106 строки
3.4 KiB
YAML
106 строки
3.4 KiB
YAML
name: 0.0.$(Date:yyMM.d)$(Rev:rrr)
|
|
|
|
parameters:
|
|
- name: AgentPool
|
|
type: object
|
|
default:
|
|
Medium:
|
|
name: rnw-pool-4-microsoft
|
|
demands: ImageOverride -equals rnw-img-vs2022-node18
|
|
Large:
|
|
name: rnw-pool-8-microsoft
|
|
demands: ImageOverride -equals rnw-img-vs2022-node18
|
|
- name: forceCodeQL
|
|
displayName: Force CodeQL to rebuild databases
|
|
type: boolean
|
|
default: false
|
|
- name: complianceWarnOnly
|
|
displayName: Convert compliance errors to warnings
|
|
type: boolean
|
|
default: true # Let's get all results in this pipeline
|
|
|
|
variables:
|
|
- template: variables/windows.yml
|
|
- group: RNW Secrets
|
|
- name: Codeql.Enabled
|
|
value: true
|
|
- ${{ if eq(parameters.forceCodeQL, true) }}:
|
|
- name: Codeql.Cadence
|
|
value: 0
|
|
- ${{ if eq(parameters.forceCodeQL, false) }}:
|
|
- name: Codeql.Cadence
|
|
value: 120 # In hours, default to only run every 5 days
|
|
|
|
trigger: none
|
|
pr: none
|
|
|
|
jobs:
|
|
- job: RnwUniversalCompliance
|
|
displayName: RNW Universal Compliance
|
|
pool: ${{ parameters.AgentPool.Large }}
|
|
timeoutInMinutes: 360 # Compliance tasks recommend to 3x usual build timeout
|
|
|
|
steps:
|
|
- template: templates/checkout-shallow.yml
|
|
|
|
- template: templates/prepare-js-env.yml
|
|
|
|
- template: templates/set-version-vars.yml
|
|
parameters:
|
|
buildEnvironment: Continuous
|
|
|
|
- template: templates/publish-version-vars.yml
|
|
|
|
- template: templates/prepare-build-env.yml
|
|
parameters:
|
|
platform: x64
|
|
configuration: Release
|
|
buildEnvironment: Continuous
|
|
|
|
- template: templates/apply-published-version-vars.yml
|
|
|
|
# Pre-build compliance tasks
|
|
|
|
- template: templates/run-compliance-prebuild.yml
|
|
parameters:
|
|
complianceWarnOnly: ${{ parameters.complianceWarnOnly }}
|
|
|
|
- task: NuGetAuthenticate@1
|
|
|
|
# AgentES Task (https://aka.ms/UES)
|
|
# Installs and runs the "Agent ES" tool, which scans the source code for banned file types.
|
|
- powershell: |
|
|
& nuget.exe install AgentES -FallbackSource https://microsoft.pkgs.visualstudio.com/_packaging/Undocked.Shell.Services/nuget/v3/index.json
|
|
$AgentESPath = (Get-ChildItem -Path AgentES* -Filter AgentES.exe -Recurse | %{$_.FullName})
|
|
& $AgentESPath $env:BUILD_SOURCESDIRECTORY -e:$env:BUILD_SOURCESDIRECTORY\.ado\config\AgentES.Exemptions.json -b
|
|
displayName: "⚖️ AgentES - Scan of Repository for UES Policy Violations"
|
|
workingDirectory: $(Agent.BuildDirectory)
|
|
continueOnError: ${{ parameters.complianceWarnOnly }}
|
|
|
|
# Initialize CodeQL 3000 Task (https://aka.ms/codeql3000)
|
|
# Performs static code analysis.
|
|
- task: CodeQL3000Init@0
|
|
displayName: "🛡️ Initialize CodeQL"
|
|
continueOnError: ${{ parameters.complianceWarnOnly }}
|
|
|
|
# Build RNW
|
|
|
|
- template: templates/msbuild-sln.yml
|
|
parameters:
|
|
solutionDir: vnext
|
|
solutionName: Microsoft.ReactNative.sln
|
|
buildPlatform: x64
|
|
buildConfiguration: Release
|
|
|
|
# Post-build compliance tasks
|
|
|
|
- template: templates/run-compliance-postbuild.yml
|
|
parameters:
|
|
complianceWarnOnly: ${{ parameters.complianceWarnOnly }}
|
|
|
|
# Finalize CodeQL 3000 Task (https://aka.ms/codeql3000)
|
|
# Performs static code analysis.
|
|
- task: CodeQL3000Finalize@0
|
|
displayName: "🛡️ Finalize CodeQL"
|
|
continueOnError: ${{ parameters.complianceWarnOnly }}
|