# # See https://docs.microsoft.com/azure/devops/pipelines/yaml-schema for details # variables: - name: _TeamName value: AspNetCore - name: DOTNET_SKIP_FIRST_TIME_EXPERIENCE value: true - name: _PublishUsingPipelines value: true - name: _BuildConfig value: Release # used for post-build phases, internal builds only - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: - group: DotNet-AspNet-SDLValidation-Params # CI and PR triggers trigger: batch: true branches: include: - main - release/* pr: autoCancel: false branches: include: - '*' stages: - stage: build displayName: Build jobs: - template: /eng/common/templates/jobs/jobs.yml parameters: enableMicrobuild: true enablePublishBuildArtifacts: true enablePublishTestResults: true enablePublishBuildAssets: true enablePublishUsingPipelines: ${{ variables._PublishUsingPipelines }} enableTelemetry: true jobs: - job: Windows pool: ${{ if eq(variables['System.TeamProject'], 'public') }}: name: NetCore1ESPool-Public demands: ImageOverride -equals Build.Server.Amd64.VS2019.Open ${{ if ne(variables['System.TeamProject'], 'public') }}: name: NetCore1ESPool-Internal demands: ImageOverride -equals Build.Server.Amd64.VS2019 variables: # Only enable publishing in official builds. - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: # Publish-Build-Assets provides: MaestroAccessToken, BotAccount-dotnet-maestro-bot-PAT - group: Publish-Build-Assets - name: _OfficialBuildArgs value: /p:DotNetSignType=$(_SignType) /p:TeamName=$(_TeamName) /p:DotNetPublishUsingPipelines=$(_PublishUsingPipelines) /p:OfficialBuildId=$(BUILD.BUILDNUMBER) - name: _SignType value: real # else - ${{ if or(eq(variables['System.TeamProject'], 'public'), in(variables['Build.Reason'], 'PullRequest')) }}: - name: _OfficialBuildArgs value: '' - name: _SignType value: test steps: - checkout: self clean: true - script: docker version - script: docker images - script: eng\common\cibuild.cmd -configuration $(_BuildConfig) -prepareMachine $(_OfficialBuildArgs) displayName: Build and Publish - task: PublishBuildArtifacts@1 displayName: Upload TestResults condition: always() continueOnError: true inputs: pathtoPublish: artifacts/TestResults/$(_BuildConfig)/ artifactName: $(Agent.Os)_$(Agent.JobName) TestResults artifactType: Container parallel: true - task: PublishBuildArtifacts@1 displayName: Upload package artifacts condition: and(succeeded(), eq(variables['system.pullrequest.isfork'], false), eq(variables['_BuildConfig'], 'Release')) inputs: pathtoPublish: artifacts/packages/ artifactName: artifacts artifactType: Container parallel: true - job: Ubuntu_20_04 displayName: 'Ubuntu 20.04' pool: vmImage: ubuntu-20.04 variables: - name: _SignType value: none - name: MSBUILDDISABLENODEREUSE value: 1 - ${{ if and(eq(variables['System.TeamProject'], 'internal'), notin(variables['Build.Reason'], 'PullRequest')) }}: - name: _OfficialBuildArgs value: -p:OfficialBuildId=$(Build.BuildNumber) # else - ${{ if or(eq(variables['System.TeamProject'], 'public'), in(variables['Build.Reason'], 'PullRequest')) }}: - name: _OfficialBuildArgs value: '' steps: - checkout: self clean: true - script: eng/common/cibuild.sh --configuration $(_BuildConfig) --prepareMachine displayName: Build - task: PublishBuildArtifacts@1 displayName: Upload TestResults condition: always() continueOnError: true inputs: pathtoPublish: artifacts/TestResults/$(_BuildConfig)/ artifactName: $(Agent.Os)_$(Agent.JobName) TestResults artifactType: Container parallel: true - job: OSX_10_14 displayName: 'OSX' pool: vmImage: macOS-11 variables: - name: _SignType value: none - name: MSBUILDDISABLENODEREUSE value: 1 - ${{ if and(eq(variables['System.TeamProject'], 'internal'), notin(variables['Build.Reason'], 'PullRequest')) }}: - name: _OfficialBuildArgs value: -p:OfficialBuildId=$(Build.BuildNumber) # else - ${{ if or(eq(variables['System.TeamProject'], 'public'), in(variables['Build.Reason'], 'PullRequest')) }}: - name: _OfficialBuildArgs value: '' steps: - checkout: self clean: true - script: eng/common/cibuild.sh --configuration $(_BuildConfig) --prepareMachine displayName: Build - task: PublishBuildArtifacts@1 displayName: Upload TestResults condition: always() continueOnError: true inputs: pathtoPublish: artifacts/TestResults/$(_BuildConfig)/ artifactName: $(Agent.Os)_$(Agent.JobName) TestResults artifactType: Container parallel: true - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: - template: eng\common\templates\post-build\post-build.yml parameters: publishingInfraVersion: 3 # Symbol validation isn't being very reliable lately. This should be enabled back # once this issue is resolved: https://github.com/dotnet/arcade/issues/2871 enableSymbolValidation: false # It's a private repo in github so this won't pass until we create an internal mirror enableSourceLinkValidation: false # This is to enable SDL runs part of Post-Build Validation Stage SDLValidationParameters: enable: true continueOnError: false params: ' -SourceToolsList @("policheck","credscan") -TsaInstanceURL $(_TsaInstanceURL) -TsaProjectName $(_TsaProjectName) -TsaNotificationEmail $(_TsaNotificationEmail) -TsaCodebaseAdmin $(_TsaCodebaseAdmin) -TsaBugAreaPath $(_TsaBugAreaPath) -TsaIterationPath $(_TsaIterationPath) -TsaRepositoryName "Tye" -TsaCodebaseName "Tye" -TsaPublish $True -PoliCheckAdditionalRunConfigParams @("UserExclusionPath < $(Build.SourcesDirectory)/eng/PoliCheckExclusions.xml")'