зеркало из
1
0
Форкнуть 0
SkiaSharp.Extended/azure-pipelines.yml

111 строки
3.6 KiB
YAML

# Overridden in the UI
trigger: none
pr: none
parameters:
- name: runCompliance
displayName: 'Run post-build compliance tasks (such as API Scan)'
type: boolean
default: false
- name: buildAgent
displayName: 'The build agent to use'
type: object
default:
name: Maui-1ESPT
image: 1ESPT-Windows2022
os: windows
variables:
- template: /scripts/azure-pipelines-variables.yml@self
resources:
repositories:
- repository: internal-templates
type: github
name: xamarin/yaml-templates
endpoint: xamarin
ref: refs/heads/main
- repository: 1ESPipelineTemplates
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release
extends:
template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
parameters:
pool: ${{ parameters.buildAgent }}
customBuildTags:
- ES365AIMigrationTooling
stages:
- stage: build
displayName: Build
jobs:
- job: build
displayName: Build
templateContext:
sdl:
apiscan:
enabled: true
binskim:
enabled: true
break: false
codeInspector:
enabled: true
credscan:
enabled: true
policheck:
enabled: true
spotBugs:
enabled: false
outputParentDirectory: 'output'
outputs:
- output: pipelineArtifact
displayName: 'Upload NuGets'
artifactName: 'nuget'
targetPath: 'output/nugets'
steps:
- template: /scripts/azure-pipelines-steps-prepare.yml@self
- pwsh: dotnet cake --target=pack
displayName: Pack NuGets
env:
JavaSdkDirectory: $(JAVA_HOME)
- stage: signing
displayName: Sign NuGets
dependsOn: build
jobs:
- template: sign-artifacts/jobs/v2.yml@internal-templates
parameters:
usePipelineArtifactTasks: true
use1ESTemplate: true
${{ if or( eq(variables['Build.SourceBranch'], 'refs/heads/main'), startsWith(variables['Build.SourceBranch'], 'refs/heads/release/') ) }}:
signType: 'Real'
${{ else }}:
signType: 'Test'
- ${{ if or( eq(variables['Build.Reason'], 'Schedule'), parameters.runCompliance ) }}:
- template: security/apiscan/v0.yml@internal-templates
parameters:
windowsPoolName: ${{ parameters.buildAgent.name }}
windowsImageOverride: ${{ parameters.buildAgent.image }}
timeoutInMinutes: 480
stageDependsOn:
- build
scanArtifacts:
- nuget
apiScanSoftwareName: SkiaSharp
apiScanSoftwareVersionNum: $(MAJOR_VERSION)
apiScanAuthConnectionString: 'runAs=App;AppId=$(ApiScanClientId)'
preScanSteps:
- pwsh: |
$nupkgs = (Get-ChildItem "$(Build.ArtifactStagingDirectory)\binaries-to-scan\*\*.*nupkg")
foreach ($nupkg in $nupkgs) {
$filename = $nupkg.Name.TrimEnd('.nupkg')
$dest = "$(Build.ArtifactStagingDirectory)\binaries-to-scan\nuget_symbols-extracted\$filename"
Write-Host "Extracting '$nupkg' to '$dest'..."
Expand-Archive $nupkg $dest
Remove-Item $nupkg
}
displayName: Extract all the .nupkg files