105 строки
3.5 KiB
YAML
105 строки
3.5 KiB
YAML
# A new tag is created when a GitHub release is published
|
|
trigger:
|
|
branches:
|
|
include:
|
|
- refs/tags/*
|
|
|
|
resources:
|
|
repositories:
|
|
- repository: 'component-detection'
|
|
type: github
|
|
endpoint: GitHub_OSE
|
|
name: microsoft/component-detection
|
|
- repository: 1ESPipelineTemplates
|
|
type: git
|
|
name: 1ESPipelineTemplates/1ESPipelineTemplates
|
|
ref: refs/tags/release
|
|
|
|
variables:
|
|
- name: RELEASE_TAG
|
|
value: ${{ replace(variables['Build.SourceBranch'], 'refs/tags/', '') }}
|
|
- name: COMPONENT_DETECTION_SLN
|
|
value: ./ComponentDetection.sln
|
|
- name: NUGET_PUSH_SERVICE_CONNECTION
|
|
value: '1ES-CG-Nuget-Push'
|
|
- name: PACKAGE_PUSH_MI_SERVICE_CONNECTION
|
|
value: 'ComponentGovernance msengMI'
|
|
|
|
extends:
|
|
template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
|
|
parameters:
|
|
pool:
|
|
name: '1ES-OSE-Pool'
|
|
os: linux
|
|
image: 1es-pt-ubuntu22.04
|
|
|
|
sdl:
|
|
sourceAnalysisPool:
|
|
name: 1ES-OSE-Pool
|
|
image: 1ES-OSE-Hosted-Pool-windows
|
|
os: windows
|
|
|
|
stages:
|
|
- stage: PublishCD
|
|
displayName: Publish Component Detection
|
|
|
|
jobs:
|
|
- job: build_push_cd
|
|
displayName: Build and push CD packages
|
|
|
|
steps:
|
|
- checkout: self
|
|
|
|
- task: UseDotNet@2
|
|
displayName: Install .NET
|
|
inputs:
|
|
packageType: 'sdk'
|
|
version: '6.0.x'
|
|
|
|
# https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/1es-security-configuration/configuration-guides/pat-burndown-guidance#workarounds-for-tasks-that-do-not-yet-support-wif-service-connection
|
|
- task: AzureCLI@2
|
|
displayName: Override Nuget PAT
|
|
inputs:
|
|
azureSubscription: $(PACKAGE_PUSH_MI_SERVICE_CONNECTION)
|
|
scriptType: 'pscore'
|
|
scriptLocation: 'inlineScript'
|
|
inlineScript: |
|
|
$accessToken = az account get-access-token --query accessToken --resource 499b84ac-1321-427f-aa17-267ca6975798 -o tsv
|
|
|
|
# Set the access token as a secret, so it doesn't get leaked in the logs
|
|
Write-Host "##vso[task.setsecret]$accessToken"
|
|
|
|
# Override the apitoken of the nuget service connection, for the duration of this stage
|
|
Write-Host "##vso[task.setendpoint id=$(NUGET_PUSH_SERVICE_CONNECTION);field=authParameter;key=apitoken]$accessToken"
|
|
|
|
- task: NuGetAuthenticate@1
|
|
displayName: Authenticate with Nuget
|
|
inputs:
|
|
nuGetServiceConnections: $(NUGET_PUSH_SERVICE_CONNECTION) # use the service connection who's apitoken was overridden
|
|
|
|
- task: DotNetCoreCLI@2
|
|
displayName: .NET Restore
|
|
inputs:
|
|
command: 'restore'
|
|
projects: $(COMPONENT_DETECTION_SLN)
|
|
feedsToUse: config
|
|
externalFeedCredentials: $(NUGET_PUSH_SERVICE_CONNECTION)
|
|
|
|
- task: DotNetCoreCLI@2
|
|
displayName: .NET Pack
|
|
env:
|
|
RELEASE_TAG: $(RELEASE_TAG)
|
|
inputs:
|
|
packagesToPack: '**/*.csproj'
|
|
configuration: 'Release'
|
|
packDirectory: '$(Build.ArtifactStagingDirectory)/out'
|
|
versioningScheme: byEnvVar
|
|
versionEnvVar: RELEASE_TAG
|
|
|
|
- task: DotNetCoreCLI@2
|
|
displayName: .NET Publish to Azure Artifacts
|
|
inputs:
|
|
packagesToPush: '$(Build.ArtifactStagingDirectory)/out/*.nupkg'
|
|
nugetFeedType: 'external'
|
|
externalEndPoint: $(NUGET_PUSH_SERVICE_CONNECTION)
|