111 строки
3.6 KiB
YAML
111 строки
3.6 KiB
YAML
# Overridden in the UI
|
|
trigger: none
|
|
pr: none
|
|
|
|
parameters:
|
|
- name: runCompliance
|
|
displayName: 'Run post-build compliance tasks (such as API Scan)'
|
|
type: boolean
|
|
default: false
|
|
- name: buildAgent
|
|
displayName: 'The build agent to use'
|
|
type: object
|
|
default:
|
|
name: Maui-1ESPT
|
|
image: 1ESPT-Windows2022
|
|
os: windows
|
|
|
|
variables:
|
|
- template: /scripts/azure-pipelines-variables.yml@self
|
|
|
|
resources:
|
|
repositories:
|
|
- repository: internal-templates
|
|
type: github
|
|
name: xamarin/yaml-templates
|
|
endpoint: xamarin
|
|
ref: refs/heads/main
|
|
- repository: 1ESPipelineTemplates
|
|
type: git
|
|
name: 1ESPipelineTemplates/1ESPipelineTemplates
|
|
ref: refs/tags/release
|
|
|
|
extends:
|
|
template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
|
|
parameters:
|
|
pool: ${{ parameters.buildAgent }}
|
|
customBuildTags:
|
|
- ES365AIMigrationTooling
|
|
stages:
|
|
|
|
- stage: build
|
|
displayName: Build
|
|
jobs:
|
|
- job: build
|
|
displayName: Build
|
|
templateContext:
|
|
sdl:
|
|
apiscan:
|
|
enabled: true
|
|
binskim:
|
|
enabled: true
|
|
break: false
|
|
codeInspector:
|
|
enabled: true
|
|
credscan:
|
|
enabled: true
|
|
policheck:
|
|
enabled: true
|
|
spotBugs:
|
|
enabled: false
|
|
outputParentDirectory: 'output'
|
|
outputs:
|
|
- output: pipelineArtifact
|
|
displayName: 'Upload NuGets'
|
|
artifactName: 'nuget'
|
|
targetPath: 'output/nugets'
|
|
steps:
|
|
- template: /scripts/azure-pipelines-steps-prepare.yml@self
|
|
- pwsh: dotnet cake --target=pack
|
|
displayName: Pack NuGets
|
|
env:
|
|
JavaSdkDirectory: $(JAVA_HOME)
|
|
|
|
- stage: signing
|
|
displayName: Sign NuGets
|
|
dependsOn: build
|
|
jobs:
|
|
- template: sign-artifacts/jobs/v2.yml@internal-templates
|
|
parameters:
|
|
usePipelineArtifactTasks: true
|
|
use1ESTemplate: true
|
|
${{ if or( eq(variables['Build.SourceBranch'], 'refs/heads/main'), startsWith(variables['Build.SourceBranch'], 'refs/heads/release/') ) }}:
|
|
signType: 'Real'
|
|
${{ else }}:
|
|
signType: 'Test'
|
|
|
|
- ${{ if or( eq(variables['Build.Reason'], 'Schedule'), parameters.runCompliance ) }}:
|
|
- template: security/apiscan/v0.yml@internal-templates
|
|
parameters:
|
|
windowsPoolName: ${{ parameters.buildAgent.name }}
|
|
windowsImageOverride: ${{ parameters.buildAgent.image }}
|
|
timeoutInMinutes: 480
|
|
stageDependsOn:
|
|
- build
|
|
scanArtifacts:
|
|
- nuget
|
|
apiScanSoftwareName: SkiaSharp
|
|
apiScanSoftwareVersionNum: $(MAJOR_VERSION)
|
|
apiScanAuthConnectionString: 'runAs=App;AppId=$(ApiScanClientId)'
|
|
preScanSteps:
|
|
- pwsh: |
|
|
$nupkgs = (Get-ChildItem "$(Build.ArtifactStagingDirectory)\binaries-to-scan\*\*.*nupkg")
|
|
foreach ($nupkg in $nupkgs) {
|
|
$filename = $nupkg.Name.TrimEnd('.nupkg')
|
|
$dest = "$(Build.ArtifactStagingDirectory)\binaries-to-scan\nuget_symbols-extracted\$filename"
|
|
Write-Host "Extracting '$nupkg' to '$dest'..."
|
|
Expand-Archive $nupkg $dest
|
|
Remove-Item $nupkg
|
|
}
|
|
displayName: Extract all the .nupkg files
|