-
Notifications
You must be signed in to change notification settings - Fork 762
/
Copy pathazure-pipelines.yml
343 lines (308 loc) · 11.2 KB
/
azure-pipelines.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
# Setting batch to true, triggers one build at a time.
# if there is a push while a build in progress, it will wait,
# until the running build finishes, and produce a build with all the changes
# that happened during the last build.
trigger:
batch: true
branches:
include:
- main
- dev
- release/*
- internal/release/*
paths:
include:
- '*'
exclude:
- eng/Version.Details.xml
- .github/*
- docs/*
- CODE_OF_CONDUCT.md
- CONTRIBUTING.md
- README.md
- SECURITY.md
- LICENSE.TXT
- PATENTS.TXT
- THIRD-PARTY-NOTICES.TXT
pr:
branches:
include:
- main
- dev
- release/*
- internal/release/*
paths:
include:
- '*'
exclude:
- eng/Version.Details.xml
- .github/*
- docs/*
- CODE_OF_CONDUCT.md
- CONTRIBUTING.md
- README.md
- SECURITY.md
- LICENSE.TXT
- PATENTS.TXT
- THIRD-PARTY-NOTICES.TXT
variables:
- name: _TeamName
value: dotnet-r9
- name: NativeToolsOnMachine
value: true
- name: DOTNET_SKIP_FIRST_TIME_EXPERIENCE
value: true
- name: SkipQualityGates
value: false
- name: runAsPublic
value: ${{ eq(variables['System.TeamProject'], 'public') }}
- name: _BuildConfig
value: Release
- name: isOfficialBuild
value: ${{ and(ne(variables['runAsPublic'], 'true'), notin(variables['Build.Reason'], 'PullRequest')) }}
- name: Build.Arcade.ArtifactsPath
value: $(Build.SourcesDirectory)/artifacts/
- name: Build.Arcade.LogsPath
value: $(Build.Arcade.ArtifactsPath)log/$(_BuildConfig)/
- name: Build.Arcade.TestResultsPath
value: $(Build.Arcade.ArtifactsPath)TestResults/$(_BuildConfig)/
- ${{ if or(startswith(variables['Build.SourceBranch'], 'refs/heads/release/'), startswith(variables['Build.SourceBranch'], 'refs/heads/internal/release/'), eq(variables['Build.Reason'], 'Manual')) }}:
- name: PostBuildSign
value: false
- ${{ else }}:
- name: PostBuildSign
value: true
# Produce test-signed build for PR and Public builds
- ${{ if or(eq(variables['runAsPublic'], 'true'), eq(variables['Build.Reason'], 'PullRequest')) }}:
# needed for darc (dependency flow) publishing
- name: _PublishArgs
value: ''
- name: _OfficialBuildIdArgs
value: ''
# needed for signing
- name: _SignType
value: test
- name: _SignArgs
value: ''
- name: _Sign
value: false
# Set up non-PR build from internal project
- ${{ if and(ne(variables['runAsPublic'], 'true'), ne(variables['Build.Reason'], 'PullRequest')) }}:
# needed for darc (dependency flow) publishing
- name: _PublishArgs
value: >-
/p:DotNetPublishUsingPipelines=true
- name: _OfficialBuildIdArgs
value: /p:OfficialBuildId=$(BUILD.BUILDNUMBER)
# needed for signing
- name: _SignType
value: real
- name: _SignArgs
value: /p:DotNetSignType=$(_SignType) /p:TeamName=$(_TeamName) /p:Sign=$(_Sign) /p:DotNetPublishUsingPipelines=true
- name: _Sign
value: true
resources:
repositories:
- repository: 1ESPipelineTemplates
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release
extends:
template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
parameters:
sdl:
policheck:
enabled: true
exclusionsFile: $(Build.SourcesDirectory)\.config\PoliCheckExclusions.xml
sourceAnalysisPool:
name: NetCore1ESPool-Internal
image: windows.vs2022preview.amd64
os: windows
tsa:
enabled: true
customBuildTags:
- ES365AIMigrationTooling
stages:
- stage: build
displayName: Build
variables:
- template: /eng/common/templates-official/variables/pool-providers.yml@self
jobs:
- template: /eng/common/templates-official/jobs/jobs.yml@self
parameters:
enableMicrobuild: true
enableTelemetry: true
enableSourceIndex: true
runAsPublic: ${{ variables['runAsPublic'] }}
# Publish build logs
enablePublishBuildArtifacts: true
# Publish test logs
enablePublishTestResults: true
# Publish NuGet packages using v3
# https://github.com/dotnet/arcade/blob/main/Documentation/CorePackages/Publishing.md#basic-onboarding-scenario-for-new-repositories-to-the-current-publishing-version-v3
enablePublishUsingPipelines: true
enablePublishBuildAssets: true
workspace:
clean: all
jobs:
# ----------------------------------------------------------------
# This job build and run tests on Windows
# ----------------------------------------------------------------
- job: Windows
timeoutInMinutes: 180
testResultsFormat: VSTest
pool:
name: NetCore1ESPool-Internal
image: windows.vs2022preview.amd64
os: windows
variables:
- _buildScript: $(Build.SourcesDirectory)/build.cmd -ci -NativeToolsOnMachine
preSteps:
- checkout: self
clean: true
persistCredentials: true
fetchDepth: 1
steps:
- template: /eng/pipelines/templates/BuildAndTest.yml
parameters:
buildScript: $(_buildScript)
buildConfig: $(_BuildConfig)
repoLogPath: $(Build.Arcade.LogsPath)
repoTestResultsPath: $(Build.Arcade.TestResultsPath)
skipQualityGates: ${{ eq(variables['SkipQualityGates'], 'true') }}
isWindows: true
warnAsError: 0
# ----------------------------------------------------------------
# This job build and run tests on Ubuntu
# ----------------------------------------------------------------
- job: Ubuntu
timeoutInMinutes: 180
testResultsFormat: VSTest
pool:
name: NetCore1ESPool-Internal
image: 1es-mariner-2
os: linux
variables:
- _buildScript: $(Build.SourcesDirectory)/build.sh --ci
preSteps:
- checkout: self
clean: true
persistCredentials: true
fetchDepth: 1
steps:
- template: /eng/pipelines/templates/BuildAndTest.yml
parameters:
buildScript: $(_buildScript)
buildConfig: $(_BuildConfig)
repoLogPath: $(Build.Arcade.LogsPath)
repoTestResultsPath: $(Build.Arcade.TestResultsPath)
skipQualityGates: ${{ eq(variables['SkipQualityGates'], 'true') }}
isWindows: false
warnAsError: 0
# ----------------------------------------------------------------
# This stage performs quality gates enforcements
# ----------------------------------------------------------------
- stage: codecoverage
displayName: CodeCoverage
dependsOn:
- build
condition: and(succeeded('build'), ne(variables['SkipQualityGates'], 'true'))
variables:
- template: /eng/common/templates-official/variables/pool-providers.yml@self
jobs:
- template: /eng/common/templates-official/jobs/jobs.yml@self
parameters:
enableMicrobuild: true
enableTelemetry: true
runAsPublic: ${{ variables['runAsPublic'] }}
workspace:
clean: all
# ----------------------------------------------------------------
# This stage downloads the code coverage reports from the build jobs,
# merges those and validates the combined test coverage.
# ----------------------------------------------------------------
jobs:
- job: CodeCoverageReport
timeoutInMinutes: 180
pool:
name: NetCore1ESPool-Internal
image: 1es-mariner-2
os: linux
preSteps:
- checkout: self
clean: true
persistCredentials: true
fetchDepth: 1
steps:
- script: $(Build.SourcesDirectory)/build.sh --ci --restore
displayName: Init toolset
- template: /eng/pipelines/templates/VerifyCoverageReport.yml
# ----------------------------------------------------------------
# This stage only performs a build treating warnings as errors
# to detect any kind of code style violations
# ----------------------------------------------------------------
- stage: correctness
displayName: Correctness
dependsOn: []
variables:
- template: /eng/common/templates-official/variables/pool-providers.yml@self
jobs:
- template: /eng/common/templates-official/jobs/jobs.yml@self
parameters:
enableMicrobuild: true
enableTelemetry: true
runAsPublic: ${{ variables['runAsPublic'] }}
workspace:
clean: all
jobs:
- job: WarningsCheck
timeoutInMinutes: 180
pool:
${{ if eq(variables['runAsPublic'], 'true') }}:
name: NetCore1ESPool-Internal
image: 1es-mariner-2
os: linux
variables:
- _buildScript: $(Build.SourcesDirectory)/build.sh --ci
preSteps:
- checkout: self
clean: true
persistCredentials: true
fetchDepth: 1
steps:
- template: '\eng\pipelines\templates\BuildAndTest.yml'
parameters:
buildScript: $(_buildScript)
buildConfig: $(_BuildConfig)
repoLogPath: $(Build.Arcade.LogsPath)
repoTestResultsPath: $(Build.Arcade.TestResultsPath)
skipTests: true
skipQualityGates: true
isWindows: false
# Publish and validation steps. Only run in official builds
- ${{ if and(ne(variables['runAsPublic'], 'true'), notin(variables['Build.Reason'], 'PullRequest')) }}:
- template: /eng/common/templates-official/post-build/post-build.yml@self
parameters:
validateDependsOn:
- build
- codecoverage
- correctness
publishingInfraVersion: 3
enableSymbolValidation: false
enableSigningValidation: false
enableNugetValidation: false
enableSourceLinkValidation: false
# these param values come from the DotNet-Winforms-SDLValidation-Params azdo variable group
SDLValidationParameters:
enable: false
params: ' -SourceToolsList $(_TsaSourceToolsList)
-TsaInstanceURL $(_TsaInstanceURL)
-TsaProjectName $(_TsaProjectName)
-TsaNotificationEmail $(_TsaNotificationEmail)
-TsaCodebaseAdmin $(_TsaCodebaseAdmin)
-TsaBugAreaPath $(_TsaBugAreaPath)
-TsaIterationPath $(_TsaIterationPath)
-TsaRepositoryName $(_TsaRepositoryName)
-TsaCodebaseName $(_TsaCodebaseName)
-TsaOnboard $(_TsaOnboard)
-TsaPublish $(_TsaPublish)'