CCF/.azure-pipelines.yml

75 строки
2.0 KiB
YAML

trigger:
batch: true
branches:
include:
- main
pr:
autoCancel: true
branches:
include:
- main
- "release/*"
exclude:
- "release/[0-3].x"
paths:
include:
- "*"
schedules:
- cron: "0 3 * * Mon-Fri"
displayName: Daily morning build
branches:
include:
- main
- "release/*"
exclude:
- "release/[0-3].x"
always: true
resources:
containers:
- container: virtual
image: ccfmsrc.azurecr.io/ccf/ci:12-02-2024-virtual-clang15
options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro
- container: snp
image: ccfmsrc.azurecr.io/ccf/ci:12-02-2024-snp-clang15
options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro
- container: sgx
image: ccfmsrc.azurecr.io/ccf/ci:12-02-2024-sgx
options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx -v /lib/modules:/lib/modules:ro
variables:
perf_or_release: perf
perf_tests: run
jobs:
- template: .azure-pipelines-templates/configure.yml
- template: .azure-pipelines-templates/matrix.yml
parameters:
perf_or_release: perf
perf_tests: run
- job: CredScan
variables:
Codeql.SkipTaskAutoInjection: true
skipComponentGovernanceDetection: true
pool:
vmImage: "ubuntu-20.04"
steps:
# Scan for credentials in the repo
- task: CredScan@3
inputs:
suppressionsFile: .gdn/CredScanSuppressions.json
# To suppress folders, rather than individual files, we require both of the following options
debugMode: true
folderSuppression: true
# Break the build if any credentials (or other Guardian scans) find issues
- task: PostAnalysis@2
inputs:
GdnBreakAllTools: true