Use shared GitHub and ADO pipelines (#129)

2023-05-31 12:25:40 -04:00 · 2023-05-31 12:25:40 -04:00 · 50630ad7f0
--- a/.azure-pipelines/after-all.yml
+++ b/.azure-pipelines/after-all.yml
@ -1,6 +0,0 @@
 steps:
  - task: ComponentGovernanceComponentDetection@0
    displayName: 'Component Detection'
    condition: ne(variables['System.PullRequest.IsFork'], 'True')
  - template: compliance/compliance.yml
--- a/.azure-pipelines/before-all.yml
+++ b/.azure-pipelines/before-all.yml
@ -1,5 +0,0 @@
 steps:
  - task: NodeTool@0
    displayName: 'Use Node 16.x'
    inputs:
      versionSpec: 16.x
--- a/.azure-pipelines/compliance/CredScanSuppressions.json
+++ b/.azure-pipelines/compliance/CredScanSuppressions.json
@ -1,9 +1,5 @@
 // More info at https://eng.ms/docs/microsoft-security/security/azure-security/cloudai-security-fundamentals-engineering/cred-bot-trinity/credential-risk-exposure-defense/troubleshoot_guides/local-suppressions
 {
    "tool": "Credential Scanner",
-    "suppressions": [
+    "suppressions": []
        {
            "file": "node_modules\\enquirer\\README.md",
            "_justification": "No need to scan external node modules."
        }
    ]
 }
--- a/.azure-pipelines/compliance/PoliCheckExclusions.xml
+++ b/.azure-pipelines/compliance/PoliCheckExclusions.xml
@ -1,10 +1,11 @@
 <PoliCheckExclusions>
    <!-- More info at https://eng.ms/docs/microsoft-security/security/azure-security/cloudai-security-fundamentals-engineering/security-integration/guardian-wiki/sdl-azdo-extension/policheck-build-task#excluding-files-or-folders-from-the-policheck-scan -->
    <!--Each of these exclusions is a folder name -if \[name]\exists in the file path, it will be skipped -->
-    <Exclusion Type="FolderPathFull">NODE_MODULES|BACKUPTEMPLATES</Exclusion>
+    <Exclusion Type="FolderPathFull">NODE_MODULES|BACKUPTEMPLATES|.VSCODE-TEST|DIST</Exclusion>
    <!--Each of these exclusions is a folder name -if any folder or file starts with "\[name]", it will be skipped -->
    <!--<Exclusion Type="FolderPathStart">ABC|XYZ</Exclusion>-->
    <!--Each of these file types will be completely skipped for the entire scan -->
    <!--<Exclusion Type="FileType">.ABC|.XYZ</Exclusion>-->
    <!--The specified file names will be skipped during the scan regardless which folder they are in -->
-    <!--<Exclusion Type="FileName">ABC.TXT|XYZ.CS</Exclusion>-->
+    <Exclusion Type="FileName">NOTICE.HTML</Exclusion>
 </PoliCheckExclusions>
--- a/.azure-pipelines/compliance/compliance.yml
+++ b/.azure-pipelines/compliance/compliance.yml
@ -1,48 +0,0 @@
 steps:
  - task: securedevelopmentteam.vss-secure-development-tools.build-task-antimalware.AntiMalware@3
    displayName: 'AntiMalware Scanner'
    inputs:
      FileDirPath: '$(Build.SourcesDirectory)'
      EnableServices: true
    condition: and(ne(variables['System.PullRequest.IsFork'], 'True'), eq(variables['Agent.OS'], 'Windows_NT'), in(variables['Build.Reason'], 'Manual', 'Schedule')) # Only on scheduled and manual builds because it is slow
  - task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@1
    displayName: 'Run PoliCheck'
    inputs:
      targetType: F # search files and folders
      optionsUEPATH: '$(Build.SourcesDirectory)/.azure-pipelines/compliance/PoliCheckExclusions.xml'
    continueOnError: true
    condition: and(ne(variables['System.PullRequest.IsFork'], 'True'), eq(variables['Agent.OS'], 'Windows_NT'), in(variables['Build.Reason'], 'Manual', 'Schedule')) # Only on scheduled and manual builds because it is slow
  - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
    displayName: 'Run CredScan'
    inputs:
      toolMajorVersion: V2
      suppressionsFile: '$(Build.SourcesDirectory)/.azure-pipelines/compliance/CredScanSuppressions.json'
    continueOnError: true
    condition: and(ne(variables['System.PullRequest.IsFork'], 'True'), eq(variables['Agent.OS'], 'Windows_NT'), in(variables['Build.Reason'], 'Manual', 'Schedule')) # Only on scheduled and manual builds because it is slow
  - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2
    displayName: 'Publish Security Analysis Logs'
    condition: and(ne(variables['System.PullRequest.IsFork'], 'True'), eq(variables['Agent.OS'], 'Windows_NT'), in(variables['Build.Reason'], 'Manual', 'Schedule'))
  - task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@1
    displayName: 'Post Analysis'
    inputs:
      AllTools: false
      CredScan: true
      PoliCheck: true
    condition: and(ne(variables['System.PullRequest.IsFork'], 'True'), eq(variables['Agent.OS'], 'Windows_NT'), in(variables['Build.Reason'], 'Manual', 'Schedule'))
  - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
    displayName: 'SBoM Generation Task'
    inputs:
      BuildDropPath: '$(build.artifactstagingdirectory)'
    condition: and(ne(variables['System.PullRequest.IsFork'], 'True'), eq(variables['Agent.OS'], 'Linux'), in(variables['Build.Reason'], 'Manual', 'Schedule')) # Only on scheduled and manual builds because it is slow
  - task: PublishBuildArtifacts@1
    displayName: 'Publish SBoM'
    inputs:
      PathtoPublish: '$(build.artifactstagingdirectory)/_manifest'
      ArtifactName: '_manifest'
    condition: and(ne(variables['System.PullRequest.IsFork'], 'True'), eq(variables['Agent.OS'], 'Linux'), in(variables['Build.Reason'], 'Manual', 'Schedule'))
--- a/.azure-pipelines/job-steps.yml
+++ b/.azure-pipelines/job-steps.yml
@ -1,42 +0,0 @@
 steps:
  - template: before-all.yml
  - task: Npm@1
    displayName: 'Install'
    inputs:
      command: ci
  - task: Npm@1
    displayName: 'Lint'
    inputs:
      command: custom
      customCommand: run lint
  - task: Npm@1
    displayName: 'Test'
    inputs:
      command: custom
      customCommand: test
  - task: Npm@1
    displayName: 'Pack'
    inputs:
      command: custom
      customCommand: pack
    condition: and(eq(variables['Agent.OS'], 'Linux'), ne(variables['System.PullRequest.IsFork'], 'True'))
  - task: CopyFiles@2
    displayName: 'Copy Package'
    inputs:
      Contents: 'microsoft-compose-language-service*.tgz'
      TargetFolder: '$(build.artifactstagingdirectory)'
    condition: and(eq(variables['Agent.OS'], 'Linux'), ne(variables['System.PullRequest.IsFork'], 'True'))
  - task: PublishBuildArtifacts@1
    displayName: 'Publish Package'
    inputs:
      PathtoPublish: '$(build.artifactstagingdirectory)'
      ArtifactName: 'microsoft-compose-language-service'
    condition: and(eq(variables['Agent.OS'], 'Linux'), ne(variables['System.PullRequest.IsFork'], 'True'))
  - template: after-all.yml
--- a/.azure-pipelines/main.yml
+++ b/.azure-pipelines/main.yml
@ -1,32 +1,26 @@
-jobs:
+# Trigger the build whenever `main` or `rel/*` is updated
  - job: Windows
    pool:
      vmImage: windows-latest
    steps:
      - template: job-steps.yml
  - job: Linux
    pool:
      vmImage: ubuntu-latest
    steps:
      - template: job-steps.yml
    variables:
      Codeql.Enabled: $[in(variables['Build.Reason'], 'Schedule')] # Enable CodeQL only on scheduled builds because it is slow
 trigger:
  branches:
    include:
      - '*'
 pr:
  branches:
    include:
  - main
  - rel/*
 # Scheduled nightly build
 schedules:
  - cron: "0 0 * * *"
-    displayName: Daily midnight build
+    displayName: Nightly scheduled build
    always: false # Don't rebuild if there haven't been changes
    branches:
      include:
        - main
-    always: false
+
 # Grab the base templates from https://github.com/microsoft/vscode-azuretools/tree/main/azure-pipelines
 resources:
  repositories:
    - repository: templates
      type: github
      name: microsoft/vscode-azuretools
      ref: main
      endpoint: GitHub
 # Use those templates
 extends:
  template: azure-pipelines/jobs.yml@templates
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@ -0,0 +1,22 @@
 name: Node PR Lint, Build and Test
 on:
  # Trigger when manually run
  workflow_dispatch:
  # Trigger on pushes to `main` or `rel/*`
  push:
    branches:
      - main
      - rel/*
  # Trigger on pull requests to `main` or `rel/*`
  pull_request:
    branches:
      - main
      - rel/*
 jobs:
  Build:
    # Use template from https://github.com/microsoft/vscode-azuretools/tree/main/.github/workflows
    uses: microsoft/vscode-azuretools/.github/workflows/jobs.yml@main
--- a/.github/workflows/node.js.yml
+++ b/.github/workflows/node.js.yml
@ -1,31 +0,0 @@
 # This workflow will do a clean install of node dependencies, build the source code and run tests across different versions of node
 # For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
 name: Node CI Build and Test
 on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]
 jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        node-version: [16.x]
        # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
    steps:
    - uses: actions/checkout@v2
    - name: Use Node.js ${{ matrix.node-version }}
      uses: actions/setup-node@v2
      with:
        node-version: ${{ matrix.node-version }}
    - run: npm ci
    - run: npm run build --if-present
    - run: npm test
    - run: npm run lint
--- a/.github/workflows/npm-publish.yml
+++ b/.github/workflows/npm-publish.yml
@ -16,6 +16,7 @@ jobs:
        with:
          node-version: 16
      - run: npm ci
      - run: npm build
      - run: npm test
  publish-npm:
@ -28,6 +29,7 @@ jobs:
          node-version: 16
          registry-url: https://registry.npmjs.org/
      - run: npm ci
      - run: npm build
      - run: npm publish
        env:
          NODE_AUTH_TOKEN: ${{secrets.npm_token}}
@ -45,6 +47,7 @@ jobs:
          node-version: 16
          registry-url: https://npm.pkg.github.com/
      - run: npm ci
      - run: npm build
      - run: npm publish
        env:
          NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
--- a/.nvmrc
+++ b/.nvmrc
@ -0,0 +1 @@
 16.17
--- a/package.json
+++ b/package.json
@ -26,8 +26,7 @@
        "lint": "eslint --max-warnings 0 src --ext ts",
        "test": "mocha --file lib/test/global.test.js --recursive lib/test",
        "unittest": "npm test -- --grep /unit/i",
-        "pretest": "npm run build",
+        "package": "npm pack"
        "prepack": "npm run build"
    },
    "devDependencies": {
        "@types/chai": "^4.3.0",