-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathazure-pipelines-official.yml
148 lines (126 loc) · 4.77 KB
/
azure-pipelines-official.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
resources:
- repo: self
clean: true
- Details in https://github.com/NuGet/Client.Engineering/issues/2770
# The variables `_DotNetArtifactsCategory` and `_DotNetValidationArtifactsCategory` are required for proper publishing of build artifacts. See https://github.com/dotnet/roslyn/pull/38259
variables:
- name: _DotNetArtifactsCategory
value: .NETCore
- name: _DotNetValidationArtifactsCategory
value: .NETCoreValidation
- name: Codeql.Enabled
value: false
- name: Codeql.TSAEnabled
value: false
- name: Codeql.TSAOptionsPath
value: $(Build.SourcesDirectory)\.config\TSAOptions.json
- name: notificationAlias
value: $(TsaNotificationEmail)
# Branches that trigger a build on commit
trigger:
- dev
stages:
- stage: publish
displayName: Publishing
variables:
- group: DotNet-Symbol-Server-Pats
pool:
name: NetCore1ESPool-Internal
demands:
- ImageOverride -equals 1es-windows-2022
- cmd
jobs:
- job: OfficialBuild
displayName: Official Build
steps:
- task: CredScan@3
inputs:
# Output in PREFast format so TSAUpload can consume it.
outputFormat: pre
- task: PoliCheck@2
inputs:
inputType: "Basic"
targetType: "F"
targetArgument: "$(Build.SourcesDirectory)"
result: "PoliCheck.xml"
- bash: |
if [ "$(SignType)" = "Real" ]; then
echo 'Codeql scan enabled'
echo "##vso[task.setvariable variable=Codeql.Enabled]true"
echo "##vso[task.setvariable variable=Codeql.TSAEnabled]true"
else
echo 'Codeql scan Disabled'
fi
displayName: "Set CodeQl variables"
- task: CodeQL3000Init@0
displayName: Initialize CodeQL
condition: "and(succeeded(), eq(variables['Codeql.Enabled'], 'true'))"
- task: NuGetAuthenticate@0
- task: MicroBuildSigningPlugin@3
displayName: Install Signing Plugin
inputs:
signType: $(SignType)
zipSources: false
feedSource: https://dnceng.pkgs.visualstudio.com/_packaging/MicroBuildToolset/nuget/v3/index.json
env:
TeamName: nuget.client
condition: and(succeeded(), ne(variables['SignType'], ''))
- script: eng\common\CIBuild.cmd
-configuration $(BuildConfiguration)
/p:OfficialBuildId=$(Build.BuildNumber)
/p:DotNetSignType=$(SignType)
/p:DotNetSymbolServerTokenMsdl=$(microsoft-symbol-server-pat)
/p:DotNetSymbolServerTokenSymWeb=$(symweb-symbol-server-pat)
/p:DotNetArtifactsCategory=$(_DotNetArtifactsCategory)
/p:DotnetPublishUsingPipelines=true
displayName: Build
- task: CodeQL3000Finalize@0
displayName: Finalize CodeQL
condition: "and(succeeded(), eq(variables['Codeql.Enabled'], 'true'))"
- template: eng\common\templates\steps\generate-sbom.yml
- task: PublishBuildArtifacts@1
displayName: Publish Logs
inputs:
PathtoPublish: '$(Build.SourcesDirectory)\artifacts\log\$(BuildConfiguration)'
ArtifactName: 'Logs'
publishLocation: Container
continueOnError: true
condition: not(succeeded())
- task: PublishBuildArtifacts@1
displayName: Publish Logs
inputs:
PathtoPublish: '$(Build.SourcesDirectory)\artifacts\TestResults\$(BuildConfiguration)'
ArtifactName: 'TestResults'
publishLocation: Container
condition: not(succeeded())
- task: SdtReport@2
displayName: "Generate Analysis Report"
inputs:
CredScan: true
PoliCheck: true
APIScan: false
ToolLogsNotFoundAction: "Standard"
- task: TSAUpload@2
displayName: "TSA upload to Codebase NuGet.PackageSourceMapper"
inputs:
GdnPublishTsaOnboard: false
GdnPublishTsaConfigFile: '$(Build.SourcesDirectory)\.config\TSAConfig.gdntsa' # All relevant settings are in this file.
GdnPublishTsaExportedResultsPublishable: true
# Publish our NuPkgs as an artifact. The name of this artifact must be PackageArtifacts as the
# arcade templates depend on the name.'
- task: PublishBuildArtifacts@1
displayName: Publish Packages
inputs:
PathtoPublish: '$(Build.SourcesDirectory)\artifacts\packages\$(BuildConfiguration)'
ArtifactName: 'PackageArtifacts'
condition: succeeded()
- task: ms-vseng.MicroBuildTasks.521a94ea-9e68-468a-8167-6dcf361ea776.MicroBuildCleanup@1
displayName: Cleanup
condition: always()
- task: PublishBuildArtifacts@1
displayName: Publish MicroBuild Artifacts
inputs:
PathtoPublish: '$(Build.ArtifactStagingDirectory)\MicroBuild\Output'
ArtifactName: MicroBuildOutputs
publishLocation: Container
condition: succeededOrFailed()