Pipeline improvements and cleanup (#109)

* Pipeline improvements Consolidate release stage logic and adjust conditions SDL check consolidation / dedupe Remove unused variables and templates
2022-02-17 10:14:10 -08:00 · 2022-02-17 10:14:10 -08:00 · 05318f2f1a
--- a/azure-pipelines/cd.yml
+++ b/azure-pipelines/cd.yml
@ -25,7 +25,6 @@ parameters:
  default: false

 variables:
- template: common/variables.yml
 - name: vmImage
  value: $[variables.${{ parameters.buildAgentVmImageVar }}]
 - name: buildPool
@ -52,38 +51,17 @@ stages:
    steps:
      - template: common/setup_steps.yml
      - template: common/compile_steps.yml
-      - template: common/check_steps.yml
      - template: common/test_steps.yml

 - stage: build
  dependsOn: [test]
  jobs:
-  - job: CredScan
-    displayName: 'Credential Scan'
+  - job: SDLTools
+    displayName: 'SDL checks'
    pool:
      vmImage: windows-latest
    steps:
-    - task: CredScan@3
-      inputs:
-        outputFormat: 'pre'
-        scanFolder: '$(Build.SourcesDirectory)'
-
-    - task: PostAnalysis@1
-      inputs:
-        AllTools: false
-        APIScan: false
-        BinSkim: false
-        CodesignValidation: false
-        CredScan: true
-        FortifySCA: false
-        FxCop: false
-        ModernCop: false
-        PoliCheck: false
-        RoslynAnalyzers: false
-        SDLNativeRules: false
-        Semmle: false
-        TSLint: false
-        ToolLogsNotFoundAction: 'Standard'
+    - template: common/sdl_steps.yml

  - job: build_and_package
    displayName: 'Build and Publish Artifacts'
@ -92,17 +70,15 @@ stages:
      vmImage: $(vmImage)
      demands:
        - ImageOverride -equals $(vmImage)
-    dependsOn: CredScan
+    dependsOn: SDLTools
    steps:
      - template: common/setup_steps.yml
      - template: common/compile_steps.yml
-      - template: common/check_steps.yml
-      - template: common/test_steps.yml

-      # modify application insights key for releases
+      # modify application insights key for releases only
      - script: |
          node scripts/modifyPackageJson.js aiKey $(aiKey)
-        displayName: Modify package.json for releases
+        displayName: 'Inject App Insights key'
        condition: and(succeeded(), ${{ parameters.publishExt }})

      - template: common/package_steps.yml
@ -112,6 +88,7 @@ stages:
 - stage: release
  displayName: 'Release to VS Marketplace'
  dependsOn: [test, build]
+  condition: and(succeeded(), ${{ parameters.publishExt }})
  pool:
    name: $(buildPool)
    vmImage: $(vmImage)
@ -135,18 +112,18 @@ stages:
      - task: NodeTool@0
        inputs:
          versionSpec: '14.x'
-        displayName: Install Node.js
+        displayName: 'Install Node.js'

      - script: |
          npm install -g vsce
-        displayName: Install vsce
+        displayName: 'Install VSCE tool'

      # publish pre-release vsix to marketplace
      - bash: |
          vsce publish -p $MARKETPLACE_TOKEN --packagePath *.vsix --pre-release
        workingDirectory: '$(System.ArtifactsDirectory)/vsix'
-        displayName: Deploy pre-release VSIX to marketplace
-        condition: and(succeeded(), ${{ parameters.publishExt }}, not(${{ parameters.productionRelease }}))
+        displayName: 'Deploy pre-release VSIX to marketplace'
+        condition: and(succeeded(), not(${{ parameters.productionRelease }}))
        env:
          MARKETPLACE_TOKEN: $(vsciot_marketplace_token)

@ -154,7 +131,7 @@ stages:
      - bash: |
          vsce publish -p $MARKETPLACE_TOKEN --packagePath *.vsix
        workingDirectory: '$(System.ArtifactsDirectory)/vsix'
-        displayName: Deploy release VSIX to marketplace
-        condition: and(succeeded(), ${{ parameters.publishExt }}, ${{ parameters.productionRelease }})
+        displayName: 'Deploy release VSIX to marketplace'
+        condition: and(succeeded(), ${{ parameters.productionRelease }})
        env:
          MARKETPLACE_TOKEN: $(vsciot_marketplace_token)
--- a/azure-pipelines/ci.yml
+++ b/azure-pipelines/ci.yml
@ -1,28 +1,58 @@
-# now ci is just about pr validation, 
-# since we tend to make strict configurations for our repo, that is,
-# each pr is up to date before merging into develop and no other way
-# to modify develop except the pr flow.
 trigger: none

 pr:
 - main
- develop
- pre-release-v*
+- dev

-strategy:
-  matrix:
-    linux:
-      imageName: 'ubuntu-latest'
-    mac:
-      imageName: 'macos-latest'
-    windows:
-      imageName: 'windows-latest'
+stages:
+- stage: CredScan
+  jobs:
+    - job: run_credscan
+      displayName: 'Run CredScan'
+      pool:
+        vmImage: 'windows-latest'
+      steps:
+        # cred scan
+        - task: CredScan@3
+          displayName: 'Run CredScan'
+          inputs:
+            outputFormat: 'pre'
+            scanFolder: '$(Build.SourcesDirectory)'

-pool:
-  vmImage: $(imageName)
+        - task: PostAnalysis@1
+          inputs:
+            AllTools: false
+            APIScan: false
+            BinSkim: false
+            CodesignValidation: false
+            CredScan: true
+            FortifySCA: false
+            FxCop: false
+            ModernCop: false
+            PoliCheck: false
+            RoslynAnalyzers: false
+            SDLNativeRules: false
+            Semmle: false
+            TSLint: false
+            ToolLogsNotFoundAction: 'Standard'

-steps:
-  - template: common/setup_steps.yml
-  - template: common/compile_steps.yml
-  - template: common/check_steps.yml
-  - template: common/test_steps.yml
+- stage: Test
+  dependsOn: []
+  jobs:
+  - job: run_tests
+    displayName: 'Run tests'
+    strategy:
+      matrix:
+        linux:
+          imageName: 'ubuntu-latest'
+        mac:
+          imageName: 'macos-latest'
+        windows:
+          imageName: 'windows-latest'
+
+    pool:
+      vmImage: $(imageName)
+    steps:
+      - template: common/setup_steps.yml
+      - template: common/compile_steps.yml
+      - template: common/test_steps.yml
--- a/azure-pipelines/common/check_steps.yml
+++ b/azure-pipelines/common/check_steps.yml
@ -1,18 +0,0 @@
-steps:
-  # static checking
-  - script: |
-      npm run eslint
-    displayName: Run ESLint Checks
-  # cred scan
-  - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
-    displayName: Run CredScan
-    inputs:
-      toolMajorVersion: V2
-      debugMode: false
-    condition: eq(variables['Agent.OS'], 'Windows_NT')
-  # poli check
-  - task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@1
-    displayName: Run PoliCheck
-    inputs:
-      targetType: F
-    condition: eq(variables['Agent.OS'], 'Windows_NT')
--- a/azure-pipelines/common/compile_steps.yml
+++ b/azure-pipelines/common/compile_steps.yml
@ -1,5 +1,5 @@
 steps:
-  # compiling
+  # Typescript Compile
  - script: |
      npm run compile
-    displayName: Compile Sources
+    displayName: 'Typescript compile'
--- a/azure-pipelines/common/package_steps.yml
+++ b/azure-pipelines/common/package_steps.yml
@ -5,34 +5,34 @@ parameters:
  default: false

 steps:
-  # split the following two scripts
-  # because of not working issue on windows platform.
  - script: |
      npm install -g vsce
-    displayName: Install vsce
+    displayName: 'Install VSCE tool'

  - ${{ if eq(parameters.productionRelease, false) }}:
    - script: |
        vsce package --pre-release
-      displayName: Build pre-release VSIX Package
+      displayName: 'Build pre-release VSIX Package'

  - ${{ if eq(parameters.productionRelease, true) }}:
    - script: |
        vsce package
-      displayName: Build VSIX Package
+      displayName: 'Build VSIX Package'

  - task: CopyFiles@2
+    displayName: 'Copy VSIX to artifact staging'
    inputs:
      SourceFolder: '$(System.DefaultWorkingDirectory)'
      Contents: '**/*.vsix'
      TargetFolder: '$(Build.ArtifactStagingDirectory)'
  
  - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
-    displayName: 'Generate Software Manifest'
+    displayName: 'Generate software manifest'
    inputs:
      BuildDropPath: '$(Build.ArtifactStagingDirectory)'

  - task: PublishPipelineArtifact@1
+    displayName: 'Publish build artifacts'
    inputs:
      targetPath: '$(Build.ArtifactStagingDirectory)'
      artifactType: 'pipeline'
--- a/azure-pipelines/common/sdl_steps.yml
+++ b/azure-pipelines/common/sdl_steps.yml
@ -0,0 +1,30 @@
+steps:
+  # cred scan
+  - task: CredScan@3
+    displayName: 'Run CredScan'
+    inputs:
+      outputFormat: 'pre'
+      scanFolder: '$(Build.SourcesDirectory)'
+
+  # poli check
+  - task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@1
+    displayName: 'Run PoliCheck'
+    inputs:
+      targetType: F
+
+  - task: PostAnalysis@1
+    inputs:
+      AllTools: false
+      APIScan: false
+      BinSkim: false
+      CodesignValidation: false
+      CredScan: true
+      FortifySCA: false
+      FxCop: false
+      ModernCop: false
+      PoliCheck: true
+      RoslynAnalyzers: false
+      SDLNativeRules: false
+      Semmle: false
+      TSLint: false
+      ToolLogsNotFoundAction: 'Standard'
--- a/azure-pipelines/common/set_release_flags_steps.yml
+++ b/azure-pipelines/common/set_release_flags_steps.yml
@ -1,12 +0,0 @@
-steps:
-  # setting flag variables is_r, is_rc
-  - bash: |
-      rc_tag_regex=^refs\/tags\/v?[0-9]+\.[0-9]+\.[0-9]+-[Rr][Cc]
-      r_tag_regex=^refs\/tags\/v?[0-9]+\.[0-9]+\.[0-9]+$
-
-      [[ $BUILD_SOURCEBRANCH =~ $rc_tag_regex ]] && is_rc=true
-      [[ $BUILD_SOURCEBRANCH =~ $r_tag_regex ]] && is_r=true
-
-      echo "##vso[task.setvariable variable=is_rc]$is_rc"
-      echo "##vso[task.setvariable variable=is_r]$is_r"
-    displayName: Setting flag variable is_rc is_r
--- a/azure-pipelines/common/setup_steps.yml
+++ b/azure-pipelines/common/setup_steps.yml
@ -3,15 +3,15 @@ steps:
  - task: NodeTool@0
    inputs:
      versionSpec: '14.x'
-    displayName: Install Node.js
+    displayName: 'Install Node.js'

  # run npm install
  - script: |
      npm ci
    displayName: 'Install dependencies'

-  # for what?
+  # X Virtual Frame Buffer (to run tests on headless linux distros)
  - bash: |
      /usr/bin/Xvfb :99 -screen 0 1024x768x24 > /dev/null 2>&1 &
-    displayName: Start xvfb
+    displayName: 'Start xvfb for headless linux'
    condition: and(succeeded(), eq(variables['Agent.OS'], 'Linux'))
--- a/azure-pipelines/common/test_steps.yml
+++ b/azure-pipelines/common/test_steps.yml
@ -1,7 +1,11 @@
 steps:
-  # testing
+  # static checking
+  - script: |
+      npm run eslint
+    displayName: 'Run ESLint Checks'
+  # Run tests
  - script: |
      npm run test --silent
-    displayName: Run Tests
+    displayName: 'Run Tests'
    env:
      DISPLAY: ':99.0'
--- a/azure-pipelines/common/variables.yml
+++ b/azure-pipelines/common/variables.yml
@ -1,7 +0,0 @@
-variables:
-  test_extension_name: test-vdt-project
-  test_display_name: 'VDT Project For RC'
-  test_publisher: IoTDevExBuild
-  nightly_extension_name: nightly-vdt-project
-  nightly_display_name: 'VDT Project For Nightly'
-  nightly_publisher: IoTDevExBuild
--- a/azure-pipelines/nightly_build.yml
+++ b/azure-pipelines/nightly_build.yml
@ -1,18 +1,29 @@
 schedules:
 - cron: '0 19 * * *'
-  displayName: Nightly build on 3:00 AM (GMT+8)
+  displayName: 'Nightly build and test'
  branches:
    include:
-    - develop
+    - dev
  always: false

 trigger: none
 pr: none

 stages:
- stage: test
+- stage: SDL
  jobs:
-  - job: test
+    - job: sdl_checks
+      displayName: 'SDL checks'
+      pool:
+        vmImage: 'windows-latest'
+      steps:
+        - template: common/sdl_steps.yml
+
+- stage: Test
+  dependsOn: ['SDL']
+  jobs:
+  - job: run_tests
+    displayName: 'Run tests'
    strategy:
      matrix:
        linux:
@ -26,5 +37,4 @@ stages:
    steps:
      - template: common/setup_steps.yml
      - template: common/compile_steps.yml
-      - template: common/check_steps.yml
      - template: common/test_steps.yml