[CI] On-board the build pipeline to 1ES. (#20735)
Few comments: 1. Extends cannot be used on templates. So we have to do a single extend and have duplicated code. 2. There are some common templates that we are working around using the use1ES parameter. 3. We are reusing the configure steps on other pipelines. That step should only be done in the build, that change is too big for this PR. 4. The governance template is not longer needed since the 1ES template provides it. --------- Co-authored-by: Rolf Bjarne Kvinge <rolf@xamarin.com>
This commit is contained in:
Родитель
fc6ce95b52
Коммит
9255b00592
|
@ -4,33 +4,267 @@
|
|||
# YAML build pipeline based on the Jenkins multi-stage (main branch) build workflow
|
||||
# https://jenkins.internalx.com/view/Xamarin.MaciOS/job/macios/job/main/
|
||||
# https://jenkins.internalx.com/view/Xamarin.MaciOS/job/macios/configure
|
||||
parameters:
|
||||
|
||||
- name: provisionatorChannel
|
||||
displayName: Provisionator channel to use
|
||||
type: string
|
||||
default: 'latest'
|
||||
|
||||
- name: macOSName # comes from the build agent demand named macOS.Name
|
||||
displayName: Name of the version of macOS to use
|
||||
type: string
|
||||
default: 'Sonoma'
|
||||
|
||||
- name: pool
|
||||
type: string
|
||||
displayName: Bot pool to use
|
||||
default: automatic
|
||||
values:
|
||||
- pr
|
||||
- ci
|
||||
- automatic
|
||||
|
||||
- name: runGovernanceTests
|
||||
displayName: Run Governance Checks
|
||||
type: boolean
|
||||
default: true
|
||||
|
||||
- name: forceInsertion
|
||||
displayName: Force Insertion
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
- name: skipESRP
|
||||
displayName: Skip ESRP
|
||||
type: boolean
|
||||
default: false # only to be used when testing the CI and we do not need a signed pkg
|
||||
|
||||
- name: pushNugets
|
||||
type: boolean
|
||||
default: true
|
||||
|
||||
- name: pushNugetsToMaestro
|
||||
type: boolean
|
||||
default: true
|
||||
|
||||
- name: testConfigurations
|
||||
displayName: Test configurations to run
|
||||
type: object
|
||||
default: []
|
||||
|
||||
- name: deviceTestsConfigurations
|
||||
displayName: Device test configurations to run
|
||||
type: object
|
||||
default: [
|
||||
{
|
||||
testPrefix: 'iOS64',
|
||||
stageName: 'ios64b_device',
|
||||
displayName: 'iOS64 Device Tests',
|
||||
testPool: 'VSEng-Xamarin-Mac-Devices',
|
||||
testsLabels: '--label=run-ios-tests,run-non-monotouch-tests,run-monotouch-tests,run-mscorlib-tests',
|
||||
statusContext: 'VSTS: device tests iOS',
|
||||
makeTarget: 'vsts-device-tests',
|
||||
extraBotDemands: [
|
||||
'ios',
|
||||
]
|
||||
},
|
||||
{
|
||||
testPrefix: 'tvos',
|
||||
stageName: 'tvos_device',
|
||||
displayName: 'tvOS Device Tests',
|
||||
testPool: 'VSEng-Xamarin-Mac-Devices',
|
||||
testsLabels: '--label=run-tvos-tests,run-non-monotouch-tests,run-monotouch-tests,run-mscorlib-tests',
|
||||
statusContext: 'VSTS: device tests tvOS',
|
||||
makeTarget: 'vsts-device-tests',
|
||||
extraBotDemands: [
|
||||
'tvos',
|
||||
]
|
||||
}]
|
||||
|
||||
- name: macTestsConfigurations
|
||||
displayName: macOS test configurations to run
|
||||
type: object
|
||||
default: [
|
||||
{
|
||||
stageName: 'mac_11_m1',
|
||||
displayName: 'M1 - Mac Big Sur (11)',
|
||||
macPool: 'VSEng-VSMac-Xamarin-Shared',
|
||||
useImage: false,
|
||||
statusContext: 'M1 - Mac Big Sur (11)',
|
||||
demands: [
|
||||
"Agent.OS -equals Darwin",
|
||||
"macOS.Name -equals BigSur",
|
||||
"macOS.Architecture -equals arm64",
|
||||
"Agent.HasDevices -equals False",
|
||||
"Agent.IsPaired -equals False"
|
||||
]
|
||||
},
|
||||
{
|
||||
stageName: 'mac_12_m1',
|
||||
displayName: 'M1 - Mac Ventura (12)',
|
||||
macPool: 'VSEng-VSMac-Xamarin-Shared',
|
||||
useImage: false,
|
||||
statusContext: 'M1 - Mac Monterey (12)',
|
||||
demands: [
|
||||
"Agent.OS -equals Darwin",
|
||||
"macOS.Name -equals Monterey",
|
||||
"macOS.Architecture -equals arm64",
|
||||
"Agent.HasDevices -equals False",
|
||||
"Agent.IsPaired -equals False"
|
||||
]
|
||||
},
|
||||
{
|
||||
stageName: 'mac_13_m1',
|
||||
displayName: 'M1 - Mac Ventura (13)',
|
||||
macPool: 'VSEng-VSMac-Xamarin-Shared',
|
||||
useImage: false,
|
||||
statusContext: 'M1 - Mac Ventura (13)',
|
||||
demands: [
|
||||
"Agent.OS -equals Darwin",
|
||||
"macOS.Name -equals Ventura",
|
||||
"macOS.Architecture -equals arm64",
|
||||
"Agent.HasDevices -equals False",
|
||||
"Agent.IsPaired -equals False"
|
||||
]
|
||||
},
|
||||
{
|
||||
stageName: 'mac_14_x64',
|
||||
displayName: 'X64 - Mac Sonoma (14)',
|
||||
macPool: 'VSEng-Xamarin-RedmondMacBuildPool-iOS-Untrusted',
|
||||
useImage: false,
|
||||
statusContext: 'X64 - Mac Sonoma (14)',
|
||||
demands: [
|
||||
"Agent.OS -equals Darwin",
|
||||
"macOS.Name -equals Sonoma",
|
||||
"macOS.Architecture -equals x64",
|
||||
"Agent.HasDevices -equals False",
|
||||
"Agent.IsPaired -equals False"
|
||||
]
|
||||
}]
|
||||
|
||||
resources:
|
||||
repositories:
|
||||
- repository: self
|
||||
checkoutOptions:
|
||||
submodules: true
|
||||
|
||||
- repository: yaml-templates
|
||||
type: github
|
||||
name: xamarin/yaml-templates
|
||||
ref: refs/heads/main
|
||||
endpoint: xamarin
|
||||
|
||||
- repository: sdk-insertions
|
||||
type: github
|
||||
name: xamarin/sdk-insertions
|
||||
ref: refs/heads/main
|
||||
endpoint: xamarin
|
||||
|
||||
- repository: maccore
|
||||
type: github
|
||||
name: xamarin/maccore
|
||||
ref: refs/heads/main
|
||||
endpoint: xamarin
|
||||
|
||||
- repository: release-scripts
|
||||
type: github
|
||||
name: xamarin/release-scripts
|
||||
ref: refs/heads/only_codesign
|
||||
endpoint: xamarin
|
||||
|
||||
- repository: CustomPipelineTemplates
|
||||
type: git
|
||||
name: 1ESPipelineTemplates/MicroBuildTemplate
|
||||
|
||||
variables:
|
||||
- ${{ if contains(variables['Build.DefinitionName'], 'private') }}:
|
||||
- template: templates/vsts-variables.yml
|
||||
- template: templates/common/vs-release-vars.yml@sdk-insertions
|
||||
- template: templates/variables.yml
|
||||
- name: MicrobuildConnector
|
||||
value: 'MicroBuild Signing Task (DevDiv)'
|
||||
- name: MaciosUploadPrefix
|
||||
value: ''
|
||||
- name: DisablePipelineConfigDetector
|
||||
value: true
|
||||
|
||||
trigger:
|
||||
branches:
|
||||
include:
|
||||
- '*'
|
||||
- '*'
|
||||
exclude:
|
||||
- refs/heads/locfiles/*
|
||||
- refs/heads/dev/*
|
||||
- refs/heads/locfiles/*
|
||||
- refs/heads/dev/*
|
||||
paths:
|
||||
exclude:
|
||||
- .github
|
||||
- docs
|
||||
- CODEOWNERS
|
||||
- ISSUE_TEMPLATE.md
|
||||
- LICENSE
|
||||
- NOTICE.txt
|
||||
- SECURITY.MD
|
||||
- README.md
|
||||
- src/README.md
|
||||
- tools/mtouch/README.md
|
||||
- msbuild/Xamarin.Localization.MSBuild/README.md
|
||||
- .github
|
||||
- docs
|
||||
- CODEOWNERS
|
||||
- ISSUE_TEMPLATE.md
|
||||
- LICENSE
|
||||
- NOTICE.txt
|
||||
- SECURITY.MD
|
||||
- README.md
|
||||
- src/README.md
|
||||
- tools/mtouch/README.md
|
||||
- msbuild/Xamarin.Localization.MSBuild/README.md
|
||||
|
||||
extends:
|
||||
template: templates/pipelines/build-pipeline.yml
|
||||
template: azure-pipelines/MicroBuild.1ES.Official.yml@CustomPipelineTemplates
|
||||
parameters:
|
||||
isPR: false
|
||||
signingSetupSteps:
|
||||
- template: ./templates/sign-and-notarized/setup.yml
|
||||
parameters:
|
||||
isPR: false
|
||||
pool: # default pool to be used for validation jobs
|
||||
name: AzurePipelines-EO
|
||||
image: 1ESPT-Windows2022
|
||||
os: windows
|
||||
sdl:
|
||||
baseline:
|
||||
baselineFile: '$(System.DefaultWorkingDirectory)\\maccore\\tools\\devops\\baselines.gdnbaselines'
|
||||
suppression:
|
||||
suppressionFile: '$(System.DefaultWorkingDirectory)\\maccore\\tools\\devops\\suppress.gdnsuppress'
|
||||
sourceAnalysisPool:
|
||||
name: AzurePipelines-EO
|
||||
image: 1ESPT-Windows2022
|
||||
os: windows
|
||||
tsa:
|
||||
configFile: '$(System.DefaultWorkingDirectory)\\maccore\\tools\\devops\\tsa_config.gdntsa'
|
||||
sbom:
|
||||
enabled: false # we run our on sbom generation
|
||||
credscan:
|
||||
suppressionsFile: '$(System.DefaultWorkingDirectory)\\maccore\\tools\\devops\\CredScanSuppressions.json'
|
||||
outputFormat: sarif
|
||||
debugMode: false
|
||||
batchSize: 16
|
||||
policheck:
|
||||
exclusionsFile: '$(System.DefaultWorkingDirectory)\\maccore\\tools\\devops\\PoliCheckExclusions.xml'
|
||||
sourceRepositoriesToScan:
|
||||
runInSingleJob: true # run both maccore and macios in the same job
|
||||
include:
|
||||
- repository: maccore
|
||||
exclude:
|
||||
- repository: yaml-templates
|
||||
- repository: sdk-insertions
|
||||
- repository: release-scripts
|
||||
stages:
|
||||
- template: templates/main-stage.yml
|
||||
parameters:
|
||||
xcodeChannel: Stable
|
||||
macOSName: ${{ parameters.macOSName }}
|
||||
isPR: false
|
||||
provisionatorChannel: ${{ parameters.provisionatorChannel }}
|
||||
pool: ${{ parameters.pool }}
|
||||
runGovernanceTests: ${{ parameters.runGovernanceTests }}
|
||||
forceInsertion: ${{ parameters.forceInsertion }}
|
||||
skipESRP: ${{ parameters.skipESRP }}
|
||||
pushNugets: ${{ parameters.pushNugets }}
|
||||
pushNugetsToMaestro: ${{ parameters.pushNugetsToMaestro }}
|
||||
${{ if ne(length(parameters.testConfigurations), 0)}}:
|
||||
testConfigurations: ${{ parameters.testConfigurations }}
|
||||
deviceTestsConfigurations: ${{ parameters.deviceTestsConfigurations }}
|
||||
macTestsConfigurations: ${{ parameters.macTestsConfigurations }}
|
||||
azureStorage: ${{ variables['azureStorage'] }}
|
||||
azureContainer: ${{ variables['azureContainer'] }}
|
||||
signingSetupSteps:
|
||||
- template: ./templates/sign-and-notarized/setup.yml
|
||||
parameters:
|
||||
isPR: false
|
||||
|
|
|
@ -5,32 +5,266 @@
|
|||
# https://jenkins.internalx.com/view/Xamarin.MaciOS/job/macios/job/main/
|
||||
# https://jenkins.internalx.com/view/Xamarin.MaciOS/job/macios/configure
|
||||
|
||||
parameters:
|
||||
|
||||
- name: provisionatorChannel
|
||||
displayName: Provisionator channel to use
|
||||
type: string
|
||||
default: 'latest'
|
||||
|
||||
- name: macOSName # comes from the build agent demand named macOS.Name
|
||||
displayName: Name of the version of macOS to use
|
||||
type: string
|
||||
default: 'Sonoma'
|
||||
|
||||
- name: pool
|
||||
type: string
|
||||
displayName: Bot pool to use
|
||||
default: automatic
|
||||
values:
|
||||
- pr
|
||||
- ci
|
||||
- automatic
|
||||
|
||||
- name: runGovernanceTests
|
||||
displayName: Run Governance Checks
|
||||
type: boolean
|
||||
default: true
|
||||
|
||||
- name: forceInsertion
|
||||
displayName: Force Insertion
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
- name: skipESRP
|
||||
displayName: Skip ESRP
|
||||
type: boolean
|
||||
default: false # only to be used when testing the CI and we do not need a signed pkg
|
||||
|
||||
- name: pushNugets
|
||||
type: boolean
|
||||
default: true
|
||||
|
||||
- name: pushNugetsToMaestro
|
||||
type: boolean
|
||||
default: true
|
||||
|
||||
- name: testConfigurations
|
||||
displayName: Test configurations to run
|
||||
type: object
|
||||
default: []
|
||||
|
||||
- name: deviceTestsConfigurations
|
||||
displayName: Device test configurations to run
|
||||
type: object
|
||||
default: [
|
||||
{
|
||||
testPrefix: 'iOS64',
|
||||
stageName: 'ios64b_device',
|
||||
displayName: 'iOS64 Device Tests',
|
||||
testPool: 'VSEng-Xamarin-Mac-Devices',
|
||||
testsLabels: '--label=run-ios-tests,run-non-monotouch-tests,run-monotouch-tests,run-mscorlib-tests',
|
||||
statusContext: 'VSTS: device tests iOS',
|
||||
makeTarget: 'vsts-device-tests',
|
||||
extraBotDemands: [
|
||||
'ios',
|
||||
]
|
||||
},
|
||||
{
|
||||
testPrefix: 'tvos',
|
||||
stageName: 'tvos_device',
|
||||
displayName: 'tvOS Device Tests',
|
||||
testPool: 'VSEng-Xamarin-Mac-Devices',
|
||||
testsLabels: '--label=run-tvos-tests,run-non-monotouch-tests,run-monotouch-tests,run-mscorlib-tests',
|
||||
statusContext: 'VSTS: device tests tvOS',
|
||||
makeTarget: 'vsts-device-tests',
|
||||
extraBotDemands: [
|
||||
'tvos',
|
||||
]
|
||||
}]
|
||||
|
||||
- name: macTestsConfigurations
|
||||
displayName: macOS test configurations to run
|
||||
type: object
|
||||
default: [
|
||||
{
|
||||
stageName: 'mac_11_m1',
|
||||
displayName: 'M1 - Mac Big Sur (11)',
|
||||
macPool: 'VSEng-VSMac-Xamarin-Shared',
|
||||
useImage: false,
|
||||
statusContext: 'M1 - Mac Big Sur (11)',
|
||||
demands: [
|
||||
"Agent.OS -equals Darwin",
|
||||
"macOS.Name -equals BigSur",
|
||||
"macOS.Architecture -equals arm64",
|
||||
"Agent.HasDevices -equals False",
|
||||
"Agent.IsPaired -equals False"
|
||||
]
|
||||
},
|
||||
{
|
||||
stageName: 'mac_12_m1',
|
||||
displayName: 'M1 - Mac Ventura (12)',
|
||||
macPool: 'VSEng-VSMac-Xamarin-Shared',
|
||||
useImage: false,
|
||||
statusContext: 'M1 - Mac Monterey (12)',
|
||||
demands: [
|
||||
"Agent.OS -equals Darwin",
|
||||
"macOS.Name -equals Monterey",
|
||||
"macOS.Architecture -equals arm64",
|
||||
"Agent.HasDevices -equals False",
|
||||
"Agent.IsPaired -equals False"
|
||||
]
|
||||
},
|
||||
{
|
||||
stageName: 'mac_13_m1',
|
||||
displayName: 'M1 - Mac Ventura (13)',
|
||||
macPool: 'VSEng-VSMac-Xamarin-Shared',
|
||||
useImage: false,
|
||||
statusContext: 'M1 - Mac Ventura (13)',
|
||||
demands: [
|
||||
"Agent.OS -equals Darwin",
|
||||
"macOS.Name -equals Ventura",
|
||||
"macOS.Architecture -equals arm64",
|
||||
"Agent.HasDevices -equals False",
|
||||
"Agent.IsPaired -equals False"
|
||||
]
|
||||
},
|
||||
{
|
||||
stageName: 'mac_14_x64',
|
||||
displayName: 'X64 - Mac Sonoma (14)',
|
||||
macPool: 'VSEng-Xamarin-RedmondMacBuildPool-iOS-Untrusted',
|
||||
useImage: false,
|
||||
statusContext: 'X64 - Mac Sonoma (14)',
|
||||
demands: [
|
||||
"Agent.OS -equals Darwin",
|
||||
"macOS.Name -equals Sonoma",
|
||||
"macOS.Architecture -equals x64",
|
||||
"Agent.HasDevices -equals False",
|
||||
"Agent.IsPaired -equals False"
|
||||
]
|
||||
}]
|
||||
|
||||
resources:
|
||||
repositories:
|
||||
- repository: self
|
||||
checkoutOptions:
|
||||
submodules: true
|
||||
|
||||
- repository: yaml-templates
|
||||
type: github
|
||||
name: xamarin/yaml-templates
|
||||
ref: refs/heads/main
|
||||
endpoint: xamarin
|
||||
|
||||
- repository: sdk-insertions
|
||||
type: github
|
||||
name: xamarin/sdk-insertions
|
||||
ref: refs/heads/main
|
||||
endpoint: xamarin
|
||||
|
||||
- repository: maccore
|
||||
type: github
|
||||
name: xamarin/maccore
|
||||
ref: refs/heads/main
|
||||
endpoint: xamarin
|
||||
|
||||
- repository: release-scripts
|
||||
type: github
|
||||
name: xamarin/release-scripts
|
||||
ref: refs/heads/only_codesign
|
||||
endpoint: xamarin
|
||||
|
||||
- repository: CustomPipelineTemplates
|
||||
type: git
|
||||
name: 1ESPipelineTemplates/MicroBuildTemplate
|
||||
|
||||
variables:
|
||||
- template: templates/variables.yml
|
||||
- template: templates/common/vs-release-vars.yml@sdk-insertions
|
||||
- name: MicrobuildConnector
|
||||
value: ''
|
||||
- name: MaciosUploadPrefix
|
||||
value: ''
|
||||
- name: Packaging.EnableSBOMSigning
|
||||
value: false
|
||||
|
||||
|
||||
trigger: none
|
||||
|
||||
pr:
|
||||
autoCancel: true
|
||||
branches:
|
||||
include:
|
||||
- '*' # yes, you do need the quote, * has meaning in yamls
|
||||
- '*' # yes, you do need the quote, * has meaning in yamls
|
||||
paths:
|
||||
exclude:
|
||||
- .github
|
||||
- docs
|
||||
- CODEOWNERS
|
||||
- ISSUE_TEMPLATE.md
|
||||
- LICENSE
|
||||
- NOTICE.txt
|
||||
- SECURITY.MD
|
||||
- README.md
|
||||
- src/README.md
|
||||
- tools/mtouch/README.md
|
||||
- msbuild/Xamarin.Localization.MSBuild/README.md
|
||||
- .github
|
||||
- docs
|
||||
- CODEOWNERS
|
||||
- ISSUE_TEMPLATE.md
|
||||
- LICENSE
|
||||
- NOTICE.txt
|
||||
- SECURITY.MD
|
||||
- README.md
|
||||
- src/README.md
|
||||
- tools/mtouch/README.md
|
||||
- msbuild/Xamarin.Localization.MSBuild/README.md
|
||||
|
||||
extends:
|
||||
template: templates/pipelines/build-pipeline.yml
|
||||
template: azure-pipelines/MicroBuild.1ES.Official.yml@CustomPipelineTemplates
|
||||
parameters:
|
||||
isPR: true
|
||||
signingSetupSteps:
|
||||
- template: ./templates/sign-and-notarized/setup.yml
|
||||
parameters:
|
||||
isPR: true
|
||||
pool: # default pool to be used forvalidation jobs
|
||||
name: AzurePipelines-EO
|
||||
image: 1ESPT-Windows2022
|
||||
os: windows
|
||||
sdl:
|
||||
baseline:
|
||||
baselineFile: '$(System.DefaultWorkingDirectory)\\maccore\\tools\\devops\\baselines.gdnbaselines'
|
||||
suppression:
|
||||
suppressionFile: '$(System.DefaultWorkingDirectory)\\maccore\\tools\\devops\\suppress.gdnsuppress'
|
||||
sourceAnalysisPool:
|
||||
name: AzurePipelines-EO
|
||||
image: 1ESPT-Windows2022
|
||||
os: windows
|
||||
tsa:
|
||||
configFile: '$(System.DefaultWorkingDirectory)\\maccore\\tools\\devops\\tsa_config.gdntsa'
|
||||
sbom:
|
||||
enabled: false # we run our on sbom generation
|
||||
credscan:
|
||||
suppressionsFile: '$(System.DefaultWorkingDirectory)\\maccore\\tools\\devops\\CredScanSuppressions.json'
|
||||
outputFormat: sarif
|
||||
debugMode: false
|
||||
batchSize: 16
|
||||
policheck:
|
||||
exclusionsFile: '$(System.DefaultWorkingDirectory)\\maccore\\tools\\devops\\PoliCheckExclusions.xml'
|
||||
sourceRepositoriesToScan:
|
||||
runInSingleJob: true # run both maccore and macios in the same job
|
||||
include:
|
||||
- repository: maccore
|
||||
exclude:
|
||||
- repository: yaml-templates
|
||||
- repository: sdk-insertions
|
||||
- repository: release-scripts
|
||||
stages:
|
||||
- template: templates/main-stage.yml
|
||||
parameters:
|
||||
xcodeChannel: Stable
|
||||
macOSName: ${{ parameters.macOSName }}
|
||||
isPR: true
|
||||
provisionatorChannel: ${{ parameters.provisionatorChannel }}
|
||||
pool: ${{ parameters.pool }}
|
||||
runGovernanceTests: ${{ parameters.runGovernanceTests }}
|
||||
forceInsertion: ${{ parameters.forceInsertion }}
|
||||
skipESRP: ${{ parameters.skipESRP }}
|
||||
pushNugets: ${{ parameters.pushNugets }}
|
||||
pushNugetsToMaestro: ${{ parameters.pushNugetsToMaestro }}
|
||||
${{ if ne(length(parameters.testConfigurations), 0)}}:
|
||||
testConfigurations: ${{ parameters.testConfigurations }}
|
||||
deviceTestsConfigurations: ${{ parameters.deviceTestsConfigurations }}
|
||||
macTestsConfigurations: ${{ parameters.macTestsConfigurations }}
|
||||
azureStorage: ${{ variables['azureStorage'] }}
|
||||
azureContainer: ${{ variables['azureContainer'] }}
|
||||
signingSetupSteps:
|
||||
- template: ./templates/sign-and-notarized/setup.yml
|
||||
parameters:
|
||||
isPR: true
|
||||
|
|
|
@ -83,6 +83,7 @@ stages:
|
|||
testsLabels: '--label=skip-all-tests,run-ios-tests,run-ios-simulator-tests,run-tvos-tests,run-watchos-tests,run-mac-tests,run-maccatalyst-tests,run-dotnet-tests,run-system-permission-tests,run-legacy-xamarin-tests'
|
||||
statusContext: 'VSTS: simulator tests'
|
||||
uploadArtifacts: true
|
||||
use1ES: false
|
||||
|
||||
- stage: generate_api_diff
|
||||
displayName: 'API diff'
|
||||
|
|
|
@ -44,6 +44,7 @@ steps:
|
|||
gitHubToken: ${{ parameters.gitHubToken }}
|
||||
xqaCertPass: ${{ parameters.xqaCertPass }}
|
||||
makeParallelism: '4'
|
||||
use1ES: false
|
||||
|
||||
# detect changes
|
||||
- bash: $(Build.SourcesDirectory)/xamarin-macios/tools/devops/automation/scripts/bash/compare.sh
|
||||
|
|
|
@ -58,13 +58,12 @@ jobs:
|
|||
RUN_MAC_TESTS: $[ stageDependencies.configure_build.configure.outputs['decisions.RUN_MAC_TESTS'] ]
|
||||
condition: ne(stageDependencies.configure_build.configure.outputs['decisions.RUN_MAC_TESTS'],'')
|
||||
pool:
|
||||
os: macOS
|
||||
name: $(AgentPoolComputed)
|
||||
demands:
|
||||
- Agent.OS -equals Darwin
|
||||
- macOS.Name -equals ${{ parameters.macOSName }}
|
||||
- XcodeChannel -equals ${{ parameters.xcodeChannel }}
|
||||
workspace:
|
||||
clean: all
|
||||
|
||||
steps:
|
||||
- template: build-mac-tests.yml
|
||||
|
|
|
@ -83,10 +83,10 @@ steps:
|
|||
condition: succeededOrFailed()
|
||||
|
||||
# Publish all the binlogs we collected in the previous step
|
||||
- task: PublishPipelineArtifact@1
|
||||
- task: 1ES.PublishPipelineArtifact@1
|
||||
displayName: 'Publish Artifact: All binlogs'
|
||||
inputs:
|
||||
targetPath: $(Build.ArtifactStagingDirectory)/mactests-binlogs
|
||||
artifactName: '${{ parameters.uploadPrefix }}mactests-binlogs-$(Build.BuildId)-$(System.StageAttempt)-$(System.JobAttempt)'
|
||||
path: $(Build.ArtifactStagingDirectory)/mactests-binlogs
|
||||
artifact: '${{ parameters.uploadPrefix }}mactests-binlogs-$(Build.BuildId)-$(System.StageAttempt)-$(System.JobAttempt)'
|
||||
continueOnError: true
|
||||
condition: succeededOrFailed()
|
||||
|
|
|
@ -71,11 +71,11 @@ steps:
|
|||
name: workload_file
|
||||
displayName: 'Generate "WorkloadRollback.json"'
|
||||
|
||||
- task: PublishPipelineArtifact@1
|
||||
- task: 1ES.PublishPipelineArtifact@1
|
||||
displayName: 'Publish WorkloadRollback.json'
|
||||
inputs:
|
||||
targetPath: $(Build.SourcesDirectory)/WorkloadRollback.json
|
||||
artifactName: '${{ parameters.uploadPrefix }}WorkloadRollback'
|
||||
path: $(Build.SourcesDirectory)/WorkloadRollback.json
|
||||
artifact: '${{ parameters.uploadPrefix }}WorkloadRollback'
|
||||
continueOnError: true
|
||||
|
||||
- bash: |
|
||||
|
@ -99,19 +99,19 @@ steps:
|
|||
name: pkg_versions_file
|
||||
displayName: 'Generate PkgsVersions.json'
|
||||
|
||||
- task: PublishPipelineArtifact@1
|
||||
- task: 1ES.PublishPipelineArtifact@1
|
||||
displayName: 'Publish PkgsVersions.json'
|
||||
inputs:
|
||||
targetPath: $(Build.SourcesDirectory)/PkgsVersions.json
|
||||
artifactName: '${{ parameters.uploadPrefix }}PkgsVersions'
|
||||
path: $(Build.SourcesDirectory)/PkgsVersions.json
|
||||
artifact: '${{ parameters.uploadPrefix }}PkgsVersions'
|
||||
continueOnError: true
|
||||
|
||||
# upload each of the pkgs into the pipeline artifacts
|
||||
- task: PublishPipelineArtifact@1
|
||||
- task: 1ES.PublishPipelineArtifact@1
|
||||
displayName: 'Publish Build Artifacts'
|
||||
inputs:
|
||||
targetPath: $(Build.SourcesDirectory)/package
|
||||
artifactName: '${{ parameters.uploadPrefix }}not-signed-package'
|
||||
path: $(Build.SourcesDirectory)/package
|
||||
artifact: '${{ parameters.uploadPrefix }}not-signed-package'
|
||||
continueOnError: true
|
||||
|
||||
- bash: |
|
||||
|
@ -124,18 +124,18 @@ steps:
|
|||
continueOnError: true # not a terrible blocking issue
|
||||
timeoutInMinutes: 60
|
||||
|
||||
- task: PublishPipelineArtifact@1
|
||||
- task: 1ES.PublishPipelineArtifact@1
|
||||
displayName: 'Publish test libraries dependencies'
|
||||
inputs:
|
||||
targetPath: $(Build.SourcesDirectory)/xamarin-macios/tests/package-test-libraries.zip
|
||||
artifactName: '${{ parameters.uploadPrefix }}package-test-libraries'
|
||||
path: $(Build.SourcesDirectory)/xamarin-macios/tests/package-test-libraries.zip
|
||||
artifact: '${{ parameters.uploadPrefix }}package-test-libraries'
|
||||
continueOnError: true
|
||||
|
||||
- task: PublishPipelineArtifact@1
|
||||
- task: 1ES.PublishPipelineArtifact@1
|
||||
displayName: 'Publish Build.props'
|
||||
inputs:
|
||||
targetPath: $(Build.SourcesDirectory)/xamarin-macios/Build.props
|
||||
artifactName: '${{ parameters.uploadPrefix }}Build.props'
|
||||
path: $(Build.SourcesDirectory)/xamarin-macios/Build.props
|
||||
artifact: '${{ parameters.uploadPrefix }}Build.props'
|
||||
continueOnError: true
|
||||
|
||||
- ${{ if eq(parameters.uploadBinlogs, true) }}:
|
||||
|
@ -149,10 +149,10 @@ steps:
|
|||
condition: succeededOrFailed()
|
||||
|
||||
# Publish all the binlogs we collected in the previous step
|
||||
- task: PublishPipelineArtifact@1
|
||||
- task: 1ES.PublishPipelineArtifact@1
|
||||
displayName: 'Publish Artifact: All binlogs'
|
||||
inputs:
|
||||
targetPath: $(Build.ArtifactStagingDirectory)/all-binlogs
|
||||
artifactName: '${{ parameters.uploadPrefix }}all-binlogs-$(Build.BuildId)-$(System.StageAttempt)-$(System.JobAttempt)'
|
||||
path: $(Build.ArtifactStagingDirectory)/all-binlogs
|
||||
artifact: '${{ parameters.uploadPrefix }}all-binlogs-$(Build.BuildId)-$(System.StageAttempt)-$(System.JobAttempt)'
|
||||
continueOnError: true
|
||||
condition: succeededOrFailed()
|
||||
|
|
|
@ -81,13 +81,12 @@ jobs:
|
|||
XHARNESS_LABELS: $[ stageDependencies.configure_build.configure.outputs['labels.xharness_labels'] ]
|
||||
RUN_MAC_TESTS: $[ stageDependencies.configure_build.configure.outputs['decisions.RUN_MAC_TESTS'] ]
|
||||
pool:
|
||||
os: macOS
|
||||
name: $(AgentPoolComputed)
|
||||
demands:
|
||||
- Agent.OS -equals Darwin
|
||||
- macOS.Name -equals ${{ parameters.macOSName }}
|
||||
- XcodeChannel -equals ${{ parameters.xcodeChannel }}
|
||||
workspace:
|
||||
clean: all
|
||||
|
||||
steps:
|
||||
- template: build-pkgs.yml
|
||||
|
|
|
@ -39,6 +39,10 @@ parameters:
|
|||
type: number
|
||||
default: 3
|
||||
|
||||
- name: use1ES
|
||||
type: boolean
|
||||
default: true
|
||||
|
||||
steps:
|
||||
|
||||
- template: ../common/checkout.yml
|
||||
|
@ -207,6 +211,7 @@ steps:
|
|||
- template: ../common/teardown.yml
|
||||
parameters:
|
||||
keyringPass: ${{ parameters.keyringPass }}
|
||||
use1ES: ${{ parameters.use1ES }}
|
||||
|
||||
# if we failed, write a comment and set the pipeline to failure. In this case, we do not want to hide the fact that we failed but we also want
|
||||
# to write a comment.
|
||||
|
|
|
@ -7,6 +7,10 @@ parameters:
|
|||
type: boolean
|
||||
default: false
|
||||
|
||||
- name: use1ES
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
- name: repositoryAlias
|
||||
type: string
|
||||
default: self
|
||||
|
@ -98,9 +102,17 @@ steps:
|
|||
|
||||
# upload config to be consumed later
|
||||
- ${{ if eq(parameters.uploadArtifacts, true) }}:
|
||||
- task: PublishPipelineArtifact@1
|
||||
displayName: 'Publish Artifact: configuration.json'
|
||||
inputs:
|
||||
targetPath: '$(Build.ArtifactStagingDirectory)/configuration.json'
|
||||
artifactName: '${{ parameters.uploadPrefix }}build-configuration'
|
||||
continueOnError: true
|
||||
- ${{ if eq(parameters.use1ES, true) }}:
|
||||
- task: 1ES.PublishPipelineArtifact@1
|
||||
displayName: 'Publish Artifact: configuration.json'
|
||||
inputs:
|
||||
path: '$(Build.ArtifactStagingDirectory)/configuration.json'
|
||||
artifact: '${{ parameters.uploadPrefix }}build-configuration'
|
||||
continueOnError: true
|
||||
- ${{ else }}:
|
||||
- task: PublishPipelineArtifact@1
|
||||
displayName: 'Publish Artifact: configuration.json'
|
||||
inputs:
|
||||
targetPath: '$(Build.ArtifactStagingDirectory)/configuration.json'
|
||||
artifactName: '${{ parameters.uploadPrefix }}build-configuration'
|
||||
continueOnError: true
|
||||
|
|
|
@ -33,6 +33,10 @@ parameters:
|
|||
type: string
|
||||
default: '$(MaciosUploadPrefix)'
|
||||
|
||||
- name: use1ES
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
steps:
|
||||
|
||||
- pwsh: >-
|
||||
|
@ -49,14 +53,26 @@ steps:
|
|||
|
||||
# only upload when told so
|
||||
- ${{ if eq(parameters.uploadLogs, true) }}:
|
||||
- task: PublishPipelineArtifact@1
|
||||
displayName: 'Publish Artifact: Agent logs'
|
||||
condition: always()
|
||||
inputs:
|
||||
# add or not the working dir to the upload
|
||||
${{ if eq(parameters.workingDirectory, '') }}:
|
||||
targetPath: ${{ parameters.outputPath }}
|
||||
${{ else }}:
|
||||
targetPath: ${{ parameters.workingDirectory }}/${{ parameters.outputPath }}
|
||||
artifactName: '${{ parameters.uploadPrefix }}$(Agent.Name)-$(System.JobName)-$(System.JobId)-${{ parameters.outputPath }}'
|
||||
continueOnError: true
|
||||
- ${{ if eq(parameters.use1ES, true) }}:
|
||||
- task: 1ES.PublishPipelineArtifact@1
|
||||
displayName: 'Publish Artifact: Agent logs'
|
||||
condition: always()
|
||||
inputs:
|
||||
${{ if eq(parameters.workingDirectory, '') }}:
|
||||
path: ${{ parameters.outputPath }}
|
||||
${{ else }}:
|
||||
path: ${{ parameters.workingDirectory }}/${{ parameters.outputPath }}
|
||||
artifact: '${{ parameters.uploadPrefix }}$(Agent.Name)-$(System.JobName)-$(System.JobId)-${{ parameters.outputPath }}'
|
||||
continueOnError: true
|
||||
- ${{ else }}:
|
||||
- task: PublishPipelineArtifact@1
|
||||
displayName: 'Publish Artifact: Agent logs'
|
||||
condition: always()
|
||||
inputs:
|
||||
# add or not the working dir to the upload
|
||||
${{ if eq(parameters.workingDirectory, '') }}:
|
||||
targetPath: ${{ parameters.outputPath }}
|
||||
${{ else }}:
|
||||
targetPath: ${{ parameters.workingDirectory }}/${{ parameters.outputPath }}
|
||||
artifactName: '${{ parameters.uploadPrefix }}$(Agent.Name)-$(System.JobName)-$(System.JobId)-${{ parameters.outputPath }}'
|
||||
continueOnError: true
|
||||
|
|
|
@ -5,6 +5,10 @@ parameters:
|
|||
- name: keyringPass
|
||||
type: string
|
||||
|
||||
- name: use1ES
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
steps:
|
||||
|
||||
- pwsh: |
|
||||
|
@ -30,3 +34,4 @@ steps:
|
|||
- template: mac-agent-logs.yml
|
||||
parameters:
|
||||
outputPath: agent-logs.log
|
||||
use1ES: ${{ parameters.use1ES }}
|
||||
|
|
|
@ -88,9 +88,9 @@ steps:
|
|||
GdnBreakOutputSuppressionFile: $(Build.ArtifactStagingDirectory)\GuardianSuppressions\falsepositives.gdnsuppress
|
||||
GdnBreakOutputSuppressionSet: falsepositives
|
||||
|
||||
- task: PublishBuildArtifacts@1
|
||||
- task: 1ES.PublishPipelineArtifact@1
|
||||
displayName: Publish Artifact for Guardian Supressions
|
||||
inputs:
|
||||
PathtoPublish: $(Build.ArtifactStagingDirectory)\GuardianSuppressions
|
||||
ArtifactName: Guardian Suppressions APIScan $(PLATFORM) $(VERSION)
|
||||
path: $(Build.ArtifactStagingDirectory)\GuardianSuppressions
|
||||
artifact: Guardian Suppressions APIScan $(PLATFORM) $(VERSION)
|
||||
condition: failed()
|
||||
|
|
|
@ -1,108 +0,0 @@
|
|||
parameters:
|
||||
|
||||
- name: isPR
|
||||
type: boolean
|
||||
|
||||
- name: repositoryAlias
|
||||
type: string
|
||||
default: self
|
||||
|
||||
- name: commit
|
||||
type: string
|
||||
default: HEAD
|
||||
|
||||
- name: uploadPrefix
|
||||
type: string
|
||||
default: '$(MaciosUploadPrefix)'
|
||||
|
||||
steps:
|
||||
|
||||
- template: ../common/checkout.yml
|
||||
parameters:
|
||||
isPR: ${{ parameters.isPR }}
|
||||
repositoryAlias: ${{ parameters.repositoryAlias }}
|
||||
commit: ${{ parameters.commit }}
|
||||
|
||||
- powershell: |
|
||||
Write-Host 'Source dir $(Build.SourcesDirectory)'
|
||||
Write-Host 'Working dir $System.DefaultWorkingDirectory)'
|
||||
|
||||
Dir $(Build.SourcesDirectory)
|
||||
Dir $(System.DefaultWorkingDirectory)
|
||||
displayName: Show directories
|
||||
|
||||
- powershell: |
|
||||
Get-ChildItem -Recurse -Path $(Build.SourcesDirectory)/maccore
|
||||
displayName: Show maccore content
|
||||
|
||||
- pwsh: $(System.DefaultWorkingDirectory)/xamarin-macios/tools/devops/automation/scripts/show_env.ps1
|
||||
displayName: 'Show Environment'
|
||||
|
||||
- task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
|
||||
displayName: 'Component Detection'
|
||||
|
||||
- task: CredScan@3
|
||||
displayName: "Run CredScan"
|
||||
inputs:
|
||||
suppressionsFile: '$(System.DefaultWorkingDirectory)/maccore/tools/devops/CredScanSuppressions.json'
|
||||
outputFormat: 'sarif'
|
||||
verboseOutput: true
|
||||
|
||||
- task: PoliCheck@2
|
||||
inputs:
|
||||
inputType: 'Basic'
|
||||
targetType: 'F'
|
||||
targetArgument: '$(Build.SourcesDirectory)'
|
||||
result: '$(Build.SourcesDirectory)/PoliCheck.xml'
|
||||
optionsUEPATH: '$(System.DefaultWorkingDirectory)/maccore/tools/devops/PoliCheckExclusions.xml'
|
||||
|
||||
- task: SdtReport@2
|
||||
displayName: Create Security Analysis Report
|
||||
inputs:
|
||||
GdnExportAllTools: false
|
||||
GdnExportGdnToolCredScan: true
|
||||
GdnExportGdnToolCredScanSeverity: 'error'
|
||||
GdnExportGdnToolPoliCheck: true
|
||||
GdnExportGdnToolPoliCheckSeverity: 'error'
|
||||
|
||||
- task: PublishSecurityAnalysisLogs@3
|
||||
displayName: Publish Security Analysis Logs
|
||||
inputs:
|
||||
ArtifactName: 'CodeAnalysisLogs - General'
|
||||
ArtifactType: 'Container'
|
||||
AllTools: true
|
||||
ToolLogsNotFoundAction: 'Standard'
|
||||
|
||||
- task: TSAUpload@2
|
||||
inputs:
|
||||
GdnPublishTsaOnboard: true
|
||||
GdnPublishTsaConfigFile: '$(System.DefaultWorkingDirectory)\\maccore\\tools\\devops\\tsa_config.gdntsa'
|
||||
GdnPublishTsaExportedResultsPublishable: true
|
||||
displayName: Create bugs for compliance tools results
|
||||
condition: succeededOrFailed()
|
||||
env:
|
||||
WorkingDirectory: '$(Build.SourcesDirectory)/xamarin-macios'
|
||||
|
||||
- task: PublishPipelineArtifact@1
|
||||
displayName: 'Publish Artifact: Policheck Results'
|
||||
inputs:
|
||||
targetPath: '$(Build.SourcesDirectory)/PoliCheck.xml'
|
||||
artifactName: '${{ parameters.uploadPrefix }}Policheck'
|
||||
continueOnError: true
|
||||
condition: always()
|
||||
|
||||
- task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2
|
||||
displayName: Break on compliance issues
|
||||
inputs:
|
||||
GdnBreakAllTools: true
|
||||
GdnBreakSuppressionFiles: $(Build.SourcesDirectory)\maccore\tools\devops\falsepositives.gdnsuppress
|
||||
GdnBreakSuppressionSets: falsepositives
|
||||
GdnBreakOutputSuppressionFile: $(Build.ArtifactStagingDirectory)\GuardianSuppressions\falsepositives.gdnsuppress
|
||||
GdnBreakOutputSuppressionSet: falsepositives
|
||||
|
||||
- task: PublishBuildArtifacts@1
|
||||
displayName: Publish Artifact for Guardian Supressions
|
||||
inputs:
|
||||
PathtoPublish: $(Build.ArtifactStagingDirectory)\GuardianSuppressions
|
||||
ArtifactName: Guardian Suppressions
|
||||
condition: failed()
|
|
@ -19,7 +19,7 @@ parameters:
|
|||
|
||||
stages:
|
||||
- stage: governance_checks
|
||||
displayName: '${{ parameters.stageDisplayNamePrefix }}Governance Checks'
|
||||
displayName: '${{ parameters.stageDisplayNamePrefix }}API Scan'
|
||||
dependsOn: [ configure_build, build_packages]
|
||||
|
||||
jobs:
|
||||
|
@ -31,7 +31,6 @@ stages:
|
|||
demands:
|
||||
- ImageOverride -equals 1ESPT-Windows2022
|
||||
|
||||
condition: ne(stageDependencies.configure_build.configure.outputs['apiscan_matrix.APISCAN_MATRIX'],'')
|
||||
strategy:
|
||||
matrix: $[ stageDependencies.configure_build.configure.outputs['apiscan_matrix.APISCAN_MATRIX'] ]
|
||||
|
||||
|
@ -41,15 +40,3 @@ stages:
|
|||
isPR: ${{ parameters.isPR }}
|
||||
repositoryAlias: ${{ parameters.repositoryAlias }}
|
||||
commit: ${{ parameters.commit }}
|
||||
|
||||
- job: general_governance
|
||||
displayName: 'Governance Checks'
|
||||
pool:
|
||||
vmImage: windows-latest
|
||||
|
||||
steps:
|
||||
- template: ./general.yml
|
||||
parameters:
|
||||
isPR: ${{ parameters.isPR }}
|
||||
repositoryAlias: ${{ parameters.repositoryAlias }}
|
||||
commit: ${{ parameters.commit }}
|
||||
|
|
|
@ -292,7 +292,10 @@ stages:
|
|||
- job:
|
||||
displayName: 'Clean comments'
|
||||
pool:
|
||||
vmImage: windows-latest
|
||||
name: AzurePipelines-EO
|
||||
demands:
|
||||
- ImageOverride -equals 1ESPT-Windows2022
|
||||
|
||||
steps:
|
||||
- template: ./common/clean.yml
|
||||
|
||||
|
@ -302,11 +305,12 @@ stages:
|
|||
${{ if and(ne(parameters.dependsOn, ''), ne(parameters.dependsOnResult, '')) }}:
|
||||
condition: eq(dependencies.${{ parameters.dependsOn }}.result, '${{ parameters.dependsOnResult }}')
|
||||
jobs:
|
||||
|
||||
- ${{ if eq(parameters.pool, 'automatic') }}:
|
||||
- job: AgentPoolSelector # https://docs.microsoft.com/en-us/azure/devops/pipelines/process/phases?view=azure-devops&tabs=yaml
|
||||
pool: # Consider using an agentless (server) job here, but would need to host selection logic as an Azure function: https://docs.microsoft.com/en-us/azure/devops/pipelines/yaml-schema?view=azure-devops&tabs=schema#server
|
||||
vmImage: ubuntu-latest
|
||||
pool: # Consider using an agentless (server) job here, but would need to host selection logic as an Azure function: https://docs.microsoft.com/en-us/azure/devops/pipelines/yaml-schema?view=azure-devops&tabs=schema#server
|
||||
name: AzurePipelines-EO
|
||||
demands:
|
||||
- ImageOverride -equals 1ESPT-Windows2022
|
||||
steps:
|
||||
- checkout: none # https://docs.microsoft.com/en-us/azure/devops/pipelines/yaml-schema?view=azure-devops&tabs=schema#checkout
|
||||
|
||||
|
@ -321,7 +325,9 @@ stages:
|
|||
- job: configure
|
||||
displayName: 'Configure build'
|
||||
pool:
|
||||
vmImage: windows-latest
|
||||
name: AzurePipelines-EO
|
||||
demands:
|
||||
- ImageOverride -equals 1ESPT-Windows2022
|
||||
|
||||
variables:
|
||||
isMain: $[eq(variables['Build.SourceBranch'], 'refs/heads/main')]
|
||||
|
@ -338,6 +344,7 @@ stages:
|
|||
testsLabels: '--label=skip-all-tests,run-ios-tests,run-ios-simulator-tests,run-tvos-tests,run-watchos-tests,run-mac-tests,run-maccatalyst-tests,run-dotnet-tests,run-system-permission-tests,run-legacy-xamarin-tests'
|
||||
statusContext: 'VSTS: simulator tests'
|
||||
uploadArtifacts: true
|
||||
use1ES: true
|
||||
|
||||
- stage: build_packages
|
||||
displayName: '${{ parameters.stageDisplayNamePrefix }}Build'
|
||||
|
@ -434,4 +441,4 @@ stages:
|
|||
azureContainer: ${{ parameters.azureContainer }}
|
||||
packages: # flatten the pkgs for the parameter
|
||||
- ${{ each pkg in parameters.legacyPackageJobs }}:
|
||||
- ${{ pkg }}
|
||||
- ${{ pkg }}
|
||||
|
|
|
@ -1,224 +0,0 @@
|
|||
# template that can be extended by pipelines that will be used to build the project. This
|
||||
# allows to share te parameters and resources.
|
||||
|
||||
parameters:
|
||||
|
||||
- name: provisionatorChannel
|
||||
displayName: Provisionator channel to use
|
||||
type: string
|
||||
default: 'latest'
|
||||
|
||||
- name: macOSName # comes from the build agent demand named macOS.Name
|
||||
displayName: Name of the version of macOS to use
|
||||
type: string
|
||||
default: 'Sonoma'
|
||||
|
||||
- name: pool
|
||||
type: string
|
||||
displayName: Bot pool to use
|
||||
default: automatic
|
||||
values:
|
||||
- pr
|
||||
- ci
|
||||
- automatic
|
||||
|
||||
- name: runGovernanceTests
|
||||
displayName: Run Governance Checks
|
||||
type: boolean
|
||||
default: true
|
||||
|
||||
- name: forceInsertion
|
||||
displayName: Force Insertion
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
- name: skipESRP
|
||||
displayName: Skip ESRP
|
||||
type: boolean
|
||||
default: false # only to be used when testing the CI and we do not need a signed pkg
|
||||
|
||||
- name: pushNugets
|
||||
type: boolean
|
||||
default: true
|
||||
|
||||
- name: pushNugetsToMaestro
|
||||
type: boolean
|
||||
default: true
|
||||
|
||||
- name: isPR
|
||||
displayName: Is PR build
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
- name: signingSetupSteps
|
||||
type: stepList
|
||||
default: []
|
||||
|
||||
- name: testConfigurations
|
||||
displayName: Test configurations to run
|
||||
type: object
|
||||
default: []
|
||||
|
||||
- name: deviceTestsConfigurations
|
||||
displayName: Device test configurations to run
|
||||
type: object
|
||||
default: [
|
||||
{
|
||||
testPrefix: 'iOS64',
|
||||
stageName: 'ios64b_device',
|
||||
displayName: 'iOS64 Device Tests',
|
||||
testPool: 'VSEng-Xamarin-Mac-Devices',
|
||||
testsLabels: '--label=run-ios-tests,run-non-monotouch-tests,run-monotouch-tests,run-mscorlib-tests',
|
||||
statusContext: 'VSTS: device tests iOS',
|
||||
makeTarget: 'vsts-device-tests',
|
||||
extraBotDemands: [
|
||||
'ios',
|
||||
]
|
||||
},
|
||||
{
|
||||
testPrefix: 'tvos',
|
||||
stageName: 'tvos_device',
|
||||
displayName: 'tvOS Device Tests',
|
||||
testPool: 'VSEng-Xamarin-Mac-Devices',
|
||||
testsLabels: '--label=run-tvos-tests,run-non-monotouch-tests,run-monotouch-tests,run-mscorlib-tests',
|
||||
statusContext: 'VSTS: device tests tvOS',
|
||||
makeTarget: 'vsts-device-tests',
|
||||
extraBotDemands: [
|
||||
'tvos',
|
||||
]
|
||||
}]
|
||||
|
||||
- name: macTestsConfigurations
|
||||
displayName: macOS test configurations to run
|
||||
type: object
|
||||
default: [
|
||||
{
|
||||
stageName: 'mac_11_m1',
|
||||
displayName: 'M1 - Mac Big Sur (11)',
|
||||
macPool: 'VSEng-VSMac-Xamarin-Shared',
|
||||
useImage: false,
|
||||
statusContext: 'M1 - Mac Big Sur (11)',
|
||||
demands: [
|
||||
"Agent.OS -equals Darwin",
|
||||
"macOS.Name -equals BigSur",
|
||||
"macOS.Architecture -equals arm64",
|
||||
"Agent.HasDevices -equals False",
|
||||
"Agent.IsPaired -equals False"
|
||||
]
|
||||
},
|
||||
{
|
||||
stageName: 'mac_12_m1',
|
||||
displayName: 'M1 - Mac Ventura (12)',
|
||||
macPool: 'VSEng-VSMac-Xamarin-Shared',
|
||||
useImage: false,
|
||||
statusContext: 'M1 - Mac Monterey (12)',
|
||||
demands: [
|
||||
"Agent.OS -equals Darwin",
|
||||
"macOS.Name -equals Monterey",
|
||||
"macOS.Architecture -equals arm64",
|
||||
"Agent.HasDevices -equals False",
|
||||
"Agent.IsPaired -equals False"
|
||||
]
|
||||
},
|
||||
{
|
||||
stageName: 'mac_13_m1',
|
||||
displayName: 'M1 - Mac Ventura (13)',
|
||||
macPool: 'VSEng-VSMac-Xamarin-Shared',
|
||||
useImage: false,
|
||||
statusContext: 'M1 - Mac Ventura (13)',
|
||||
demands: [
|
||||
"Agent.OS -equals Darwin",
|
||||
"macOS.Name -equals Ventura",
|
||||
"macOS.Architecture -equals arm64",
|
||||
"Agent.HasDevices -equals False",
|
||||
"Agent.IsPaired -equals False"
|
||||
]
|
||||
},
|
||||
{
|
||||
stageName: 'mac_14_x64',
|
||||
displayName: 'X64 - Mac Sonoma (14)',
|
||||
macPool: 'VSEng-Xamarin-RedmondMacBuildPool-iOS-Untrusted',
|
||||
useImage: false,
|
||||
statusContext: 'X64 - Mac Sonoma (14)',
|
||||
demands: [
|
||||
"Agent.OS -equals Darwin",
|
||||
"macOS.Name -equals Sonoma",
|
||||
"macOS.Architecture -equals x64",
|
||||
"Agent.HasDevices -equals False",
|
||||
"Agent.IsPaired -equals False"
|
||||
]
|
||||
}]
|
||||
|
||||
resources:
|
||||
repositories:
|
||||
- repository: self
|
||||
checkoutOptions:
|
||||
submodules: true
|
||||
|
||||
- repository: yaml-templates
|
||||
type: github
|
||||
name: xamarin/yaml-templates
|
||||
ref: refs/heads/main
|
||||
endpoint: xamarin
|
||||
|
||||
- repository: sdk-insertions
|
||||
type: github
|
||||
name: xamarin/sdk-insertions
|
||||
ref: refs/heads/main
|
||||
endpoint: xamarin
|
||||
|
||||
- repository: maccore
|
||||
type: github
|
||||
name: xamarin/maccore
|
||||
ref: refs/heads/main
|
||||
endpoint: xamarin
|
||||
|
||||
- repository: release-scripts
|
||||
type: github
|
||||
name: xamarin/release-scripts
|
||||
ref: refs/heads/only_codesign
|
||||
endpoint: xamarin
|
||||
|
||||
|
||||
variables:
|
||||
- ${{ if eq(parameters.isPR, false) }}:
|
||||
- ${{ if contains(variables['Build.DefinitionName'], 'private') }}:
|
||||
- template: ../vsts-variables.yml
|
||||
- template: templates/common/vs-release-vars.yml@sdk-insertions
|
||||
- template: ../variables.yml
|
||||
- name: MicrobuildConnector
|
||||
value: 'MicroBuild Signing Task (DevDiv)'
|
||||
- name: MaciosUploadPrefix
|
||||
value: ''
|
||||
- name: DisablePipelineConfigDetector
|
||||
value: true
|
||||
- ${{ else }}:
|
||||
- template: ../variables.yml
|
||||
- template: templates/common/vs-release-vars.yml@sdk-insertions
|
||||
- name: MicrobuildConnector
|
||||
value: ''
|
||||
- name: MaciosUploadPrefix
|
||||
value: ''
|
||||
- name: Packaging.EnableSBOMSigning
|
||||
value: false
|
||||
|
||||
stages:
|
||||
- template: ../main-stage.yml
|
||||
parameters:
|
||||
xcodeChannel: Stable
|
||||
macOSName: ${{ parameters.macOSName }}
|
||||
isPR: ${{ parameters.isPR }}
|
||||
provisionatorChannel: ${{ parameters.provisionatorChannel }}
|
||||
pool: ${{ parameters.pool }}
|
||||
runGovernanceTests: ${{ parameters.runGovernanceTests }}
|
||||
forceInsertion: ${{ parameters.forceInsertion }}
|
||||
skipESRP: ${{ parameters.skipESRP }}
|
||||
pushNugets: ${{ parameters.pushNugets }}
|
||||
pushNugetsToMaestro: ${{ parameters.pushNugetsToMaestro }}
|
||||
${{ if ne(length(parameters.testConfigurations), 0)}}:
|
||||
testConfigurations: ${{ parameters.testConfigurations }}
|
||||
deviceTestsConfigurations: ${{ parameters.deviceTestsConfigurations }}
|
||||
macTestsConfigurations: ${{ parameters.macTestsConfigurations }}
|
||||
azureStorage: ${{ variables['azureStorage'] }}
|
||||
azureContainer: ${{ variables['azureContainer'] }}
|
||||
signingSetupSteps: ${{ parameters.signingSetupSteps }}
|
|
@ -37,12 +37,15 @@ steps:
|
|||
patterns: |
|
||||
*.nupkg
|
||||
|
||||
- task: NuGetCommand@2
|
||||
displayName: Publish Nugets to dotnet6
|
||||
- task: 1ES.PublishNuget@1
|
||||
displayName: Publish Nuget package
|
||||
inputs:
|
||||
command: push
|
||||
packagesToPush: $(Build.SourcesDirectory)/package/*.nupkg
|
||||
useDotNetTask: false # The default is false to use the NuGetCommand task. Set to true to use the DotNetCoreCLI task to publish packages.
|
||||
packagesToPush: '$(Build.SourcesDirectory)/package/*.nupkg'
|
||||
packageParentPath: '$(Build.SourcesDirectory)/package'
|
||||
nuGetFeedType: external
|
||||
allowPackageConflicts: true # Optional. NuGetCommand task only.
|
||||
publishPackageMetadata: true # Optional
|
||||
publishFeedCredentials: variables['nuget-feed']
|
||||
|
||||
- task: DownloadPipelineArtifact@2
|
||||
|
@ -52,10 +55,13 @@ steps:
|
|||
patterns: |
|
||||
*.nupkg
|
||||
|
||||
- task: NuGetCommand@2
|
||||
displayName: Publish Nugets to dotnet6
|
||||
- task: 1ES.PublishNuget@1
|
||||
displayName: Publish MSI Nugets package
|
||||
inputs:
|
||||
command: push
|
||||
packagesToPush: $(Build.SourcesDirectory)/vs-msi-nugets/*.nupkg
|
||||
useDotNetTask: false
|
||||
packagesToPush: '$(Build.SourcesDirectory)/vs-msi-nugets/*.nupkg'
|
||||
packageParentPath: '$(Build.SourcesDirectory)/vs-msi-nugets'
|
||||
nuGetFeedType: external
|
||||
allowPackageConflicts: true
|
||||
publishPackageMetadata: true
|
||||
publishFeedCredentials: variables['nuget-feed']
|
||||
|
|
|
@ -52,6 +52,7 @@ stages:
|
|||
# Check - "xamarin-macios (Prepare Release Sign NuGets)"
|
||||
- template: sign-artifacts/jobs/v2.yml@yaml-templates
|
||||
parameters:
|
||||
use1ESTemplate: true
|
||||
signedArtifactName: '${{ parameters.uploadPrefix }}nuget-signed'
|
||||
artifactName: '${{ parameters.uploadPrefix }}not-signed-package'
|
||||
signType: Real
|
||||
|
@ -61,6 +62,7 @@ stages:
|
|||
# Check - "xamarin-macios (Prepare Release Convert NuGet to MSI)"
|
||||
- template: nuget-msi-convert/job/v3.yml@yaml-templates
|
||||
parameters:
|
||||
use1ESTemplate: true
|
||||
yamlResourceName: yaml-templates
|
||||
dependsOn: signing
|
||||
artifactName: '${{ parameters.uploadPrefix }}nuget-signed'
|
||||
|
@ -109,7 +111,9 @@ stages:
|
|||
- ${{ if eq(parameters.isPR, false) }}:
|
||||
- group: Publish-Build-Assets
|
||||
pool:
|
||||
vmImage: windows-latest
|
||||
name: AzurePipelines-EO
|
||||
demands:
|
||||
- ImageOverride -equals 1ESPT-Windows2022
|
||||
steps:
|
||||
- task: DownloadPipelineArtifact@2
|
||||
inputs:
|
||||
|
@ -118,6 +122,17 @@ stages:
|
|||
patterns: |
|
||||
*.nupkg
|
||||
|
||||
- task: 1ES.PublishNuget@1
|
||||
displayName: Publish Nugets package
|
||||
inputs:
|
||||
useDotNetTask: false # The default is false to use the NuGetCommand task. Set to true to use the DotNetCoreCLI task to publish packages.
|
||||
packagesToPush: '$(Build.SourcesDirectory)/package/*.nupkg'
|
||||
packageParentPath: '$(Build.SourcesDirectory)/package'
|
||||
nuGetFeedType: external
|
||||
allowPackageConflicts: true # Optional. NuGetCommand task only.
|
||||
publishPackageMetadata: true # Optional
|
||||
publishFeedCredentials: dnceng-dotnet8
|
||||
|
||||
- task: DownloadPipelineArtifact@2
|
||||
inputs:
|
||||
artifactName: '${{ parameters.uploadPrefix }}vs-msi-nugets'
|
||||
|
@ -125,6 +140,17 @@ stages:
|
|||
patterns: |
|
||||
*.nupkg
|
||||
|
||||
- task: 1ES.PublishNuget@1
|
||||
displayName: Publish MSI Nugets package
|
||||
inputs:
|
||||
useDotNetTask: false
|
||||
packagesToPush: '$(Build.SourcesDirectory)/${{ parameters.uploadPrefix }}vs-msi-nugets/*.nupkg'
|
||||
packageParentPath: '$(Build.SourcesDirectory)/${{ parameters.uploadPrefix }}vs-msi-nugets'
|
||||
nuGetFeedType: external
|
||||
allowPackageConflicts: true
|
||||
publishPackageMetadata: true
|
||||
publishFeedCredentials: dnceng-dotnet8
|
||||
|
||||
- pwsh: |
|
||||
mkdir $(Build.SourcesDirectory)/nugets-blob
|
||||
cp $(Build.SourcesDirectory)/package/* $(Build.SourcesDirectory)/nugets-blob
|
||||
|
@ -205,10 +231,10 @@ stages:
|
|||
workingDirectory: $(Build.SourcesDirectory)\..
|
||||
condition: and(succeeded(), eq('${{ parameters.pushNugetsToMaestro }}', 'true'))
|
||||
|
||||
- task: PublishPipelineArtifact@1
|
||||
- task: 1ES.PublishPipelineArtifact@1
|
||||
displayName: 'Publish Artifact: maestro-binlogs'
|
||||
inputs:
|
||||
targetPath: $(Build.ArtifactStagingDirectory)/maestro-binlogs
|
||||
artifactName: ${{ parameters.uploadPrefix }}maestro-binlogs-$(System.JobAttempt)
|
||||
path: $(Build.ArtifactStagingDirectory)/maestro-binlogs
|
||||
artifact: ${{ parameters.uploadPrefix }}maestro-binlogs-$(System.JobAttempt)
|
||||
condition: and(succeededOrFailed(), eq('${{ parameters.pushNugetsToMaestro }}', 'true'))
|
||||
continueOnError: true
|
||||
|
|
|
@ -29,14 +29,15 @@ jobs:
|
|||
displayName: 'Collect signed artifacts'
|
||||
condition: and(not(failed()), not(canceled())) # default is succeded(), but that fails if there are any skipped jobs, so change the condition to !failed && !cancelled
|
||||
timeoutInMinutes: 1000
|
||||
pool:
|
||||
vmImage: internal-macos-11
|
||||
workspace:
|
||||
clean: all
|
||||
variables:
|
||||
AgentPoolComputed: $[ stageDependencies.configure_build.AgentPoolSelector.outputs['setAgentPool.AgentPoolComputed'] ]
|
||||
${{ each pkg in parameters.packages }}:
|
||||
${{ pkg.conditionVariable }}: $[ stageDependencies.configure_build.configure.outputs['configure_platforms.${{ pkg.conditionVariable }}'] ]
|
||||
|
||||
pool:
|
||||
os: macOS
|
||||
name: $(AgentPoolComputed)
|
||||
|
||||
steps:
|
||||
|
||||
# DO NOT USE THE checkout.yml template. The reason is that the template changes the hash which results in a problem with the artifacts scripts
|
||||
|
@ -105,11 +106,11 @@ jobs:
|
|||
allowFailedBuilds: true
|
||||
path: $(Build.SourcesDirectory)/package-internal
|
||||
|
||||
- task: PublishPipelineArtifact@1
|
||||
displayName: 'Publish Build Internal Artifacts'
|
||||
- task: 1ES.PublishPipelineArtifact@1
|
||||
displayName: 'Publish Build Artifacts (notarized)'
|
||||
inputs:
|
||||
targetPath: $(Build.SourcesDirectory)/package-internal
|
||||
artifactName: '${{ parameters.uploadPrefix }}package-internal'
|
||||
path: $(Build.SourcesDirectory)/package-internal
|
||||
artifact: '${{ parameters.uploadPrefix }}package-internal'
|
||||
continueOnError: true
|
||||
|
||||
# download msbuild.zip and bundle.zip to the 'package' dir, so that they're uploaded into the 'package' artifact,
|
||||
|
@ -131,11 +132,11 @@ jobs:
|
|||
ls -la "$BUILD_SOURCESDIRECTORY"/package
|
||||
displayName: Copy msbuild.zip and bundle.zip to the package artifact
|
||||
|
||||
- task: PublishPipelineArtifact@1
|
||||
- task: 1ES.PublishPipelineArtifact@1
|
||||
displayName: 'Publish Build Artifacts (notarized)'
|
||||
inputs:
|
||||
targetPath: $(Build.SourcesDirectory)/package
|
||||
artifactName: '${{ parameters.uploadPrefix }}package'
|
||||
path: $(Build.SourcesDirectory)/package
|
||||
artifact: '${{ parameters.uploadPrefix }}package'
|
||||
continueOnError: true
|
||||
|
||||
# This job uploads the pkgs generated by the build step in the azure blob storage. This has to be done in a different job
|
||||
|
@ -144,6 +145,16 @@ jobs:
|
|||
- job: upload_azure_blob
|
||||
displayName: 'Upload packages to Azure & SBOM'
|
||||
timeoutInMinutes: 1000
|
||||
templateContext: # disable some of the sdl tasks for this job
|
||||
sdl:
|
||||
credscan: # run in the sdl stage
|
||||
enabled: false
|
||||
binskim: # job does not compile anything
|
||||
enabled: false
|
||||
eslint: # no js or anything similar
|
||||
enabled: false
|
||||
bandit: # we have no python
|
||||
enabled: false
|
||||
dependsOn:
|
||||
- funnel_job
|
||||
condition: and(not(failed()), not(canceled())) # default is succeded(), but that fails if there are any skipped jobs, so change the condition to !failed && !cancelled
|
||||
|
@ -157,9 +168,7 @@ jobs:
|
|||
pool:
|
||||
name: azurepipelines-EO
|
||||
demands:
|
||||
- ImageOverride -equals AzurePipelinesWindows2022compliant
|
||||
workspace:
|
||||
clean: all
|
||||
- ImageOverride -equals 1ESPT-Windows2022
|
||||
steps:
|
||||
- template: upload-azure.yml
|
||||
parameters:
|
||||
|
@ -181,9 +190,9 @@ jobs:
|
|||
TESTS_BOT: $[ stageDependencies.build_packages.build.outputs['build.TESTS_BOT'] ] # we build in a diff bot than the ones used for the comments
|
||||
GIT_HASH: $[ stageDependencies.build_packages.build.outputs['fix_commit.GIT_HASH'] ]
|
||||
pool:
|
||||
vmImage: windows-latest
|
||||
workspace:
|
||||
clean: all
|
||||
name: AzurePipelines-EO
|
||||
demands:
|
||||
- ImageOverride -equals 1ESPT-Windows2022
|
||||
steps:
|
||||
- template: artifact-github-comment.yml
|
||||
parameters:
|
||||
|
|
|
@ -34,9 +34,8 @@ jobs:
|
|||
condition: ne(stageDependencies.configure_build.configure.outputs['configure_platforms.${{ pkg.conditionVariable }}'],'')
|
||||
timeoutInMinutes: 1000
|
||||
pool:
|
||||
vmImage: internal-macos-11
|
||||
workspace:
|
||||
clean: all
|
||||
name: 'VSEng-Xamarin-RedmondMacBuildPool-iOS-Trusted' # always use the trusted pool for signing.
|
||||
os: macOS
|
||||
|
||||
steps:
|
||||
- template: sign-and-notarized.yml
|
||||
|
|
|
@ -53,6 +53,9 @@ steps:
|
|||
version: 3.x
|
||||
displayName: 'Install .NET Core SDK 3.x needed for ESRP'
|
||||
|
||||
- pwsh: $(System.DefaultWorkingDirectory)/xamarin-macios/tools/devops/automation/scripts/show_env.ps1
|
||||
displayName: 'Show Environment'
|
||||
|
||||
- task: MicroBuildSigningPlugin@4
|
||||
displayName: 'Install Signing Plugin'
|
||||
inputs:
|
||||
|
|
|
@ -108,11 +108,11 @@ steps:
|
|||
condition: ${{ and(eq(parameters.condition, true), eq(variables['System.debug'], 'true')) }}
|
||||
|
||||
# Upload the esrp temp dir
|
||||
- task: PublishPipelineArtifact@1
|
||||
- task: 1ES.PublishPipelineArtifact@1
|
||||
displayName: 'Publish Artifact: ESRP temp'
|
||||
inputs:
|
||||
targetPath: '$(Build.ArtifactStagingDirectory)/esrp.zip'
|
||||
artifactName: '${{ parameters.uploadPrefix }}ESRP-tmp-${{ parameters.packageName }}'
|
||||
path: '$(Build.ArtifactStagingDirectory)/esrp.zip'
|
||||
artifact: '${{ parameters.uploadPrefix }}ESRP-tmp-${{ parameters.packageName }}'
|
||||
continueOnError: true
|
||||
condition: ${{ and(eq(parameters.condition, true), eq(variables['System.debug'], 'true')) }}
|
||||
|
||||
|
@ -124,9 +124,9 @@ steps:
|
|||
condition: ${{ parameters.condition }}
|
||||
|
||||
# always upload no matter what, since if we are not signing we need the artifact in the pipeline
|
||||
- task: PublishPipelineArtifact@1
|
||||
- task: 1ES.PublishPipelineArtifact@1
|
||||
displayName: 'Publish Notarized Classic Artifacts'
|
||||
inputs:
|
||||
targetPath: $(Build.SourcesDirectory)/package
|
||||
artifactName: '${{ parameters.uploadPrefix }}classic-${{ parameters.packageName }}-signed'
|
||||
path: $(Build.SourcesDirectory)/package
|
||||
artifact: '${{ parameters.uploadPrefix }}classic-${{ parameters.packageName }}-signed'
|
||||
continueOnError: true
|
||||
|
|
|
@ -38,6 +38,10 @@ steps:
|
|||
persistCredentials: true
|
||||
path: s/xamarin-macios
|
||||
|
||||
- checkout: maccore
|
||||
clean: true
|
||||
persistCredentials: true # hugely important, else there are some scripts that check a single file from maccore that will fail
|
||||
|
||||
# checkout an extra repo to ensure that we have the same tree structure in the working directory in all pipelines.
|
||||
# if you delete this checkout the unified pipeline will have issues.
|
||||
- checkout: yaml-templates
|
||||
|
@ -88,7 +92,7 @@ steps:
|
|||
name: upload
|
||||
inputs:
|
||||
SourcePath: $(Build.SourcesDirectory)/artifacts/${{ parameters.uploadPrefix }}package
|
||||
azureSubscription: 'Xamarin - RelEng (BosStorageMirror)'
|
||||
azureSubscription: 'Azure Releng (7b4817ae-218f-464a-bab1-a9df2d99e1e5)'
|
||||
Destination: AzureBlob
|
||||
storage: ${{ parameters.azureStorage }}
|
||||
ContainerName: ${{ parameters.azureContainer }}
|
||||
|
@ -98,7 +102,7 @@ steps:
|
|||
displayName: 'Publish manifest to Azure'
|
||||
inputs:
|
||||
SourcePath: $(Build.SourcesDirectory)/artifacts/${{ parameters.uploadPrefix }}package/manifest
|
||||
azureSubscription: 'Xamarin - RelEng (BosStorageMirror)'
|
||||
azureSubscription: 'Azure Releng (7b4817ae-218f-464a-bab1-a9df2d99e1e5)'
|
||||
Destination: AzureBlob
|
||||
storage: ${{ parameters.azureStorage }}
|
||||
ContainerName: ${{ parameters.azureContainer }}
|
||||
|
@ -108,7 +112,7 @@ steps:
|
|||
displayName: 'Publish manifest to Azure as latest'
|
||||
inputs:
|
||||
SourcePath: $(Build.SourcesDirectory)/artifacts/${{ parameters.uploadPrefix }}package/manifest
|
||||
azureSubscription: 'Xamarin - RelEng (BosStorageMirror)'
|
||||
azureSubscription: 'Azure Releng (7b4817ae-218f-464a-bab1-a9df2d99e1e5)'
|
||||
Destination: AzureBlob
|
||||
storage: ${{ parameters.azureStorage }}
|
||||
ContainerName: ${{ parameters.azureContainer }}
|
||||
|
@ -118,7 +122,7 @@ steps:
|
|||
displayName: 'Publish manifest to Azure per commit'
|
||||
inputs:
|
||||
SourcePath: $(Build.SourcesDirectory)/artifacts/${{ parameters.uploadPrefix }}package/manifest
|
||||
azureSubscription: 'Xamarin - RelEng (BosStorageMirror)'
|
||||
azureSubscription: 'Azure Releng (7b4817ae-218f-464a-bab1-a9df2d99e1e5)'
|
||||
Destination: AzureBlob
|
||||
storage: ${{ parameters.azureStorage }}
|
||||
ContainerName: ${{ parameters.azureContainer }}
|
||||
|
@ -162,11 +166,11 @@ steps:
|
|||
|
||||
# upload the artifacts.json to the build pipeline artifacts so that it can be consumed by other jobs to
|
||||
# get the required urls
|
||||
- task: PublishPipelineArtifact@1
|
||||
- task: 1ES.PublishPipelineArtifact@1
|
||||
displayName: 'Publish Build Artifacts'
|
||||
inputs:
|
||||
targetPath: $(Build.SourcesDirectory)/artifacts/${{ parameters.uploadPrefix }}package/artifacts.json
|
||||
artifactName: '${{ parameters.uploadPrefix }}pkg-info'
|
||||
path: $(Build.SourcesDirectory)/artifacts/${{ parameters.uploadPrefix }}package/artifacts.json
|
||||
artifact: '${{ parameters.uploadPrefix }}pkg-info'
|
||||
continueOnError: true
|
||||
|
||||
- pwsh: $(System.DefaultWorkingDirectory)/xamarin-macios/tools/devops/automation/scripts/show_env.ps1
|
||||
|
@ -393,9 +397,9 @@ steps:
|
|||
}
|
||||
displayName: 'SBOM: Cleanup'
|
||||
|
||||
- task: PublishBuildArtifacts@1
|
||||
- task: 1ES.PublishPipelineArtifact@1
|
||||
displayName: 'SBOM: Publish'
|
||||
inputs:
|
||||
artifactName: '${{ parameters.uploadPrefix }}sbom'
|
||||
pathToPublish: $(Build.ArtifactStagingDirectory)/sbom
|
||||
artifact: '${{ parameters.uploadPrefix }}sbom'
|
||||
path: $(Build.ArtifactStagingDirectory)/sbom
|
||||
condition: succeeded()
|
||||
|
|
Загрузка…
Ссылка в новой задаче