SkiaSharp.Extended/azure-pipelines.yml

# Overridden in the UI
trigger: none
pr: none

parameters:
  - name: runCompliance
    displayName: 'Run post-build compliance tasks (such as API Scan)'
    type: boolean
    default: false
  - name: buildAgent
    displayName: 'The build agent to use'
    type: object
    default:
      name: Maui-1ESPT
      image: 1ESPT-Windows2022
      os: windows

variables:
  - template: /scripts/azure-pipelines-variables.yml@self

resources:
  repositories:
    - repository: internal-templates
      type: github
      name: xamarin/yaml-templates
      endpoint: xamarin
      ref: refs/heads/main
    - repository: 1ESPipelineTemplates
      type: git
      name: 1ESPipelineTemplates/1ESPipelineTemplates
      ref: refs/tags/release

extends:
  template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
  parameters:
    pool: ${{ parameters.buildAgent }}
    customBuildTags:
      - ES365AIMigrationTooling
    stages:

      - stage: build
        displayName: Build
        jobs:
          - job: build
            displayName: Build
            templateContext:
              sdl:
                apiscan:
                  enabled: true
                binskim:
                  enabled: true
                  break: false
                codeInspector:
                  enabled: true
                credscan:
                  enabled: true
                policheck:
                  enabled: true
                spotBugs:
                  enabled: false
              outputParentDirectory: 'output'
              outputs:
                - output: pipelineArtifact
                  displayName: 'Upload NuGets'
                  artifactName: 'nuget'
                  targetPath: 'output/nugets'
            steps:
              - template: /scripts/azure-pipelines-steps-prepare.yml@self
              - pwsh: dotnet cake --target=pack
                displayName: Pack NuGets
                env:
                  JavaSdkDirectory: $(JAVA_HOME)

      - stage: signing
        displayName: Sign NuGets
        dependsOn: build
        jobs:
          - template: sign-artifacts/jobs/v2.yml@internal-templates
            parameters:
              usePipelineArtifactTasks: true
              use1ESTemplate: true
              ${{ if or( eq(variables['Build.SourceBranch'], 'refs/heads/main'), startsWith(variables['Build.SourceBranch'], 'refs/heads/release/') ) }}:
                signType: 'Real'
              ${{ else }}:
                signType: 'Test'

      - ${{ if or( eq(variables['Build.Reason'], 'Schedule'), parameters.runCompliance ) }}:
        - template: security/apiscan/v0.yml@internal-templates
          parameters:
            windowsPoolName: ${{ parameters.buildAgent.name }}
            windowsImageOverride: ${{ parameters.buildAgent.image }}
            timeoutInMinutes: 480
            stageDependsOn:
             - build
            scanArtifacts:
             - nuget
            apiScanSoftwareName: SkiaSharp
            apiScanSoftwareVersionNum: $(MAJOR_VERSION)
            apiScanAuthConnectionString: 'runAs=App;AppId=$(ApiScanClientId)'
            preScanSteps:
              - pwsh: |
                  $nupkgs = (Get-ChildItem "$(Build.ArtifactStagingDirectory)\binaries-to-scan\*\*.*nupkg")
                  foreach ($nupkg in $nupkgs) {
                    $filename = $nupkg.Name.TrimEnd('.nupkg')
                    $dest = "$(Build.ArtifactStagingDirectory)\binaries-to-scan\nuget_symbols-extracted\$filename"
                    Write-Host "Extracting '$nupkg' to '$dest'..."
                    Expand-Archive $nupkg $dest
                    Remove-Item $nupkg
                  }
                displayName: Extract all the .nupkg files
Migrate to 1ES PT (#258) 2024-03-01 00:57:47 +03:00			`# Overridden in the UI`
			`trigger: none`
			`pr: none`
Mark things as deprecated 2020-08-15 03:08:53 +03:00
Migrate to 1ES PT (#258) 2024-03-01 00:57:47 +03:00			`parameters:`
			`- name: runCompliance`
			`displayName: 'Run post-build compliance tasks (such as API Scan)'`
			`type: boolean`
			`default: false`
Fix APIScan (#265) 2024-04-06 00:25:31 +03:00			`- name: buildAgent`
			`displayName: 'The build agent to use'`
			`type: object`
			`default:`
			`name: Maui-1ESPT`
			`image: 1ESPT-Windows2022`
			`os: windows`
[build] Added Azure DevOps & NuGet Signing (#63) 2019-02-10 05:17:19 +03:00
Indenting got broken in the copy-paste 2020-08-15 03:30:14 +03:00			`variables:`
Migrate to 1ES PT (#258) 2024-03-01 00:57:47 +03:00			`- template: /scripts/azure-pipelines-variables.yml@self`
Mark things as deprecated 2020-08-15 03:08:53 +03:00
Use the signing template (#71) 2019-02-19 21:08:58 +03:00			`resources:`
			`repositories:`
Move everything around and modernize! 2020-08-14 10:11:29 +03:00			`- repository: internal-templates`
Use the signing template (#71) 2019-02-19 21:08:58 +03:00			`type: github`
			`name: xamarin/yaml-templates`
			`endpoint: xamarin`
Update NuGet packages (#108) * Update a few packages * Enable the Essentials code 2021-02-01 06:05:22 +03:00			`ref: refs/heads/main`
Migrate to 1ES PT (#258) 2024-03-01 00:57:47 +03:00			`- repository: 1ESPipelineTemplates`
			`type: git`
			`name: 1ESPipelineTemplates/1ESPipelineTemplates`
			`ref: refs/tags/release`
Use the signing template (#71) 2019-02-19 21:08:58 +03:00
Migrate to 1ES PT (#258) 2024-03-01 00:57:47 +03:00			`extends:`
			`template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates`
			`parameters:`
Fix APIScan (#265) 2024-04-06 00:25:31 +03:00			`pool: ${{ parameters.buildAgent }}`
Migrate to 1ES PT (#258) 2024-03-01 00:57:47 +03:00			`customBuildTags:`
			`- ES365AIMigrationTooling`
			`stages:`
Modernize the entire repo again and add .NET MAUI (#111) 2022-06-04 07:44:14 +03:00
Migrate to 1ES PT (#258) 2024-03-01 00:57:47 +03:00			`- stage: build`
Make the build run in a single job (#119) 2022-06-20 15:21:09 +03:00			`displayName: Build`
Migrate to 1ES PT (#258) 2024-03-01 00:57:47 +03:00			`jobs:`
			`- job: build`
			`displayName: Build`
			`templateContext:`
			`sdl:`
Fix APIScan (#265) 2024-04-06 00:25:31 +03:00			`apiscan:`
			`enabled: true`
			`binskim:`
			`enabled: true`
			`break: false`
			`codeInspector:`
			`enabled: true`
			`credscan:`
			`enabled: true`
			`policheck:`
			`enabled: true`
Migrate to 1ES PT (#258) 2024-03-01 00:57:47 +03:00			`spotBugs:`
			`enabled: false`
			`outputParentDirectory: 'output'`
			`outputs:`
			`- output: pipelineArtifact`
			`displayName: 'Upload NuGets'`
			`artifactName: 'nuget'`
			`targetPath: 'output/nugets'`
			`steps:`
			`- template: /scripts/azure-pipelines-steps-prepare.yml@self`
			`- pwsh: dotnet cake --target=pack`
			`displayName: Pack NuGets`
			`env:`
			`JavaSdkDirectory: $(JAVA_HOME)`
Make the build run in a single job (#119) 2022-06-20 15:21:09 +03:00
Migrate to 1ES PT (#258) 2024-03-01 00:57:47 +03:00			`- stage: signing`
			`displayName: Sign NuGets`
			`dependsOn: build`
			`jobs:`
			`- template: sign-artifacts/jobs/v2.yml@internal-templates`
			`parameters:`
			`usePipelineArtifactTasks: true`
			`use1ESTemplate: true`
			`${{ if or( eq(variables['Build.SourceBranch'], 'refs/heads/main'), startsWith(variables['Build.SourceBranch'], 'refs/heads/release/') ) }}:`
			`signType: 'Real'`
			`${{ else }}:`
			`signType: 'Test'`

			`- ${{ if or( eq(variables['Build.Reason'], 'Schedule'), parameters.runCompliance ) }}:`
			`- template: security/apiscan/v0.yml@internal-templates`
Modernize the entire repo again and add .NET MAUI (#111) 2022-06-04 07:44:14 +03:00			`parameters:`
Fix APIScan (#265) 2024-04-06 00:25:31 +03:00			`windowsPoolName: ${{ parameters.buildAgent.name }}`
			`windowsImageOverride: ${{ parameters.buildAgent.image }}`
Increase APIScan timeout (#260) 2024-03-01 03:38:16 +03:00			`timeoutInMinutes: 480`
Migrate to 1ES PT (#258) 2024-03-01 00:57:47 +03:00			`stageDependsOn:`
			`- build`
			`scanArtifacts:`
			`- nuget`
			`apiScanSoftwareName: SkiaSharp`
			`apiScanSoftwareVersionNum: $(MAJOR_VERSION)`
Fix APIScan (#265) 2024-04-06 00:25:31 +03:00			`apiScanAuthConnectionString: 'runAs=App;AppId=$(ApiScanClientId)'`
			`preScanSteps:`
			`- pwsh: \|`
			`$nupkgs = (Get-ChildItem "$(Build.ArtifactStagingDirectory)\binaries-to-scan\\.*nupkg")`
			`foreach ($nupkg in $nupkgs) {`
			`$filename = $nupkg.Name.TrimEnd('.nupkg')`
			`$dest = "$(Build.ArtifactStagingDirectory)\binaries-to-scan\nuget_symbols-extracted\$filename"`
			`Write-Host "Extracting '$nupkg' to '$dest'..."`
			`Expand-Archive $nupkg $dest`
			`Remove-Item $nupkg`
			`}`
			`displayName: Extract all the .nupkg files`