(docs): build-docs pipeline without upload artifact (#23150)

previous build-docs pipeline for temporary deployment of static doc changes. excludes steps to upload-json artifacts
2024-11-19 15:08:37 -08:00 · 2024-11-19 15:08:37 -08:00 · cef6ce1d36
--- a/tools/pipelines/build-docs.yml
+++ b/tools/pipelines/build-docs.yml
@ -0,0 +1,359 @@
+# Copyright (c) Microsoft Corporation and contributors. All rights reserved.
+# Licensed under the MIT License.
+
+# publish-api-model-artifact pipeline
+# This pipeline downloads the api-extractor artifacts from build pipelines and uploads them to the azure blob storage.
+# After the artifacts are uploaded, the pipeline triggers the deploy-website pipeline to deploy the website.
+# By default, artifacts are only published from the latest minor release branch of each major version series.
+
+name: $(Build.BuildId)
+
+parameters:
+  # override deployment condition to skip or force deployment
+  - name: deployOverride
+    displayName: Deployment Override (default = based on branch)
+    type: string
+    default: default
+    values:
+      - default
+      - skip
+      - force
+  # determines deployment token to be used for Azure Static Web Apps
+  - name: deployEnvironment
+    displayName: Static web app environment to deploy to
+    type: string
+    default: new
+    values:
+      - new
+      - old
+  # determines whether to retain guardian assets
+  - name: guardianAssetRetentionOverride
+    displayName: Guardian Asset Retention Override (default = based on branch)
+    type: string
+    default: default
+    values:
+      - default
+      - skip
+      - force
+  # determines whether to publish guardian baseline files
+  - name: publishGuardianBaselines
+    displayName: Publish Guardian Baseline Files
+    type: boolean
+    default: false
+
+variables:
+  - group: doc-versions
+  - group: storage-vars
+  - name: repoToTrigger
+    value: microsoft/FluidFramework
+  - name: latestPipeline
+    value: ${{ or(
+      eq(variables['Build.SourceBranchName'], 'main'),
+      eq(variables['Build.SourceBranchName'], 'pl-test')
+      )}}
+  - name: n1Branch
+    value: ${{ join('/refs/heads/release/', variables['N1_BRANCH']) }}
+  - name: n1Pipeline
+    value: ${{ eq(variables['Build.SourceBranchName'], variables['N1_BRANCH']) }}
+  - name: releasePipeline
+    value: ${{ eq(variables['Build.SourceBranchName'], variables['RELEASE_BRANCH']) }}
+  - name: validRun
+    value: ${{ or(variables.releasePipeline, variables.n1Pipeline, variables.latestPipeline) }}
+  - name: Packaging.EnableSBOMSigning
+    value: true
+  - name: isMain
+    value: ${{ eq(variables['Build.SourceBranchName'], 'main') }}
+  - name: shouldRetainGuardianAssets
+    value: ${{ or(
+      eq(parameters.guardianAssetRetentionOverride, 'force'),
+      eq(parameters.guardianAssetRetentionOverride, 'default')
+      )}}
+  - name: deploymentToken
+    ${{ if eq( parameters['deployEnvironment'], 'new' ) }}:
+      value: "$(FLUID_WEBSITE_TORUS_API_TOKEN)"
+    ${{ if eq( parameters['deployEnvironment'], 'old') }}:
+      value: "$(AZURE_STATIC_WEB_APPS_API_TOKEN)"
+  # skip injected CG detection as we manually trigger it in a parallel job
+  - name: skipComponentGovernanceDetection
+    value: true
+  - name: pnpmStorePath
+    value: $(Pipeline.Workspace)/.pnpm-store
+
+trigger:
+  branches:
+    include:
+    - release/**
+pr: none
+
+stages:
+# Check release version of branch, and determine if the branch should be deployed
+# If the branch is the latest minor version of its major version series, it should be deployed
+# also, the artifact will be uploaded as latest-v*.tar.gz where * is the major version
+- stage: check_branch_version
+  displayName: 'Check Version Deployment Condition'
+  pool: Small
+  jobs:
+    - job: check_branch_version
+      displayName: 'Check Version Deployment Condition'
+      steps:
+        - checkout: self
+          submodules: false
+          clean: true
+
+        - template: /tools/pipelines/templates/include-install-build-tools.yml
+          parameters:
+            buildDirectory: $(Build.SourcesDirectory)
+        - task: Bash@3
+          name: SetVersion
+          displayName: 'Set Build Version'
+          env:
+            VERSION_BUILDNUMBER: $(Build.BuildNumber)
+          inputs:
+            targetType: 'inline'
+            workingDirectory: $(Build.SourcesDirectory)
+            script: |
+              # Generate the build version. Sets the environment variables version, codeVersion, and isLatest.
+              flub generate buildVersion
+        - task: Bash@3
+          name: SetShouldDeploy
+          displayName: 'Check Version Deployment Condition'
+          inputs:
+            targetType: 'inline'
+            workingDirectory: $(Build.SourcesDirectory)
+            script: |
+              # Check if the version is the latest minor of its corresponding major version series
+              # Sets variable shouldDeploy to true if the version is the latest minor and false otherwise
+              # Sets variable majorVersion to the major version extracted from $(SetVersion.version)
+              flub check latestVersions $(SetVersion.version) client
+
+- stage: build
+  displayName: 'Build website'
+  jobs:
+    - job: debug_variables
+      displayName: Show Variables
+      dependsOn: [] # run in parallel
+      pool: Small-eastus2
+      steps:
+        - checkout: none
+        - script: |
+            echo SourceBranchName: ${{ variables['Build.SourceBranchName'] }}
+            echo BASE_URL: $(BASE_URL)
+            echo RELEASE_VERSION: $(RELEASE_VERSION)
+            echo MAIN_BRANCH_VERSION: $(MAIN_BRANCH_VERSION)
+            echo N1_VERSION: $(N1_VERSION)
+            echo HUGO_PARAMS_APPINSIGHTKEY=$(HUGO_PARAMS_APPINSIGHTKEY)
+            echo repoToTrigger ${{ variables.repoToTrigger }}
+            echo shouldRetainGuardianAssets ${{ variables.shouldRetainGuardianAssets }}
+            echo publishGuardianBaselines ${{ variables.publishGuardianBaselines }}
+          displayName: Show Variables
+
+    - job: component_detection
+      displayName: Component Detection
+      dependsOn: [] # run in parallel
+      pool: Small-eastus2
+      steps:
+        - task: ComponentGovernanceComponentDetection@0
+          displayName: Component Detection
+          inputs:
+            sourceScanPath: docs
+            verbosity: Verbose
+            scanType: Register
+            alertWarningLevel: High
+
+    - job: build_site
+      displayName: 'Build website'
+      pool: Large-eastus2
+      steps:
+        - checkout: self
+          submodules: false
+          clean: true
+
+        - template: templates/include-use-node-version.yml
+
+        - template: templates/include-install-pnpm.yml
+          parameters:
+            buildDirectory: $(Build.SourcesDirectory)/docs
+
+        - task: Bash@3
+          displayName: Install dependencies
+          inputs:
+            targetType: 'inline'
+            workingDirectory: $(Build.SourcesDirectory)/docs
+            script: |
+              set -eu -o pipefail
+              pnpm i --frozen-lockfile
+
+        - task: Npm@1
+          displayName: npm run build
+          inputs:
+            command: 'custom'
+            workingDir: $(Build.SourcesDirectory)/docs
+            customCommand: 'run build'
+
+        # Run the tests
+        - task: Npm@1
+          displayName: Run tests
+          inputs:
+            command: 'custom'
+            workingDir: $(Build.SourcesDirectory)/docs
+            customCommand: 'run test'
+
+        - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
+          displayName: 'Generate SBOM'
+          inputs:
+            BuildDropPath: $(Build.SourcesDirectory)/docs/build
+            PackageName: 'fluidframework-docs'
+            PackageVersion: '$(Build.BuildId)'
+
+        - task: PublishPipelineArtifact@1
+          displayName: 'Publish site build artifact'
+          inputs:
+            targetPath: '$(Build.SourcesDirectory)/docs/build'
+            artifactName: 'fluidframework-docs'
+            publishLocation: 'pipeline'
+
+  # BEGIN Secure development tasks
+- stage: guardian
+  displayName: Guardian
+  dependsOn: [] # run in parallel
+  pool: Large-eastus2
+  jobs:
+    - job: guardian_tasks
+      displayName: Guardian tasks
+      steps:
+        - checkout: self
+          submodules: false
+          clean: true
+
+        - template: templates/include-use-node-version.yml
+
+        - task: UseDotNet@2
+          displayName: 'Use .NET Core 3.x'
+          condition: succeededOrFailed()
+          inputs:
+            packageType: sdk
+            version: 3.x
+
+        - task: securedevelopmentteam.vss-secure-development-tools.build-task-eslint.ESLint@1
+          displayName: 'Run ESLint'
+          condition: succeededOrFailed()
+
+        - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@3
+          displayName: 'Publish Guardian Artifacts - All Tools'
+          condition: succeededOrFailed()
+          inputs:
+            ArtifactType: M365
+
+        - task: AssetRetention@5
+          displayName: Guardian Asset Retention
+          condition: and(succeeded(), eq(variables.shouldRetainGuardianAssets, true))
+          inputs:
+            ArrowServiceConnection: 'ff-internal-arrow-sc'
+            AssetGroupName: 'fluidframework_$(System.TeamProject)_$(Build.DefinitionName)'
+            AssetNumber: '$(Build.BuildId)'
+            IsShipped: false # based on value of arrow.releasedtoproduction variable
+            DropsToRetain: 'CodeAnalysisLogs'
+
+        - task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2
+          displayName: 'Guardian Break'
+          condition: succeededOrFailed()
+          continueOnError: false
+          inputs:
+            GdnBreakPolicyMinSev: Warning
+            GdnBreakAllTools: true
+            GdnBreakBaselineFiles: '$(Build.SourcesDirectory)/docs/.gdnbaselines'
+            GdnBreakGdnToolESLint: true
+            GdnBreakGdnToolESLintSeverity: Warning
+            GdnBreakPolicy: M365
+            GdnBreakOutputBaselineFile: '$(Build.ArtifactStagingDirectory)/'
+
+        - task: PublishPipelineArtifact@1
+          displayName: 'Publish Baselines'
+          condition: eq('${{ parameters.publishGuardianBaselines }}', 'true')
+          inputs:
+            targetPath: '$(Build.ArtifactStagingDirectory)/.gdnbaselines'
+            artifactName: .gdn
+# END Secure development tasks
+
+# TODO: this redundantly builds the website.
+# This pipeline should be updated to publish a usable build artifact in the `build` stage,
+# and let subsequent stages download and work off of that.
+- stage: link_check
+  displayName: 'Website Link Check'
+  dependsOn: [] # run in parallel
+  pool: Large-eastus2
+  jobs:
+    - job: link_check
+      displayName: 'Website Link Check'
+      continueOnError: true
+      steps:
+        - checkout: self
+          submodules: false
+          clean: true
+
+        - template: templates/include-use-node-version.yml
+
+        - template: templates/include-install-pnpm.yml
+          parameters:
+            buildDirectory: $(Build.SourcesDirectory)/docs
+
+        - task: Bash@3
+          displayName: Install dependencies
+          inputs:
+            targetType: 'inline'
+            workingDirectory: $(Build.SourcesDirectory)/docs
+            script: |
+              set -eu -o pipefail
+              pnpm i --frozen-lockfile
+
+        - task: Npm@1
+          displayName: Build
+          inputs:
+            command: 'custom'
+            workingDir: $(Build.SourcesDirectory)/docs
+            customCommand: 'run build'
+
+        - task: Npm@1
+          displayName: Validate links
+          inputs:
+            command: 'custom'
+            workingDir: $(Build.SourcesDirectory)/docs
+            customCommand: 'run ci:check-links'
+
+- stage: deploy
+  displayName: 'Deploy website'
+  pool: Small
+  dependsOn: ['build', 'guardian']
+  variables:
+    deployOverrideVar: ${{ parameters.deployOverride }}
+  condition: and(
+    not(eq(variables['deployOverrideVar'], 'skip')),
+    or(
+      eq(variables['deployOverrideVar'], 'default'),
+      eq(variables['deployOverrideVar'], 'force')
+    ))
+  jobs:
+    - job: deploy_site
+      displayName: 'Deploy website'
+      steps:
+        - checkout: self
+          submodules: false
+          clean: true
+
+        - task: DownloadPipelineArtifact@2
+          displayName: 'Copy fluidframework-docs to "build" folder'
+          inputs:
+            source: current
+            artifact: fluidframework-docs
+            path: '$(Build.SourcesDirectory)/docs/build'
+
+        - task: AzureStaticWebApp@0
+          displayName: 'Deploy website to ASWA'
+          inputs:
+            skip_app_build: true # site was built in previous stage
+            skip_api_build: true # api is written in js, no build needed
+            cwd: $(Build.SourcesDirectory)
+            app_location: 'docs/build'
+            api_location: 'docs/api'
+            output_location: ''
+            azure_static_web_apps_api_token: '${{ variables.deploymentToken }}'