Use shared GitHub and ADO pipelines (#129)
This commit is contained in:
Родитель
4c0e428354
Коммит
50630ad7f0
|
@ -1,6 +0,0 @@
|
||||||
steps:
|
|
||||||
- task: ComponentGovernanceComponentDetection@0
|
|
||||||
displayName: 'Component Detection'
|
|
||||||
condition: ne(variables['System.PullRequest.IsFork'], 'True')
|
|
||||||
|
|
||||||
- template: compliance/compliance.yml
|
|
|
@ -1,5 +0,0 @@
|
||||||
steps:
|
|
||||||
- task: NodeTool@0
|
|
||||||
displayName: 'Use Node 16.x'
|
|
||||||
inputs:
|
|
||||||
versionSpec: 16.x
|
|
|
@ -1,9 +1,5 @@
|
||||||
|
// More info at https://eng.ms/docs/microsoft-security/security/azure-security/cloudai-security-fundamentals-engineering/cred-bot-trinity/credential-risk-exposure-defense/troubleshoot_guides/local-suppressions
|
||||||
{
|
{
|
||||||
"tool": "Credential Scanner",
|
"tool": "Credential Scanner",
|
||||||
"suppressions": [
|
"suppressions": []
|
||||||
{
|
|
||||||
"file": "node_modules\\enquirer\\README.md",
|
|
||||||
"_justification": "No need to scan external node modules."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,10 +1,11 @@
|
||||||
<PoliCheckExclusions>
|
<PoliCheckExclusions>
|
||||||
|
<!-- More info at https://eng.ms/docs/microsoft-security/security/azure-security/cloudai-security-fundamentals-engineering/security-integration/guardian-wiki/sdl-azdo-extension/policheck-build-task#excluding-files-or-folders-from-the-policheck-scan -->
|
||||||
<!--Each of these exclusions is a folder name -if \[name]\exists in the file path, it will be skipped -->
|
<!--Each of these exclusions is a folder name -if \[name]\exists in the file path, it will be skipped -->
|
||||||
<Exclusion Type="FolderPathFull">NODE_MODULES|BACKUPTEMPLATES</Exclusion>
|
<Exclusion Type="FolderPathFull">NODE_MODULES|BACKUPTEMPLATES|.VSCODE-TEST|DIST</Exclusion>
|
||||||
<!--Each of these exclusions is a folder name -if any folder or file starts with "\[name]", it will be skipped -->
|
<!--Each of these exclusions is a folder name -if any folder or file starts with "\[name]", it will be skipped -->
|
||||||
<!--<Exclusion Type="FolderPathStart">ABC|XYZ</Exclusion>-->
|
<!--<Exclusion Type="FolderPathStart">ABC|XYZ</Exclusion>-->
|
||||||
<!--Each of these file types will be completely skipped for the entire scan -->
|
<!--Each of these file types will be completely skipped for the entire scan -->
|
||||||
<!--<Exclusion Type="FileType">.ABC|.XYZ</Exclusion>-->
|
<!--<Exclusion Type="FileType">.ABC|.XYZ</Exclusion>-->
|
||||||
<!--The specified file names will be skipped during the scan regardless which folder they are in -->
|
<!--The specified file names will be skipped during the scan regardless which folder they are in -->
|
||||||
<!--<Exclusion Type="FileName">ABC.TXT|XYZ.CS</Exclusion>-->
|
<Exclusion Type="FileName">NOTICE.HTML</Exclusion>
|
||||||
</PoliCheckExclusions>
|
</PoliCheckExclusions>
|
||||||
|
|
|
@ -1,48 +0,0 @@
|
||||||
steps:
|
|
||||||
- task: securedevelopmentteam.vss-secure-development-tools.build-task-antimalware.AntiMalware@3
|
|
||||||
displayName: 'AntiMalware Scanner'
|
|
||||||
inputs:
|
|
||||||
FileDirPath: '$(Build.SourcesDirectory)'
|
|
||||||
EnableServices: true
|
|
||||||
condition: and(ne(variables['System.PullRequest.IsFork'], 'True'), eq(variables['Agent.OS'], 'Windows_NT'), in(variables['Build.Reason'], 'Manual', 'Schedule')) # Only on scheduled and manual builds because it is slow
|
|
||||||
|
|
||||||
- task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@1
|
|
||||||
displayName: 'Run PoliCheck'
|
|
||||||
inputs:
|
|
||||||
targetType: F # search files and folders
|
|
||||||
optionsUEPATH: '$(Build.SourcesDirectory)/.azure-pipelines/compliance/PoliCheckExclusions.xml'
|
|
||||||
continueOnError: true
|
|
||||||
condition: and(ne(variables['System.PullRequest.IsFork'], 'True'), eq(variables['Agent.OS'], 'Windows_NT'), in(variables['Build.Reason'], 'Manual', 'Schedule')) # Only on scheduled and manual builds because it is slow
|
|
||||||
|
|
||||||
- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
|
|
||||||
displayName: 'Run CredScan'
|
|
||||||
inputs:
|
|
||||||
toolMajorVersion: V2
|
|
||||||
suppressionsFile: '$(Build.SourcesDirectory)/.azure-pipelines/compliance/CredScanSuppressions.json'
|
|
||||||
continueOnError: true
|
|
||||||
condition: and(ne(variables['System.PullRequest.IsFork'], 'True'), eq(variables['Agent.OS'], 'Windows_NT'), in(variables['Build.Reason'], 'Manual', 'Schedule')) # Only on scheduled and manual builds because it is slow
|
|
||||||
|
|
||||||
- task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2
|
|
||||||
displayName: 'Publish Security Analysis Logs'
|
|
||||||
condition: and(ne(variables['System.PullRequest.IsFork'], 'True'), eq(variables['Agent.OS'], 'Windows_NT'), in(variables['Build.Reason'], 'Manual', 'Schedule'))
|
|
||||||
|
|
||||||
- task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@1
|
|
||||||
displayName: 'Post Analysis'
|
|
||||||
inputs:
|
|
||||||
AllTools: false
|
|
||||||
CredScan: true
|
|
||||||
PoliCheck: true
|
|
||||||
condition: and(ne(variables['System.PullRequest.IsFork'], 'True'), eq(variables['Agent.OS'], 'Windows_NT'), in(variables['Build.Reason'], 'Manual', 'Schedule'))
|
|
||||||
|
|
||||||
- task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
|
|
||||||
displayName: 'SBoM Generation Task'
|
|
||||||
inputs:
|
|
||||||
BuildDropPath: '$(build.artifactstagingdirectory)'
|
|
||||||
condition: and(ne(variables['System.PullRequest.IsFork'], 'True'), eq(variables['Agent.OS'], 'Linux'), in(variables['Build.Reason'], 'Manual', 'Schedule')) # Only on scheduled and manual builds because it is slow
|
|
||||||
|
|
||||||
- task: PublishBuildArtifacts@1
|
|
||||||
displayName: 'Publish SBoM'
|
|
||||||
inputs:
|
|
||||||
PathtoPublish: '$(build.artifactstagingdirectory)/_manifest'
|
|
||||||
ArtifactName: '_manifest'
|
|
||||||
condition: and(ne(variables['System.PullRequest.IsFork'], 'True'), eq(variables['Agent.OS'], 'Linux'), in(variables['Build.Reason'], 'Manual', 'Schedule'))
|
|
|
@ -1,42 +0,0 @@
|
||||||
steps:
|
|
||||||
- template: before-all.yml
|
|
||||||
|
|
||||||
- task: Npm@1
|
|
||||||
displayName: 'Install'
|
|
||||||
inputs:
|
|
||||||
command: ci
|
|
||||||
|
|
||||||
- task: Npm@1
|
|
||||||
displayName: 'Lint'
|
|
||||||
inputs:
|
|
||||||
command: custom
|
|
||||||
customCommand: run lint
|
|
||||||
|
|
||||||
- task: Npm@1
|
|
||||||
displayName: 'Test'
|
|
||||||
inputs:
|
|
||||||
command: custom
|
|
||||||
customCommand: test
|
|
||||||
|
|
||||||
- task: Npm@1
|
|
||||||
displayName: 'Pack'
|
|
||||||
inputs:
|
|
||||||
command: custom
|
|
||||||
customCommand: pack
|
|
||||||
condition: and(eq(variables['Agent.OS'], 'Linux'), ne(variables['System.PullRequest.IsFork'], 'True'))
|
|
||||||
|
|
||||||
- task: CopyFiles@2
|
|
||||||
displayName: 'Copy Package'
|
|
||||||
inputs:
|
|
||||||
Contents: 'microsoft-compose-language-service*.tgz'
|
|
||||||
TargetFolder: '$(build.artifactstagingdirectory)'
|
|
||||||
condition: and(eq(variables['Agent.OS'], 'Linux'), ne(variables['System.PullRequest.IsFork'], 'True'))
|
|
||||||
|
|
||||||
- task: PublishBuildArtifacts@1
|
|
||||||
displayName: 'Publish Package'
|
|
||||||
inputs:
|
|
||||||
PathtoPublish: '$(build.artifactstagingdirectory)'
|
|
||||||
ArtifactName: 'microsoft-compose-language-service'
|
|
||||||
condition: and(eq(variables['Agent.OS'], 'Linux'), ne(variables['System.PullRequest.IsFork'], 'True'))
|
|
||||||
|
|
||||||
- template: after-all.yml
|
|
|
@ -1,32 +1,26 @@
|
||||||
jobs:
|
# Trigger the build whenever `main` or `rel/*` is updated
|
||||||
- job: Windows
|
|
||||||
pool:
|
|
||||||
vmImage: windows-latest
|
|
||||||
steps:
|
|
||||||
- template: job-steps.yml
|
|
||||||
|
|
||||||
- job: Linux
|
|
||||||
pool:
|
|
||||||
vmImage: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- template: job-steps.yml
|
|
||||||
variables:
|
|
||||||
Codeql.Enabled: $[in(variables['Build.Reason'], 'Schedule')] # Enable CodeQL only on scheduled builds because it is slow
|
|
||||||
|
|
||||||
trigger:
|
trigger:
|
||||||
branches:
|
- main
|
||||||
include:
|
- rel/*
|
||||||
- '*'
|
|
||||||
|
|
||||||
pr:
|
|
||||||
branches:
|
|
||||||
include:
|
|
||||||
- main
|
|
||||||
|
|
||||||
|
# Scheduled nightly build
|
||||||
schedules:
|
schedules:
|
||||||
- cron: "0 0 * * *"
|
- cron: "0 0 * * *"
|
||||||
displayName: Daily midnight build
|
displayName: Nightly scheduled build
|
||||||
|
always: false # Don't rebuild if there haven't been changes
|
||||||
branches:
|
branches:
|
||||||
include:
|
include:
|
||||||
- main
|
- main
|
||||||
always: false
|
|
||||||
|
# Grab the base templates from https://github.com/microsoft/vscode-azuretools/tree/main/azure-pipelines
|
||||||
|
resources:
|
||||||
|
repositories:
|
||||||
|
- repository: templates
|
||||||
|
type: github
|
||||||
|
name: microsoft/vscode-azuretools
|
||||||
|
ref: main
|
||||||
|
endpoint: GitHub
|
||||||
|
|
||||||
|
# Use those templates
|
||||||
|
extends:
|
||||||
|
template: azure-pipelines/jobs.yml@templates
|
||||||
|
|
|
@ -0,0 +1,22 @@
|
||||||
|
name: Node PR Lint, Build and Test
|
||||||
|
|
||||||
|
on:
|
||||||
|
# Trigger when manually run
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
# Trigger on pushes to `main` or `rel/*`
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- main
|
||||||
|
- rel/*
|
||||||
|
|
||||||
|
# Trigger on pull requests to `main` or `rel/*`
|
||||||
|
pull_request:
|
||||||
|
branches:
|
||||||
|
- main
|
||||||
|
- rel/*
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
Build:
|
||||||
|
# Use template from https://github.com/microsoft/vscode-azuretools/tree/main/.github/workflows
|
||||||
|
uses: microsoft/vscode-azuretools/.github/workflows/jobs.yml@main
|
|
@ -1,31 +0,0 @@
|
||||||
# This workflow will do a clean install of node dependencies, build the source code and run tests across different versions of node
|
|
||||||
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
|
|
||||||
|
|
||||||
name: Node CI Build and Test
|
|
||||||
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
branches: [ main ]
|
|
||||||
pull_request:
|
|
||||||
branches: [ main ]
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
build:
|
|
||||||
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
strategy:
|
|
||||||
matrix:
|
|
||||||
node-version: [16.x]
|
|
||||||
# See supported Node.js release schedule at https://nodejs.org/en/about/releases/
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v2
|
|
||||||
- name: Use Node.js ${{ matrix.node-version }}
|
|
||||||
uses: actions/setup-node@v2
|
|
||||||
with:
|
|
||||||
node-version: ${{ matrix.node-version }}
|
|
||||||
- run: npm ci
|
|
||||||
- run: npm run build --if-present
|
|
||||||
- run: npm test
|
|
||||||
- run: npm run lint
|
|
|
@ -16,6 +16,7 @@ jobs:
|
||||||
with:
|
with:
|
||||||
node-version: 16
|
node-version: 16
|
||||||
- run: npm ci
|
- run: npm ci
|
||||||
|
- run: npm build
|
||||||
- run: npm test
|
- run: npm test
|
||||||
|
|
||||||
publish-npm:
|
publish-npm:
|
||||||
|
@ -28,6 +29,7 @@ jobs:
|
||||||
node-version: 16
|
node-version: 16
|
||||||
registry-url: https://registry.npmjs.org/
|
registry-url: https://registry.npmjs.org/
|
||||||
- run: npm ci
|
- run: npm ci
|
||||||
|
- run: npm build
|
||||||
- run: npm publish
|
- run: npm publish
|
||||||
env:
|
env:
|
||||||
NODE_AUTH_TOKEN: ${{secrets.npm_token}}
|
NODE_AUTH_TOKEN: ${{secrets.npm_token}}
|
||||||
|
@ -45,6 +47,7 @@ jobs:
|
||||||
node-version: 16
|
node-version: 16
|
||||||
registry-url: https://npm.pkg.github.com/
|
registry-url: https://npm.pkg.github.com/
|
||||||
- run: npm ci
|
- run: npm ci
|
||||||
|
- run: npm build
|
||||||
- run: npm publish
|
- run: npm publish
|
||||||
env:
|
env:
|
||||||
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
|
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
16.17
|
|
@ -26,8 +26,7 @@
|
||||||
"lint": "eslint --max-warnings 0 src --ext ts",
|
"lint": "eslint --max-warnings 0 src --ext ts",
|
||||||
"test": "mocha --file lib/test/global.test.js --recursive lib/test",
|
"test": "mocha --file lib/test/global.test.js --recursive lib/test",
|
||||||
"unittest": "npm test -- --grep /unit/i",
|
"unittest": "npm test -- --grep /unit/i",
|
||||||
"pretest": "npm run build",
|
"package": "npm pack"
|
||||||
"prepack": "npm run build"
|
|
||||||
},
|
},
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
"@types/chai": "^4.3.0",
|
"@types/chai": "^4.3.0",
|
||||||
|
|
Загрузка…
Ссылка в новой задаче