зеркало из https://github.com/microsoft/CCF.git
57 строки
1.9 KiB
YAML
57 строки
1.9 KiB
YAML
trigger:
|
|
tags:
|
|
include:
|
|
- ccf-5.*
|
|
|
|
pr: none
|
|
|
|
resources:
|
|
containers:
|
|
- container: virtual
|
|
image: ccfmsrc.azurecr.io/ccf/ci:2024-05-29-virtual-clang15
|
|
options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro
|
|
|
|
- container: snp
|
|
image: ccfmsrc.azurecr.io/ccf/ci:2024-05-29-snp-clang15
|
|
options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro
|
|
|
|
- container: sgx
|
|
image: ccfmsrc.azurecr.io/ccf/ci:2024-05-29-sgx
|
|
options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx -v /lib/modules:/lib/modules:ro
|
|
|
|
variables:
|
|
${{ if startsWith(variables['Build.SourceBranch'], 'refs/tags/ccf-') }}:
|
|
perf_or_release: release
|
|
perf_tests: no_run
|
|
${{ if not(startsWith(variables['Build.SourceBranch'], 'refs/tags/ccf-')) }}:
|
|
perf_or_release: perf
|
|
perf_tests: run
|
|
|
|
jobs:
|
|
- template: .azure-pipelines-templates/configure.yml
|
|
|
|
- template: .azure-pipelines-templates/release-matrix.yml
|
|
parameters:
|
|
perf_or_release: ${{ variables['perf_or_release'] }}
|
|
perf_tests: ${{ variables['perf_tests'] }}
|
|
|
|
- job: CredScan
|
|
variables:
|
|
Codeql.SkipTaskAutoInjection: true
|
|
skipComponentGovernanceDetection: true
|
|
pool:
|
|
vmImage: "ubuntu-20.04"
|
|
steps:
|
|
# Scan for credentials in the repo
|
|
- task: CredScan@3
|
|
inputs:
|
|
suppressionsFile: .gdn/CredScanSuppressions.json
|
|
# To suppress folders, rather than individual files, we require both of the following options
|
|
debugMode: true
|
|
folderSuppression: true
|
|
|
|
# Break the build if any credentials (or other Guardian scans) find issues
|
|
- task: PostAnalysis@2
|
|
inputs:
|
|
GdnBreakAllTools: true
|