaitForWorkItemCompletion: true
|
|
HelixTargetQueues: Windows.Amd64.Server2022;(Debian.12.Amd64)Ubuntu.2204.Amd64@mcr.microsoft.com/dotnet-buildtools/prereqs:debian-12-helix-amd64
|
|
HelixSource: official/dotnet/arcade-validation/$(Build.SourceBranch)
|
|
HelixAccessToken: $(HelixApiAccessToken)
|
|
displayName: Validate Helix
|
|
|
|
- job: Validate_Signing_Windows
|
|
strategy:
|
|
matrix:
|
|
Test_Signing:
|
|
_BuildConfig: Debug
|
|
_SignType: test
|
|
Real_Signing:
|
|
_BuildConfig: Release
|
|
_SignType: real
|
|
steps:
|
|
- checkout: self
|
|
clean: true
|
|
- task: CopyFiles@2
|
|
displayName: Copy test packages to artifacts directory
|
|
inputs:
|
|
sourceFolder: $(Build.SourcesDirectory)\src\validation\resources
|
|
targetFolder: $(Build.SourcesDirectory)\artifacts\packages\$(_BuildConfig)\NonShipping
|
|
- powershell: eng\common\build.ps1
|
|
-configuration $(_BuildConfig)
|
|
-restore
|
|
-prepareMachine
|
|
-sign
|
|
-ci
|
|
/p:DotNetSignType=$(_SignType)
|
|
/p:TeamName=DotNetCore
|
|
/p:OfficialBuildId=$(BUILD.BUILDNUMBER)
|
|
|
|
- job: Validate_Signing_Linux
|
|
container: LinuxContainer
|
|
pool:
|
|
name: $(PoolProvider)
|
|
image: 1es-ubuntu-2204
|
|
os: linux
|
|
|
|
variables:
|
|
- _InternalBuildArgs: /p:DotNetSignType=$(_SignType)
|
|
/p:TeamName=$(_TeamName)
|
|
/p:OfficialBuildId=$(BUILD.BUILDNUMBER)
|
|
|
|
strategy:
|
|
matrix:
|
|
# No test signing - it's not supported on Linux and macOS
|
|
Real_Signing:
|
|
_BuildConfig: Release
|
|
_SignType: real
|
|
steps:
|
|
- checkout: self
|
|
clean: true
|
|
- task: CopyFiles@2
|
|
displayName: Copy test packages to artifacts directory
|
|
inputs:
|
|
sourceFolder: $(Build.SourcesDirectory)/src/Validation/Resources
|
|
targetFolder: $(Build.SourcesDirectory)/artifacts/packages/$(_BuildConfig)/NonShipping
|
|
- script: eng/common/build.sh
|
|
--configuration $(_BuildConfig)
|
|
--restore
|
|
--prepareMachine
|
|
--sign
|
|
--ci
|
|
$(_InternalBuildArgs)
|
|
|
|
- job: Validate_Signing_MacOS
|
|
pool:
|
|
name: Azure Pipelines
|
|
image: macos-12
|
|
os: macOS
|
|
|
|
variables:
|
|
- _InternalBuildArgs: /p:DotNetSignType=$(_SignType)
|
|
/p:TeamName=$(_TeamName)
|
|
/p:OfficialBuildId=$(BUILD.BUILDNUMBER)
|
|
|
|
strategy:
|
|
matrix:
|
|
# No test signing - it's not supported on Linux and macOS
|
|
Real_Signing:
|
|
_BuildConfig: Release
|
|
_SignType: real
|
|
steps:
|
|
- checkout: self
|
|
clean: true
|
|
- task: CopyFiles@2
|
|
displayName: Copy test packages to artifacts directory
|
|
inputs:
|
|
sourceFolder: $(Build.SourcesDirectory)/src/Validation/Resources
|
|
targetFolder: $(Build.SourcesDirectory)/artifacts/packages/$(_BuildConfig)/NonShipping
|
|
- script: eng/common/build.sh
|
|
--configuration $(_BuildConfig)
|
|
--restore
|
|
--prepareMachine
|
|
--sign
|
|
--ci
|
|
$(_InternalBuildArgs)
|
|
|
|
- stage: Create_BAR_ID_Tag
|
|
displayName: Create BAR ID Tag
|
|
condition: succeededOrFailed()
|
|
jobs:
|
|
- template: /eng/common/templates-official/job/job.yml@self
|
|
parameters:
|
|
name: Create_BAR_ID_Tag
|
|
displayName: Create BAR ID Tag
|
|
variables:
|
|
- group: Publish-Build-Assets
|
|
steps:
|
|
- checkout: self
|
|
clean: true
|
|
- powershell: eng/create-baridtag.ps1
|
|
-barToken $(MaestroAccessToken)
|
|
displayName: Create BAR ID Tag
|
|
name: Create_BAR_ID_Tag
|
|
- template: /eng/common/templates-official/post-build/post-build.yml@self
|
|
parameters:
|
|
publishingInfraVersion: 3
|
|
# Symbol validation isn't being very reliable lately. This should be enabled back
|
|
# once this issue is resolved: https://github.com/dotnet/arcade/issues/2871
|
|
enableSymbolValidation: false
|
|
enableSourceLinkValidation: true
|
|
# This is to enable SDL runs part of Post-Build Validation Stage
|
|
SDLValidationParameters:
|
|
enable: true
|
|
params: ' -SourceToolsList @("policheck","credscan")
|
|
-TsaInstanceURL $(_TsaInstanceURL)
|
|
-TsaProjectName $(_TsaProjectName)
|
|
-TsaNotificationEmail $(_TsaNotificationEmail)
|
|
-TsaCodebaseAdmin $(_TsaCodebaseAdmin)
|
|
-TsaBugAreaPath $(_TsaBugAreaPath)
|
|
-TsaIterationPath $(_TsaIterationPath)
|
|
-TsaRepositoryName "Arcade-Validation"
|
|
-TsaCodebaseName "Arcade-Validation"
|
|
-TsaPublish $True'
|
|
- ${{ if eq(variables['Build.SourceBranch'], 'refs/heads/main') }}:
|
|
- stage: Validate_Publishing
|
|
displayName: Validate Publishing
|
|
jobs:
|
|
- template: /eng/common/templates-official/job/job.yml@self
|
|
parameters:
|
|
name: Validate_Publishing
|
|
displayName: Validate Publishing
|
|
timeoutInMinutes: 240
|
|
variables:
|
|
- group: Publish-Build-Assets
|
|
- group: DotNetBot-GitHub
|
|
- name: BARBuildId
|
|
value: $[ dependencies.setupMaestroVars.outputs['setReleaseVars.BARBuildId'] ]
|
|
- name: skipComponentGovernanceDetection
|
|
value: true
|
|
steps:
|
|
- template: /eng/common/templates-official/post-build/setup-maestro-vars.yml
|
|
- checkout: self
|
|
clean: true
|
|
- powershell: eng\validation\test-publishing.ps1
|
|
-buildId $(BARBuildId)
|
|
-azdoToken $(dn-bot-dotnet-build-rw-code-rw)
|
|
-azdoUser "dotnet-bot"
|
|
-azdoOrg "dnceng"
|
|
-azdoProject "internal"
|
|
-barToken $(MaestroAccessToken)
|
|
-githubPAT $(BotAccount-dotnet-bot-repo-PAT)
|
|
- stage: Promote_Arcade_To_Latest
|
|
displayName: Promote Arcade to '.NET Eng - Latest' channel
|
|
dependsOn:
|
|
- Validate_Publishing
|
|
jobs:
|
|
- template: /eng/common/templates-official/job/job.yml@self
|
|
parameters:
|
|
name: Promote_Arcade_To_Latest
|
|
displayName: Promote Arcade to '.NET Eng - Latest' channel
|
|
timeoutInMinutes: 180
|
|
variables:
|
|
- group: Publish-Build-Assets
|
|
- group: DotNetBot-GitHub
|
|
- name: skipComponentGovernanceDetection
|
|
value: true
|
|
steps:
|
|
- checkout: self
|
|
clean: True
|
|
- powershell: eng/validation/update-channel.ps1
|
|
-maestroEndpoint https://maestro.dot.net
|
|
-barToken $(MaestroAccessToken)
|
|
-azdoToken $(dn-bot-dnceng-build-rw-code-rw)
|
|
-githubToken $(BotAccount-dotnet-bot-repo-PAT)
|
|
displayName: Promote Arcade to 'Latest' channel
|