Use shared GitHub and ADO pipelines (#129)
This commit is contained in:
Родитель
4c0e428354
Коммит
50630ad7f0
|
@ -1,6 +0,0 @@
|
|||
steps:
|
||||
- task: ComponentGovernanceComponentDetection@0
|
||||
displayName: 'Component Detection'
|
||||
condition: ne(variables['System.PullRequest.IsFork'], 'True')
|
||||
|
||||
- template: compliance/compliance.yml
|
|
@ -1,5 +0,0 @@
|
|||
steps:
|
||||
- task: NodeTool@0
|
||||
displayName: 'Use Node 16.x'
|
||||
inputs:
|
||||
versionSpec: 16.x
|
|
@ -1,9 +1,5 @@
|
|||
// More info at https://eng.ms/docs/microsoft-security/security/azure-security/cloudai-security-fundamentals-engineering/cred-bot-trinity/credential-risk-exposure-defense/troubleshoot_guides/local-suppressions
|
||||
{
|
||||
"tool": "Credential Scanner",
|
||||
"suppressions": [
|
||||
{
|
||||
"file": "node_modules\\enquirer\\README.md",
|
||||
"_justification": "No need to scan external node modules."
|
||||
}
|
||||
]
|
||||
"suppressions": []
|
||||
}
|
||||
|
|
|
@ -1,10 +1,11 @@
|
|||
<PoliCheckExclusions>
|
||||
<!-- More info at https://eng.ms/docs/microsoft-security/security/azure-security/cloudai-security-fundamentals-engineering/security-integration/guardian-wiki/sdl-azdo-extension/policheck-build-task#excluding-files-or-folders-from-the-policheck-scan -->
|
||||
<!--Each of these exclusions is a folder name -if \[name]\exists in the file path, it will be skipped -->
|
||||
<Exclusion Type="FolderPathFull">NODE_MODULES|BACKUPTEMPLATES</Exclusion>
|
||||
<Exclusion Type="FolderPathFull">NODE_MODULES|BACKUPTEMPLATES|.VSCODE-TEST|DIST</Exclusion>
|
||||
<!--Each of these exclusions is a folder name -if any folder or file starts with "\[name]", it will be skipped -->
|
||||
<!--<Exclusion Type="FolderPathStart">ABC|XYZ</Exclusion>-->
|
||||
<!--Each of these file types will be completely skipped for the entire scan -->
|
||||
<!--<Exclusion Type="FileType">.ABC|.XYZ</Exclusion>-->
|
||||
<!--The specified file names will be skipped during the scan regardless which folder they are in -->
|
||||
<!--<Exclusion Type="FileName">ABC.TXT|XYZ.CS</Exclusion>-->
|
||||
<Exclusion Type="FileName">NOTICE.HTML</Exclusion>
|
||||
</PoliCheckExclusions>
|
||||
|
|
|
@ -1,48 +0,0 @@
|
|||
steps:
|
||||
- task: securedevelopmentteam.vss-secure-development-tools.build-task-antimalware.AntiMalware@3
|
||||
displayName: 'AntiMalware Scanner'
|
||||
inputs:
|
||||
FileDirPath: '$(Build.SourcesDirectory)'
|
||||
EnableServices: true
|
||||
condition: and(ne(variables['System.PullRequest.IsFork'], 'True'), eq(variables['Agent.OS'], 'Windows_NT'), in(variables['Build.Reason'], 'Manual', 'Schedule')) # Only on scheduled and manual builds because it is slow
|
||||
|
||||
- task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@1
|
||||
displayName: 'Run PoliCheck'
|
||||
inputs:
|
||||
targetType: F # search files and folders
|
||||
optionsUEPATH: '$(Build.SourcesDirectory)/.azure-pipelines/compliance/PoliCheckExclusions.xml'
|
||||
continueOnError: true
|
||||
condition: and(ne(variables['System.PullRequest.IsFork'], 'True'), eq(variables['Agent.OS'], 'Windows_NT'), in(variables['Build.Reason'], 'Manual', 'Schedule')) # Only on scheduled and manual builds because it is slow
|
||||
|
||||
- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
|
||||
displayName: 'Run CredScan'
|
||||
inputs:
|
||||
toolMajorVersion: V2
|
||||
suppressionsFile: '$(Build.SourcesDirectory)/.azure-pipelines/compliance/CredScanSuppressions.json'
|
||||
continueOnError: true
|
||||
condition: and(ne(variables['System.PullRequest.IsFork'], 'True'), eq(variables['Agent.OS'], 'Windows_NT'), in(variables['Build.Reason'], 'Manual', 'Schedule')) # Only on scheduled and manual builds because it is slow
|
||||
|
||||
- task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2
|
||||
displayName: 'Publish Security Analysis Logs'
|
||||
condition: and(ne(variables['System.PullRequest.IsFork'], 'True'), eq(variables['Agent.OS'], 'Windows_NT'), in(variables['Build.Reason'], 'Manual', 'Schedule'))
|
||||
|
||||
- task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@1
|
||||
displayName: 'Post Analysis'
|
||||
inputs:
|
||||
AllTools: false
|
||||
CredScan: true
|
||||
PoliCheck: true
|
||||
condition: and(ne(variables['System.PullRequest.IsFork'], 'True'), eq(variables['Agent.OS'], 'Windows_NT'), in(variables['Build.Reason'], 'Manual', 'Schedule'))
|
||||
|
||||
- task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
|
||||
displayName: 'SBoM Generation Task'
|
||||
inputs:
|
||||
BuildDropPath: '$(build.artifactstagingdirectory)'
|
||||
condition: and(ne(variables['System.PullRequest.IsFork'], 'True'), eq(variables['Agent.OS'], 'Linux'), in(variables['Build.Reason'], 'Manual', 'Schedule')) # Only on scheduled and manual builds because it is slow
|
||||
|
||||
- task: PublishBuildArtifacts@1
|
||||
displayName: 'Publish SBoM'
|
||||
inputs:
|
||||
PathtoPublish: '$(build.artifactstagingdirectory)/_manifest'
|
||||
ArtifactName: '_manifest'
|
||||
condition: and(ne(variables['System.PullRequest.IsFork'], 'True'), eq(variables['Agent.OS'], 'Linux'), in(variables['Build.Reason'], 'Manual', 'Schedule'))
|
|
@ -1,42 +0,0 @@
|
|||
steps:
|
||||
- template: before-all.yml
|
||||
|
||||
- task: Npm@1
|
||||
displayName: 'Install'
|
||||
inputs:
|
||||
command: ci
|
||||
|
||||
- task: Npm@1
|
||||
displayName: 'Lint'
|
||||
inputs:
|
||||
command: custom
|
||||
customCommand: run lint
|
||||
|
||||
- task: Npm@1
|
||||
displayName: 'Test'
|
||||
inputs:
|
||||
command: custom
|
||||
customCommand: test
|
||||
|
||||
- task: Npm@1
|
||||
displayName: 'Pack'
|
||||
inputs:
|
||||
command: custom
|
||||
customCommand: pack
|
||||
condition: and(eq(variables['Agent.OS'], 'Linux'), ne(variables['System.PullRequest.IsFork'], 'True'))
|
||||
|
||||
- task: CopyFiles@2
|
||||
displayName: 'Copy Package'
|
||||
inputs:
|
||||
Contents: 'microsoft-compose-language-service*.tgz'
|
||||
TargetFolder: '$(build.artifactstagingdirectory)'
|
||||
condition: and(eq(variables['Agent.OS'], 'Linux'), ne(variables['System.PullRequest.IsFork'], 'True'))
|
||||
|
||||
- task: PublishBuildArtifacts@1
|
||||
displayName: 'Publish Package'
|
||||
inputs:
|
||||
PathtoPublish: '$(build.artifactstagingdirectory)'
|
||||
ArtifactName: 'microsoft-compose-language-service'
|
||||
condition: and(eq(variables['Agent.OS'], 'Linux'), ne(variables['System.PullRequest.IsFork'], 'True'))
|
||||
|
||||
- template: after-all.yml
|
|
@ -1,32 +1,26 @@
|
|||
jobs:
|
||||
- job: Windows
|
||||
pool:
|
||||
vmImage: windows-latest
|
||||
steps:
|
||||
- template: job-steps.yml
|
||||
|
||||
- job: Linux
|
||||
pool:
|
||||
vmImage: ubuntu-latest
|
||||
steps:
|
||||
- template: job-steps.yml
|
||||
variables:
|
||||
Codeql.Enabled: $[in(variables['Build.Reason'], 'Schedule')] # Enable CodeQL only on scheduled builds because it is slow
|
||||
|
||||
# Trigger the build whenever `main` or `rel/*` is updated
|
||||
trigger:
|
||||
branches:
|
||||
include:
|
||||
- '*'
|
||||
|
||||
pr:
|
||||
branches:
|
||||
include:
|
||||
- main
|
||||
- main
|
||||
- rel/*
|
||||
|
||||
# Scheduled nightly build
|
||||
schedules:
|
||||
- cron: "0 0 * * *"
|
||||
displayName: Daily midnight build
|
||||
displayName: Nightly scheduled build
|
||||
always: false # Don't rebuild if there haven't been changes
|
||||
branches:
|
||||
include:
|
||||
- main
|
||||
always: false
|
||||
|
||||
# Grab the base templates from https://github.com/microsoft/vscode-azuretools/tree/main/azure-pipelines
|
||||
resources:
|
||||
repositories:
|
||||
- repository: templates
|
||||
type: github
|
||||
name: microsoft/vscode-azuretools
|
||||
ref: main
|
||||
endpoint: GitHub
|
||||
|
||||
# Use those templates
|
||||
extends:
|
||||
template: azure-pipelines/jobs.yml@templates
|
||||
|
|
|
@ -0,0 +1,22 @@
|
|||
name: Node PR Lint, Build and Test
|
||||
|
||||
on:
|
||||
# Trigger when manually run
|
||||
workflow_dispatch:
|
||||
|
||||
# Trigger on pushes to `main` or `rel/*`
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
- rel/*
|
||||
|
||||
# Trigger on pull requests to `main` or `rel/*`
|
||||
pull_request:
|
||||
branches:
|
||||
- main
|
||||
- rel/*
|
||||
|
||||
jobs:
|
||||
Build:
|
||||
# Use template from https://github.com/microsoft/vscode-azuretools/tree/main/.github/workflows
|
||||
uses: microsoft/vscode-azuretools/.github/workflows/jobs.yml@main
|
|
@ -1,31 +0,0 @@
|
|||
# This workflow will do a clean install of node dependencies, build the source code and run tests across different versions of node
|
||||
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
|
||||
|
||||
name: Node CI Build and Test
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ main ]
|
||||
pull_request:
|
||||
branches: [ main ]
|
||||
|
||||
jobs:
|
||||
build:
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
strategy:
|
||||
matrix:
|
||||
node-version: [16.x]
|
||||
# See supported Node.js release schedule at https://nodejs.org/en/about/releases/
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Use Node.js ${{ matrix.node-version }}
|
||||
uses: actions/setup-node@v2
|
||||
with:
|
||||
node-version: ${{ matrix.node-version }}
|
||||
- run: npm ci
|
||||
- run: npm run build --if-present
|
||||
- run: npm test
|
||||
- run: npm run lint
|
|
@ -16,6 +16,7 @@ jobs:
|
|||
with:
|
||||
node-version: 16
|
||||
- run: npm ci
|
||||
- run: npm build
|
||||
- run: npm test
|
||||
|
||||
publish-npm:
|
||||
|
@ -28,6 +29,7 @@ jobs:
|
|||
node-version: 16
|
||||
registry-url: https://registry.npmjs.org/
|
||||
- run: npm ci
|
||||
- run: npm build
|
||||
- run: npm publish
|
||||
env:
|
||||
NODE_AUTH_TOKEN: ${{secrets.npm_token}}
|
||||
|
@ -45,6 +47,7 @@ jobs:
|
|||
node-version: 16
|
||||
registry-url: https://npm.pkg.github.com/
|
||||
- run: npm ci
|
||||
- run: npm build
|
||||
- run: npm publish
|
||||
env:
|
||||
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
16.17
|
|
@ -26,8 +26,7 @@
|
|||
"lint": "eslint --max-warnings 0 src --ext ts",
|
||||
"test": "mocha --file lib/test/global.test.js --recursive lib/test",
|
||||
"unittest": "npm test -- --grep /unit/i",
|
||||
"pretest": "npm run build",
|
||||
"prepack": "npm run build"
|
||||
"package": "npm pack"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@types/chai": "^4.3.0",
|
||||
|
|
Загрузка…
Ссылка в новой задаче