microsoft
/
fluentui
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Enable 1ES PT to be compliant for all production pipelines (#29702)

This commit is contained in:
Danny van Velzen 2023-10-31 09:53:34 -07:00 коммит произвёл GitHub
Родитель 58c9eb6335
Коммит a6d0b972d6
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
12 изменённых файлов: 762 добавлений и 682 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

37
.devops/CredScanSuppressions.json Normal file
Просмотреть файл

@ -0,0 +1,37 @@
{
"tool": "Credential Scanner",
"suppressions": [
{
"file": ".git/config",
"_justification": "Standard token for CI pipeline"
},
{
"file": "node_modules/node-ipc/local-node-ipc-certs/private/oldclient.key",
"_justification": "External dependency node-ipc, not shipping these files"
},
{
"file": "node_modules/node-ipc/local-node-ipc-certs/private/server.key",
"_justification": "External dependency node-ipc, not shipping these files"
},
{
"file": "node_modules/node-ipc/local-node-ipc-certs/private/oldserver.key",
"_justification": "External dependency node-ipc, not shipping these files"
},
{
"file": "node_modules/node-ipc/local-node-ipc-certs/private/client.key",
"_justification": "External dependency node-ipc, not shipping these files"
},
{
"file": "node_modules/danger/node_modules/agent-base/test/ssl-cert-snakeoil.key",
"_justification": "External dependency danger has dependency agent-base with test certs, not shipping these files"
},
{
"file": "node_modules/danger/node_modules/http-proxy-agent/test/ssl-cert-snakeoil.key",
"_justification": "External dependency danger has dependency http-proxy-agent with test certs, not shipping these files"
},
{
"file": "node_modules/rollup-plugin-filesize/node_modules/node-gyp/test/fixtures/server.key",
"_justification": "External dependency rollup-plugin-filesize has dependency node-gyp with test certs, not shipping these files"
}
]
}

48
.devops/templates/build-test-lint.yml Normal file
Просмотреть файл

@ -0,0 +1,48 @@
steps:
- template: tools.yml
- task: Bash@3
inputs:
filePath: yarn-ci.sh
displayName: yarn (install packages)
- script: |
yarn nx run @fluentui/workspace-plugin:check-graph
yarn nx g @fluentui/workspace-plugin:tsconfig-base-all --verify
yarn nx g @fluentui/workspace-plugin:normalize-package-dependencies --verify
displayName: Workspace lint
- script: |
# @fluentui/api-docs is used within apps/public-docsite-resources/just.config.ts, thus it needs to be build in advance
yarn workspace @fluentui/api-docs build
# @fluentui/digest is used within packages/fluentui/perf-test-northstar/just.config.ts, thus it needs to be build in advance
yarn workspace @fluentui/digest build
yarn tsc -p ./tsconfig.json
displayName: Type-check just.config.ts files
- script: |
yarn check:installed-dependencies-versions
displayName: 'check packages: installed dependencies versions'
- script: |
if [[ -n "$(targetBranch)" ]]; then
yarn format --since $(targetBranch) --check
else
yarn format --all --check
fi
displayName: check formatting
## Danger.js checks for Fluent UI N*
- script: |
DANGER_DISABLE_TRANSPILATION="true" yarn danger ci
displayName: danger
condition: eq(variables.isPR, true)
env:
DANGER_GITHUB_API_TOKEN: $(DANGER_GITHUB_API_TOKEN)
- script: |
yarn buildci $(sinceArg)
displayName: build, test, lint, test-ssr
- template: cleanup.yml

50
.devops/templates/compliance-job.yml
Просмотреть файл

@ -1,50 +0,0 @@
# These steps have to run on a windows machine,
# and therefore unfortunately can't be integrated in the regular steps
jobs:
- job: compliance
displayName: Compliance checks
pool: uifabric-windows-2019-small
steps:
- task: UseDotNet@2
condition: succeededOrFailed()
displayName: 'Use .NET Core sdk 3.x'
inputs:
version: 3.x
steps:
- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3
condition: succeededOrFailed()
displayName: '🧭 Run Credential Scanner'
inputs:
debugMode: false
- task: securedevelopmentteam.vss-secure-development-tools.build-task-eslint.ESLint@1
condition: succeededOrFailed()
displayName: '🧭 Run ESLint'
- task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@3
displayName: '🧭 Publish Guardian Artifacts - All Tools'
inputs:
ArtifactType: M365
condition: succeededOrFailed()
- task: AssetRetention@3
displayName: 🧭 Arrow Retention
inputs:
ArrowServiceConnection: 'Arrow_uifabric_uifabric_PROD'
AssetGroupName: '$(System.TeamProject)_$(Build.DefinitionName)'
AssetNumber: '$(Build.BuildId)'
IsShipped: false
DropsToRetain: 'CodeAnalysisLogs'
condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/master'))
- task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2
displayName: '🧭 Guardian Break'
inputs:
GdnBreakPolicyMinSev: Warning
GdnBreakAllTools: true
GdnBreakGdnToolESLint: true
GdnBreakGdnToolESLintSeverity: Warning
GdnBreakPolicy: M365
condition: succeededOrFailed()

46
.devops/templates/deployE2E.yml Normal file
Просмотреть файл

@ -0,0 +1,46 @@
steps:
- template: tools.yml
- task: Bash@3
inputs:
filePath: yarn-ci.sh
displayName: yarn
# this also builds FUI N* docs if appropriate
- script: |
yarn bundle $(sinceArg)
displayName: bundle
- script: |
yarn lage build-storybook --verbose $(sinceArg)
displayName: build Storybooks
## This runs regardless of scope, the app will adapt to the scope as well
- script: |
yarn workspace @fluentui/pr-deploy-site generate:site
displayName: generate PR Deploy Site
- task: AzureUpload@2
displayName: Upload PR deploy site
inputs:
azureSubscription: $(azureSubscription)
BlobPrefix: $(deployBasePath)
ContainerName: '$web'
SourcePath: 'apps/pr-deploy-site/dist'
storage: $(azureStorage)
- task: GithubPRStatus@0
displayName: 'Update PR deploy site github status'
inputs:
githubOwner: microsoft
githubRepo: fluentui
githubContext: 'Pull request demo site'
githubDescription: 'Click "Details" to go to the deployed demo site for this pull request'
# This MUST have a trailing slash, or the links to PR deploy site assets won't work
githubTargetLink: $(deployUrl)/
- script: |
yarn e2e $(sinceArg)
displayName: Cypress E2E tests
- template: cleanup.yml

62
azure-pipelines-ci.yml Normal file
Просмотреть файл

@ -0,0 +1,62 @@
pr: none
trigger: none
variables:
- ${{ if not(startsWith(variables['Build.SourceBranch'], 'refs/heads/')) }}:
- name: sinceArg
value: --since $(targetBranch)
- group: fabric-variables
- template: .devops/templates/variables.yml
resources:
repositories:
- repository: 1esPipelines
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release
extends:
template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines
parameters:
pool:
name: Azure-Pipelines-1ESPT-ExDShared
image: windows-latest
os: windows # We need windows because compliance task only run on windows.
customBuildTags: null # send empty tags since it is not supported on GH repo's for PR's
customLogIssues: null # send empty tags since it is not supported on GH repo's for PR's
stages:
- stage: main
jobs:
- job: BuildTestLint
pool:
name: '1ES-Host-Ubuntu'
image: '1ES-PT-Ubuntu-20.04'
os: linux
workspace:
clean: all
steps:
- template: .devops/templates/build-test-lint.yml@self
- job: DeployE2E
displayName: Deploy and E2E
workspace:
clean: all
pool:
name: '1ES-Host-Ubuntu'
image: '1ES-PT-Ubuntu-20.04'
os: linux
templateContext:
outputs:
- output: pipelineArtifact
targetPath: $(System.DefaultWorkingDirectory)/apps/pr-deploy-site/dist
artifactName: web
steps:
- template: .devops/templates/deployE2E.yml@self
# False positive AV. Wi'l follow up with AV owners. For now to get compliant deleting file before.
- script: |
rm apps/pr-deploy-site/dist/public-docsite-v9/storybook/407.13419a99614bf685f100.manager.bundle.js
displayName: 'Remove false positive file'

31
azure-pipelines-pr.yml Normal file
Просмотреть файл

@ -0,0 +1,31 @@
pr:
- master
# There's a separate pipeline for CI which also uses this file, but with a trigger override in the UI
# https://dev.azure.com/uifabric/fabricpublic/_apps/hub/ms.vss-ciworkflow.build-ci-hub?_a=edit-build-definition&id=164&view=Tab_Triggers
trigger: none
variables:
- ${{ if not(startsWith(variables['Build.SourceBranch'], 'refs/heads/')) }}:
- name: sinceArg
value: --since $(targetBranch)
- group: fabric-variables
- template: .devops/templates/variables.yml
pool: '1ES-Host-Ubuntu'
jobs:
- job: BuildTestLint
workspace:
clean: all
steps:
- template: .devops/templates/build-test-lint.yml
- job: DeployE2E
displayName: Deploy and E2E
workspace:
clean: all
steps:
- template: .devops/templates/deployE2E.yml

114
azure-pipelines.hotfix.yml
Просмотреть файл

@ -11,68 +11,78 @@ parameters:
variables:
- template: .devops/templates/variables.yml
- group: InfoSec-SecurityResults
- name: tags
value: production,externalfacing
jobs:
- template: .devops/templates/compliance-job.yml
resources:
repositories:
- repository: 1esPipelines
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release
- job: Release
dependsOn: Compliance
pool: '1ES-Host-Ubuntu'
workspace:
clean: all
steps:
- template: .devops/templates/tools.yml
extends:
template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines
parameters:
pool:
name: Azure-Pipelines-1ESPT-ExDShared
image: windows-latest
os: windows # We need windows because compliance task only run on windows.
stages:
- stage: main
jobs:
- job: Release
dependsOn: Compliance
pool:
name: '1ES-Host-Ubuntu'
image: '1ES-PT-Ubuntu-20.04'
os: linux
workspace:
clean: all
templateContext:
outputs:
- output: pipelineArtifact
targetPath: $(System.DefaultWorkingDirectory)
artifactName: output
steps:
- template: .devops/templates/tools.yml@self
- script: |
node -e "if('$(targetNpmVersion)' === '') throw new Error('targetNpmVersion is not specified');"
displayName: 'Checking for targetNpmVersion variable'
- script: |
node -e "if('$(targetNpmVersion)' === '') throw new Error('targetNpmVersion is not specified');"
displayName: 'Checking for targetNpmVersion variable'
- script: |
npm install semver
node -e "let semver = require('semver');if(semver.valid('$(targetNpmVersion)') === null){ throw new Error('Invalid version specified'); }"
displayName: 'Check targetNpmVersion is valid semver'
- script: |
npm install semver
node -e "let semver = require('semver');if(semver.valid('$(targetNpmVersion)') === null){ throw new Error('Invalid version specified'); }"
displayName: 'Check targetNpmVersion is valid semver'
- task: Bash@3
inputs:
filePath: yarn-ci.sh
displayName: yarn
- task: Bash@3
inputs:
filePath: yarn-ci.sh
displayName: yarn
- script: |
npm version $(targetNpmVersion)
workingDirectory: 'packages/react'
displayName: 'Manually set package version'
- script: |
npm version $(targetNpmVersion)
workingDirectory: 'packages/react'
displayName: 'Manually set package version'
- script: |
yarn buildto @fluentui/react --production
displayName: yarn build to FUIR (Create production build)
- script: |
yarn buildto @fluentui/react --production
displayName: yarn build to FUIR (Create production build)
- script: yarn workspace @fluentui/react bundle --production
displayName: yarn bundle FUIR
- script: yarn workspace @fluentui/react bundle --production
displayName: yarn bundle FUIR
- script: |
npm pack
displayName: 'Create tarball'
workingDirectory: 'packages/react'
- script: |
npm pack
displayName: 'Create tarball'
workingDirectory: 'packages/react'
- ${{ if ne(parameters.isTestRun, true) }}:
- script: |
npm publish packages/react/react-$(targetNpmVersion).tgz --tag hf8 --//registry.npmjs.org/:_authToken=$(npmToken)
displayName: Publish new version
- ${{ if ne(parameters.isTestRun, true) }}:
- script: |
npm publish packages/react/react-$(targetNpmVersion).tgz --tag hf8 --//registry.npmjs.org/:_authToken=$(npmToken)
displayName: Publish new version
- task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
displayName: 📒 Generate Manifest
inputs:
BuildDropPath: $(System.DefaultWorkingDirectory)
- task: PublishPipelineArtifact@1
displayName: 📒 Publish Manifest
inputs:
artifactName: SBom-$(System.JobAttempt)
targetPath: $(System.DefaultWorkingDirectory)/_manifest
- template: .devops/templates/cleanup.yml
parameters:
checkForModifiedFiles: false
- template: .devops/templates/cleanup.yml@self
parameters:
checkForModifiedFiles: false

327
azure-pipelines.release-fluentui.yml
Просмотреть файл

@ -18,11 +18,15 @@ resources:
- repository: self
type: git
ref: master
- repository: 1esPipelines
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release
variables:
# below are variables that cannot be configured at queue time
- group: 'Github and NPM secrets'
- template: .devops/templates/variables.yml
- template: .devops/templates/variables.yml@self
parameters:
deployBasePath: 0.0.0-nightly
- name: docsiteVersion # used by docsite
@ -31,7 +35,6 @@ variables:
value: true
- name: nightlyReleaseDate # used by nightly built docsite to setup codesandbox correctly
value: empty
- group: InfoSec-SecurityResults
- name: tags
value: production,externalfacing
@ -43,189 +46,191 @@ variables:
# - name: releaseVersion # version to publish to npm; only make sense when publishOfficial=true
# value: canary # value can only be canary/patch/minor
jobs:
- template: .devops/templates/compliance-job.yml
extends:
template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines
parameters:
pool:
name: Azure-Pipelines-1ESPT-ExDShared
image: windows-latest
os: windows # We need windows because compliance task only run on windows.
stages:
- stage: main
jobs:
- job: Job_build_publish
pool:
name: '1ES-Host-Ubuntu'
image: '1ES-PT-Ubuntu-20.04'
os: linux
workspace:
clean: all
displayName: Build and Release Fluent Packages
# skip this job if publishDocsiteOnly is true
condition: and(succeeded(), eq(variables.publishDocsiteOnly, false))
- job: Job_build_publish
dependsOn: Compliance
pool: '1ES-Host-Ubuntu'
workspace:
clean: all
displayName: Build and Release Fluent Packages
# skip this job if publishDocsiteOnly is true
condition: and(succeeded(), eq(variables.publishDocsiteOnly, false))
steps:
- template: .devops/templates/tools.yml@self
steps:
- template: .devops/templates/tools.yml
- script: |
git config user.name "Fluent UI Build"
git config user.email "fluentui-internal@service.microsoft.com"
git remote set-url origin https://$(githubUser):$(githubPAT)@github.com/microsoft/fluentui.git
displayName: Authenticate git for pushes
- script: |
git config user.name "Fluent UI Build"
git config user.email "fluentui-internal@service.microsoft.com"
git remote set-url origin https://$(githubUser):$(githubPAT)@github.com/microsoft/fluentui.git
displayName: Authenticate git for pushes
- task: CmdLine@2
displayName: Checkout branch for version pushes
condition: and(succeeded(), eq(variables.publishOfficial, true))
inputs:
script: |
BRANCH_NAME=`echo $(Build.SourceBranch) | sed "s/refs\/heads\///"`
git checkout $BRANCH_NAME
git pull
- task: CmdLine@2
displayName: Checkout branch for version pushes
condition: and(succeeded(), eq(variables.publishOfficial, true))
inputs:
script: |
BRANCH_NAME=`echo $(Build.SourceBranch) | sed "s/refs\/heads\///"`
git checkout $BRANCH_NAME
git pull
- task: Bash@3
inputs:
filePath: yarn-ci.sh
displayName: yarn
- task: Bash@3
inputs:
filePath: yarn-ci.sh
displayName: yarn
- task: CmdLine@2
displayName: yarn buildci
inputs:
script: yarn buildci
- task: CmdLine@2
displayName: yarn buildci
inputs:
script: yarn buildci
- task: CmdLine@2
displayName: '[Nightly] Pack fluentui packages to ArtifactStagingDirectory'
condition: and(succeeded(), eq(variables.publishOfficial, false))
inputs:
script: |
today=`date +%Y-%m-%d`
echo date today $today
echo "##vso[task.setvariable variable=date]$today"
yarn release:fluentui:pack-nightly
- task: CmdLine@2
displayName: '[Nightly] Pack fluentui packages to ArtifactStagingDirectory'
condition: and(succeeded(), eq(variables.publishOfficial, false))
inputs:
script: |
today=`date +%Y-%m-%d`
echo date today $today
echo "##vso[task.setvariable variable=date]$today"
yarn release:fluentui:pack-nightly
- task: AzureUpload@2
displayName: '[Nightly] Upload tarballs'
condition: and(succeeded(), eq(variables.publishOfficial, false))
inputs:
SourcePath: $(Build.ArtifactStagingDirectory)
azureSubscription: 'UI Fabric (private)'
storage: fluentsite
ContainerName: nightly-builds
BlobPrefix: $(date) # upload tarballs to folder named by today's date
Gzip: true
- task: AzureUpload@2
displayName: '[Nightly] Upload tarballs'
condition: and(succeeded(), eq(variables.publishOfficial, false))
inputs:
SourcePath: $(Build.ArtifactStagingDirectory)
azureSubscription: 'UI Fabric (private)'
storage: fluentsite
ContainerName: nightly-builds
BlobPrefix: $(date) # upload tarballs to folder named by today's date
Gzip: true
- task: CmdLine@2
displayName: '[NPM] Publish to NPM'
condition: and(succeeded(), eq(variables.publishOfficial, true))
timeoutInMinutes: 2
inputs:
script: |
yarn logout
- task: CmdLine@2
displayName: '[NPM] Publish to NPM'
condition: and(succeeded(), eq(variables.publishOfficial, true))
timeoutInMinutes: 2
inputs:
script: |
yarn logout
NPM_TOKEN=$(npmToken)
NPM_TOKEN=$(npmToken)
touch packages/fluentui/.npmrc
touch packages/fluentui/.npmrc
echo "@fluentui:registry=https://registry.npmjs.org/" > packages/fluentui/.npmrc
echo "registry=https://registry.npmjs.org/" >> packages/fluentui/.npmrc
echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" >> packages/fluentui/.npmrc
echo "@fluentui:registry=https://registry.npmjs.org/" > packages/fluentui/.npmrc
echo "registry=https://registry.npmjs.org/" >> packages/fluentui/.npmrc
echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" >> packages/fluentui/.npmrc
yarn release:fluentui:$(releaseVersion) --yes
yarn release:fluentui:$(releaseVersion) --yes
yarn release:fluentui:post-validation
yarn release:fluentui:post-validation
- template: .devops/templates/cleanup.yml@self
- task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
displayName: 📒 Generate Manifest
inputs:
BuildDropPath: $(System.DefaultWorkingDirectory)
- job: Job_build_publish_doc
workspace:
clean: all
displayName: Build and Publish Docsite
dependsOn: Job_build_publish
pool:
name: '1ES-Host-Ubuntu'
image: '1ES-PT-Ubuntu-20.04'
os: linux
# run this job when the previous job is succeeded or when publishDocsiteOnly is true
condition: or(succeeded(), eq(variables.publishDocsiteOnly, true))
- task: PublishPipelineArtifact@1
displayName: 📒 Publish Manifest
inputs:
artifactName: SBom-Build-$(System.JobAttempt)
targetPath: $(System.DefaultWorkingDirectory)/_manifest
steps:
- template: .devops/templates/tools.yml@self
- template: .devops/templates/cleanup.yml
- task: CmdLine@2
displayName: Checkout branch for pull
condition: and(succeeded(), eq(variables.publishOfficial, true))
inputs:
script: |
BRANCH_NAME=`echo $(Build.SourceBranch) | sed "s/refs\/heads\///"`
git checkout $BRANCH_NAME
git pull
- job: Job_build_publish_doc
workspace:
clean: all
displayName: Build and Publish Docsite
dependsOn: Job_build_publish
# run this job when the previous job is succeeded or when publishDocsiteOnly is true
condition: or(succeeded(), eq(variables.publishDocsiteOnly, true))
- task: Bash@3
displayName: Yarn
inputs:
filePath: yarn-ci.sh
steps:
- template: .devops/templates/tools.yml
- task: CmdLine@2
displayName: 'Set nightlyReleaseDate'
condition: and(succeeded(), eq(variables.publishOfficial, false))
inputs:
script: |
today=`date +%Y-%m-%d`
echo date today $today
echo "##vso[task.setvariable variable=nightlyReleaseDate]$today"
- task: CmdLine@2
displayName: Checkout branch for pull
condition: and(succeeded(), eq(variables.publishOfficial, true))
inputs:
script: |
BRANCH_NAME=`echo $(Build.SourceBranch) | sed "s/refs\/heads\///"`
git checkout $BRANCH_NAME
git pull
- task: CmdLine@2
displayName: 'Set base path and version'
condition: and(succeeded(), eq(variables.publishOfficial, true), ne(variables.releaseVersion, 'canary'))
inputs:
script: |
ver=`node -p "require('./packages/fluentui/react-northstar/package.json').version"`
echo "Docsite base path published for version $ver"
echo "##vso[task.setvariable variable=deployBasePath]$ver"
echo "##vso[task.setvariable variable=docsiteVersion]$ver"
echo "##vso[task.setvariable variable=nightlyReleaseDate]"
- task: Bash@3
displayName: Yarn
inputs:
filePath: yarn-ci.sh
- task: CmdLine@2
displayName: 'Set base path and version for canary'
condition: and(succeeded(), eq(variables.publishOfficial, true), eq(variables.releaseVersion, 'canary'))
inputs:
script: |
ver=`node -p "require('./packages/fluentui/lerna.json').version"`
echo "Docsite base path published for version $ver"
echo "##vso[task.setvariable variable=deployBasePath]$ver"
echo "##vso[task.setvariable variable=docsiteVersion]$ver"
echo "##vso[task.setvariable variable=nightlyReleaseDate]"
- task: CmdLine@2
displayName: 'Set nightlyReleaseDate'
condition: and(succeeded(), eq(variables.publishOfficial, false))
inputs:
script: |
today=`date +%Y-%m-%d`
echo date today $today
echo "##vso[task.setvariable variable=nightlyReleaseDate]$today"
- task: CmdLine@2
displayName: Build
inputs:
script: |
echo deployBasePath $(deployBasePath) docsiteVersion $(docsiteVersion) nightlyReleaseDate $(nightlyReleaseDate)
NODE_ENV=production yarn build:fluentui:docs
- task: CmdLine@2
displayName: 'Set base path and version'
condition: and(succeeded(), eq(variables.publishOfficial, true), ne(variables.releaseVersion, 'canary'))
inputs:
script: |
ver=`node -p "require('./packages/fluentui/react-northstar/package.json').version"`
echo "Docsite base path published for version $ver"
echo "##vso[task.setvariable variable=deployBasePath]$ver"
echo "##vso[task.setvariable variable=docsiteVersion]$ver"
echo "##vso[task.setvariable variable=nightlyReleaseDate]"
- task: AzureUpload@2
displayName: Upload to Azure
inputs:
SourcePath: packages/fluentui/docs/dist
azureSubscription: 'Azure - fluentsite storage'
storage: fluentsite
ContainerName: $web
BlobPrefix: $(deployBasePath)
Gzip: true
- task: CmdLine@2
displayName: 'Set base path and version for canary'
condition: and(succeeded(), eq(variables.publishOfficial, true), eq(variables.releaseVersion, 'canary'))
inputs:
script: |
ver=`node -p "require('./packages/fluentui/lerna.json').version"`
echo "Docsite base path published for version $ver"
echo "##vso[task.setvariable variable=deployBasePath]$ver"
echo "##vso[task.setvariable variable=docsiteVersion]$ver"
echo "##vso[task.setvariable variable=nightlyReleaseDate]"
- task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
displayName: 📒 Generate Manifest Docsite
inputs:
BuildDropPath: $(System.DefaultWorkingDirectory)
- task: CmdLine@2
displayName: Build
inputs:
script: |
echo deployBasePath $(deployBasePath) docsiteVersion $(docsiteVersion) nightlyReleaseDate $(nightlyReleaseDate)
NODE_ENV=production yarn build:fluentui:docs
# Publish the manifest to a separate artifact to avoid hosting the _manifest files on the website
- task: PublishPipelineArtifact@1
displayName: 📒 Publish Manifest DocSite
inputs:
artifactName: SBom-DocSite-$(System.JobAttempt)
targetPath: $(System.DefaultWorkingDirectory)/_manifest
- task: AzureUpload@2
displayName: Upload to Azure
inputs:
SourcePath: packages/fluentui/docs/dist
azureSubscription: 'Azure - fluentsite storage'
storage: fluentsite
ContainerName: $web
BlobPrefix: $(deployBasePath)
Gzip: true
- task: PublishPipelineArtifact@1
displayName: Publish Docsite as Pipeline Artifact
inputs:
path: packages/fluentui/docs/dist
artifactName: docsite_v$(docsiteVersion)
- task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
displayName: 📒 Generate Manifest Docsite
inputs:
BuildDropPath: $(System.DefaultWorkingDirectory)
# Publish the manifest to a separate artifact to avoid hosting the _manifest files on the website
- task: PublishPipelineArtifact@1
displayName: 📒 Publish Manifest DocSite
inputs:
artifactName: SBom-DocSite-$(System.JobAttempt)
targetPath: $(System.DefaultWorkingDirectory)/_manifest
- task: PublishPipelineArtifact@1
displayName: Publish Docsite as Pipeline Artifact
inputs:
path: packages/fluentui/docs/dist
artifactName: docsite_v$(docsiteVersion)
- template: .devops/templates/cleanup.yml
- template: .devops/templates/cleanup.yml@self

137
azure-pipelines.release-vnext-nightly.yml
Просмотреть файл

@ -12,7 +12,6 @@ variables:
skipComponentGovernanceDetection: false
- name: release.vnext # Used to scope beachball to release only vnext packages
value: true
- group: InfoSec-SecurityResults
- name: tags
value: production,externalfacing
@ -26,80 +25,82 @@ schedules:
include:
- master
jobs:
- template: .devops/templates/compliance-job.yml
resources:
repositories:
- repository: 1esPipelines
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release
- job: Release
dependsOn: Compliance
pool: '1ES-Host-Ubuntu'
workspace:
clean: all
steps:
- template: .devops/templates/tools.yml
extends:
template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines
parameters:
pool:
name: Azure-Pipelines-1ESPT-ExDShared
image: windows-latest
os: windows # We need windows because compliance task only run on windows.
stages:
- stage: main
jobs:
- job: Release
pool:
name: '1ES-Host-Ubuntu'
image: '1ES-PT-Ubuntu-20.04'
os: linux
workspace:
clean: all
templateContext:
outputs:
- output: pipelineArtifact
targetPath: $(System.DefaultWorkingDirectory)
artifactName: output
steps:
- template: .devops/templates/tools.yml@self
- script: |
git config user.name "Fluent UI Build"
git config user.email "fluentui-internal@service.microsoft.com"
displayName: Configure git user (used by beachball)
- script: |
git config user.name "Fluent UI Build"
git config user.email "fluentui-internal@service.microsoft.com"
displayName: Configure git user (used by beachball)
- task: Bash@3
inputs:
filePath: yarn-ci.sh
displayName: yarn
- task: Bash@3
inputs:
filePath: yarn-ci.sh
displayName: yarn
# Deletes all existing changefiles so that only bump that happens is for nightly
- script: |
rm -f change/*
displayName: 'Delete existing changefiles'
# Deletes all existing changefiles so that only bump that happens is for nightly
- script: |
rm -f change/*
displayName: 'Delete existing changefiles'
# Bumps all v9 packages to a x.x.x-nightly.commitSha version and checks in change files
- script: |
date=$(date +"%Y%m%d-%H%M")
#release version name will follow a 0.0.0-nightly-{year}{month}{day}-{hour}{minute} format.
yarn nx g @fluentui/workspace-plugin:version-bump --all --bumpType nightly --prereleaseTag "nightly-${date}"
git add .
git commit -m "bump nightly versions"
yarn change --type prerelease --message "Release nightly v9" --dependent-change-type "prerelease"
displayName: 'Bump and commit nightly versions'
# Bumps all v9 packages to a x.x.x-nightly.commitSha version and checks in change files
- script: |
date=$(date +"%Y%m%d-%H%M")
#release version name will follow a 0.0.0-nightly-{year}{month}{day}-{hour}{minute} format.
yarn nx g @fluentui/workspace-plugin:version-bump --all --bumpType nightly --prereleaseTag "nightly-${date}"
git add .
git commit -m "bump nightly versions"
yarn change --type prerelease --message "Release nightly v9" --dependent-change-type "prerelease"
displayName: 'Bump and commit nightly versions'
# --only makes it only run tests (otherwise due to the missing --production arg, lage would re-run the build)
# https://github.com/microsoft/fluentui/issues/21686
- script: |
yarn lage test --to @fluentui/react-components
displayName: yarn test
# --only makes it only run tests (otherwise due to the missing --production arg, lage would re-run the build)
# https://github.com/microsoft/fluentui/issues/21686
- script: |
yarn lage test --to @fluentui/react-components
displayName: yarn test
- script: |
yarn lage lint --to @fluentui/react-components
displayName: yarn lint
- script: |
yarn lage lint --to @fluentui/react-components
displayName: yarn lint
- script: |
yarn lage build --to @fluentui/react-components
displayName: yarn build
- script: |
yarn lage build --to @fluentui/react-components
displayName: yarn build
- script: |
yarn publish:beachball -n $(npmToken) --no-push --tag nightly --config scripts/beachball/release-vNext.config.js
git reset --hard origin/master
displayName: Publish changes and bump versions
- script: |
yarn publish:beachball -n $(npmToken) --no-push --tag nightly --config scripts/beachball/release-vNext.config.js
git reset --hard origin/master
displayName: Publish changes and bump versions
- task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
displayName: 📒 Generate Manifest
inputs:
BuildDropPath: $(System.DefaultWorkingDirectory)
- task: PublishPipelineArtifact@1
displayName: 📒 Publish Manifest
inputs:
artifactName: SBom-$(System.JobAttempt)
targetPath: $(System.DefaultWorkingDirectory)/_manifest
- task: ComponentGovernanceComponentDetection@0
displayName: 'Component governance detection'
inputs:
sourceScanPath: $(Agent.BuildDirectory)
condition: succeeded()
timeoutInMinutes: 5
continueOnError: true
- template: .devops/templates/cleanup.yml
parameters:
checkForModifiedFiles: false
- template: .devops/templates/cleanup.yml@self
parameters:
checkForModifiedFiles: false

144
azure-pipelines.release-vnext.yml
Просмотреть файл

@ -12,7 +12,6 @@ variables:
skipComponentGovernanceDetection: false
- name: release.vnext # Used to scope beachball to release only vnext packages
value: true
- group: InfoSec-SecurityResults
- name: tags
value: production,externalfacing
@ -27,85 +26,88 @@ variables:
# include:
# - master
jobs:
- template: .devops/templates/compliance-job.yml
resources:
repositories:
- repository: 1esPipelines
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release
- job: Release
dependsOn: Compliance
pool: '1ES-Host-Ubuntu'
workspace:
clean: all
steps:
- template: .devops/templates/tools.yml
extends:
template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines
parameters:
pool:
name: Azure-Pipelines-1ESPT-ExDShared
image: windows-latest
os: windows # We need windows because compliance task only run on windows.
stages:
- stage: main
jobs:
- job: Release
pool:
name: '1ES-Host-Ubuntu'
image: '1ES-PT-Ubuntu-20.04'
os: linux
workspace:
clean: all
templateContext:
outputs:
- output: pipelineArtifact
targetPath: $(System.DefaultWorkingDirectory)
artifactName: output
steps:
- template: .devops/templates/tools.yml@self
- script: |
git config user.name "Fluent UI Build"
git config user.email "fluentui-internal@service.microsoft.com"
git remote set-url origin https://$(githubUser):$(githubPAT)@github.com/microsoft/fluentui.git
displayName: Authenticate git for pushes
- script: |
git config user.name "Fluent UI Build"
git config user.email "fluentui-internal@service.microsoft.com"
git remote set-url origin https://$(githubUser):$(githubPAT)@github.com/microsoft/fluentui.git
displayName: Authenticate git for pushes
- task: Bash@3
inputs:
filePath: yarn-ci.sh
displayName: yarn
- task: Bash@3
inputs:
filePath: yarn-ci.sh
displayName: yarn
# --only makes it only run tests (otherwise due to the missing --production arg, lage would re-run the build)
# https://github.com/microsoft/fluentui/issues/21686
- script: |
yarn run:published test
displayName: yarn test
# --only makes it only run tests (otherwise due to the missing --production arg, lage would re-run the build)
# https://github.com/microsoft/fluentui/issues/21686
- script: |
yarn run:published test
displayName: yarn test
- script: |
yarn run:published lint
displayName: yarn lint
- script: |
yarn run:published lint
displayName: yarn lint
- script: |
yarn run:published build --production
displayName: yarn build
- script: |
yarn run:published build --production
displayName: yarn build
- script: |
yarn publish:beachball -n $(npmToken) --config scripts/beachball/release-vNext.config.js
git reset --hard origin/master
env:
GITHUB_PAT: $(githubPAT)
displayName: Publish changes and bump versions
- script: |
yarn publish:beachball -n $(npmToken) --config scripts/beachball/release-vNext.config.js
git reset --hard origin/master
env:
GITHUB_PAT: $(githubPAT)
displayName: Publish changes and bump versions
- script: |
node -r ./scripts/ts-node/register scripts/executors/tag-react-components.ts --token $(npmToken)
displayName: Tag prelease packages with prerelease tag
continueOnError: true
- script: |
node -r ./scripts/ts-node/register scripts/executors/tag-react-components.ts --token $(npmToken)
displayName: Tag prelease packages with prerelease tag
continueOnError: true
- task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
displayName: 📒 Generate Manifest
inputs:
BuildDropPath: $(System.DefaultWorkingDirectory)
# Since releases are scoped, this should warn for any packages that were mistakenly not included in scoping
- script: |
yarn syncpack list-mismatches
displayName: Check for dependency mismatches
- task: PublishPipelineArtifact@1
displayName: 📒 Publish Manifest
inputs:
artifactName: SBom-$(System.JobAttempt)
targetPath: $(System.DefaultWorkingDirectory)/_manifest
# TODO update release notes script for v9
# - script: |
# node -r ./scripts/ts-node/register ./scripts/update-release-notes/index.ts --token=$(githubPAT) --apply --debug
# displayName: 'Update github release notes'
# Since releases are scoped, this should warn for any packages that were mistakenly not included in scoping
- script: |
yarn syncpack list-mismatches
displayName: Check for dependency mismatches
# This would usually be run automatically (via a pipeline decorator from an extension), but the
# thorough cleanup step prevents it from working. So run it manually here.
# TODO update release notes script for v9
# - script: |
# node -r ./scripts/ts-node/register ./scripts/update-release-notes/index.ts --token=$(githubPAT) --apply --debug
# displayName: 'Update github release notes'
# This would usually be run automatically (via a pipeline decorator from an extension), but the
# thorough cleanup step prevents it from working. So run it manually here.
- task: ComponentGovernanceComponentDetection@0
displayName: 'Component governance detection'
inputs:
sourceScanPath: $(Agent.BuildDirectory)
condition: succeeded()
timeoutInMinutes: 5
continueOnError: true
- template: .devops/templates/cleanup.yml
parameters:
checkForModifiedFiles: false
- template: .devops/templates/cleanup.yml@self
parameters:
checkForModifiedFiles: false

284
azure-pipelines.release.yml
Просмотреть файл

@ -10,7 +10,6 @@ variables:
- template: .devops/templates/variables.yml
parameters:
skipComponentGovernanceDetection: false
- group: InfoSec-SecurityResults
- name: tags
value: production,externalfacing
@ -24,178 +23,141 @@ schedules:
include:
- master
jobs:
- template: .devops/templates/compliance-job.yml
resources:
repositories:
- repository: 1esPipelines
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release
- job: Release
dependsOn: Compliance
pool: '1ES-Host-Ubuntu'
workspace:
clean: all
steps:
- template: .devops/templates/tools.yml
extends:
template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines
parameters:
pool:
name: Azure-Pipelines-1ESPT-ExDShared
image: windows-latest
os: windows # We need windows because compliance task only run on windows.
stages:
- stage: main
jobs:
- job: Release
pool:
name: '1ES-Host-Ubuntu'
image: '1ES-PT-Ubuntu-20.04'
os: linux
timeoutInMinutes: 90
workspace:
clean: all
templateContext:
outputParentDirectory: $(System.DefaultWorkingDirectory)
outputs:
- output: pipelineArtifact
targetPath: $(System.DefaultWorkingDirectory)/homepage
artifactName: homepage.htm
displayName: homepage.htm
- output: pipelineArtifact
targetPath: $(System.DefaultWorkingDirectory)/packages/fluentui/docs/src/public
artifactName: demo-images
displayName: demo-images
- output: pipelineArtifact
targetPath: $(System.DefaultWorkingDirectory)/oufr-version.txt
artifactName: oufr-version
displayName: oufr-version
- output: pipelineArtifact
targetPath: $(System.DefaultWorkingDirectory)/site-manifests
artifactName: fabric-website-manifests
displayName: fabric-website-manifests
- output: pipelineArtifact
targetPath: $(System.DefaultWorkingDirectory)/apps/public-docsite-resources/dist/demo
artifactName: fabric-website-resources
displayName: fabric-website-resources
- output: pipelineArtifact
targetPath: $(System.DefaultWorkingDirectory)/apps/public-docsite/dist
artifactName: fabric-website
displayName: fabric-website
- output: pipelineArtifact
targetPath: $(System.DefaultWorkingDirectory)/packages/react/dist
artifactName: fabric
displayName: fabric
- output: pipelineArtifact
targetPath: $(Build.ArtifactStagingDirectory)/api
artifactName: api-json
displayName: api-json
steps:
- template: .devops/templates/tools.yml@self
- script: |
git config user.name "Fluent UI Build"
git config user.email "fluentui-internal@service.microsoft.com"
git remote set-url origin https://$(githubUser):$(githubPAT)@github.com/microsoft/fluentui.git
displayName: Authenticate git for pushes
- script: |
git config user.name "Fluent UI Build"
git config user.email "fluentui-internal@service.microsoft.com"
git remote set-url origin https://$(githubUser):$(githubPAT)@github.com/microsoft/fluentui.git
displayName: Authenticate git for pushes
- task: Bash@3
inputs:
filePath: yarn-ci.sh
displayName: yarn
- task: Bash@3
inputs:
filePath: yarn-ci.sh
displayName: yarn
- script: |
yarn generate-version-files
displayName: Generate version files
- script: |
yarn generate-version-files
displayName: Generate version files
- script: |
yarn run:published build --production
displayName: yarn build
- script: |
yarn run:published build --production
displayName: yarn build
# --only makes it only run tests (otherwise due to the missing --production arg, lage would re-run the build)
# https://github.com/microsoft/fluentui/issues/21686
- script: |
yarn run:published test --only
displayName: yarn [test]
# --only makes it only run tests (otherwise due to the missing --production arg, lage would re-run the build)
# https://github.com/microsoft/fluentui/issues/21686
- script: |
yarn run:published test --only
displayName: yarn [test]
- script: |
yarn run:published lint --only
displayName: yarn lint
- script: |
yarn run:published lint --only
displayName: yarn lint
- script: |
yarn run:published bundle --only --production
displayName: yarn bundle
- script: |
yarn run:published bundle --only --production
displayName: yarn bundle
- script: |
yarn publish:beachball -n $(npmToken) --config scripts/beachball/release-v8.config.js
git reset --hard origin/master
env:
GITHUB_PAT: $(githubPAT)
displayName: Publish changes and bump versions
- script: |
yarn publish:beachball -n $(npmToken) --config scripts/beachball/release-v8.config.js
git reset --hard origin/master
env:
GITHUB_PAT: $(githubPAT)
displayName: Publish changes and bump versions
- script: |
echo Making $(Build.ArtifactStagingDirectory)/api
mkdir -p $(Build.ArtifactStagingDirectory)/api
cp packages/*/dist/*.api.json $(Build.ArtifactStagingDirectory)/api
displayName: Copy api.json files to artifact staging directory
- script: |
echo Making $(Build.ArtifactStagingDirectory)/api
mkdir -p $(Build.ArtifactStagingDirectory)/api
cp packages/*/dist/*.api.json $(Build.ArtifactStagingDirectory)/api
displayName: Copy api.json files to artifact staging directory
- task: PublishBuildArtifacts@1
inputs:
pathtoPublish: $(Build.ArtifactStagingDirectory)/api
artifactName: 'api-json'
publishLocation: 'Container'
displayName: 'Publish artifact: api-json'
- script: |
oufrVersion=$(node -p -e "require('./packages/react/package.json').version")
echo "OUFR Version: $oufrVersion"
echo $oufrVersion > oufr-version.txt
echo "##vso[task.setvariable variable=oufrVersion;]$oufrVersion"
displayName: 'Set oufrVersion variable'
- task: PublishBuildArtifacts@1
inputs:
pathtoPublish: apps/public-docsite/dist
artifactName: 'fabric-website'
publishLocation: 'Container'
displayName: 'Publish artifact: fabric-website (public-docsite)'
# create-site-manifests is a script defined in @fluentui/public-docsite-setup.
# It generates manifest files used to load the current version on developer.microsoft.com/fluentui.
- script: |
yarn create-site-manifests ./packages/react
displayName: 'Generate website manifests'
- task: PublishBuildArtifacts@1
inputs:
pathtoPublish: packages/react/dist
artifactName: 'fabric'
publishLocation: 'Container'
displayName: 'Publish artifact: fabric (packages/react/dist)'
# Generate the homepage.htm file used to load developer.microsoft.com/fluentui. Note that the
# generated file must be manually checked in to an internal repo, it's just generated as a build
# artifact for convenience and tracking.
- script: |
node ./packages/public-docsite-setup/scripts/generateHomepage ./homepage
displayName: 'Generate homepage.htm'
- script: |
oufrVersion=$(node -p -e "require('./packages/react/package.json').version")
echo "OUFR Version: $oufrVersion"
echo $oufrVersion > oufr-version.txt
echo "##vso[task.setvariable variable=oufrVersion;]$oufrVersion"
displayName: 'Set oufrVersion variable'
# Run this near the end because it's more likely to fail than the artifact upload tasks, and its
# failure doesn't need to block anything else
- script: |
node -r ./scripts/ts-node/register ./scripts/update-release-notes/index.ts --token=$(githubPAT) --apply --debug
displayName: 'Update github release notes'
- task: PublishBuildArtifacts@1
inputs:
pathtoPublish: ./oufr-version.txt
artifactName: 'oufr-version'
publishLocation: 'Container'
displayName: 'Publish artifact: oufr-version'
# create-site-manifests is a script defined in @fluentui/public-docsite-setup.
# It generates manifest files used to load the current version on developer.microsoft.com/fluentui.
- script: |
yarn create-site-manifests ./packages/react
displayName: 'Generate website manifests'
- task: PublishBuildArtifacts@1
inputs:
pathtoPublish: ./site-manifests
artifactName: 'fabric-website-manifests'
publishLocation: 'Container'
displayName: 'Publish artifact: fabric-website-manifests'
- task: PublishBuildArtifacts@1
inputs:
pathtoPublish: apps/public-docsite-resources/dist/demo
artifactName: 'fabric-website-resources'
publishLocation: 'Container'
displayName: 'Publish artifact: fabric-website-resources (public-docsite-resources)'
# Generate the homepage.htm file used to load developer.microsoft.com/fluentui. Note that the
# generated file must be manually checked in to an internal repo, it's just generated as a build
# artifact for convenience and tracking.
- script: |
node ./packages/public-docsite-setup/scripts/generateHomepage ./homepage
displayName: 'Generate homepage.htm'
- task: PublishBuildArtifacts@1
inputs:
# This includes the actual homepage.htm as well as a non-minified JS file for debugging
pathtoPublish: ./homepage
artifactName: 'homepage.htm'
publishLocation: 'Container'
displayName: 'Publish artifact: homepage.htm'
- script: |
node ./scripts/generators/generate-package-manifest
displayName: 'Generate package manifest'
- task: PublishBuildArtifacts@1
inputs:
pathtoPublish: package-manifest
artifactName: 'package-manifest'
publishLocation: 'Container'
displayName: 'Publish artifact: package-manifest'
- task: PublishBuildArtifacts@1
inputs:
pathtoPublish: packages/fluentui/docs/src/public
artifactName: 'demo-images'
publishLocation: 'Container'
displayName: 'Publish artifact: demo-images'
# Run this near the end because it's more likely to fail than the artifact upload tasks, and its
# failure doesn't need to block anything else
- script: |
node -r ./scripts/ts-node/register ./scripts/update-release-notes/index.ts --token=$(githubPAT) --apply --debug
displayName: 'Update github release notes'
- task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
displayName: 📒 Generate Manifest
inputs:
BuildDropPath: $(System.DefaultWorkingDirectory)
- task: PublishPipelineArtifact@1
displayName: 📒 Publish Manifest
inputs:
artifactName: SBom-$(System.JobAttempt)
targetPath: $(System.DefaultWorkingDirectory)/_manifest
# This would usually be run automatically (via a pipeline decorator from an extension), but the
# thorough cleanup step prevents it from working. So run it manually here.
- task: ComponentGovernanceComponentDetection@0
displayName: 'Component governance detection'
inputs:
sourceScanPath: $(Agent.BuildDirectory)
condition: succeeded()
timeoutInMinutes: 5
continueOnError: true
- template: .devops/templates/cleanup.yml
parameters:
checkForModifiedFiles: false
- template: .devops/templates/cleanup.yml@self
parameters:
checkForModifiedFiles: false

164
azure-pipelines.yml
Просмотреть файл

@ -14,125 +14,51 @@ variables:
- template: .devops/templates/variables.yml
pool: '1ES-Host-Ubuntu'
resources:
repositories:
- repository: 1esPipelines
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release
jobs:
- job: BuildTestLint
workspace:
clean: all
steps:
- template: .devops/templates/tools.yml
extends:
template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines
parameters:
pool:
name: Azure-Pipelines-1ESPT-ExDShared
image: windows-latest
os: windows # We need windows because compliance task only run on windows.
customBuildTags: null # send empty tags since it is not supported on GH repo's for PR's
customLogIssues: null # send empty tags since it is not supported on GH repo's for PR's
stages:
- stage: main
jobs:
- job: BuildTestLint
pool:
name: '1ES-Host-Ubuntu'
image: '1ES-PT-Ubuntu-20.04'
os: linux
workspace:
clean: all
steps:
- template: .devops/templates/build-test-lint.yml@self
- task: Bash@3
inputs:
filePath: yarn-ci.sh
displayName: yarn (install packages)
- job: DeployE2E
displayName: Deploy and E2E
workspace:
clean: all
pool:
name: '1ES-Host-Ubuntu'
image: '1ES-PT-Ubuntu-20.04'
os: linux
templateContext:
outputs:
- output: pipelineArtifact
targetPath: $(System.DefaultWorkingDirectory)/apps/pr-deploy-site/dist
artifactName: web
steps:
- template: .devops/templates/deployE2E.yml@self
- script: |
yarn nx run @fluentui/workspace-plugin:check-graph
yarn nx g @fluentui/workspace-plugin:tsconfig-base-all --verify
yarn nx g @fluentui/workspace-plugin:normalize-package-dependencies --verify
displayName: Workspace lint
- script: |
# @fluentui/api-docs is used within apps/public-docsite-resources/just.config.ts, thus it needs to be build in advance
yarn workspace @fluentui/api-docs build
# @fluentui/digest is used within packages/fluentui/perf-test-northstar/just.config.ts, thus it needs to be build in advance
yarn workspace @fluentui/digest build
yarn tsc -p ./tsconfig.json
displayName: Type-check just.config.ts files
- script: |
yarn check:installed-dependencies-versions
displayName: 'check packages: installed dependencies versions'
- script: |
if [[ -n "$(targetBranch)" ]]; then
yarn format --since $(targetBranch) --check
else
yarn format --all --check
fi
displayName: check formatting
## Danger.js checks for Fluent UI N*
- script: |
DANGER_DISABLE_TRANSPILATION="true" yarn danger ci
displayName: danger
condition: eq(variables.isPR, true)
env:
DANGER_GITHUB_API_TOKEN: $(DANGER_GITHUB_API_TOKEN)
- script: |
yarn buildci $(sinceArg)
displayName: build, test, lint, test-ssr
- template: .devops/templates/cleanup.yml
- job: DeployE2E
displayName: Deploy and E2E
workspace:
clean: all
steps:
- template: .devops/templates/tools.yml
- task: Bash@3
inputs:
filePath: yarn-ci.sh
displayName: yarn
# this also builds FUI N* docs if appropriate
- script: |
yarn bundle $(sinceArg)
displayName: bundle
- script: |
yarn lage build-storybook --verbose $(sinceArg)
displayName: build Storybooks
## This runs regardless of scope, the app will adapt to the scope as well
- script: |
yarn workspace @fluentui/pr-deploy-site generate:site
displayName: generate PR Deploy Site
- bash: |
mkdir -p apps/pr-deploy-site/sbom
displayName: 📒 Create dir for manifest Deploy-Site
- task: ManifestGeneratorTask@0
displayName: 📒 Generate Manifest Deploy-Site
inputs:
BuildDropPath: apps/pr-deploy-site/dist
ManifestDirPath: 'apps/pr-deploy-site/sbom'
Verbosity: Verbose
- task: PublishPipelineArtifact@1
displayName: 📒 Publish Manifest Deploy-Site
inputs:
artifactName: SBom-Deploy-Site-$(System.JobAttempt)
targetPath: apps/pr-deploy-site/sbom
- task: AzureUpload@2
displayName: Upload PR deploy site
inputs:
azureSubscription: $(azureSubscription)
BlobPrefix: $(deployBasePath)
ContainerName: '$web'
SourcePath: 'apps/pr-deploy-site/dist'
storage: $(azureStorage)
- task: GithubPRStatus@0
displayName: 'Update PR deploy site github status'
inputs:
githubOwner: microsoft
githubRepo: fluentui
githubContext: 'Pull request demo site'
githubDescription: 'Click "Details" to go to the deployed demo site for this pull request'
# This MUST have a trailing slash, or the links to PR deploy site assets won't work
githubTargetLink: $(deployUrl)/
- script: |
yarn e2e $(sinceArg)
displayName: Cypress E2E tests
- template: .devops/templates/cleanup.yml
- script: |
rm apps/pr-deploy-site/dist/public-docsite-v9/storybook/407.13419a99614bf685f100.manager.bundle.js
displayName: 'Remove false positive file'