CCF/.azure-pipelines-release.yml

57 строки
1.9 KiB
YAML

trigger:
tags:
include:
- ccf-5.*
pr: none
resources:
containers:
- container: virtual
image: ccfmsrc.azurecr.io/ccf/ci:25-01-2024-virtual-clang15
options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro
- container: snp
image: ccfmsrc.azurecr.io/ccf/ci:25-01-2024-snp-clang15
options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro
- container: sgx
image: ccfmsrc.azurecr.io/ccf/ci:25-01-2024-sgx
options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx -v /lib/modules:/lib/modules:ro
variables:
${{ if startsWith(variables['Build.SourceBranch'], 'refs/tags/ccf-') }}:
perf_or_release: release
perf_tests: no_run
${{ if not(startsWith(variables['Build.SourceBranch'], 'refs/tags/ccf-')) }}:
perf_or_release: perf
perf_tests: run
jobs:
- template: .azure-pipelines-templates/configure.yml
- template: .azure-pipelines-templates/release-matrix.yml
parameters:
perf_or_release: ${{ variables['perf_or_release'] }}
perf_tests: ${{ variables['perf_tests'] }}
- job: CredScan
variables:
Codeql.SkipTaskAutoInjection: true
skipComponentGovernanceDetection: true
pool:
vmImage: "ubuntu-20.04"
steps:
# Scan for credentials in the repo
- task: CredScan@3
inputs:
suppressionsFile: .gdn/CredScanSuppressions.json
# To suppress folders, rather than individual files, we require both of the following options
debugMode: true
folderSuppression: true
# Break the build if any credentials (or other Guardian scans) find issues
- task: PostAnalysis@2
inputs:
GdnBreakAllTools: true