microsoft
/
vs-validation
зеркало из https://github.com/microsoft/vs-validation.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Merge remote-tracking branch 'libtemplate/microbuild' into libtemplateUpdate

This commit is contained in:
Andrew Arnott 2024-02-27 14:13:49 -07:00
Родитель 3eb85916a1 0d1ceb8a26
Коммит bc6561477b
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: F33A420C60ED9C6F
33 изменённых файлов: 808 добавлений и 334 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
.config/dotnet-tools.json
Просмотреть файл

@ -9,7 +9,7 @@
]
},
"dotnet-coverage": {
"version": "17.10.1",
"version": "17.10.3",
"commands": [
"dotnet-coverage"
]

0
.prettierrc.yaml Normal file
Просмотреть файл

1
.vscode/extensions.json поставляемый
Просмотреть файл

@ -7,6 +7,7 @@
"ms-dotnettools.csharp",
"k--kato.docomment",
"editorconfig.editorconfig",
"esbenp.prettier-vscode",
"pflannery.vscode-versionlens",
"davidanson.vscode-markdownlint",
"dotjoshjohnson.xml",

12
.vscode/settings.json поставляемый
Просмотреть файл

@ -10,5 +10,15 @@
"[xml]": {
"editor.wordWrap": "off"
},
"dotnet.defaultSolution": "Microsoft.VisualStudio.Validation.sln"
// Treat these files as Azure Pipelines files
"files.associations": {
"**/azure-pipelines/**/*.yml": "azure-pipelines",
"azure-pipelines.yml": "azure-pipelines"
},
// Use Prettier as the default formatter for Azure Pipelines files.
// Needs to be explicitly configured: https://github.com/Microsoft/azure-pipelines-vscode#document-formatting
"[azure-pipelines]": {
"editor.defaultFormatter": "esbenp.prettier-vscode",
"editor.formatOnSave": false // enable this when the conform
},
}

8
Directory.Packages.props
Просмотреть файл

@ -5,15 +5,15 @@
<ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
<CentralPackageTransitivePinningEnabled>true</CentralPackageTransitivePinningEnabled>
<MicroBuildVersion>2.0.147</MicroBuildVersion>
<MicroBuildVersion>2.0.149</MicroBuildVersion>
</PropertyGroup>
<ItemGroup>
<PackageVersion Include="Microsoft.CodeAnalysis.ResxSourceGenerator" Version="3.3.5-beta1.23330.2" />
<PackageVersion Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
<PackageVersion Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
<PackageVersion Include="Microsoft.VisualStudio.Internal.MicroBuild.NonShipping" Version="$(MicroBuildVersion)" />
<PackageVersion Include="Moq" Version="4.20.70" />
<PackageVersion Include="xunit.runner.visualstudio" Version="2.5.6" />
<PackageVersion Include="xunit" Version="2.6.6" />
<PackageVersion Include="xunit.runner.visualstudio" Version="2.5.7" />
<PackageVersion Include="xunit" Version="2.7.0" />
</ItemGroup>
<ItemGroup>
<GlobalPackageReference Include="CSharpIsNullAnalyzer" Version="0.1.495" />

10
azure-pipelines.yml
Просмотреть файл

@ -14,7 +14,7 @@ trigger:
- azure-pipelines/release.yml
parameters:
- name: includeMacOS
- name: EnableMacOSBuild
displayName: Build on macOS
type: boolean
default: false # macOS is often bogged down in Azure Pipelines
@ -24,13 +24,11 @@ parameters:
default: true
variables:
DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
BuildConfiguration: Release
codecov_token: 1c079a51-729f-4e18-9792-2a75f2e074e0
NUGET_PACKAGES: $(Agent.TempDirectory)/.nuget/packages/
- template: /azure-pipelines/BuildStageVariables.yml@self
jobs:
- template: azure-pipelines/build.yml
parameters:
includeMacOS: ${{ parameters.includeMacOS }}
Is1ESPT: false
EnableMacOSBuild: ${{ parameters.EnableMacOSBuild }}
RunTests: ${{ parameters.RunTests }}

5
azure-pipelines/BuildStageVariables.yml Normal file
Просмотреть файл

@ -0,0 +1,5 @@
variables:
DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
BuildConfiguration: Release
NUGET_PACKAGES: $(Agent.TempDirectory)/.nuget/packages/
codecov_token: 1c079a51-729f-4e18-9792-2a75f2e074e0

16
azure-pipelines/InsertionMetadataPackage.nuspec Normal file
Просмотреть файл

@ -0,0 +1,16 @@
<?xml version="1.0"?>
<package >
<metadata>
<id>Microsoft.VisualStudio.Validation.VSInsertionMetadata</id>
<version>$version$</version>
<authors>Microsoft</authors>
<owners>Microsoft</owners>
<projectUrl>https://github.com/Microsoft/vs-validation</projectUrl>
<requireLicenseAcceptance>false</requireLicenseAcceptance>
<description>Contains metadata for insertion into VS.</description>
<copyright>© Microsoft Corporation. All rights reserved.</copyright>
</metadata>
<files>
<file src="ProfilingInputs.props" target="InsertionVS/" />
</files>
</package>

112
azure-pipelines/OptProf.yml Normal file
Просмотреть файл

@ -0,0 +1,112 @@
trigger: none
pr: none
schedules:
- cron: "0 3 * * Fri" # Thu @ 8 or 9 PM Mountain Time (depending on DST)
displayName: Weekly OptProf run
branches:
include:
- 'v*.*'
- main
always: true # we must keep data fresh since optimizationdata drops are purged after 30 days
# Avoid errant CI builds: https://developercommunity.visualstudio.com/content/problem/1154409/azure-pipeline-is-triggering-due-to-events-that-ne.html
#resources:
# repositories:
# - repository: scripts
# type: git
# name: DeploymentScripts
# ref: refs/heads/test
variables:
- template: GlobalVariables.yml
- name: PublicRelease
value: false # avoid using nice version since we're building a preliminary/unoptimized package
- name: IsOptProf
value: true
stages:
- stage: Library
variables:
- name: OptProf
value: true
- template: BuildStageVariables.yml
jobs:
- template: build.yml
parameters:
Is1ESPT: false
RealSign: true
windowsPool: VSEngSS-MicroBuild2022-1ES
EnableMacOSBuild: false
ShouldSkipOptimize: true
IsOptProf: true
RunTests: false
- stage: QueueVSBuild
jobs:
- job: QueueOptProf
pool: VSEngSS-MicroBuild2022-1ES
variables:
InsertPayloadName: LibraryName
InsertTopicBranch: team/VS-IDE/LibraryName-OptProf-run-$(Build.BuildId)
steps:
- checkout: none # We don't need source from our own repo
clean: true
# Pipeline YAML does not yet support checking out other repos. So we'll do it by hand.
# - checkout: scripts # We DO need source from the DeploymentScripts repo
# clean: true
# path: $(Agent.TempDirectory)/DeploymentScripts
# fetchDepth: 1
- script: 'git -c http.extraheader="AUTHORIZATION: bearer $(System.AccessToken)" clone https://devdiv.visualstudio.com/DevDiv/_git/DeploymentScripts --depth 1 --branch test "$(Agent.TempDirectory)/DeploymentScripts"'
displayName: Download DeploymentScripts repo
- task: DownloadBuildArtifacts@0
displayName: Download insertion artifacts
inputs:
artifactName: VSInsertion-Windows
downloadPath: $(Agent.TempDirectory)
- task: DownloadBuildArtifacts@0
displayName: Download variables artifacts
inputs:
artifactName: Variables-Windows
downloadPath: $(Agent.TempDirectory)
- task: PowerShell@2
displayName: Set pipeline variables based on artifacts
inputs:
targetType: filePath
filePath: $(Agent.TempDirectory)/Variables-Windows/_pipelines.ps1
- task: NuGetCommand@2
displayName: Push CoreXT packages to VS feed
inputs:
command: push
packagesToPush: $(Agent.TempDirectory)/VSInsertion-Windows/*.nupkg
publishVstsFeed: 97a41293-2972-4f48-8c0e-05493ae82010 # VS feed
allowPackageConflicts: true
- task: MicroBuildInsertVsPayload@4
displayName: Insert VS Payload
inputs:
TeamName: $(TeamName)
TeamEmail: $(TeamEmail)
SkipCreatePR: true
CustomScriptExecutionCommand: src\VSSDK\NuGet\AllowUnstablePackages.ps1
- task: benjhuser.tfs-extensions-build-tasks.trigger-build-task.TriggerBuild@3
displayName: Trigger a new build of DD-CB-TestSignVS-devCI
inputs:
buildDefinition: DD-CB-TestSignVS-devCI
useSameBranch: false
branchToUse: $(InsertTopicBranch)
storeInEnvironmentVariable: true
queueBuildForUserThatTriggeredBuild: false
authenticationMethod: OAuth Token
password: $(System.AccessToken)
- task: PowerShell@2
displayName: Associate InsertionOutputs artifacts with CloudBuild
inputs:
targetType: filePath
filePath: $(Agent.TempDirectory)/DeploymentScripts/Scripts/Insertion/WriteArtifact.ps1
arguments: '-oldBuildID $(Build.BuildId) -newBuildID $(TriggeredBuildIds) -artifactName "InsertionOutputs" -accessToken $(System.AccessToken)'
- task: PowerShell@2
displayName: Tag the build with LibraryName-insertion
inputs:
targetType: filePath
filePath: $(Agent.TempDirectory)/DeploymentScripts/Scripts/Insertion/TagBuild.ps1
arguments: '-buildID $(TriggeredBuildIds) -tagName "LibraryName-insertion" -accessToken $(System.AccessToken)'

89
azure-pipelines/OptProf_part2.yml Normal file
Просмотреть файл

@ -0,0 +1,89 @@
trigger: none
pr: none
resources:
pipelines:
- pipeline: VisualStudioBuildUnderTest
source: DD-CB-TestSignVS-devCI
trigger:
tags:
- LibraryName-insertion
- pipeline: DartLab
source: DartLab
branch: main
- pipeline: DartLab.OptProf
source: DartLab.OptProf
branch: main
repositories:
- repository: DartLabTemplates
type: git
name: DartLab.Templates
ref: refs/heads/main
- repository: DartLabOptProfTemplates
type: git
name: DartLab.OptProf
ref: refs/heads/main
parameters:
# The prefix naming of the OptimizationInputs drop
- name: optimizationDropPrefix
type: string
default: OptimizationInputs/$(System.TeamProject)/$(Build.Repository.Name)
stages:
- template: \templates\stages\visual-studio\single-runsettings.yml@DartLabOptProfTemplates
parameters:
##### Required #####
runSettingsURI: $(Pipeline.Workspace)\VisualStudioBuildUnderTest\BuildArtifacts\runsettings\LibraryName.OptProf.runsettings
visualStudioBootstrapperURI: https://vsdrop.corp.microsoft.com/file/v1/$(VisualStudio.BuildUnderTest.ProductsDropName);bootstrappers/Enterprise/vs_enterprise.exe
##### Optional #####
name: OptProfProfilingWorkflow
displayName: OptProf Profiling Workflow
optOptimizationInputsDropName: $(OptimizationInputsDropName)
previousOptimizationInputsDropName: $(PreviousOptimizationInputsDropName)
testLabPoolName: VS-Platform
##### Step Hooks #####
preTestMachineConfigurationStepList:
- download: VisualStudioBuildUnderTest
- task: PowerShell@2
name: SetProductsDropName
displayName: Set 'VisualStudio.BuildUnderTest.ProductsDropName'
inputs:
filePath: $(DartLab.Path)\Scripts\VisualStudio\Build\Get-VisualStudioDropName.ps1
arguments: -DropNamePrefix 'Products' -VstsDropUrlsJson '$(Pipeline.Workspace)\VisualStudioBuildUnderTest\BuildArtifacts\VstsDropUrls.json' -OutVariableName 'VisualStudio.BuildUnderTest.ProductsDropName'
preDeployAndRunTestsStepList:
- download: VisualStudioBuildUnderTest
prePublishOptimizationInputsDropStepList:
# Set parameter for PreviousOptimizationInputsDropName, MicroBuildCommitID, and OptimizationInputsDropName
- powershell: |
try {
$artifactName = 'InsertionOutputs'
$BuildID = $(resources.pipeline.VisualStudioBuildUnderTest.runID)
$artifact = Get-BuildArtifact -InstanceURL 'https://dev.azure.com/devdiv' -ProjectName 'DevDiv' -BuildID $BuildID -ArtifactName $artifactName -OAuthAccessToken (ConvertTo-SecureString '$(System.AccessToken)' -AsPlainText -Force)
$containerName = $artifact.Resource.Data -Split '/' | Select-Object -Last 1
$fileName = Join-Path $containerName 'Metadata.json'
$jsonString = Read-BuildArtifactFile -InstanceURL 'https://dev.azure.com/devdiv' -ProjectName 'DevDiv' -BuildID $BuildID -ArtifactName $artifactName -FileName $fileName -OAuthAccessToken (ConvertTo-SecureString '$(System.AccessToken)' -AsPlainText -Force)
$json = $jsonString | ConvertFrom-Json
Write-Host "The content of the metadata.json file was $json"
$dropname = $json.OptimizationData
$commitID = $json.CommitID
$OptimizationInputsDropName = "${{parameters.optimizationDropPrefix}}/$($commitID)/$(Build.BuildId)/$(System.StageId)/$(System.StageAttempt)"
Write-Host "PreviousOptimizationInputsDropName: $dropname"
Set-AzurePipelinesVariable 'PreviousOptimizationInputsDropName' $dropname
Write-Host "MicroBuildCommitID: $commitID"
Set-AzurePipelinesVariable 'MicroBuildCommitID' $commitID
Write-Host "OptimizationInputsDropName: $OptimizationInputsDropName"
Set-AzurePipelinesVariable 'OptimizationInputsDropName' $OptimizationInputsDropName
}
catch {
Write-Host $_
Write-Error "Failed to set OptimizationInputsDropName pipeline variable"
throw
}
displayName: Set MicroBuildCommitID, PreviousOptimizationInputsDropName, and OptimizationInputsDropName

5
azure-pipelines/ProfilingInputs.props Normal file
Просмотреть файл

@ -0,0 +1,5 @@
<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<TestStore Include="%TESTSTORE%" />
</ItemGroup>
</Project>

19
azure-pipelines/TSAOptions.json Normal file
Просмотреть файл

@ -0,0 +1,19 @@
{
"tsaVersion": "TsaV2",
"codebase": "NewOrUpdate",
"codebaseName": "LibraryName",
"tsaStamp": "DevDiv",
"tsaEnvironment": "PROD",
"notificationAliases": [
"vsidemicrobuild@microsoft.com"
],
"codebaseAdmins": [
"REDMOND\\andarno"
],
"instanceUrl": "https://devdiv.visualstudio.com",
"projectName": "DevDiv",
"areaPath": "DevDiv\\VS Core",
"iterationPath": "DevDiv",
"alltools": true,
"repositoryName": "Library.Template"
}

44
azure-pipelines/apiscan.yml Normal file
Просмотреть файл

@ -0,0 +1,44 @@
parameters:
- name: windowsPool
type: object
jobs:
- job: apiscan
displayName: APIScan
dependsOn: Windows
pool: ${{ parameters.windowsPool }}
timeoutInMinutes: 120
variables:
- name: SymbolsFeatureName
value: $[ dependencies.Windows.outputs['SetPipelineVariables.SymbolsFeatureName'] ]
- name: NBGV_MajorMinorVersion
value: $[ dependencies.Windows.outputs['nbgv.NBGV_MajorMinorVersion'] ]
- ${{ if eq(variables['system.collectionId'], '011b8bdf-6d56-4f87-be0d-0092136884d9') }}:
# https://dev.azure.com/devdiv/DevDiv/_wiki/wikis/DevDiv.wiki/25351/APIScan-step-by-step-guide-to-setting-up-a-Pipeline
- group: VSCloudServices-APIScan # Expected to provide ApiScanClientId, ApiScanSecret, ApiScanTenant
steps:
# We need TSAOptions.json
- checkout: self
fetchDepth: 1
- download: current
artifact: APIScanInputs
displayName: 🔻 Download APIScanInputs artifact
- task: APIScan@2
displayName: 🔍 Run APIScan
inputs:
softwareFolder: $(Pipeline.Workspace)/APIScanInputs
softwareName: $(SymbolsFeatureName)
softwareVersionNum: $(NBGV_MajorMinorVersion)
isLargeApp: false
toolVersion: Latest
env:
AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret)
# File bugs when APIScan finds issues
- task: TSAUpload@2
displayName: 🪳 TSA upload
inputs:
GdnPublishTsaOnboard: True
GdnPublishTsaConfigFile: $(Build.SourcesDirectory)\azure-pipelines\TSAOptions.json

2
azure-pipelines/archive-sourcecode.yml
Просмотреть файл

@ -44,7 +44,7 @@ extends:
pool:
name: AzurePipelines-EO
demands:
- ImageOverride -equals AzurePipelinesUbuntu20.04compliantGPT
- ImageOverride -equals 1ESPT-Ubuntu22.04
os: Linux
steps:

24
azure-pipelines/artifacts/APIScanInputs.ps1 Normal file
Просмотреть файл

@ -0,0 +1,24 @@
$inputs = & "$PSScriptRoot/symbols.ps1"
if (!$inputs) { return }
# Filter out specific files that APIScan does not support.
# Specifically, APIScan doesn't support Windows ARM64 binaries, nor linux/OSX binaries.
$outputs = @{}
$forbiddenSubPaths = @(
, 'arm64'
, 'win-arm64'
, 'linux-*'
, 'osx*'
)
$inputs.GetEnumerator() | % {
$list = $_.Value | ? {
$path = $_.Replace('\', '/')
return !($forbiddenSubPaths | ? { $path -like "*/$_/*" })
}
$outputs[$_.Key] = $list
}
$outputs

2
azure-pipelines/artifacts/LocBin.ps1
Просмотреть файл

@ -1,5 +1,7 @@
# Identify LCE files and the binary files they describe
$BinRoot = [System.IO.Path]::GetFullPath("$PSScriptRoot\..\..\bin")
if (!(Test-Path $BinRoot)) { return }
$FilesToCopy = @()
$FilesToCopy += Get-ChildItem -Recurse -File -Path $BinRoot |? { $_.FullName -match '\\Localize\\' }

40
azure-pipelines/artifacts/VSInsertion.ps1
Просмотреть файл

@ -16,13 +16,43 @@ if (!$BuildConfiguration) {
$BuildConfiguration = 'Debug'
}
$PackagesRoot = "$RepoRoot/bin/Packages/$BuildConfiguration/NuGet"
$NuGetPackages = "$RepoRoot/bin/Packages/$BuildConfiguration/NuGet"
if (!(Test-Path $PackagesRoot)) {
Write-Warning "Skipping because packages haven't been built yet."
if (!(Test-Path $NuGetPackages)) {
Write-Warning "Skipping because NuGet packages haven't been built yet."
return @{}
}
@{
"$PackagesRoot" = (Get-ChildItem $PackagesRoot -Recurse)
$result = @{
"$NuGetPackages" = (Get-ChildItem $NuGetPackages -Recurse)
}
if ($env:IsOptProf) {
$CoreXTPackages = "$RepoRoot/bin/Packages/$BuildConfiguration/CoreXT"
$ArtifactBasePath = "$RepoRoot\obj\_artifacts"
$ArtifactPath = "$ArtifactBasePath\VSInsertion"
if (-not (Test-Path $ArtifactPath)) { New-Item -ItemType Directory -Path $ArtifactPath | Out-Null }
$profilingInputs = [xml](Get-Content -Path "$PSScriptRoot\..\ProfilingInputs.props")
$profilingInputs.Project.ItemGroup.TestStore.Include = "vstsdrop:" + (& "$PSScriptRoot\..\variables\ProfilingInputsDropName.ps1")
$profilingInputs.Save("$ArtifactPath\ProfilingInputs.props")
$InsertionMetadataVersion = $(dotnet tool run nbgv get-version -p "$RepoRoot\src" -f json | ConvertFrom-Json).NuGetPackageVersion
if ($env:BUILD_BUILDID) {
# We must ensure unique versions for the insertion metadata package so
# it can contain information that is unique to this build.
# In particular it includes the ProfilingInputsDropName, which contains the BuildId.
# A non-unique package version here may collide with a prior run of this same commit,
# ultimately resulting in a failure of the optprof run.
$InsertionMetadataVersion += '.' + $env:BUILD_BUILDID
}
& (& "$PSScriptRoot\..\Get-NuGetTool.ps1") pack "$PSScriptRoot\..\InsertionMetadataPackage.nuspec" -OutputDirectory $CoreXTPackages -BasePath $ArtifactPath -Version $InsertionMetadataVersion | Out-Null
if ($LASTEXITCODE -ne 0) {
exit $LASTEXITCODE
}
$result["$CoreXTPackages"] = (Get-ChildItem "$CoreXTPackages\Microsoft.VisualStudio.Validation.VSInsertionMetadata.$InsertionMetadataVersion.nupkg");
}
$result

331
azure-pipelines/build.yml
Просмотреть файл

@ -1,7 +1,83 @@
parameters:
##### The following parameters are not set by other YAML files that import this one,
##### but we use parameters because they support rich types and defaults.
##### Feel free to adjust their default value as needed.
# Whether this repo uses OptProf to optimize the built binaries.
- name: EnableOptProf
type: boolean
default: false
# Whether this repo is localized.
- name: EnableLocalization
type: boolean
default: true
# Whether to run `dotnet format` as part of the build to ensure code style consistency.
# This is just one of a a few mechanisms to enforce code style consistency.
- name: EnableDotNetFormatCheck
type: boolean
default: true
# This lists the names of the artifacts that will be published *from every OS build agent*.
# Any new azure-pipelines/artifacts/*.ps1 script needs to be added to this list.
# If an artifact is only generated or collected on one OS, it should NOT be listed here,
# but should be manually added to the `outputs:` field in the appropriate OS job.
- name: artifact_names
type: object
default:
- build_logs
- coverageResults
- deployables
- projectAssetsJson
- symbols
- testResults
- test_symbols
- Variables
# The Enable*Build parameters turn non-Windows agents on or off.
# Their default value should be based on whether the build and tests are expected/required to pass on that platform.
# Callers (e.g. Official.yml) *may* expose these parameters at queue-time in order to turn OFF optional agents.
- name: EnableLinuxBuild
type: boolean
default: true
- name: EnableMacOSBuild
type: boolean
default: true
##### 👆🏼 You MAY change the defaults above.
##### 👇🏼 You should NOT change the defaults below.
##### The following parameters are expected to be set by other YAML files that import this one.
##### Those without defaults require explicit values to be provided by our importers.
# Indicates whether the entrypoint file is 1ESPT compliant. Use this parameter to switch between publish tasks to fit 1ES or non-1ES needs.
- name: Is1ESPT
type: boolean
- name: RealSign
type: boolean
default: false
# Whether this particular run is an OptProf profiling run.
# This is used to skip unit tests and other non-essential work to improve reliability of the OptProf pipeline.
- name: IsOptProf
type: boolean
default: false
- name: RunTests
type: boolean
default: true
- name: EnableAPIScan
type: boolean
default: false
# This parameter exists to provide a workaround to get a build out even when no OptProf profiling outputs can be found.
# Entrypoint yaml files like official.yml should expose this as a queue-time setting when EnableOptProf is true in this file.
# The OptProf.yml entrypoint sets this parameter to true so that collecting profile data isn't blocked by a prior lack of profile data.
- name: ShouldSkipOptimize
type: boolean
default: false
# The pool parameters are set to defaults that work in the azure-public AzDO account.
# They are overridden by callers for the devdiv AzDO account to use 1ES compliant pools.
- name: windowsPool
type: object
default:
@ -14,53 +90,42 @@ parameters:
type: object
default:
vmImage: macOS-12
- name: includeMacOS
type: boolean
- name: RunTests
type: boolean
default: true
- name: EnableCompliance
type: boolean
default: false
- name: EnableAPIScan
type: boolean
default: false
- name: artifact_names
type: object
default:
- build_logs
- coverageResults
- deployables
- projectAssetsJson
- symbols
- testResults
- test_symbols
- Variables
jobs:
- job: Windows
pool: ${{ parameters.windowsPool }}
timeoutInMinutes: 180 # Give plenty of time due to real signing
variables:
- ${{ if eq(variables['system.collectionId'], '011b8bdf-6d56-4f87-be0d-0092136884d9') }}:
# https://dev.azure.com/devdiv/DevDiv/_wiki/wikis/DevDiv.wiki/25351/APIScan-step-by-step-guide-to-setting-up-a-Pipeline
- group: VSCloudServices-APIScan # Expected to provide ApiScanClientId, ApiScanSecret, ApiScanTenant
${{ if eq(variables['system.collectionId'], '011b8bdf-6d56-4f87-be0d-0092136884d9') }}:
templateContext:
mb:
signing:
enabled: true
zipSources: false
${{ if or(parameters.RealSign, eq(variables['Build.Reason'],'Schedule')) }}:
${{ if parameters.RealSign }}:
signType: real
${{ else }}:
signType: test
sbom:
enabled: true
localization:
enabled: true
enabled: ${{ parameters.EnableLocalization }}
${{ if eq(variables['Build.Reason'], 'pullRequest') }}:
languages: ENU,JPN
optprof:
enabled: ${{ parameters.EnableOptProf }}
ProfilingInputsDropName: $(ProfilingInputsDropName)
OptimizationInputsLookupMethod: DropPrefix
DropNamePrefix: OptimizationInputs/$(System.TeamProject)/$(Build.Repository.Name)
ShouldSkipOptimize: ${{ parameters.ShouldSkipOptimize }}
AccessToken: $(System.AccessToken)
mbpresteps:
- checkout: self
fetchDepth: 0 # avoid shallow clone so nbgv can do its work.
clean: true
- ${{ if parameters.EnableOptProf }}:
- powershell: Write-Host "##vso[task.setvariable variable=PROFILINGINPUTSDROPNAME]$(azure-pipelines/variables/ProfilingInputsDropName.ps1)"
displayName: ⚙ Set ProfilingInputsDropName for optprof
outputParentDirectory: $(Build.ArtifactStagingDirectory)
outputs:
- ${{ each artifact_name in parameters.artifact_names }}:
@ -69,24 +134,29 @@ jobs:
displayName: 📢 Publish ${{ artifact_name }}-Windows
targetPath: $(Build.ArtifactStagingDirectory)/${{ artifact_name }}-Windows
artifactName: ${{ artifact_name }}-Windows
condition: succeededOrFailed()
- output: pipelineArtifact
displayName: 📢 Publish VSInsertion-Windows
targetPath: $(Build.ArtifactStagingDirectory)/VSInsertion-Windows
artifactName: VSInsertion-Windows
- output: pipelineArtifact
displayName: 📢 Publish LocBin-Windows
targetPath: $(Build.ArtifactStagingDirectory)/LocBin-Windows
artifactName: LocBin-Windows
# This is useful when false positives appear so we can copy some of the output into the suppressions file.
- output: pipelineArtifact
displayName: 📢 Publish Guardian failures
targetPath: $(Build.ArtifactStagingDirectory)/guardian_failures_as_suppressions
artifactName: guardian_failures_as_suppressions
condition: failed()
- ${{ if parameters.EnableLocalization }}:
- output: pipelineArtifact
displayName: 📢 Publish LocBin-Windows
targetPath: $(Build.ArtifactStagingDirectory)/LocBin-Windows
artifactName: LocBin-Windows
- ${{ if parameters.EnableAPIScan }}:
- output: pipelineArtifact
displayName: 📢 Publish APIScanInputs
targetPath: $(Build.ArtifactStagingDirectory)/APIScanInputs-Windows
artifactName: APIScanInputs
steps:
- checkout: self
fetchDepth: 0 # avoid shallow clone so nbgv can do its work.
clean: true
- ${{ if not(parameters.Is1ESPT) }}:
- checkout: self
fetchDepth: 0 # avoid shallow clone so nbgv can do its work.
clean: true
- ${{ if parameters.EnableOptProf }}:
- powershell: Write-Host "##vso[task.setvariable variable=PROFILINGINPUTSDROPNAME]$(azure-pipelines/variables/ProfilingInputsDropName.ps1)"
displayName: ⚙ Set ProfilingInputsDropName for optprof
- ${{ if eq(variables['Build.Reason'], 'Schedule') }}:
- template: schedule-only-steps.yml
@ -95,93 +165,122 @@ jobs:
- script: dotnet nbgv cloud -ca
displayName: ⚙ Set build number
name: nbgv
- ${{ if eq(variables['system.collectionId'], '011b8bdf-6d56-4f87-be0d-0092136884d9') }}:
- template: microbuild.before.yml
parameters:
EnableLocalization: ${{ parameters.EnableLocalization }}
EnableOptProf: ${{ parameters.EnableOptProf }}
IsOptProf: ${{ parameters.IsOptProf }}
ShouldSkipOptimize: ${{ parameters.ShouldSkipOptimize }}
RealSign: ${{ parameters.RealSign }}
- template: dotnet.yml
parameters:
Is1ESPT: ${{ parameters.Is1ESPT }}
RunTests: ${{ parameters.RunTests }}
IsOptProf: ${{ parameters.IsOptProf }}
- ${{ if and(parameters.EnableDotNetFormatCheck, not(parameters.EnableLinuxBuild)) }}:
- script: dotnet format --verify-no-changes --no-restore
displayName: 💅 Verify formatted code
- ${{ if eq(variables['system.collectionId'], '011b8bdf-6d56-4f87-be0d-0092136884d9') }}:
- template: microbuild.after.yml
parameters:
EnableCompliance: ${{ parameters.EnableCompliance }}
EnableAPIScan: ${{ parameters.EnableAPIScan }}
EnableOptProf: ${{ parameters.EnableOptProf }}
IsOptProf: ${{ parameters.IsOptProf }}
- job: Linux
pool: ${{ parameters.linuxPool }}
${{ if eq(variables['system.collectionId'], '011b8bdf-6d56-4f87-be0d-0092136884d9') }}:
templateContext:
mb:
${{ if or(parameters.RealSign, eq(variables['Build.Reason'],'Schedule')) }}:
signing:
enabled: false # enable when building unique artifacts on this agent that must be signed
signType: real
outputParentDirectory: $(Build.ArtifactStagingDirectory)
outputs:
- ${{ each artifact_name in parameters.artifact_names }}:
- ${{ if or(ne(artifact_name, 'testResults'), parameters.RunTests) }}:
- output: pipelineArtifact
displayName: 📢 Publish ${{ artifact_name }}-Linux
targetPath: $(Build.ArtifactStagingDirectory)/${{ artifact_name }}-Linux
artifactName: ${{ artifact_name }}-Linux
steps:
- checkout: self
fetchDepth: 0 # avoid shallow clone so nbgv can do its work.
clean: true
- template: install-dependencies.yml
- template: dotnet.yml
parameters:
RunTests: ${{ parameters.RunTests }}
- script: dotnet format --verify-no-changes --no-restore
displayName: 💅 Verify formatted code
- ${{ if not(parameters.IsOptProf) }}:
- ${{ if parameters.EnableLinuxBuild }}:
- job: Linux
pool: ${{ parameters.linuxPool }}
${{ if eq(variables['system.collectionId'], '011b8bdf-6d56-4f87-be0d-0092136884d9') }}:
templateContext:
mb:
${{ if parameters.RealSign }}:
signing:
enabled: false # enable when building unique artifacts on this agent that must be signed
signType: real
outputParentDirectory: $(Build.ArtifactStagingDirectory)
outputs:
- ${{ each artifact_name in parameters.artifact_names }}:
- ${{ if or(ne(artifact_name, 'testResults'), parameters.RunTests) }}:
- output: pipelineArtifact
displayName: 📢 Publish ${{ artifact_name }}-Linux
targetPath: $(Build.ArtifactStagingDirectory)/${{ artifact_name }}-Linux
artifactName: ${{ artifact_name }}-Linux
condition: succeededOrFailed()
steps:
- checkout: self
fetchDepth: 0 # avoid shallow clone so nbgv can do its work.
clean: true
- template: install-dependencies.yml
- template: dotnet.yml
parameters:
Is1ESPT: ${{ parameters.Is1ESPT }}
RunTests: ${{ parameters.RunTests }}
- ${{ if parameters.EnableDotNetFormatCheck }}:
- script: dotnet format --verify-no-changes --no-restore
displayName: 💅 Verify formatted code
- job: macOS
condition: ${{ parameters.includeMacOS }}
pool: ${{ parameters.macOSPool }}
${{ if eq(variables['system.collectionId'], '011b8bdf-6d56-4f87-be0d-0092136884d9') }}:
templateContext:
mb:
${{ if or(parameters.RealSign, eq(variables['Build.Reason'],'Schedule')) }}:
signing:
enabled: false # enable when building unique artifacts on this agent that must be signed
signType: real
outputParentDirectory: $(Build.ArtifactStagingDirectory)
outputs:
- ${{ each artifact_name in parameters.artifact_names }}:
- ${{ if or(ne(artifact_name, 'testResults'), parameters.RunTests) }}:
- output: pipelineArtifact
displayName: 📢 Publish ${{ artifact_name }}-macOS
targetPath: $(Build.ArtifactStagingDirectory)/${{ artifact_name }}-macOS
artifactName: ${{ artifact_name }}-macOS
steps:
- checkout: self
fetchDepth: 0 # avoid shallow clone so nbgv can do its work.
clean: true
- template: install-dependencies.yml
- template: dotnet.yml
parameters:
RunTests: ${{ parameters.RunTests }}
- ${{ if parameters.EnableMacOSBuild }}:
- job: macOS
pool: ${{ parameters.macOSPool }}
${{ if eq(variables['system.collectionId'], '011b8bdf-6d56-4f87-be0d-0092136884d9') }}:
templateContext:
mb:
${{ if parameters.RealSign }}:
signing:
enabled: false # enable when building unique artifacts on this agent that must be signed
signType: real
outputParentDirectory: $(Build.ArtifactStagingDirectory)
outputs:
- ${{ each artifact_name in parameters.artifact_names }}:
- ${{ if or(ne(artifact_name, 'testResults'), parameters.RunTests) }}:
- output: pipelineArtifact
displayName: 📢 Publish ${{ artifact_name }}-macOS
targetPath: $(Build.ArtifactStagingDirectory)/${{ artifact_name }}-macOS
artifactName: ${{ artifact_name }}-macOS
condition: succeededOrFailed()
steps:
- checkout: self
fetchDepth: 0 # avoid shallow clone so nbgv can do its work.
clean: true
- template: install-dependencies.yml
- template: dotnet.yml
parameters:
Is1ESPT: ${{ parameters.Is1ESPT }}
RunTests: ${{ parameters.RunTests }}
- job: WrapUp
dependsOn:
- Windows
- Linux
- macOS
pool: ${{ parameters.windowsPool }} # Use Windows agent because PublishSymbols task requires it (https://github.com/microsoft/azure-pipelines-tasks/issues/13821).
condition: succeededOrFailed()
steps:
- checkout: self
fetchDepth: 0 # avoid shallow clone so nbgv can do its work.
clean: true
- template: install-dependencies.yml
parameters:
initArgs: -NoRestore
- template: publish-symbols.yml
parameters:
includeMacOS: ${{ parameters.includeMacOS }}
- ${{ if parameters.RunTests }}:
- template: publish-codecoverage.yml
- job: WrapUp
dependsOn:
- Windows
- ${{ if parameters.EnableLinuxBuild }}:
- Linux
- ${{ if parameters.EnableMacOSBuild }}:
- macOS
pool: ${{ parameters.windowsPool }} # Use Windows agent because PublishSymbols task requires it (https://github.com/microsoft/azure-pipelines-tasks/issues/13821).
condition: succeededOrFailed()
steps:
- checkout: self
fetchDepth: 0 # avoid shallow clone so nbgv can do its work.
clean: true
- template: install-dependencies.yml
parameters:
includeMacOS: ${{ parameters.includeMacOS }}
initArgs: -NoRestore
- template: publish-symbols.yml
parameters:
EnableLinuxBuild: ${{ parameters.EnableLinuxBuild }}
EnableMacOSBuild: ${{ parameters.EnableMacOSBuild }}
- ${{ if parameters.RunTests }}:
- template: publish-codecoverage.yml
parameters:
EnableLinuxBuild: ${{ parameters.EnableLinuxBuild }}
EnableMacOSBuild: ${{ parameters.EnableMacOSBuild }}
- ${{ if parameters.EnableAPIScan }}:
- template: apiscan.yml
parameters:
windowsPool: ${{ parameters.windowsPool }}

24
azure-pipelines/dotnet.yml
Просмотреть файл

@ -1,27 +1,37 @@
parameters:
RunTests:
- name: RunTests
- name: IsOptProf
type: boolean
default: false
- name: Is1ESPT
type: boolean
steps:
- script: dotnet build -t:build,pack --no-restore -c $(BuildConfiguration) -warnaserror /bl:"$(Build.ArtifactStagingDirectory)/build_logs/build.binlog"
displayName: 🛠 dotnet build
- powershell: azure-pipelines/dotnet-test-cloud.ps1 -Configuration $(BuildConfiguration) -Agent $(Agent.JobName) -PublishResults
displayName: 🧪 dotnet test
condition: and(succeeded(), ${{ parameters.RunTests }})
- ${{ if not(parameters.IsOptProf) }}:
- powershell: azure-pipelines/dotnet-test-cloud.ps1 -Configuration $(BuildConfiguration) -Agent $(Agent.JobName) -PublishResults
displayName: 🧪 dotnet test
condition: and(succeeded(), ${{ parameters.RunTests }})
- ${{ if parameters.IsOptProf }}:
# We have to artifically run this script so that the extra .nupkg is produced for variables/InsertConfigValues.ps1 to notice.
- powershell: azure-pipelines\artifacts\VSInsertion.ps1
displayName: 🔧 Prepare VSInsertion artifact
- powershell: azure-pipelines/variables/_pipelines.ps1
failOnStderr: true
displayName: ⚙ Update pipeline variables based on build outputs
condition: succeededOrFailed()
- ${{ if eq(variables['system.collectionId'], '011b8bdf-6d56-4f87-be0d-0092136884d9') }}:
- ${{ if parameters.Is1ESPT }}:
- powershell: azure-pipelines/artifacts/_pipelines.ps1 -StageOnly -AvoidSymbolicLinks -ArtifactNameSuffix "-$(Agent.JobName)" -Verbose
failOnStderr: true
displayName: 📢 Stage artifacts
condition: succeededOrFailed()
- ${{ if ne(variables['system.collectionId'], '011b8bdf-6d56-4f87-be0d-0092136884d9') }}:
- ${{ else }}:
- powershell: azure-pipelines/artifacts/_pipelines.ps1 -ArtifactNameSuffix "-$(Agent.JobName)" -Verbose
failOnStderr: true
displayName: 📢 Publish artifacts

2
azure-pipelines/install-dependencies.yml
Просмотреть файл

@ -7,7 +7,7 @@ steps:
displayName: 🔏 Authenticate NuGet feeds
inputs:
${{ if eq(variables['system.collectionId'], '011b8bdf-6d56-4f87-be0d-0092136884d9') }}:
nuGetServiceConnections: azure-public/msft_consumption
nuGetServiceConnections: azure-public/msft_consumption # Only necessary for GitHub-hosted repos
forceReinstallCredentialProvider: true
- powershell: |

41
azure-pipelines/microbuild.after.yml
Просмотреть файл

@ -1,6 +1,10 @@
parameters:
EnableCompliance:
EnableAPIScan:
- name: EnableOptProf
type: boolean
default: false
- name: IsOptProf
type: boolean
default: false
steps:
- task: MicroBuildCodesignVerify@3
@ -10,20 +14,21 @@ steps:
$(Build.SourcesDirectory)/bin/Packages/$(BuildConfiguration)/NuGet
condition: and(succeeded(), eq(variables['Agent.OS'], 'Windows_NT'))
- task: Ref12Analyze@0
displayName: 📑 Ref12 (Codex) Analyze
inputs:
codexoutputroot: $(Build.ArtifactStagingDirectory)\Codex
workflowArguments: |
/sourcesDirectory:$(Build.SourcesDirectory)
/codexRepoUrl:$(Build.Repository.Uri)
/repoName:$(Build.Repository.Name)
/additionalCodexArguments:-bld
/additionalCodexArguments:$(Build.ArtifactStagingDirectory)/build_logs
condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main'), ne(variables['Build.Reason'], 'PullRequest'), eq(variables['Agent.OS'], 'Windows_NT'))
continueOnError: true
- ${{ if parameters.IsOptProf }}:
- task: ms-vscs-artifact.build-tasks.artifactDropTask-1.artifactDropTask@0
inputs:
dropServiceURI: https://devdiv.artifacts.visualstudio.com
buildNumber: $(ProfilingInputsDropName)
sourcePath: $(Build.ArtifactStagingDirectory)\OptProf\ProfilingInputs
toLowerCase: false
usePat: true
displayName: 📢 Publish to Artifact Services - ProfilingInputs
condition: and(succeeded(), ne(variables['Build.Reason'], 'PullRequest'))
continueOnError: true
- ${{ if eq(parameters.EnableCompliance, 'true') }}:
- template: secure-development-tools.yml
parameters:
EnableAPIScan: ${{ parameters.EnableAPIScan }}
- task: PublishBuildArtifacts@1
inputs:
PathtoPublish: $(Build.ArtifactStagingDirectory)/InsertionOutputs
ArtifactName: InsertionOutputs
ArtifactType: Container
displayName: 📢 Publish InsertionOutputs as Azure DevOps artifacts

62
azure-pipelines/microbuild.before.yml
Просмотреть файл

@ -1,11 +1,53 @@
steps:
- task: ComponentGovernanceComponentDetection@0
displayName: 🔍 Component Detection
parameters:
- name: EnableLocalization
type: boolean
default: false
- name: EnableOptProf
type: boolean
default: false
- name: IsOptProf
type: boolean
default: false
- name: ShouldSkipOptimize
type: boolean
default: false
- name: RealSign
type: boolean
- task: notice@0
displayName: 🛠️ Generate NOTICE file
inputs:
outputfile: $(System.DefaultWorkingDirectory)/obj/NOTICE
outputformat: text
condition: and(succeeded(), ne(variables['Build.Reason'], 'PullRequest'))
retryCountOnTaskFailure: 3 # fails when the cloud service is overloaded
steps:
- ${{ if and(not(parameters.IsOptProf), ne(variables['Build.Reason'], 'PullRequest')) }}:
# notice@0 requires CG detection to run first, and non-default branches don't inject it automatically.
- ${{ if ne(variables['Build.SourceBranch'], 'refs/heads/main') }}:
- task: ComponentGovernanceComponentDetection@0
displayName: 🔍 Component Detection
- task: notice@0
displayName: 🛠️ Generate NOTICE file
inputs:
outputfile: $(System.DefaultWorkingDirectory)/obj/NOTICE
outputformat: text
retryCountOnTaskFailure: 3 # fails when the cloud service is overloaded
continueOnError: ${{ not(parameters.RealSign) }} # Tolerate failures when we're not building something that may ship.
- ${{ if parameters.IsOptProf }}:
# We have to install these plugins ourselves for Optprof runs because those pipelines haven't migrated to 1ES PT yet.
- task: MicroBuildOptProfPlugin@6
inputs:
ProfilingInputsDropName: $(ProfilingInputsDropName)
OptimizationInputsLookupMethod: DropPrefix
DropNamePrefix: OptimizationInputs/$(System.TeamProject)/$(Build.Repository.Name)
ShouldSkipOptimize: ${{ parameters.ShouldSkipOptimize }}
AccessToken: $(System.AccessToken)
displayName: 🔧 Install OptProf Plugin
- task: MicroBuildSigningPlugin@4
inputs:
signType: Real
zipSources: false
displayName: 🔧 Install MicroBuild Signing Plugin
- ${{ if parameters.EnableLocalization }}:
- task: MicroBuildLocalizationPlugin@4
inputs:
languages: $(LocLanguages)
displayName: 🔧 Install MicroBuild Localization Plugin

58
azure-pipelines/official.yml
Просмотреть файл

@ -24,11 +24,18 @@ trigger:
# - 'v17.*'
parameters:
# As an entrypoint pipeline yml file, all parameters here show up in the Queue Run dialog.
# If any paramaters should NOT be queue-time options, they should be removed from here
# and references to them in this file replaced with hard-coded values.
- name: RealSign
displayName: Real sign?
type: boolean
default: false
- name: includeMacOS
# - name: ShouldSkipOptimize # Uncomment this and references to it below when setting EnableOptProf to true in build.yml.
# displayName: Skip OptProf optimization
# type: boolean
# default: false
- name: EnableMacOSBuild
displayName: Build on macOS
type: boolean
default: false # macOS is often bogged down in Azure Pipelines
@ -43,7 +50,7 @@ parameters:
- name: EnableAPIScan
displayName: Include APIScan with Compliance tools
type: boolean
default: true
default: false # enable in individual repos only AFTER updating TSAOptions.json with your own values
resources:
repositories:
@ -61,66 +68,69 @@ extends:
parameters:
sdl:
sourceAnalysisPool: VSEngSS-MicroBuild2022-1ES
policheck:
enabled: true
exclusionsFile: $(System.DefaultWorkingDirectory)\azure-pipelines\PoliCheckExclusions.xml
suppression:
suppressionFile: $(System.DefaultWorkingDirectory)\azure-pipelines\falsepositives.gdnsuppress
sbom:
enabled: ${{ or(parameters.RealSign, eq(variables['Build.Reason'],'Schedule')) }} # Disable the generation for SBOMs for artifacts in unsigned builds since it's slow
stages:
- stage: Build
variables:
DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
BuildConfiguration: Release
NUGET_PACKAGES: $(Agent.TempDirectory)/.nuget/packages/
Packaging.EnableSBOMSigning: false
Codeql.Enabled: true
- template: /azure-pipelines/BuildStageVariables.yml@self
jobs:
- template: /azure-pipelines/build.yml@self
parameters:
RealSign: ${{ parameters.RealSign }}
EnableCompliance: ${{ parameters.EnableCompliance }}
EnableAPIScan: ${{ parameters.EnableAPIScan }}
Is1ESPT: true
RealSign: ${{ or(parameters.RealSign, eq(variables['Build.Reason'],'Schedule')) }}
# ShouldSkipOptimize: ${{ parameters.ShouldSkipOptimize }}
EnableAPIScan: ${{ and(parameters.EnableCompliance, parameters.EnableAPIScan, ne(variables['Build.Reason'], 'pullRequest')) }}
windowsPool: VSEngSS-MicroBuild2022-1ES
linuxPool:
name: AzurePipelines-EO
demands:
- ImageOverride -equals AzurePipelinesUbuntu20.04compliantGPT
- ImageOverride -equals 1ESPT-Ubuntu22.04
os: Linux
macOSPool:
name: Azure Pipelines
vmImage: macOS-12
os: macOS
includeMacOS: ${{ parameters.includeMacOS }}
EnableMacOSBuild: ${{ parameters.EnableMacOSBuild }}
RunTests: ${{ parameters.RunTests }}
- template: /azure-pipelines/prepare-insertion-stages.yml@self
parameters:
RealSign: ${{ parameters.RealSign }}
RealSign: ${{ or(parameters.RealSign, eq(variables['Build.Reason'],'Schedule')) }}
${{ else }}:
template: azure-pipelines/MicroBuild.1ES.Unofficial.yml@MicroBuildTemplate
parameters:
sdl:
sourceAnalysisPool: VSEngSS-MicroBuild2022-1ES
suppression:
suppressionFile: $(System.DefaultWorkingDirectory)\azure-pipelines\falsepositives.gdnsuppress
stages:
- stage: Build
variables:
DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
BuildConfiguration: Release
NUGET_PACKAGES: $(Agent.TempDirectory)/.nuget/packages/
Packaging.EnableSBOMSigning: false
Codeql.Enabled: true
- template: /azure-pipelines/BuildStageVariables.yml@self
jobs:
- template: /azure-pipelines/build.yml@self
parameters:
RealSign: ${{ parameters.RealSign }}
EnableCompliance: ${{ parameters.EnableCompliance }}
EnableAPIScan: ${{ parameters.EnableAPIScan }}
Is1ESPT: true
RealSign: ${{ or(parameters.RealSign, eq(variables['Build.Reason'],'Schedule')) }}
# ShouldSkipOptimize: ${{ parameters.ShouldSkipOptimize }}
EnableAPIScan: ${{ and(parameters.EnableCompliance, parameters.EnableAPIScan, ne(variables['Build.Reason'], 'pullRequest')) }}
windowsPool: VSEngSS-MicroBuild2022-1ES
linuxPool:
name: AzurePipelines-EO
demands:
- ImageOverride -equals AzurePipelinesUbuntu20.04compliantGPT
- ImageOverride -equals 1ESPT-Ubuntu22.04
os: Linux
macOSPool:
name: Azure Pipelines
vmImage: macOS-12
os: macOS
includeMacOS: ${{ parameters.includeMacOS }}
EnableMacOSBuild: ${{ parameters.EnableMacOSBuild }}
RunTests: ${{ parameters.RunTests }}
- template: /azure-pipelines/prepare-insertion-stages.yml@self
parameters:
RealSign: ${{ parameters.RealSign }}
RealSign: ${{ or(parameters.RealSign, eq(variables['Build.Reason'],'Schedule')) }}

58
azure-pipelines/prepare-insertion-stages.yml
Просмотреть файл

@ -33,32 +33,32 @@ stages:
SymbolsAgentPath: $(Pipeline.Workspace)/symbols-legacy
azureSubscription: Symbols Upload (DevDiv)
- job: push
displayName: azure-public/vssdk feed
${{ if parameters.ArchiveSymbols }}:
dependsOn: symbol_archive
pool:
name: AzurePipelines-EO
demands:
- ImageOverride -equals AzurePipelinesUbuntu20.04compliantGPT
os: Linux
templateContext:
outputParentDirectory: $(Pipeline.Workspace)
outputs:
- output: nuget
displayName: 📦 Push nuget packages
packagesToPush: '(Pipeline.Workspace)/deployables-Windows/NuGet/*.nupkg'
packageParentPath: (Pipeline.Workspace)/deployables-Windows/NuGet
allowPackageConflicts: true
nuGetFeedType: external
publishFeedCredentials: azure-public/vssdk
steps:
- checkout: none
- download: current
artifact: Variables-Windows
displayName: 🔻 Download Variables-Windows artifact
- powershell: $(Pipeline.Workspace)/Variables-Windows/_pipelines.ps1
displayName: ⚙️ Set pipeline variables based on artifacts
- download: current
artifact: deployables-Windows
displayName: 🔻 Download deployables-Windows artifact
- ${{ if true }}: # leave the condition to avoid merge conflicts later.
- job: push
displayName: azure-public/vssdk feed
${{ if parameters.ArchiveSymbols }}:
dependsOn: symbol_archive
pool:
name: AzurePipelines-EO
demands:
- ImageOverride -equals 1ESPT-Ubuntu22.04
os: Linux
templateContext:
outputs:
- output: nuget
displayName: 📦 Push nuget packages
packagesToPush: '$(Pipeline.Workspace)/deployables-Windows/NuGet/*.nupkg'
packageParentPath: $(Pipeline.Workspace)/deployables-Windows/NuGet
allowPackageConflicts: true
nuGetFeedType: external
publishFeedCredentials: azure-public/vssdk
steps:
- checkout: none
- download: current
artifact: Variables-Windows
displayName: 🔻 Download Variables-Windows artifact
- powershell: $(Pipeline.Workspace)/Variables-Windows/_pipelines.ps1
displayName: ⚙️ Set pipeline variables based on artifacts
- download: current
artifact: deployables-Windows
displayName: 🔻 Download deployables-Windows artifact

24
azure-pipelines/publish-codecoverage.yml
Просмотреть файл

@ -1,20 +1,24 @@
parameters:
includeMacOS:
- name: EnableMacOSBuild
type: boolean
- name: EnableLinuxBuild
type: boolean
steps:
- download: current
artifact: coverageResults-Windows
displayName: 🔻 Download Windows code coverage results
continueOnError: true
- download: current
artifact: coverageResults-Linux
displayName: 🔻 Download Linux code coverage results
continueOnError: true
- download: current
artifact: coverageResults-macOS
displayName: 🔻 Download macOS code coverage results
continueOnError: true
condition: and(succeeded(), ${{ parameters.includeMacOS }})
- ${{ if parameters.EnableLinuxBuild }}:
- download: current
artifact: coverageResults-Linux
displayName: 🔻 Download Linux code coverage results
continueOnError: true
- ${{ if parameters.EnableMacOSBuild }}:
- download: current
artifact: coverageResults-macOS
displayName: 🔻 Download macOS code coverage results
continueOnError: true
- powershell: azure-pipelines/Merge-CodeCoverage.ps1 -Path '$(Pipeline.Workspace)' -OutputFile coveragereport/merged.cobertura.xml -Format Cobertura -Verbose
displayName: ⚙ Merge coverage
- task: PublishCodeCoverageResults@1

59
azure-pipelines/publish-symbols.yml
Просмотреть файл

@ -1,5 +1,8 @@
parameters:
includeMacOS:
- name: EnableMacOSBuild
type: boolean
- name: EnableLinuxBuild
type: boolean
steps:
- task: DownloadPipelineArtifact@2
@ -8,19 +11,20 @@ steps:
path: $(Pipeline.Workspace)/symbols/Windows
displayName: 🔻 Download Windows symbols
continueOnError: true
- task: DownloadPipelineArtifact@2
inputs:
artifact: symbols-Linux
path: $(Pipeline.Workspace)/symbols/Linux
displayName: 🔻 Download Linux symbols
continueOnError: true
- task: DownloadPipelineArtifact@2
inputs:
artifact: symbols-macOS
path: $(Pipeline.Workspace)/symbols/macOS
displayName: 🔻 Download macOS symbols
continueOnError: true
condition: ${{ parameters.includeMacOS }}
- ${{ if parameters.EnableLinuxBuild }}:
- task: DownloadPipelineArtifact@2
inputs:
artifact: symbols-Linux
path: $(Pipeline.Workspace)/symbols/Linux
displayName: 🔻 Download Linux symbols
continueOnError: true
- ${{ if parameters.EnableMacOSBuild }}:
- task: DownloadPipelineArtifact@2
inputs:
artifact: symbols-macOS
path: $(Pipeline.Workspace)/symbols/macOS
displayName: 🔻 Download macOS symbols
continueOnError: true
- task: DownloadPipelineArtifact@2
inputs:
@ -28,19 +32,20 @@ steps:
path: $(Pipeline.Workspace)/test_symbols/Windows
displayName: 🔻 Download Windows test symbols
continueOnError: true
- task: DownloadPipelineArtifact@2
inputs:
artifact: test_symbols-Linux
path: $(Pipeline.Workspace)/test_symbols/Linux
displayName: 🔻 Download Linux test symbols
continueOnError: true
- task: DownloadPipelineArtifact@2
inputs:
artifact: test_symbols-macOS
path: $(Pipeline.Workspace)/test_symbols/macOS
displayName: 🔻 Download macOS test symbols
continueOnError: true
condition: ${{ parameters.includeMacOS }}
- ${{ if parameters.EnableLinuxBuild }}:
- task: DownloadPipelineArtifact@2
inputs:
artifact: test_symbols-Linux
path: $(Pipeline.Workspace)/test_symbols/Linux
displayName: 🔻 Download Linux test symbols
continueOnError: true
- ${{ if parameters.EnableMacOSBuild }}:
- task: DownloadPipelineArtifact@2
inputs:
artifact: test_symbols-macOS
path: $(Pipeline.Workspace)/test_symbols/macOS
displayName: 🔻 Download macOS test symbols
continueOnError: true
- task: PublishSymbols@2
inputs:

6
azure-pipelines/release.yml
Просмотреть файл

@ -14,6 +14,9 @@ resources:
tags:
- auto-release
variables:
- template: GlobalVariables.yml
extends:
template: azure-pipelines/MicroBuild.1ES.Official.yml@MicroBuildTemplate
parameters:
@ -27,10 +30,9 @@ extends:
pool:
name: AzurePipelines-EO
demands:
- ImageOverride -equals AzurePipelinesUbuntu20.04compliantGPT
- ImageOverride -equals 1ESPT-Ubuntu22.04
os: Linux
templateContext:
outputParentDirectory: $(Pipeline.Workspace)
outputs:
- output: nuget
displayName: 📦 Push packages to nuget.org

56
azure-pipelines/secure-development-tools.yml
Просмотреть файл

@ -1,56 +0,0 @@
parameters:
EnableAPIScan:
steps:
- powershell: echo "##vso[build.addbuildtag]compliance"
displayName: 🏷️ Tag run with 'compliance'
- task: CopyFiles@2
displayName: 📂 Collect APIScan inputs
inputs:
SourceFolder: $(Build.ArtifactStagingDirectory)/Symbols-$(Agent.JobName)
# Exclude any patterns from the Contents (e.g. `!**/git2*`) that we have symbols for but do not need to run APIScan on.
Contents: |
**
!**/arm64/**
!**/win-arm64/**
!**/linux-*/**
!**/osx*/**
TargetFolder: $(Build.ArtifactStagingDirectory)/APIScanInputs
- task: APIScan@2
displayName: 🔍 Run APIScan
inputs:
softwareFolder: $(Build.ArtifactStagingDirectory)/APIScanInputs
softwareName: $(SymbolsFeatureName)
softwareVersionNum: $(NBGV_MajorMinorVersion)
isLargeApp: false
toolVersion: Latest
condition: and(succeeded(), ${{ parameters.EnableAPIScan }}, ne(variables.ApiScanClientId, ''))
env:
AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret)
- task: SdtReport@2
displayName: 📃 Create Security Analysis Report
inputs:
GdnExportAllTools: true
- task: PublishSecurityAnalysisLogs@3
displayName: 📢 Publish Code Analysis Logs
inputs:
ArtifactName: CodeAnalysisLogs
ArtifactType: Container
PublishProcessedResults: true
AllTools: true
ToolLogsNotFoundAction: Standard
- task: PostAnalysis@2
displayName: 🏋️‍♀️ Break on compliance issues
inputs:
GdnBreakAllTools: true
GdnBreakGdnToolBinSkimSeverity: Warning
GdnBreakSuppressionFiles: $(System.DefaultWorkingDirectory)/azure-pipelines/falsepositives.gdnsuppress
GdnBreakSuppressionSets: falsepositives
GdnBreakOutputSuppressionFile: $(Build.ArtifactStagingDirectory)/guardian_failures_as_suppressions/
GdnBreakOutputSuppressionSet: falsepositives

13
azure-pipelines/variables/InsertReviewers.ps1
Просмотреть файл

@ -1,13 +0,0 @@
# This is a list of AzDO account names or email addresses.
# Add your team DL and/or whoever should be notified of insertion PRs.
$contacts = ,$env:BUILD_REQUESTEDFOREMAIL
$contacts += 'Andrew Arnott'
if (Test-Path "$PSScriptRoot\TeamEmail.ps1") {
$contacts += & "$PSScriptRoot\TeamEmail.ps1"
}
$contacts = $contacts |? { $_ }
if ($contacts) {
[string]::Join(',', $contacts)
}

5
azure-pipelines/variables/ProfilingInputsDropName.ps1 Normal file
Просмотреть файл

@ -0,0 +1,5 @@
if ($env:SYSTEM_TEAMPROJECT) {
"ProfilingInputs/$env:SYSTEM_TEAMPROJECT/$env:BUILD_REPOSITORY_NAME/$env:BUILD_SOURCEBRANCHNAME/$env:BUILD_BUILDID"
} else {
Write-Warning "No Azure Pipelines build detected. No Azure Pipelines drop name will be computed."
}

3
azure-pipelines/vs-insertion.yml
Просмотреть файл

@ -50,8 +50,11 @@ extends:
- task: MicroBuildInsertVsPayload@4
displayName: 🏭 Insert VS Payload
inputs:
TeamName: $(TeamName)
TeamEmail: $(TeamEmail)
InsertionPayloadName: $(Build.Repository.Name) $(Build.BuildNumber)
InsertionBuildPolicy: Request Perf DDRITs
InsertionReviewers: $(Build.RequestedFor),Andrew Arnott
AutoCompletePR: true
AutoCompleteMergeStrategy: Squash
- powershell: |

7
azure-pipelines/vs-validation.yml
Просмотреть файл

@ -32,9 +32,10 @@ extends:
jobs:
- template: /azure-pipelines/build.yml@self
parameters:
Is1ESPT: true
RealSign: true
windowsPool: VSEngSS-MicroBuild2022-1ES
includeMacOS: false
EnableMacOSBuild: false
RunTests: false
- template: /azure-pipelines/prepare-insertion-stages.yml@self
@ -70,12 +71,14 @@ extends:
- task: MicroBuildInsertVsPayload@4
displayName: 🏭 Insert VS Payload
inputs:
TeamName: $(TeamName)
TeamEmail: $(TeamEmail)
InsertionPayloadName: $(Build.Repository.Name) VALIDATION BUILD $(Build.BuildNumber) ($(Build.SourceBranch)) [Skip-SymbolCheck]
InsertionDescription: |
This PR is for **validation purposes only** for !$(System.PullRequest.PullRequestId). **Do not complete**.
CustomScriptExecutionCommand: src/VSSDK/NuGet/AllowUnstablePackages.ps1
InsertionBuildPolicy: Request Perf DDRITs
InsertionReviewers: $(Build.RequestedForEmail)
InsertionReviewers: $(Build.RequestedFor)
AutoCompletePR: false
- powershell: |
$insertionPRId = azure-pipelines/Get-InsertionPRId.ps1

2
global.json
Просмотреть файл

@ -1,6 +1,6 @@
{
"sdk": {
"version": "8.0.100",
"version": "8.0.201",
"rollForward": "patch",
"allowPrerelease": false
}