Update dependencies from https://github.com/dotnet/arcade build
Microsoft.DotNet.Arcade.Sdk , Microsoft.DotNet.Build.Tasks.Installers , Microsoft.DotNet.CMake.Sdk From Version 8.0.0-beta.24113.2 -> To Version 8.0.0-beta.24165.4
This commit is contained in:
parent
a3df8de809
commit
c744d2e81c
31 changed files with 1787 additions and 25 deletions
|
@ -214,18 +214,18 @@
|
|||
</Dependency>
|
||||
</ProductDependencies>
|
||||
<ToolsetDependencies>
|
||||
<Dependency Name="Microsoft.DotNet.Arcade.Sdk" Version="8.0.0-beta.24113.2">
|
||||
<Dependency Name="Microsoft.DotNet.Arcade.Sdk" Version="8.0.0-beta.24165.4">
|
||||
<Uri>https://github.com/dotnet/arcade</Uri>
|
||||
<Sha>da98edc4c3ea539f109ea320672136ceb32591a7</Sha>
|
||||
<Sha>f311667e0587f19c3fa9553a909975662107a351</Sha>
|
||||
<SourceBuild RepoName="arcade" ManagedOnly="true" />
|
||||
</Dependency>
|
||||
<Dependency Name="Microsoft.DotNet.CMake.Sdk" Version="8.0.0-beta.24113.2">
|
||||
<Dependency Name="Microsoft.DotNet.CMake.Sdk" Version="8.0.0-beta.24165.4">
|
||||
<Uri>https://github.com/dotnet/arcade</Uri>
|
||||
<Sha>da98edc4c3ea539f109ea320672136ceb32591a7</Sha>
|
||||
<Sha>f311667e0587f19c3fa9553a909975662107a351</Sha>
|
||||
</Dependency>
|
||||
<Dependency Name="Microsoft.DotNet.Build.Tasks.Installers" Version="8.0.0-beta.24113.2">
|
||||
<Dependency Name="Microsoft.DotNet.Build.Tasks.Installers" Version="8.0.0-beta.24165.4">
|
||||
<Uri>https://github.com/dotnet/arcade</Uri>
|
||||
<Sha>da98edc4c3ea539f109ea320672136ceb32591a7</Sha>
|
||||
<Sha>f311667e0587f19c3fa9553a909975662107a351</Sha>
|
||||
</Dependency>
|
||||
<Dependency Name="Microsoft.DotNet.Darc" Version="1.1.0-beta.23578.2">
|
||||
<Uri>https://github.com/dotnet/arcade-services</Uri>
|
||||
|
|
|
@ -40,7 +40,7 @@
|
|||
</PropertyGroup>
|
||||
<PropertyGroup>
|
||||
<!-- Dependency from https://github.com/dotnet/arcade -->
|
||||
<MicrosoftDotNetBuildTasksInstallersPackageVersion>8.0.0-beta.24113.2</MicrosoftDotNetBuildTasksInstallersPackageVersion>
|
||||
<MicrosoftDotNetBuildTasksInstallersPackageVersion>8.0.0-beta.24165.4</MicrosoftDotNetBuildTasksInstallersPackageVersion>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup>
|
||||
<!-- Dependency from https://github.com/dotnet/arcade-services -->
|
||||
|
|
|
@ -35,7 +35,7 @@ Set-StrictMode -Version 2.0
|
|||
. $PSScriptRoot\tools.ps1
|
||||
|
||||
# Add source entry to PackageSources
|
||||
function AddPackageSource($sources, $SourceName, $SourceEndPoint, $creds, $Username, $Password) {
|
||||
function AddPackageSource($sources, $SourceName, $SourceEndPoint, $creds, $Username, $pwd) {
|
||||
$packageSource = $sources.SelectSingleNode("add[@key='$SourceName']")
|
||||
|
||||
if ($packageSource -eq $null)
|
||||
|
@ -48,12 +48,11 @@ function AddPackageSource($sources, $SourceName, $SourceEndPoint, $creds, $Usern
|
|||
else {
|
||||
Write-Host "Package source $SourceName already present."
|
||||
}
|
||||
|
||||
AddCredential -Creds $creds -Source $SourceName -Username $Username -Password $Password
|
||||
AddCredential -Creds $creds -Source $SourceName -Username $Username -pwd $pwd
|
||||
}
|
||||
|
||||
# Add a credential node for the specified source
|
||||
function AddCredential($creds, $source, $username, $password) {
|
||||
function AddCredential($creds, $source, $username, $pwd) {
|
||||
# Looks for credential configuration for the given SourceName. Create it if none is found.
|
||||
$sourceElement = $creds.SelectSingleNode($Source)
|
||||
if ($sourceElement -eq $null)
|
||||
|
@ -82,17 +81,18 @@ function AddCredential($creds, $source, $username, $password) {
|
|||
$passwordElement.SetAttribute("key", "ClearTextPassword")
|
||||
$sourceElement.AppendChild($passwordElement) | Out-Null
|
||||
}
|
||||
$passwordElement.SetAttribute("value", $Password)
|
||||
|
||||
$passwordElement.SetAttribute("value", $pwd)
|
||||
}
|
||||
|
||||
function InsertMaestroPrivateFeedCredentials($Sources, $Creds, $Username, $Password) {
|
||||
function InsertMaestroPrivateFeedCredentials($Sources, $Creds, $Username, $pwd) {
|
||||
$maestroPrivateSources = $Sources.SelectNodes("add[contains(@key,'darc-int')]")
|
||||
|
||||
Write-Host "Inserting credentials for $($maestroPrivateSources.Count) Maestro's private feeds."
|
||||
|
||||
ForEach ($PackageSource in $maestroPrivateSources) {
|
||||
Write-Host "`tInserting credential for Maestro's feed:" $PackageSource.Key
|
||||
AddCredential -Creds $creds -Source $PackageSource.Key -Username $Username -Password $Password
|
||||
AddCredential -Creds $creds -Source $PackageSource.Key -Username $Username -pwd $pwd
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -144,13 +144,13 @@ if ($disabledSources -ne $null) {
|
|||
$userName = "dn-bot"
|
||||
|
||||
# Insert credential nodes for Maestro's private feeds
|
||||
InsertMaestroPrivateFeedCredentials -Sources $sources -Creds $creds -Username $userName -Password $Password
|
||||
InsertMaestroPrivateFeedCredentials -Sources $sources -Creds $creds -Username $userName -pwd $Password
|
||||
|
||||
# 3.1 uses a different feed url format so it's handled differently here
|
||||
$dotnet31Source = $sources.SelectSingleNode("add[@key='dotnet3.1']")
|
||||
if ($dotnet31Source -ne $null) {
|
||||
AddPackageSource -Sources $sources -SourceName "dotnet3.1-internal" -SourceEndPoint "https://pkgs.dev.azure.com/dnceng/_packaging/dotnet3.1-internal/nuget/v2" -Creds $creds -Username $userName -Password $Password
|
||||
AddPackageSource -Sources $sources -SourceName "dotnet3.1-internal-transport" -SourceEndPoint "https://pkgs.dev.azure.com/dnceng/_packaging/dotnet3.1-internal-transport/nuget/v2" -Creds $creds -Username $userName -Password $Password
|
||||
AddPackageSource -Sources $sources -SourceName "dotnet3.1-internal" -SourceEndPoint "https://pkgs.dev.azure.com/dnceng/_packaging/dotnet3.1-internal/nuget/v2" -Creds $creds -Username $userName -pwd $Password
|
||||
AddPackageSource -Sources $sources -SourceName "dotnet3.1-internal-transport" -SourceEndPoint "https://pkgs.dev.azure.com/dnceng/_packaging/dotnet3.1-internal-transport/nuget/v2" -Creds $creds -Username $userName -pwd $Password
|
||||
}
|
||||
|
||||
$dotnetVersions = @('5','6','7','8')
|
||||
|
@ -159,9 +159,9 @@ foreach ($dotnetVersion in $dotnetVersions) {
|
|||
$feedPrefix = "dotnet" + $dotnetVersion;
|
||||
$dotnetSource = $sources.SelectSingleNode("add[@key='$feedPrefix']")
|
||||
if ($dotnetSource -ne $null) {
|
||||
AddPackageSource -Sources $sources -SourceName "$feedPrefix-internal" -SourceEndPoint "https://pkgs.dev.azure.com/dnceng/internal/_packaging/$feedPrefix-internal/nuget/v2" -Creds $creds -Username $userName -Password $Password
|
||||
AddPackageSource -Sources $sources -SourceName "$feedPrefix-internal-transport" -SourceEndPoint "https://pkgs.dev.azure.com/dnceng/internal/_packaging/$feedPrefix-internal-transport/nuget/v2" -Creds $creds -Username $userName -Password $Password
|
||||
AddPackageSource -Sources $sources -SourceName "$feedPrefix-internal" -SourceEndPoint "https://pkgs.dev.azure.com/dnceng/internal/_packaging/$feedPrefix-internal/nuget/v2" -Creds $creds -Username $userName -pwd $Password
|
||||
AddPackageSource -Sources $sources -SourceName "$feedPrefix-internal-transport" -SourceEndPoint "https://pkgs.dev.azure.com/dnceng/internal/_packaging/$feedPrefix-internal-transport/nuget/v2" -Creds $creds -Username $userName -pwd $Password
|
||||
}
|
||||
}
|
||||
|
||||
$doc.Save($filename)
|
||||
$doc.Save($filename)
|
263
eng/common/templates-official/job/job.yml
Normal file
263
eng/common/templates-official/job/job.yml
Normal file
|
@ -0,0 +1,263 @@
|
|||
# Internal resources (telemetry, microbuild) can only be accessed from non-public projects,
|
||||
# and some (Microbuild) should only be applied to non-PR cases for internal builds.
|
||||
|
||||
parameters:
|
||||
# Job schema parameters - https://docs.microsoft.com/en-us/azure/devops/pipelines/yaml-schema?view=vsts&tabs=schema#job
|
||||
cancelTimeoutInMinutes: ''
|
||||
condition: ''
|
||||
container: ''
|
||||
continueOnError: false
|
||||
dependsOn: ''
|
||||
displayName: ''
|
||||
pool: ''
|
||||
steps: []
|
||||
strategy: ''
|
||||
timeoutInMinutes: ''
|
||||
variables: []
|
||||
workspace: ''
|
||||
templateContext: ''
|
||||
|
||||
# Job base template specific parameters
|
||||
# See schema documentation - https://github.com/dotnet/arcade/blob/master/Documentation/AzureDevOps/TemplateSchema.md
|
||||
artifacts: ''
|
||||
enableMicrobuild: false
|
||||
enablePublishBuildArtifacts: false
|
||||
enablePublishBuildAssets: false
|
||||
enablePublishTestResults: false
|
||||
enablePublishUsingPipelines: false
|
||||
enableBuildRetry: false
|
||||
disableComponentGovernance: ''
|
||||
componentGovernanceIgnoreDirectories: ''
|
||||
mergeTestResults: false
|
||||
testRunTitle: ''
|
||||
testResultsFormat: ''
|
||||
name: ''
|
||||
preSteps: []
|
||||
runAsPublic: false
|
||||
# Sbom related params
|
||||
enableSbom: true
|
||||
PackageVersion: 7.0.0
|
||||
BuildDropPath: '$(Build.SourcesDirectory)/artifacts'
|
||||
|
||||
jobs:
|
||||
- job: ${{ parameters.name }}
|
||||
|
||||
${{ if ne(parameters.cancelTimeoutInMinutes, '') }}:
|
||||
cancelTimeoutInMinutes: ${{ parameters.cancelTimeoutInMinutes }}
|
||||
|
||||
${{ if ne(parameters.condition, '') }}:
|
||||
condition: ${{ parameters.condition }}
|
||||
|
||||
${{ if ne(parameters.container, '') }}:
|
||||
container: ${{ parameters.container }}
|
||||
|
||||
${{ if ne(parameters.continueOnError, '') }}:
|
||||
continueOnError: ${{ parameters.continueOnError }}
|
||||
|
||||
${{ if ne(parameters.dependsOn, '') }}:
|
||||
dependsOn: ${{ parameters.dependsOn }}
|
||||
|
||||
${{ if ne(parameters.displayName, '') }}:
|
||||
displayName: ${{ parameters.displayName }}
|
||||
|
||||
${{ if ne(parameters.pool, '') }}:
|
||||
pool: ${{ parameters.pool }}
|
||||
|
||||
${{ if ne(parameters.strategy, '') }}:
|
||||
strategy: ${{ parameters.strategy }}
|
||||
|
||||
${{ if ne(parameters.timeoutInMinutes, '') }}:
|
||||
timeoutInMinutes: ${{ parameters.timeoutInMinutes }}
|
||||
|
||||
${{ if ne(parameters.templateContext, '') }}:
|
||||
templateContext: ${{ parameters.templateContext }}
|
||||
|
||||
variables:
|
||||
- ${{ if ne(parameters.enableTelemetry, 'false') }}:
|
||||
- name: DOTNET_CLI_TELEMETRY_PROFILE
|
||||
value: '$(Build.Repository.Uri)'
|
||||
- ${{ if eq(parameters.enableRichCodeNavigation, 'true') }}:
|
||||
- name: EnableRichCodeNavigation
|
||||
value: 'true'
|
||||
# Retry signature validation up to three times, waiting 2 seconds between attempts.
|
||||
# See https://learn.microsoft.com/en-us/nuget/reference/errors-and-warnings/nu3028#retry-untrusted-root-failures
|
||||
- name: NUGET_EXPERIMENTAL_CHAIN_BUILD_RETRY_POLICY
|
||||
value: 3,2000
|
||||
- ${{ each variable in parameters.variables }}:
|
||||
# handle name-value variable syntax
|
||||
# example:
|
||||
# - name: [key]
|
||||
# value: [value]
|
||||
- ${{ if ne(variable.name, '') }}:
|
||||
- name: ${{ variable.name }}
|
||||
value: ${{ variable.value }}
|
||||
|
||||
# handle variable groups
|
||||
- ${{ if ne(variable.group, '') }}:
|
||||
- group: ${{ variable.group }}
|
||||
|
||||
# handle template variable syntax
|
||||
# example:
|
||||
# - template: path/to/template.yml
|
||||
# parameters:
|
||||
# [key]: [value]
|
||||
- ${{ if ne(variable.template, '') }}:
|
||||
- template: ${{ variable.template }}
|
||||
${{ if ne(variable.parameters, '') }}:
|
||||
parameters: ${{ variable.parameters }}
|
||||
|
||||
# handle key-value variable syntax.
|
||||
# example:
|
||||
# - [key]: [value]
|
||||
- ${{ if and(eq(variable.name, ''), eq(variable.group, ''), eq(variable.template, '')) }}:
|
||||
- ${{ each pair in variable }}:
|
||||
- name: ${{ pair.key }}
|
||||
value: ${{ pair.value }}
|
||||
|
||||
# DotNet-HelixApi-Access provides 'HelixApiAccessToken' for internal builds
|
||||
- ${{ if and(eq(parameters.enableTelemetry, 'true'), eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
|
||||
- group: DotNet-HelixApi-Access
|
||||
|
||||
${{ if ne(parameters.workspace, '') }}:
|
||||
workspace: ${{ parameters.workspace }}
|
||||
|
||||
steps:
|
||||
- ${{ if ne(parameters.preSteps, '') }}:
|
||||
- ${{ each preStep in parameters.preSteps }}:
|
||||
- ${{ preStep }}
|
||||
|
||||
- ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
|
||||
- ${{ if eq(parameters.enableMicrobuild, 'true') }}:
|
||||
- task: MicroBuildSigningPlugin@3
|
||||
displayName: Install MicroBuild plugin
|
||||
inputs:
|
||||
signType: $(_SignType)
|
||||
zipSources: false
|
||||
feedSource: https://dnceng.pkgs.visualstudio.com/_packaging/MicroBuildToolset/nuget/v3/index.json
|
||||
env:
|
||||
TeamName: $(_TeamName)
|
||||
continueOnError: ${{ parameters.continueOnError }}
|
||||
condition: and(succeeded(), in(variables['_SignType'], 'real', 'test'), eq(variables['Agent.Os'], 'Windows_NT'))
|
||||
|
||||
- ${{ if and(eq(parameters.runAsPublic, 'false'), eq(variables['System.TeamProject'], 'internal')) }}:
|
||||
- task: NuGetAuthenticate@1
|
||||
|
||||
- ${{ if and(ne(parameters.artifacts.download, 'false'), ne(parameters.artifacts.download, '')) }}:
|
||||
- task: DownloadPipelineArtifact@2
|
||||
inputs:
|
||||
buildType: current
|
||||
artifactName: ${{ coalesce(parameters.artifacts.download.name, 'Artifacts_$(Agent.OS)_$(_BuildConfig)') }}
|
||||
targetPath: ${{ coalesce(parameters.artifacts.download.path, 'artifacts') }}
|
||||
itemPattern: ${{ coalesce(parameters.artifacts.download.pattern, '**') }}
|
||||
|
||||
- ${{ each step in parameters.steps }}:
|
||||
- ${{ step }}
|
||||
|
||||
- ${{ if eq(parameters.enableRichCodeNavigation, true) }}:
|
||||
- task: RichCodeNavIndexer@0
|
||||
displayName: RichCodeNav Upload
|
||||
inputs:
|
||||
languages: ${{ coalesce(parameters.richCodeNavigationLanguage, 'csharp') }}
|
||||
environment: ${{ coalesce(parameters.richCodeNavigationEnvironment, 'production') }}
|
||||
richNavLogOutputDirectory: $(Build.SourcesDirectory)/artifacts/bin
|
||||
uploadRichNavArtifacts: ${{ coalesce(parameters.richCodeNavigationUploadArtifacts, false) }}
|
||||
continueOnError: true
|
||||
|
||||
- template: /eng/common/templates-official/steps/component-governance.yml
|
||||
parameters:
|
||||
${{ if eq(parameters.disableComponentGovernance, '') }}:
|
||||
${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest'), eq(parameters.runAsPublic, 'false'), or(startsWith(variables['Build.SourceBranch'], 'refs/heads/release/'), startsWith(variables['Build.SourceBranch'], 'refs/heads/dotnet/'), startsWith(variables['Build.SourceBranch'], 'refs/heads/microsoft/'), eq(variables['Build.SourceBranch'], 'refs/heads/main'))) }}:
|
||||
disableComponentGovernance: false
|
||||
${{ else }}:
|
||||
disableComponentGovernance: true
|
||||
${{ else }}:
|
||||
disableComponentGovernance: ${{ parameters.disableComponentGovernance }}
|
||||
componentGovernanceIgnoreDirectories: ${{ parameters.componentGovernanceIgnoreDirectories }}
|
||||
|
||||
- ${{ if eq(parameters.enableMicrobuild, 'true') }}:
|
||||
- ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
|
||||
- task: MicroBuildCleanup@1
|
||||
displayName: Execute Microbuild cleanup tasks
|
||||
condition: and(always(), in(variables['_SignType'], 'real', 'test'), eq(variables['Agent.Os'], 'Windows_NT'))
|
||||
continueOnError: ${{ parameters.continueOnError }}
|
||||
env:
|
||||
TeamName: $(_TeamName)
|
||||
|
||||
- ${{ if ne(parameters.artifacts.publish, '') }}:
|
||||
- ${{ if and(ne(parameters.artifacts.publish.artifacts, 'false'), ne(parameters.artifacts.publish.artifacts, '')) }}:
|
||||
- task: CopyFiles@2
|
||||
displayName: Gather binaries for publish to artifacts
|
||||
inputs:
|
||||
SourceFolder: 'artifacts/bin'
|
||||
Contents: '**'
|
||||
TargetFolder: '$(Build.ArtifactStagingDirectory)/artifacts/bin'
|
||||
- task: CopyFiles@2
|
||||
displayName: Gather packages for publish to artifacts
|
||||
inputs:
|
||||
SourceFolder: 'artifacts/packages'
|
||||
Contents: '**'
|
||||
TargetFolder: '$(Build.ArtifactStagingDirectory)/artifacts/packages'
|
||||
- task: 1ES.PublishBuildArtifacts@1
|
||||
displayName: Publish pipeline artifacts
|
||||
inputs:
|
||||
PathtoPublish: '$(Build.ArtifactStagingDirectory)/artifacts'
|
||||
PublishLocation: Container
|
||||
ArtifactName: ${{ coalesce(parameters.artifacts.publish.artifacts.name , 'Artifacts_$(Agent.Os)_$(_BuildConfig)') }}
|
||||
continueOnError: true
|
||||
condition: always()
|
||||
- ${{ if and(ne(parameters.artifacts.publish.logs, 'false'), ne(parameters.artifacts.publish.logs, '')) }}:
|
||||
- task: 1ES.PublishPipelineArtifact@1
|
||||
inputs:
|
||||
targetPath: 'artifacts/log'
|
||||
artifactName: ${{ coalesce(parameters.artifacts.publish.logs.name, 'Logs_Build_$(Agent.Os)_$(_BuildConfig)') }}
|
||||
displayName: 'Publish logs'
|
||||
continueOnError: true
|
||||
condition: always()
|
||||
|
||||
- ${{ if ne(parameters.enablePublishBuildArtifacts, 'false') }}:
|
||||
- task: 1ES.PublishBuildArtifacts@1
|
||||
displayName: Publish Logs
|
||||
inputs:
|
||||
PathtoPublish: '$(Build.SourcesDirectory)/artifacts/log/$(_BuildConfig)'
|
||||
PublishLocation: Container
|
||||
ArtifactName: ${{ coalesce(parameters.enablePublishBuildArtifacts.artifactName, '$(Agent.Os)_$(Agent.JobName)' ) }}
|
||||
continueOnError: true
|
||||
condition: always()
|
||||
|
||||
- ${{ if or(and(eq(parameters.enablePublishTestResults, 'true'), eq(parameters.testResultsFormat, '')), eq(parameters.testResultsFormat, 'xunit')) }}:
|
||||
- task: PublishTestResults@2
|
||||
displayName: Publish XUnit Test Results
|
||||
inputs:
|
||||
testResultsFormat: 'xUnit'
|
||||
testResultsFiles: '*.xml'
|
||||
searchFolder: '$(Build.SourcesDirectory)/artifacts/TestResults/$(_BuildConfig)'
|
||||
testRunTitle: ${{ coalesce(parameters.testRunTitle, parameters.name, '$(System.JobName)') }}-xunit
|
||||
mergeTestResults: ${{ parameters.mergeTestResults }}
|
||||
continueOnError: true
|
||||
condition: always()
|
||||
- ${{ if or(and(eq(parameters.enablePublishTestResults, 'true'), eq(parameters.testResultsFormat, '')), eq(parameters.testResultsFormat, 'vstest')) }}:
|
||||
- task: PublishTestResults@2
|
||||
displayName: Publish TRX Test Results
|
||||
inputs:
|
||||
testResultsFormat: 'VSTest'
|
||||
testResultsFiles: '*.trx'
|
||||
searchFolder: '$(Build.SourcesDirectory)/artifacts/TestResults/$(_BuildConfig)'
|
||||
testRunTitle: ${{ coalesce(parameters.testRunTitle, parameters.name, '$(System.JobName)') }}-trx
|
||||
mergeTestResults: ${{ parameters.mergeTestResults }}
|
||||
continueOnError: true
|
||||
condition: always()
|
||||
|
||||
- ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest'), eq(parameters.enableSbom, 'true')) }}:
|
||||
- template: /eng/common/templates-official/steps/generate-sbom.yml
|
||||
parameters:
|
||||
PackageVersion: ${{ parameters.packageVersion}}
|
||||
BuildDropPath: ${{ parameters.buildDropPath }}
|
||||
IgnoreDirectories: ${{ parameters.componentGovernanceIgnoreDirectories }}
|
||||
|
||||
- ${{ if eq(parameters.enableBuildRetry, 'true') }}:
|
||||
- task: 1ES.PublishPipelineArtifact@1
|
||||
inputs:
|
||||
targetPath: '$(Build.SourcesDirectory)\eng\common\BuildConfiguration'
|
||||
artifactName: 'BuildConfiguration'
|
||||
displayName: 'Publish build retry configuration'
|
||||
continueOnError: true
|
112
eng/common/templates-official/job/onelocbuild.yml
Normal file
112
eng/common/templates-official/job/onelocbuild.yml
Normal file
|
@ -0,0 +1,112 @@
|
|||
parameters:
|
||||
# Optional: dependencies of the job
|
||||
dependsOn: ''
|
||||
|
||||
# Optional: A defined YAML pool - https://docs.microsoft.com/en-us/azure/devops/pipelines/yaml-schema?view=vsts&tabs=schema#pool
|
||||
pool: ''
|
||||
|
||||
CeapexPat: $(dn-bot-ceapex-package-r) # PAT for the loc AzDO instance https://dev.azure.com/ceapex
|
||||
GithubPat: $(BotAccount-dotnet-bot-repo-PAT)
|
||||
|
||||
SourcesDirectory: $(Build.SourcesDirectory)
|
||||
CreatePr: true
|
||||
AutoCompletePr: false
|
||||
ReusePr: true
|
||||
UseLfLineEndings: true
|
||||
UseCheckedInLocProjectJson: false
|
||||
SkipLocProjectJsonGeneration: false
|
||||
LanguageSet: VS_Main_Languages
|
||||
LclSource: lclFilesInRepo
|
||||
LclPackageId: ''
|
||||
RepoType: gitHub
|
||||
GitHubOrg: dotnet
|
||||
MirrorRepo: ''
|
||||
MirrorBranch: main
|
||||
condition: ''
|
||||
JobNameSuffix: ''
|
||||
|
||||
jobs:
|
||||
- job: OneLocBuild${{ parameters.JobNameSuffix }}
|
||||
|
||||
dependsOn: ${{ parameters.dependsOn }}
|
||||
|
||||
displayName: OneLocBuild${{ parameters.JobNameSuffix }}
|
||||
|
||||
variables:
|
||||
- group: OneLocBuildVariables # Contains the CeapexPat and GithubPat
|
||||
- name: _GenerateLocProjectArguments
|
||||
value: -SourcesDirectory ${{ parameters.SourcesDirectory }}
|
||||
-LanguageSet "${{ parameters.LanguageSet }}"
|
||||
-CreateNeutralXlfs
|
||||
- ${{ if eq(parameters.UseCheckedInLocProjectJson, 'true') }}:
|
||||
- name: _GenerateLocProjectArguments
|
||||
value: ${{ variables._GenerateLocProjectArguments }} -UseCheckedInLocProjectJson
|
||||
- template: /eng/common/templates-official/variables/pool-providers.yml
|
||||
|
||||
${{ if ne(parameters.pool, '') }}:
|
||||
pool: ${{ parameters.pool }}
|
||||
${{ if eq(parameters.pool, '') }}:
|
||||
pool:
|
||||
# We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com)
|
||||
${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:
|
||||
name: AzurePipelines-EO
|
||||
image: 1ESPT-Windows2022
|
||||
demands: Cmd
|
||||
os: windows
|
||||
# If it's not devdiv, it's dnceng
|
||||
${{ if ne(variables['System.TeamProject'], 'DevDiv') }}:
|
||||
name: $(DncEngInternalBuildPool)
|
||||
image: 1es-windows-2022-pt
|
||||
os: windows
|
||||
|
||||
steps:
|
||||
- ${{ if ne(parameters.SkipLocProjectJsonGeneration, 'true') }}:
|
||||
- task: Powershell@2
|
||||
inputs:
|
||||
filePath: $(Build.SourcesDirectory)/eng/common/generate-locproject.ps1
|
||||
arguments: $(_GenerateLocProjectArguments)
|
||||
displayName: Generate LocProject.json
|
||||
condition: ${{ parameters.condition }}
|
||||
|
||||
- task: OneLocBuild@2
|
||||
displayName: OneLocBuild
|
||||
env:
|
||||
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
|
||||
inputs:
|
||||
locProj: eng/Localize/LocProject.json
|
||||
outDir: $(Build.ArtifactStagingDirectory)
|
||||
lclSource: ${{ parameters.LclSource }}
|
||||
lclPackageId: ${{ parameters.LclPackageId }}
|
||||
isCreatePrSelected: ${{ parameters.CreatePr }}
|
||||
isAutoCompletePrSelected: ${{ parameters.AutoCompletePr }}
|
||||
${{ if eq(parameters.CreatePr, true) }}:
|
||||
isUseLfLineEndingsSelected: ${{ parameters.UseLfLineEndings }}
|
||||
${{ if eq(parameters.RepoType, 'gitHub') }}:
|
||||
isShouldReusePrSelected: ${{ parameters.ReusePr }}
|
||||
packageSourceAuth: patAuth
|
||||
patVariable: ${{ parameters.CeapexPat }}
|
||||
${{ if eq(parameters.RepoType, 'gitHub') }}:
|
||||
repoType: ${{ parameters.RepoType }}
|
||||
gitHubPatVariable: "${{ parameters.GithubPat }}"
|
||||
${{ if ne(parameters.MirrorRepo, '') }}:
|
||||
isMirrorRepoSelected: true
|
||||
gitHubOrganization: ${{ parameters.GitHubOrg }}
|
||||
mirrorRepo: ${{ parameters.MirrorRepo }}
|
||||
mirrorBranch: ${{ parameters.MirrorBranch }}
|
||||
condition: ${{ parameters.condition }}
|
||||
|
||||
- task: 1ES.PublishBuildArtifacts@1
|
||||
displayName: Publish Localization Files
|
||||
inputs:
|
||||
PathtoPublish: '$(Build.ArtifactStagingDirectory)/loc'
|
||||
PublishLocation: Container
|
||||
ArtifactName: Loc
|
||||
condition: ${{ parameters.condition }}
|
||||
|
||||
- task: 1ES.PublishBuildArtifacts@1
|
||||
displayName: Publish LocProject.json
|
||||
inputs:
|
||||
PathtoPublish: '$(Build.SourcesDirectory)/eng/Localize/'
|
||||
PublishLocation: Container
|
||||
ArtifactName: Loc
|
||||
condition: ${{ parameters.condition }}
|
155
eng/common/templates-official/job/publish-build-assets.yml
Normal file
155
eng/common/templates-official/job/publish-build-assets.yml
Normal file
|
@ -0,0 +1,155 @@
|
|||
parameters:
|
||||
configuration: 'Debug'
|
||||
|
||||
# Optional: condition for the job to run
|
||||
condition: ''
|
||||
|
||||
# Optional: 'true' if future jobs should run even if this job fails
|
||||
continueOnError: false
|
||||
|
||||
# Optional: dependencies of the job
|
||||
dependsOn: ''
|
||||
|
||||
# Optional: Include PublishBuildArtifacts task
|
||||
enablePublishBuildArtifacts: false
|
||||
|
||||
# Optional: A defined YAML pool - https://docs.microsoft.com/en-us/azure/devops/pipelines/yaml-schema?view=vsts&tabs=schema#pool
|
||||
pool: {}
|
||||
|
||||
# Optional: should run as a public build even in the internal project
|
||||
# if 'true', the build won't run any of the internal only steps, even if it is running in non-public projects.
|
||||
runAsPublic: false
|
||||
|
||||
# Optional: whether the build's artifacts will be published using release pipelines or direct feed publishing
|
||||
publishUsingPipelines: false
|
||||
|
||||
# Optional: whether the build's artifacts will be published using release pipelines or direct feed publishing
|
||||
publishAssetsImmediately: false
|
||||
|
||||
artifactsPublishingAdditionalParameters: ''
|
||||
|
||||
signingValidationAdditionalParameters: ''
|
||||
|
||||
jobs:
|
||||
- job: Asset_Registry_Publish
|
||||
|
||||
dependsOn: ${{ parameters.dependsOn }}
|
||||
timeoutInMinutes: 150
|
||||
|
||||
${{ if eq(parameters.publishAssetsImmediately, 'true') }}:
|
||||
displayName: Publish Assets
|
||||
${{ else }}:
|
||||
displayName: Publish to Build Asset Registry
|
||||
|
||||
variables:
|
||||
- template: /eng/common/templates-official/variables/pool-providers.yml
|
||||
- ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
|
||||
- group: Publish-Build-Assets
|
||||
- group: AzureDevOps-Artifact-Feeds-Pats
|
||||
- name: runCodesignValidationInjection
|
||||
value: false
|
||||
- ${{ if eq(parameters.publishAssetsImmediately, 'true') }}:
|
||||
- template: /eng/common/templates-official/post-build/common-variables.yml
|
||||
|
||||
pool:
|
||||
# We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com)
|
||||
${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:
|
||||
name: AzurePipelines-EO
|
||||
image: 1ESPT-Windows2022
|
||||
demands: Cmd
|
||||
os: windows
|
||||
# If it's not devdiv, it's dnceng
|
||||
${{ if ne(variables['System.TeamProject'], 'DevDiv') }}:
|
||||
name: $(DncEngInternalBuildPool)
|
||||
image: 1es-windows-2022-pt
|
||||
os: windows
|
||||
steps:
|
||||
- ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
|
||||
- task: DownloadBuildArtifacts@0
|
||||
displayName: Download artifact
|
||||
inputs:
|
||||
artifactName: AssetManifests
|
||||
downloadPath: '$(Build.StagingDirectory)/Download'
|
||||
checkDownloadedFiles: true
|
||||
condition: ${{ parameters.condition }}
|
||||
continueOnError: ${{ parameters.continueOnError }}
|
||||
|
||||
- task: NuGetAuthenticate@1
|
||||
|
||||
- task: PowerShell@2
|
||||
displayName: Publish Build Assets
|
||||
inputs:
|
||||
filePath: eng\common\sdk-task.ps1
|
||||
arguments: -task PublishBuildAssets -restore -msbuildEngine dotnet
|
||||
/p:ManifestsPath='$(Build.StagingDirectory)/Download/AssetManifests'
|
||||
/p:BuildAssetRegistryToken=$(MaestroAccessToken)
|
||||
/p:MaestroApiEndpoint=https://maestro-prod.westus2.cloudapp.azure.com
|
||||
/p:PublishUsingPipelines=${{ parameters.publishUsingPipelines }}
|
||||
/p:OfficialBuildId=$(Build.BuildNumber)
|
||||
condition: ${{ parameters.condition }}
|
||||
continueOnError: ${{ parameters.continueOnError }}
|
||||
|
||||
- task: powershell@2
|
||||
displayName: Create ReleaseConfigs Artifact
|
||||
inputs:
|
||||
targetType: inline
|
||||
script: |
|
||||
New-Item -Path "$(Build.StagingDirectory)/ReleaseConfigs" -ItemType Directory -Force
|
||||
$filePath = "$(Build.StagingDirectory)/ReleaseConfigs/ReleaseConfigs.txt"
|
||||
Add-Content -Path $filePath -Value $(BARBuildId)
|
||||
Add-Content -Path $filePath -Value "$(DefaultChannels)"
|
||||
Add-Content -Path $filePath -Value $(IsStableBuild)
|
||||
|
||||
- task: 1ES.PublishBuildArtifacts@1
|
||||
displayName: Publish ReleaseConfigs Artifact
|
||||
inputs:
|
||||
PathtoPublish: '$(Build.StagingDirectory)/ReleaseConfigs'
|
||||
PublishLocation: Container
|
||||
ArtifactName: ReleaseConfigs
|
||||
|
||||
- task: powershell@2
|
||||
displayName: Check if SymbolPublishingExclusionsFile.txt exists
|
||||
inputs:
|
||||
targetType: inline
|
||||
script: |
|
||||
$symbolExclusionfile = "$(Build.SourcesDirectory)/eng/SymbolPublishingExclusionsFile.txt"
|
||||
if(Test-Path -Path $symbolExclusionfile)
|
||||
{
|
||||
Write-Host "SymbolExclusionFile exists"
|
||||
Write-Host "##vso[task.setvariable variable=SymbolExclusionFile]true"
|
||||
}
|
||||
else{
|
||||
Write-Host "Symbols Exclusion file does not exists"
|
||||
Write-Host "##vso[task.setvariable variable=SymbolExclusionFile]false"
|
||||
}
|
||||
|
||||
- task: 1ES.PublishBuildArtifacts@1
|
||||
displayName: Publish SymbolPublishingExclusionsFile Artifact
|
||||
condition: eq(variables['SymbolExclusionFile'], 'true')
|
||||
inputs:
|
||||
PathtoPublish: '$(Build.SourcesDirectory)/eng/SymbolPublishingExclusionsFile.txt'
|
||||
PublishLocation: Container
|
||||
ArtifactName: ReleaseConfigs
|
||||
|
||||
- ${{ if eq(parameters.publishAssetsImmediately, 'true') }}:
|
||||
- template: /eng/common/templates-official/post-build/setup-maestro-vars.yml
|
||||
parameters:
|
||||
BARBuildId: ${{ parameters.BARBuildId }}
|
||||
PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}
|
||||
|
||||
- task: PowerShell@2
|
||||
displayName: Publish Using Darc
|
||||
inputs:
|
||||
filePath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1
|
||||
arguments: -BuildId $(BARBuildId)
|
||||
-PublishingInfraVersion 3
|
||||
-AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)'
|
||||
-MaestroToken '$(MaestroApiAccessToken)'
|
||||
-WaitPublishingFinish true
|
||||
-ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}'
|
||||
-SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}'
|
||||
|
||||
- ${{ if eq(parameters.enablePublishBuildArtifacts, 'true') }}:
|
||||
- template: /eng/common/templates-official/steps/publish-logs.yml
|
||||
parameters:
|
||||
JobLabel: 'Publish_Artifacts_Logs'
|
67
eng/common/templates-official/job/source-build.yml
Normal file
67
eng/common/templates-official/job/source-build.yml
Normal file
|
@ -0,0 +1,67 @@
|
|||
parameters:
|
||||
# This template adds arcade-powered source-build to CI. The template produces a server job with a
|
||||
# default ID 'Source_Build_Complete' to put in a dependency list if necessary.
|
||||
|
||||
# Specifies the prefix for source-build jobs added to pipeline. Use this if disambiguation needed.
|
||||
jobNamePrefix: 'Source_Build'
|
||||
|
||||
# Defines the platform on which to run the job. By default, a linux-x64 machine, suitable for
|
||||
# managed-only repositories. This is an object with these properties:
|
||||
#
|
||||
# name: ''
|
||||
# The name of the job. This is included in the job ID.
|
||||
# targetRID: ''
|
||||
# The name of the target RID to use, instead of the one auto-detected by Arcade.
|
||||
# nonPortable: false
|
||||
# Enables non-portable mode. This means a more specific RID (e.g. fedora.32-x64 rather than
|
||||
# linux-x64), and compiling against distro-provided packages rather than portable ones.
|
||||
# skipPublishValidation: false
|
||||
# Disables publishing validation. By default, a check is performed to ensure no packages are
|
||||
# published by source-build.
|
||||
# container: ''
|
||||
# A container to use. Runs in docker.
|
||||
# pool: {}
|
||||
# A pool to use. Runs directly on an agent.
|
||||
# buildScript: ''
|
||||
# Specifies the build script to invoke to perform the build in the repo. The default
|
||||
# './build.sh' should work for typical Arcade repositories, but this is customizable for
|
||||
# difficult situations.
|
||||
# jobProperties: {}
|
||||
# A list of job properties to inject at the top level, for potential extensibility beyond
|
||||
# container and pool.
|
||||
platform: {}
|
||||
|
||||
jobs:
|
||||
- job: ${{ parameters.jobNamePrefix }}_${{ parameters.platform.name }}
|
||||
displayName: Source-Build (${{ parameters.platform.name }})
|
||||
|
||||
${{ each property in parameters.platform.jobProperties }}:
|
||||
${{ property.key }}: ${{ property.value }}
|
||||
|
||||
${{ if ne(parameters.platform.container, '') }}:
|
||||
container: ${{ parameters.platform.container }}
|
||||
|
||||
${{ if eq(parameters.platform.pool, '') }}:
|
||||
# The default VM host AzDO pool. This should be capable of running Docker containers: almost all
|
||||
# source-build builds run in Docker, including the default managed platform.
|
||||
# /eng/common/templates-official/variables/pool-providers.yml can't be used here (some customers declare variables already), so duplicate its logic
|
||||
pool:
|
||||
${{ if eq(variables['System.TeamProject'], 'public') }}:
|
||||
name: $[replace(replace(eq(contains(coalesce(variables['System.PullRequest.TargetBranch'], variables['Build.SourceBranch'], 'refs/heads/main'), 'release'), 'true'), True, 'NetCore-Svc-Public' ), False, 'NetCore-Public')]
|
||||
demands: ImageOverride -equals Build.Ubuntu.1804.Amd64.Open
|
||||
|
||||
${{ if eq(variables['System.TeamProject'], 'internal') }}:
|
||||
name: $[replace(replace(eq(contains(coalesce(variables['System.PullRequest.TargetBranch'], variables['Build.SourceBranch'], 'refs/heads/main'), 'release'), 'true'), True, 'NetCore1ESPool-Svc-Internal'), False, 'NetCore1ESPool-Internal')]
|
||||
image: 1es-mariner-2-pt
|
||||
os: linux
|
||||
|
||||
${{ if ne(parameters.platform.pool, '') }}:
|
||||
pool: ${{ parameters.platform.pool }}
|
||||
|
||||
workspace:
|
||||
clean: all
|
||||
|
||||
steps:
|
||||
- template: /eng/common/templates-official/steps/source-build.yml
|
||||
parameters:
|
||||
platform: ${{ parameters.platform }}
|
68
eng/common/templates-official/job/source-index-stage1.yml
Normal file
68
eng/common/templates-official/job/source-index-stage1.yml
Normal file
|
@ -0,0 +1,68 @@
|
|||
parameters:
|
||||
runAsPublic: false
|
||||
sourceIndexPackageVersion: 1.0.1-20230228.2
|
||||
sourceIndexPackageSource: https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools/nuget/v3/index.json
|
||||
sourceIndexBuildCommand: powershell -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "eng/common/build.ps1 -restore -build -binarylog -ci"
|
||||
preSteps: []
|
||||
binlogPath: artifacts/log/Debug/Build.binlog
|
||||
condition: ''
|
||||
dependsOn: ''
|
||||
pool: ''
|
||||
|
||||
jobs:
|
||||
- job: SourceIndexStage1
|
||||
dependsOn: ${{ parameters.dependsOn }}
|
||||
condition: ${{ parameters.condition }}
|
||||
variables:
|
||||
- name: SourceIndexPackageVersion
|
||||
value: ${{ parameters.sourceIndexPackageVersion }}
|
||||
- name: SourceIndexPackageSource
|
||||
value: ${{ parameters.sourceIndexPackageSource }}
|
||||
- name: BinlogPath
|
||||
value: ${{ parameters.binlogPath }}
|
||||
- ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
|
||||
- group: source-dot-net stage1 variables
|
||||
- template: /eng/common/templates-official/variables/pool-providers.yml
|
||||
|
||||
${{ if ne(parameters.pool, '') }}:
|
||||
pool: ${{ parameters.pool }}
|
||||
${{ if eq(parameters.pool, '') }}:
|
||||
pool:
|
||||
${{ if eq(variables['System.TeamProject'], 'public') }}:
|
||||
name: $(DncEngPublicBuildPool)
|
||||
demands: ImageOverride -equals windows.vs2019.amd64.open
|
||||
${{ if eq(variables['System.TeamProject'], 'internal') }}:
|
||||
name: $(DncEngInternalBuildPool)
|
||||
image: 1es-windows-2022-pt
|
||||
os: windows
|
||||
|
||||
steps:
|
||||
- ${{ each preStep in parameters.preSteps }}:
|
||||
- ${{ preStep }}
|
||||
|
||||
- task: UseDotNet@2
|
||||
displayName: Use .NET Core SDK 6
|
||||
inputs:
|
||||
packageType: sdk
|
||||
version: 6.0.x
|
||||
installationPath: $(Agent.TempDirectory)/dotnet
|
||||
workingDirectory: $(Agent.TempDirectory)
|
||||
|
||||
- script: |
|
||||
$(Agent.TempDirectory)/dotnet/dotnet tool install BinLogToSln --version $(SourceIndexPackageVersion) --add-source $(SourceIndexPackageSource) --tool-path $(Agent.TempDirectory)/.source-index/tools
|
||||
$(Agent.TempDirectory)/dotnet/dotnet tool install UploadIndexStage1 --version $(SourceIndexPackageVersion) --add-source $(SourceIndexPackageSource) --tool-path $(Agent.TempDirectory)/.source-index/tools
|
||||
displayName: Download Tools
|
||||
# Set working directory to temp directory so 'dotnet' doesn't try to use global.json and use the repo's sdk.
|
||||
workingDirectory: $(Agent.TempDirectory)
|
||||
|
||||
- script: ${{ parameters.sourceIndexBuildCommand }}
|
||||
displayName: Build Repository
|
||||
|
||||
- script: $(Agent.TempDirectory)/.source-index/tools/BinLogToSln -i $(BinlogPath) -r $(Build.SourcesDirectory) -n $(Build.Repository.Name) -o .source-index/stage1output
|
||||
displayName: Process Binlog into indexable sln
|
||||
|
||||
- ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
|
||||
- script: $(Agent.TempDirectory)/.source-index/tools/UploadIndexStage1 -i .source-index/stage1output -n $(Build.Repository.Name)
|
||||
displayName: Upload stage1 artifacts to source index
|
||||
env:
|
||||
BLOB_CONTAINER_URL: $(source-dot-net-stage1-blob-container-url)
|
31
eng/common/templates-official/jobs/codeql-build.yml
Normal file
31
eng/common/templates-official/jobs/codeql-build.yml
Normal file
|
@ -0,0 +1,31 @@
|
|||
parameters:
|
||||
# See schema documentation in /Documentation/AzureDevOps/TemplateSchema.md
|
||||
continueOnError: false
|
||||
# Required: A collection of jobs to run - https://docs.microsoft.com/en-us/azure/devops/pipelines/yaml-schema?view=vsts&tabs=schema#job
|
||||
jobs: []
|
||||
# Optional: if specified, restore and use this version of Guardian instead of the default.
|
||||
overrideGuardianVersion: ''
|
||||
|
||||
jobs:
|
||||
- template: /eng/common/templates-official/jobs/jobs.yml
|
||||
parameters:
|
||||
enableMicrobuild: false
|
||||
enablePublishBuildArtifacts: false
|
||||
enablePublishTestResults: false
|
||||
enablePublishBuildAssets: false
|
||||
enablePublishUsingPipelines: false
|
||||
enableTelemetry: true
|
||||
|
||||
variables:
|
||||
- group: Publish-Build-Assets
|
||||
# The Guardian version specified in 'eng/common/sdl/packages.config'. This value must be kept in
|
||||
# sync with the packages.config file.
|
||||
- name: DefaultGuardianVersion
|
||||
value: 0.109.0
|
||||
- name: GuardianPackagesConfigFile
|
||||
value: $(Build.SourcesDirectory)\eng\common\sdl\packages.config
|
||||
- name: GuardianVersion
|
||||
value: ${{ coalesce(parameters.overrideGuardianVersion, '$(DefaultGuardianVersion)') }}
|
||||
|
||||
jobs: ${{ parameters.jobs }}
|
||||
|
97
eng/common/templates-official/jobs/jobs.yml
Normal file
97
eng/common/templates-official/jobs/jobs.yml
Normal file
|
@ -0,0 +1,97 @@
|
|||
parameters:
|
||||
# See schema documentation in /Documentation/AzureDevOps/TemplateSchema.md
|
||||
continueOnError: false
|
||||
|
||||
# Optional: Include PublishBuildArtifacts task
|
||||
enablePublishBuildArtifacts: false
|
||||
|
||||
# Optional: Enable publishing using release pipelines
|
||||
enablePublishUsingPipelines: false
|
||||
|
||||
# Optional: Enable running the source-build jobs to build repo from source
|
||||
enableSourceBuild: false
|
||||
|
||||
# Optional: Parameters for source-build template.
|
||||
# See /eng/common/templates-official/jobs/source-build.yml for options
|
||||
sourceBuildParameters: []
|
||||
|
||||
graphFileGeneration:
|
||||
# Optional: Enable generating the graph files at the end of the build
|
||||
enabled: false
|
||||
# Optional: Include toolset dependencies in the generated graph files
|
||||
includeToolset: false
|
||||
|
||||
# Required: A collection of jobs to run - https://docs.microsoft.com/en-us/azure/devops/pipelines/yaml-schema?view=vsts&tabs=schema#job
|
||||
jobs: []
|
||||
|
||||
# Optional: Override automatically derived dependsOn value for "publish build assets" job
|
||||
publishBuildAssetsDependsOn: ''
|
||||
|
||||
# Optional: Publish the assets as soon as the publish to BAR stage is complete, rather doing so in a separate stage.
|
||||
publishAssetsImmediately: false
|
||||
|
||||
# Optional: If using publishAssetsImmediately and additional parameters are needed, can be used to send along additional parameters (normally sent to post-build.yml)
|
||||
artifactsPublishingAdditionalParameters: ''
|
||||
signingValidationAdditionalParameters: ''
|
||||
|
||||
# Optional: should run as a public build even in the internal project
|
||||
# if 'true', the build won't run any of the internal only steps, even if it is running in non-public projects.
|
||||
runAsPublic: false
|
||||
|
||||
enableSourceIndex: false
|
||||
sourceIndexParams: {}
|
||||
|
||||
# Internal resources (telemetry, microbuild) can only be accessed from non-public projects,
|
||||
# and some (Microbuild) should only be applied to non-PR cases for internal builds.
|
||||
|
||||
jobs:
|
||||
- ${{ each job in parameters.jobs }}:
|
||||
- template: ../job/job.yml
|
||||
parameters:
|
||||
# pass along parameters
|
||||
${{ each parameter in parameters }}:
|
||||
${{ if ne(parameter.key, 'jobs') }}:
|
||||
${{ parameter.key }}: ${{ parameter.value }}
|
||||
|
||||
# pass along job properties
|
||||
${{ each property in job }}:
|
||||
${{ if ne(property.key, 'job') }}:
|
||||
${{ property.key }}: ${{ property.value }}
|
||||
|
||||
name: ${{ job.job }}
|
||||
|
||||
- ${{ if eq(parameters.enableSourceBuild, true) }}:
|
||||
- template: /eng/common/templates-official/jobs/source-build.yml
|
||||
parameters:
|
||||
allCompletedJobId: Source_Build_Complete
|
||||
${{ each parameter in parameters.sourceBuildParameters }}:
|
||||
${{ parameter.key }}: ${{ parameter.value }}
|
||||
|
||||
- ${{ if eq(parameters.enableSourceIndex, 'true') }}:
|
||||
- template: ../job/source-index-stage1.yml
|
||||
parameters:
|
||||
runAsPublic: ${{ parameters.runAsPublic }}
|
||||
${{ each parameter in parameters.sourceIndexParams }}:
|
||||
${{ parameter.key }}: ${{ parameter.value }}
|
||||
|
||||
- ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
|
||||
- ${{ if or(eq(parameters.enablePublishBuildAssets, true), eq(parameters.artifacts.publish.manifests, 'true'), ne(parameters.artifacts.publish.manifests, '')) }}:
|
||||
- template: ../job/publish-build-assets.yml
|
||||
parameters:
|
||||
continueOnError: ${{ parameters.continueOnError }}
|
||||
dependsOn:
|
||||
- ${{ if ne(parameters.publishBuildAssetsDependsOn, '') }}:
|
||||
- ${{ each job in parameters.publishBuildAssetsDependsOn }}:
|
||||
- ${{ job.job }}
|
||||
- ${{ if eq(parameters.publishBuildAssetsDependsOn, '') }}:
|
||||
- ${{ each job in parameters.jobs }}:
|
||||
- ${{ job.job }}
|
||||
- ${{ if eq(parameters.enableSourceBuild, true) }}:
|
||||
- Source_Build_Complete
|
||||
|
||||
runAsPublic: ${{ parameters.runAsPublic }}
|
||||
publishUsingPipelines: ${{ parameters.enablePublishUsingPipelines }}
|
||||
publishAssetsImmediately: ${{ parameters.publishAssetsImmediately }}
|
||||
enablePublishBuildArtifacts: ${{ parameters.enablePublishBuildArtifacts }}
|
||||
artifactsPublishingAdditionalParameters: ${{ parameters.artifactsPublishingAdditionalParameters }}
|
||||
signingValidationAdditionalParameters: ${{ parameters.signingValidationAdditionalParameters }}
|
46
eng/common/templates-official/jobs/source-build.yml
Normal file
46
eng/common/templates-official/jobs/source-build.yml
Normal file
|
@ -0,0 +1,46 @@
|
|||
parameters:
|
||||
# This template adds arcade-powered source-build to CI. A job is created for each platform, as
|
||||
# well as an optional server job that completes when all platform jobs complete.
|
||||
|
||||
# The name of the "join" job for all source-build platforms. If set to empty string, the job is
|
||||
# not included. Existing repo pipelines can use this job depend on all source-build jobs
|
||||
# completing without maintaining a separate list of every single job ID: just depend on this one
|
||||
# server job. By default, not included. Recommended name if used: 'Source_Build_Complete'.
|
||||
allCompletedJobId: ''
|
||||
|
||||
# See /eng/common/templates-official/job/source-build.yml
|
||||
jobNamePrefix: 'Source_Build'
|
||||
|
||||
# This is the default platform provided by Arcade, intended for use by a managed-only repo.
|
||||
defaultManagedPlatform:
|
||||
name: 'Managed'
|
||||
container: 'mcr.microsoft.com/dotnet-buildtools/prereqs:centos-stream8'
|
||||
|
||||
# Defines the platforms on which to run build jobs. One job is created for each platform, and the
|
||||
# object in this array is sent to the job template as 'platform'. If no platforms are specified,
|
||||
# one job runs on 'defaultManagedPlatform'.
|
||||
platforms: []
|
||||
|
||||
jobs:
|
||||
|
||||
- ${{ if ne(parameters.allCompletedJobId, '') }}:
|
||||
- job: ${{ parameters.allCompletedJobId }}
|
||||
displayName: Source-Build Complete
|
||||
pool: server
|
||||
dependsOn:
|
||||
- ${{ each platform in parameters.platforms }}:
|
||||
- ${{ parameters.jobNamePrefix }}_${{ platform.name }}
|
||||
- ${{ if eq(length(parameters.platforms), 0) }}:
|
||||
- ${{ parameters.jobNamePrefix }}_${{ parameters.defaultManagedPlatform.name }}
|
||||
|
||||
- ${{ each platform in parameters.platforms }}:
|
||||
- template: /eng/common/templates-official/job/source-build.yml
|
||||
parameters:
|
||||
jobNamePrefix: ${{ parameters.jobNamePrefix }}
|
||||
platform: ${{ platform }}
|
||||
|
||||
- ${{ if eq(length(parameters.platforms), 0) }}:
|
||||
- template: /eng/common/templates-official/job/source-build.yml
|
||||
parameters:
|
||||
jobNamePrefix: ${{ parameters.jobNamePrefix }}
|
||||
platform: ${{ parameters.defaultManagedPlatform }}
|
|
@ -0,0 +1,22 @@
|
|||
variables:
|
||||
- group: Publish-Build-Assets
|
||||
|
||||
# Whether the build is internal or not
|
||||
- name: IsInternalBuild
|
||||
value: ${{ and(ne(variables['System.TeamProject'], 'public'), contains(variables['Build.SourceBranch'], 'internal')) }}
|
||||
|
||||
# Default Maestro++ API Endpoint and API Version
|
||||
- name: MaestroApiEndPoint
|
||||
value: "https://maestro-prod.westus2.cloudapp.azure.com"
|
||||
- name: MaestroApiAccessToken
|
||||
value: $(MaestroAccessToken)
|
||||
- name: MaestroApiVersion
|
||||
value: "2020-02-20"
|
||||
|
||||
- name: SourceLinkCLIVersion
|
||||
value: 3.0.0
|
||||
- name: SymbolToolVersion
|
||||
value: 1.0.1
|
||||
|
||||
- name: runCodesignValidationInjection
|
||||
value: false
|
285
eng/common/templates-official/post-build/post-build.yml
Normal file
285
eng/common/templates-official/post-build/post-build.yml
Normal file
|
@ -0,0 +1,285 @@
|
|||
parameters:
|
||||
# Which publishing infra should be used. THIS SHOULD MATCH THE VERSION ON THE BUILD MANIFEST.
|
||||
# Publishing V1 is no longer supported
|
||||
# Publishing V2 is no longer supported
|
||||
# Publishing V3 is the default
|
||||
- name: publishingInfraVersion
|
||||
displayName: Which version of publishing should be used to promote the build definition?
|
||||
type: number
|
||||
default: 3
|
||||
values:
|
||||
- 3
|
||||
|
||||
- name: BARBuildId
|
||||
displayName: BAR Build Id
|
||||
type: number
|
||||
default: 0
|
||||
|
||||
- name: PromoteToChannelIds
|
||||
displayName: Channel to promote BARBuildId to
|
||||
type: string
|
||||
default: ''
|
||||
|
||||
- name: enableSourceLinkValidation
|
||||
displayName: Enable SourceLink validation
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
- name: enableSigningValidation
|
||||
displayName: Enable signing validation
|
||||
type: boolean
|
||||
default: true
|
||||
|
||||
- name: enableSymbolValidation
|
||||
displayName: Enable symbol validation
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
- name: enableNugetValidation
|
||||
displayName: Enable NuGet validation
|
||||
type: boolean
|
||||
default: true
|
||||
|
||||
- name: publishInstallersAndChecksums
|
||||
displayName: Publish installers and checksums
|
||||
type: boolean
|
||||
default: true
|
||||
|
||||
- name: SDLValidationParameters
|
||||
type: object
|
||||
default:
|
||||
enable: false
|
||||
publishGdn: false
|
||||
continueOnError: false
|
||||
params: ''
|
||||
artifactNames: ''
|
||||
downloadArtifacts: true
|
||||
|
||||
# These parameters let the user customize the call to sdk-task.ps1 for publishing
|
||||
# symbols & general artifacts as well as for signing validation
|
||||
- name: symbolPublishingAdditionalParameters
|
||||
displayName: Symbol publishing additional parameters
|
||||
type: string
|
||||
default: ''
|
||||
|
||||
- name: artifactsPublishingAdditionalParameters
|
||||
displayName: Artifact publishing additional parameters
|
||||
type: string
|
||||
default: ''
|
||||
|
||||
- name: signingValidationAdditionalParameters
|
||||
displayName: Signing validation additional parameters
|
||||
type: string
|
||||
default: ''
|
||||
|
||||
# Which stages should finish execution before post-build stages start
|
||||
- name: validateDependsOn
|
||||
type: object
|
||||
default:
|
||||
- build
|
||||
|
||||
- name: publishDependsOn
|
||||
type: object
|
||||
default:
|
||||
- Validate
|
||||
|
||||
# Optional: Call asset publishing rather than running in a separate stage
|
||||
- name: publishAssetsImmediately
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
stages:
|
||||
- ${{ if or(eq( parameters.enableNugetValidation, 'true'), eq(parameters.enableSigningValidation, 'true'), eq(parameters.enableSourceLinkValidation, 'true'), eq(parameters.SDLValidationParameters.enable, 'true')) }}:
|
||||
- stage: Validate
|
||||
dependsOn: ${{ parameters.validateDependsOn }}
|
||||
displayName: Validate Build Assets
|
||||
variables:
|
||||
- template: common-variables.yml
|
||||
- template: /eng/common/templates-official/variables/pool-providers.yml
|
||||
jobs:
|
||||
- job:
|
||||
displayName: NuGet Validation
|
||||
condition: and(succeededOrFailed(), eq( ${{ parameters.enableNugetValidation }}, 'true'))
|
||||
pool:
|
||||
# We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com)
|
||||
${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:
|
||||
name: AzurePipelines-EO
|
||||
image: 1ESPT-Windows2022
|
||||
demands: Cmd
|
||||
os: windows
|
||||
# If it's not devdiv, it's dnceng
|
||||
${{ else }}:
|
||||
name: $(DncEngInternalBuildPool)
|
||||
image: 1es-windows-2022-pt
|
||||
os: windows
|
||||
|
||||
steps:
|
||||
- template: setup-maestro-vars.yml
|
||||
parameters:
|
||||
BARBuildId: ${{ parameters.BARBuildId }}
|
||||
PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}
|
||||
|
||||
- task: DownloadBuildArtifacts@0
|
||||
displayName: Download Package Artifacts
|
||||
inputs:
|
||||
buildType: specific
|
||||
buildVersionToDownload: specific
|
||||
project: $(AzDOProjectName)
|
||||
pipeline: $(AzDOPipelineId)
|
||||
buildId: $(AzDOBuildId)
|
||||
artifactName: PackageArtifacts
|
||||
checkDownloadedFiles: true
|
||||
|
||||
- task: PowerShell@2
|
||||
displayName: Validate
|
||||
inputs:
|
||||
filePath: $(Build.SourcesDirectory)/eng/common/post-build/nuget-validation.ps1
|
||||
arguments: -PackagesPath $(Build.ArtifactStagingDirectory)/PackageArtifacts/
|
||||
-ToolDestinationPath $(Agent.BuildDirectory)/Extract/
|
||||
|
||||
- job:
|
||||
displayName: Signing Validation
|
||||
condition: and( eq( ${{ parameters.enableSigningValidation }}, 'true'), ne( variables['PostBuildSign'], 'true'))
|
||||
pool:
|
||||
# We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com)
|
||||
${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:
|
||||
name: AzurePipelines-EO
|
||||
image: 1ESPT-Windows2022
|
||||
demands: Cmd
|
||||
os: windows
|
||||
# If it's not devdiv, it's dnceng
|
||||
${{ else }}:
|
||||
name: $(DncEngInternalBuildPool)
|
||||
image: 1es-windows-2022-pt
|
||||
os: windows
|
||||
steps:
|
||||
- template: setup-maestro-vars.yml
|
||||
parameters:
|
||||
BARBuildId: ${{ parameters.BARBuildId }}
|
||||
PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}
|
||||
|
||||
- task: DownloadBuildArtifacts@0
|
||||
displayName: Download Package Artifacts
|
||||
inputs:
|
||||
buildType: specific
|
||||
buildVersionToDownload: specific
|
||||
project: $(AzDOProjectName)
|
||||
pipeline: $(AzDOPipelineId)
|
||||
buildId: $(AzDOBuildId)
|
||||
artifactName: PackageArtifacts
|
||||
checkDownloadedFiles: true
|
||||
itemPattern: |
|
||||
**
|
||||
!**/Microsoft.SourceBuild.Intermediate.*.nupkg
|
||||
|
||||
# This is necessary whenever we want to publish/restore to an AzDO private feed
|
||||
# Since sdk-task.ps1 tries to restore packages we need to do this authentication here
|
||||
# otherwise it'll complain about accessing a private feed.
|
||||
- task: NuGetAuthenticate@1
|
||||
displayName: 'Authenticate to AzDO Feeds'
|
||||
|
||||
# Signing validation will optionally work with the buildmanifest file which is downloaded from
|
||||
# Azure DevOps above.
|
||||
- task: PowerShell@2
|
||||
displayName: Validate
|
||||
inputs:
|
||||
filePath: eng\common\sdk-task.ps1
|
||||
arguments: -task SigningValidation -restore -msbuildEngine vs
|
||||
/p:PackageBasePath='$(Build.ArtifactStagingDirectory)/PackageArtifacts'
|
||||
/p:SignCheckExclusionsFile='$(Build.SourcesDirectory)/eng/SignCheckExclusionsFile.txt'
|
||||
${{ parameters.signingValidationAdditionalParameters }}
|
||||
|
||||
- template: ../steps/publish-logs.yml
|
||||
parameters:
|
||||
StageLabel: 'Validation'
|
||||
JobLabel: 'Signing'
|
||||
BinlogToolVersion: $(BinlogToolVersion)
|
||||
|
||||
- job:
|
||||
displayName: SourceLink Validation
|
||||
condition: eq( ${{ parameters.enableSourceLinkValidation }}, 'true')
|
||||
pool:
|
||||
# We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com)
|
||||
${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:
|
||||
name: AzurePipelines-EO
|
||||
image: 1ESPT-Windows2022
|
||||
demands: Cmd
|
||||
os: windows
|
||||
# If it's not devdiv, it's dnceng
|
||||
${{ else }}:
|
||||
name: $(DncEngInternalBuildPool)
|
||||
image: 1es-windows-2022-pt
|
||||
os: windows
|
||||
steps:
|
||||
- template: setup-maestro-vars.yml
|
||||
parameters:
|
||||
BARBuildId: ${{ parameters.BARBuildId }}
|
||||
PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}
|
||||
|
||||
- task: DownloadBuildArtifacts@0
|
||||
displayName: Download Blob Artifacts
|
||||
inputs:
|
||||
buildType: specific
|
||||
buildVersionToDownload: specific
|
||||
project: $(AzDOProjectName)
|
||||
pipeline: $(AzDOPipelineId)
|
||||
buildId: $(AzDOBuildId)
|
||||
artifactName: BlobArtifacts
|
||||
checkDownloadedFiles: true
|
||||
|
||||
- task: PowerShell@2
|
||||
displayName: Validate
|
||||
inputs:
|
||||
filePath: $(Build.SourcesDirectory)/eng/common/post-build/sourcelink-validation.ps1
|
||||
arguments: -InputPath $(Build.ArtifactStagingDirectory)/BlobArtifacts/
|
||||
-ExtractPath $(Agent.BuildDirectory)/Extract/
|
||||
-GHRepoName $(Build.Repository.Name)
|
||||
-GHCommit $(Build.SourceVersion)
|
||||
-SourcelinkCliVersion $(SourceLinkCLIVersion)
|
||||
continueOnError: true
|
||||
|
||||
- ${{ if ne(parameters.publishAssetsImmediately, 'true') }}:
|
||||
- stage: publish_using_darc
|
||||
${{ if or(eq(parameters.enableNugetValidation, 'true'), eq(parameters.enableSigningValidation, 'true'), eq(parameters.enableSourceLinkValidation, 'true'), eq(parameters.SDLValidationParameters.enable, 'true')) }}:
|
||||
dependsOn: ${{ parameters.publishDependsOn }}
|
||||
${{ else }}:
|
||||
dependsOn: ${{ parameters.validateDependsOn }}
|
||||
displayName: Publish using Darc
|
||||
variables:
|
||||
- template: common-variables.yml
|
||||
- template: /eng/common/templates-official/variables/pool-providers.yml
|
||||
jobs:
|
||||
- job:
|
||||
displayName: Publish Using Darc
|
||||
timeoutInMinutes: 120
|
||||
pool:
|
||||
# We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com)
|
||||
${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:
|
||||
name: AzurePipelines-EO
|
||||
image: 1ESPT-Windows2022
|
||||
demands: Cmd
|
||||
os: windows
|
||||
# If it's not devdiv, it's dnceng
|
||||
${{ else }}:
|
||||
name: $(DncEngInternalBuildPool)
|
||||
image: 1es-windows-2022-pt
|
||||
os: windows
|
||||
steps:
|
||||
- template: setup-maestro-vars.yml
|
||||
parameters:
|
||||
BARBuildId: ${{ parameters.BARBuildId }}
|
||||
PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}
|
||||
|
||||
- task: NuGetAuthenticate@1
|
||||
|
||||
- task: PowerShell@2
|
||||
displayName: Publish Using Darc
|
||||
inputs:
|
||||
filePath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1
|
||||
arguments: -BuildId $(BARBuildId)
|
||||
-PublishingInfraVersion ${{ parameters.publishingInfraVersion }}
|
||||
-AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)'
|
||||
-MaestroToken '$(MaestroApiAccessToken)'
|
||||
-WaitPublishingFinish true
|
||||
-ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}'
|
||||
-SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}'
|
|
@ -0,0 +1,70 @@
|
|||
parameters:
|
||||
BARBuildId: ''
|
||||
PromoteToChannelIds: ''
|
||||
|
||||
steps:
|
||||
- ${{ if eq(coalesce(parameters.PromoteToChannelIds, 0), 0) }}:
|
||||
- task: DownloadBuildArtifacts@0
|
||||
displayName: Download Release Configs
|
||||
inputs:
|
||||
buildType: current
|
||||
artifactName: ReleaseConfigs
|
||||
checkDownloadedFiles: true
|
||||
|
||||
- task: PowerShell@2
|
||||
name: setReleaseVars
|
||||
displayName: Set Release Configs Vars
|
||||
inputs:
|
||||
targetType: inline
|
||||
pwsh: true
|
||||
script: |
|
||||
try {
|
||||
if (!$Env:PromoteToMaestroChannels -or $Env:PromoteToMaestroChannels.Trim() -eq '') {
|
||||
$Content = Get-Content $(Build.StagingDirectory)/ReleaseConfigs/ReleaseConfigs.txt
|
||||
|
||||
$BarId = $Content | Select -Index 0
|
||||
$Channels = $Content | Select -Index 1
|
||||
$IsStableBuild = $Content | Select -Index 2
|
||||
|
||||
$AzureDevOpsProject = $Env:System_TeamProject
|
||||
$AzureDevOpsBuildDefinitionId = $Env:System_DefinitionId
|
||||
$AzureDevOpsBuildId = $Env:Build_BuildId
|
||||
}
|
||||
else {
|
||||
$buildApiEndpoint = "${Env:MaestroApiEndPoint}/api/builds/${Env:BARBuildId}?api-version=${Env:MaestroApiVersion}"
|
||||
|
||||
$apiHeaders = New-Object 'System.Collections.Generic.Dictionary[[String],[String]]'
|
||||
$apiHeaders.Add('Accept', 'application/json')
|
||||
$apiHeaders.Add('Authorization',"Bearer ${Env:MAESTRO_API_TOKEN}")
|
||||
|
||||
$buildInfo = try { Invoke-WebRequest -Method Get -Uri $buildApiEndpoint -Headers $apiHeaders | ConvertFrom-Json } catch { Write-Host "Error: $_" }
|
||||
|
||||
$BarId = $Env:BARBuildId
|
||||
$Channels = $Env:PromoteToMaestroChannels -split ","
|
||||
$Channels = $Channels -join "]["
|
||||
$Channels = "[$Channels]"
|
||||
|
||||
$IsStableBuild = $buildInfo.stable
|
||||
$AzureDevOpsProject = $buildInfo.azureDevOpsProject
|
||||
$AzureDevOpsBuildDefinitionId = $buildInfo.azureDevOpsBuildDefinitionId
|
||||
$AzureDevOpsBuildId = $buildInfo.azureDevOpsBuildId
|
||||
}
|
||||
|
||||
Write-Host "##vso[task.setvariable variable=BARBuildId]$BarId"
|
||||
Write-Host "##vso[task.setvariable variable=TargetChannels]$Channels"
|
||||
Write-Host "##vso[task.setvariable variable=IsStableBuild]$IsStableBuild"
|
||||
|
||||
Write-Host "##vso[task.setvariable variable=AzDOProjectName]$AzureDevOpsProject"
|
||||
Write-Host "##vso[task.setvariable variable=AzDOPipelineId]$AzureDevOpsBuildDefinitionId"
|
||||
Write-Host "##vso[task.setvariable variable=AzDOBuildId]$AzureDevOpsBuildId"
|
||||
}
|
||||
catch {
|
||||
Write-Host $_
|
||||
Write-Host $_.Exception
|
||||
Write-Host $_.ScriptStackTrace
|
||||
exit 1
|
||||
}
|
||||
env:
|
||||
MAESTRO_API_TOKEN: $(MaestroApiAccessToken)
|
||||
BARBuildId: ${{ parameters.BARBuildId }}
|
||||
PromoteToMaestroChannels: ${{ parameters.PromoteToChannelIds }}
|
|
@ -0,0 +1,13 @@
|
|||
parameters:
|
||||
ChannelId: 0
|
||||
|
||||
steps:
|
||||
- task: PowerShell@2
|
||||
displayName: Triggering subscriptions
|
||||
inputs:
|
||||
filePath: $(Build.SourcesDirectory)/eng/common/post-build/trigger-subscriptions.ps1
|
||||
arguments: -SourceRepo $(Build.Repository.Uri)
|
||||
-ChannelId ${{ parameters.ChannelId }}
|
||||
-MaestroApiAccessToken $(MaestroAccessToken)
|
||||
-MaestroApiEndPoint $(MaestroApiEndPoint)
|
||||
-MaestroApiVersion $(MaestroApiVersion)
|
13
eng/common/templates-official/steps/add-build-to-channel.yml
Normal file
13
eng/common/templates-official/steps/add-build-to-channel.yml
Normal file
|
@ -0,0 +1,13 @@
|
|||
parameters:
|
||||
ChannelId: 0
|
||||
|
||||
steps:
|
||||
- task: PowerShell@2
|
||||
displayName: Add Build to Channel
|
||||
inputs:
|
||||
filePath: $(Build.SourcesDirectory)/eng/common/post-build/add-build-to-channel.ps1
|
||||
arguments: -BuildId $(BARBuildId)
|
||||
-ChannelId ${{ parameters.ChannelId }}
|
||||
-MaestroApiAccessToken $(MaestroApiAccessToken)
|
||||
-MaestroApiEndPoint $(MaestroApiEndPoint)
|
||||
-MaestroApiVersion $(MaestroApiVersion)
|
12
eng/common/templates-official/steps/build-reason.yml
Normal file
12
eng/common/templates-official/steps/build-reason.yml
Normal file
|
@ -0,0 +1,12 @@
|
|||
# build-reason.yml
|
||||
# Description: runs steps if build.reason condition is valid. conditions is a string of valid build reasons
|
||||
# to include steps (',' separated).
|
||||
parameters:
|
||||
conditions: ''
|
||||
steps: []
|
||||
|
||||
steps:
|
||||
- ${{ if and( not(startsWith(parameters.conditions, 'not')), contains(parameters.conditions, variables['build.reason'])) }}:
|
||||
- ${{ parameters.steps }}
|
||||
- ${{ if and( startsWith(parameters.conditions, 'not'), not(contains(parameters.conditions, variables['build.reason']))) }}:
|
||||
- ${{ parameters.steps }}
|
13
eng/common/templates-official/steps/component-governance.yml
Normal file
13
eng/common/templates-official/steps/component-governance.yml
Normal file
|
@ -0,0 +1,13 @@
|
|||
parameters:
|
||||
disableComponentGovernance: false
|
||||
componentGovernanceIgnoreDirectories: ''
|
||||
|
||||
steps:
|
||||
- ${{ if eq(parameters.disableComponentGovernance, 'true') }}:
|
||||
- script: "echo ##vso[task.setvariable variable=skipComponentGovernanceDetection]true"
|
||||
displayName: Set skipComponentGovernanceDetection variable
|
||||
- ${{ if ne(parameters.disableComponentGovernance, 'true') }}:
|
||||
- task: ComponentGovernanceComponentDetection@0
|
||||
continueOnError: true
|
||||
inputs:
|
||||
ignoreDirectories: ${{ parameters.componentGovernanceIgnoreDirectories }}
|
32
eng/common/templates-official/steps/execute-codeql.yml
Normal file
32
eng/common/templates-official/steps/execute-codeql.yml
Normal file
|
@ -0,0 +1,32 @@
|
|||
parameters:
|
||||
# Language that should be analyzed. Defaults to csharp
|
||||
language: csharp
|
||||
# Build Commands
|
||||
buildCommands: ''
|
||||
overrideParameters: '' # Optional: to override values for parameters.
|
||||
additionalParameters: '' # Optional: parameters that need user specific values eg: '-SourceToolsList @("abc","def") -ArtifactToolsList @("ghi","jkl")'
|
||||
# Optional: if specified, restore and use this version of Guardian instead of the default.
|
||||
overrideGuardianVersion: ''
|
||||
# Optional: if true, publish the '.gdn' folder as a pipeline artifact. This can help with in-depth
|
||||
# diagnosis of problems with specific tool configurations.
|
||||
publishGuardianDirectoryToPipeline: false
|
||||
# The script to run to execute all SDL tools. Use this if you want to use a script to define SDL
|
||||
# parameters rather than relying on YAML. It may be better to use a local script, because you can
|
||||
# reproduce results locally without piecing together a command based on the YAML.
|
||||
executeAllSdlToolsScript: 'eng/common/sdl/execute-all-sdl-tools.ps1'
|
||||
# There is some sort of bug (has been reported) in Azure DevOps where if this parameter is named
|
||||
# 'continueOnError', the parameter value is not correctly picked up.
|
||||
# This can also be remedied by the caller (post-build.yml) if it does not use a nested parameter
|
||||
# optional: determines whether to continue the build if the step errors;
|
||||
sdlContinueOnError: false
|
||||
|
||||
steps:
|
||||
- template: /eng/common/templates-official/steps/execute-sdl.yml
|
||||
parameters:
|
||||
overrideGuardianVersion: ${{ parameters.overrideGuardianVersion }}
|
||||
executeAllSdlToolsScript: ${{ parameters.executeAllSdlToolsScript }}
|
||||
overrideParameters: ${{ parameters.overrideParameters }}
|
||||
additionalParameters: '${{ parameters.additionalParameters }}
|
||||
-CodeQLAdditionalRunConfigParams @("BuildCommands < ${{ parameters.buildCommands }}", "Language < ${{ parameters.language }}")'
|
||||
publishGuardianDirectoryToPipeline: ${{ parameters.publishGuardianDirectoryToPipeline }}
|
||||
sdlContinueOnError: ${{ parameters.sdlContinueOnError }}
|
88
eng/common/templates-official/steps/execute-sdl.yml
Normal file
88
eng/common/templates-official/steps/execute-sdl.yml
Normal file
|
@ -0,0 +1,88 @@
|
|||
parameters:
|
||||
overrideGuardianVersion: ''
|
||||
executeAllSdlToolsScript: ''
|
||||
overrideParameters: ''
|
||||
additionalParameters: ''
|
||||
publishGuardianDirectoryToPipeline: false
|
||||
sdlContinueOnError: false
|
||||
condition: ''
|
||||
|
||||
steps:
|
||||
- task: NuGetAuthenticate@1
|
||||
inputs:
|
||||
nuGetServiceConnections: GuardianConnect
|
||||
|
||||
- task: NuGetToolInstaller@1
|
||||
displayName: 'Install NuGet.exe'
|
||||
|
||||
- ${{ if ne(parameters.overrideGuardianVersion, '') }}:
|
||||
- pwsh: |
|
||||
Set-Location -Path $(Build.SourcesDirectory)\eng\common\sdl
|
||||
. .\sdl.ps1
|
||||
$guardianCliLocation = Install-Gdn -Path $(Build.SourcesDirectory)\.artifacts -Version ${{ parameters.overrideGuardianVersion }}
|
||||
Write-Host "##vso[task.setvariable variable=GuardianCliLocation]$guardianCliLocation"
|
||||
displayName: Install Guardian (Overridden)
|
||||
|
||||
- ${{ if eq(parameters.overrideGuardianVersion, '') }}:
|
||||
- pwsh: |
|
||||
Set-Location -Path $(Build.SourcesDirectory)\eng\common\sdl
|
||||
. .\sdl.ps1
|
||||
$guardianCliLocation = Install-Gdn -Path $(Build.SourcesDirectory)\.artifacts
|
||||
Write-Host "##vso[task.setvariable variable=GuardianCliLocation]$guardianCliLocation"
|
||||
displayName: Install Guardian
|
||||
|
||||
- ${{ if ne(parameters.overrideParameters, '') }}:
|
||||
- powershell: ${{ parameters.executeAllSdlToolsScript }} ${{ parameters.overrideParameters }}
|
||||
displayName: Execute SDL (Overridden)
|
||||
continueOnError: ${{ parameters.sdlContinueOnError }}
|
||||
condition: ${{ parameters.condition }}
|
||||
|
||||
- ${{ if eq(parameters.overrideParameters, '') }}:
|
||||
- powershell: ${{ parameters.executeAllSdlToolsScript }}
|
||||
-GuardianCliLocation $(GuardianCliLocation)
|
||||
-NugetPackageDirectory $(Build.SourcesDirectory)\.packages
|
||||
-AzureDevOpsAccessToken $(dn-bot-dotnet-build-rw-code-rw)
|
||||
${{ parameters.additionalParameters }}
|
||||
displayName: Execute SDL
|
||||
continueOnError: ${{ parameters.sdlContinueOnError }}
|
||||
condition: ${{ parameters.condition }}
|
||||
|
||||
- ${{ if ne(parameters.publishGuardianDirectoryToPipeline, 'false') }}:
|
||||
# We want to publish the Guardian results and configuration for easy diagnosis. However, the
|
||||
# '.gdn' dir is a mix of configuration, results, extracted dependencies, and Guardian default
|
||||
# tooling files. Some of these files are large and aren't useful during an investigation, so
|
||||
# exclude them by simply deleting them before publishing. (As of writing, there is no documented
|
||||
# way to selectively exclude a dir from the pipeline artifact publish task.)
|
||||
- task: DeleteFiles@1
|
||||
displayName: Delete Guardian dependencies to avoid uploading
|
||||
inputs:
|
||||
SourceFolder: $(Agent.BuildDirectory)/.gdn
|
||||
Contents: |
|
||||
c
|
||||
i
|
||||
condition: succeededOrFailed()
|
||||
|
||||
- publish: $(Agent.BuildDirectory)/.gdn
|
||||
artifact: GuardianConfiguration
|
||||
displayName: Publish GuardianConfiguration
|
||||
condition: succeededOrFailed()
|
||||
|
||||
# Publish the SARIF files in a container named CodeAnalysisLogs to enable integration
|
||||
# with the "SARIF SAST Scans Tab" Azure DevOps extension
|
||||
- task: CopyFiles@2
|
||||
displayName: Copy SARIF files
|
||||
inputs:
|
||||
flattenFolders: true
|
||||
sourceFolder: $(Agent.BuildDirectory)/.gdn/rc/
|
||||
contents: '**/*.sarif'
|
||||
targetFolder: $(Build.SourcesDirectory)/CodeAnalysisLogs
|
||||
condition: succeededOrFailed()
|
||||
|
||||
# Use PublishBuildArtifacts because the SARIF extension only checks this case
|
||||
# see microsoft/sarif-azuredevops-extension#4
|
||||
- task: PublishBuildArtifacts@1
|
||||
displayName: Publish SARIF files to CodeAnalysisLogs container
|
||||
inputs:
|
||||
pathToPublish: $(Build.SourcesDirectory)/CodeAnalysisLogs
|
||||
artifactName: CodeAnalysisLogs
|
||||
condition: succeededOrFailed()
|
48
eng/common/templates-official/steps/generate-sbom.yml
Normal file
48
eng/common/templates-official/steps/generate-sbom.yml
Normal file
|
@ -0,0 +1,48 @@
|
|||
# BuildDropPath - The root folder of the drop directory for which the manifest file will be generated.
|
||||
# PackageName - The name of the package this SBOM represents.
|
||||
# PackageVersion - The version of the package this SBOM represents.
|
||||
# ManifestDirPath - The path of the directory where the generated manifest files will be placed
|
||||
# IgnoreDirectories - Directories to ignore for SBOM generation. This will be passed through to the CG component detector.
|
||||
|
||||
parameters:
|
||||
PackageVersion: 8.0.0
|
||||
BuildDropPath: '$(Build.SourcesDirectory)/artifacts'
|
||||
PackageName: '.NET'
|
||||
ManifestDirPath: $(Build.ArtifactStagingDirectory)/sbom
|
||||
IgnoreDirectories: ''
|
||||
sbomContinueOnError: true
|
||||
|
||||
steps:
|
||||
- task: PowerShell@2
|
||||
displayName: Prep for SBOM generation in (Non-linux)
|
||||
condition: or(eq(variables['Agent.Os'], 'Windows_NT'), eq(variables['Agent.Os'], 'Darwin'))
|
||||
inputs:
|
||||
filePath: ./eng/common/generate-sbom-prep.ps1
|
||||
arguments: ${{parameters.manifestDirPath}}
|
||||
|
||||
# Chmodding is a workaround for https://github.com/dotnet/arcade/issues/8461
|
||||
- script: |
|
||||
chmod +x ./eng/common/generate-sbom-prep.sh
|
||||
./eng/common/generate-sbom-prep.sh ${{parameters.manifestDirPath}}
|
||||
displayName: Prep for SBOM generation in (Linux)
|
||||
condition: eq(variables['Agent.Os'], 'Linux')
|
||||
continueOnError: ${{ parameters.sbomContinueOnError }}
|
||||
|
||||
- task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
|
||||
displayName: 'Generate SBOM manifest'
|
||||
continueOnError: ${{ parameters.sbomContinueOnError }}
|
||||
inputs:
|
||||
PackageName: ${{ parameters.packageName }}
|
||||
BuildDropPath: ${{ parameters.buildDropPath }}
|
||||
PackageVersion: ${{ parameters.packageVersion }}
|
||||
ManifestDirPath: ${{ parameters.manifestDirPath }}
|
||||
${{ if ne(parameters.IgnoreDirectories, '') }}:
|
||||
AdditionalComponentDetectorArgs: '--IgnoreDirectories ${{ parameters.IgnoreDirectories }}'
|
||||
|
||||
- task: 1ES.PublishPipelineArtifact@1
|
||||
displayName: Publish SBOM manifest
|
||||
continueOnError: ${{parameters.sbomContinueOnError}}
|
||||
inputs:
|
||||
targetPath: '${{parameters.manifestDirPath}}'
|
||||
artifactName: $(ARTIFACT_NAME)
|
||||
|
23
eng/common/templates-official/steps/publish-logs.yml
Normal file
23
eng/common/templates-official/steps/publish-logs.yml
Normal file
|
@ -0,0 +1,23 @@
|
|||
parameters:
|
||||
StageLabel: ''
|
||||
JobLabel: ''
|
||||
|
||||
steps:
|
||||
- task: Powershell@2
|
||||
displayName: Prepare Binlogs to Upload
|
||||
inputs:
|
||||
targetType: inline
|
||||
script: |
|
||||
New-Item -ItemType Directory $(Build.SourcesDirectory)/PostBuildLogs/${{parameters.StageLabel}}/${{parameters.JobLabel}}/
|
||||
Move-Item -Path $(Build.SourcesDirectory)/artifacts/log/Debug/* $(Build.SourcesDirectory)/PostBuildLogs/${{parameters.StageLabel}}/${{parameters.JobLabel}}/
|
||||
continueOnError: true
|
||||
condition: always()
|
||||
|
||||
- task: 1ES.PublishBuildArtifacts@1
|
||||
displayName: Publish Logs
|
||||
inputs:
|
||||
PathtoPublish: '$(Build.SourcesDirectory)/PostBuildLogs'
|
||||
PublishLocation: Container
|
||||
ArtifactName: PostBuildLogs
|
||||
continueOnError: true
|
||||
condition: always()
|
28
eng/common/templates-official/steps/retain-build.yml
Normal file
28
eng/common/templates-official/steps/retain-build.yml
Normal file
|
@ -0,0 +1,28 @@
|
|||
parameters:
|
||||
# Optional azure devops PAT with build execute permissions for the build's organization,
|
||||
# only needed if the build that should be retained ran on a different organization than
|
||||
# the pipeline where this template is executing from
|
||||
Token: ''
|
||||
# Optional BuildId to retain, defaults to the current running build
|
||||
BuildId: ''
|
||||
# Azure devops Organization URI for the build in the https://dev.azure.com/<organization> format.
|
||||
# Defaults to the organization the current pipeline is running on
|
||||
AzdoOrgUri: '$(System.CollectionUri)'
|
||||
# Azure devops project for the build. Defaults to the project the current pipeline is running on
|
||||
AzdoProject: '$(System.TeamProject)'
|
||||
|
||||
steps:
|
||||
- task: powershell@2
|
||||
inputs:
|
||||
targetType: 'filePath'
|
||||
filePath: eng/common/retain-build.ps1
|
||||
pwsh: true
|
||||
arguments: >
|
||||
-AzdoOrgUri: ${{parameters.AzdoOrgUri}}
|
||||
-AzdoProject ${{parameters.AzdoProject}}
|
||||
-Token ${{coalesce(parameters.Token, '$env:SYSTEM_ACCESSTOKEN') }}
|
||||
-BuildId ${{coalesce(parameters.BuildId, '$env:BUILD_ID')}}
|
||||
displayName: Enable permanent build retention
|
||||
env:
|
||||
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
|
||||
BUILD_ID: $(Build.BuildId)
|
91
eng/common/templates-official/steps/send-to-helix.yml
Normal file
91
eng/common/templates-official/steps/send-to-helix.yml
Normal file
|
@ -0,0 +1,91 @@
|
|||
# Please remember to update the documentation if you make changes to these parameters!
|
||||
parameters:
|
||||
HelixSource: 'pr/default' # required -- sources must start with pr/, official/, prodcon/, or agent/
|
||||
HelixType: 'tests/default/' # required -- Helix telemetry which identifies what type of data this is; should include "test" for clarity and must end in '/'
|
||||
HelixBuild: $(Build.BuildNumber) # required -- the build number Helix will use to identify this -- automatically set to the AzDO build number
|
||||
HelixTargetQueues: '' # required -- semicolon-delimited list of Helix queues to test on; see https://helix.dot.net/ for a list of queues
|
||||
HelixAccessToken: '' # required -- access token to make Helix API requests; should be provided by the appropriate variable group
|
||||
HelixConfiguration: '' # optional -- additional property attached to a job
|
||||
HelixPreCommands: '' # optional -- commands to run before Helix work item execution
|
||||
HelixPostCommands: '' # optional -- commands to run after Helix work item execution
|
||||
WorkItemDirectory: '' # optional -- a payload directory to zip up and send to Helix; requires WorkItemCommand; incompatible with XUnitProjects
|
||||
WorkItemCommand: '' # optional -- a command to execute on the payload; requires WorkItemDirectory; incompatible with XUnitProjects
|
||||
WorkItemTimeout: '' # optional -- a timeout in TimeSpan.Parse-ready value (e.g. 00:02:00) for the work item command; requires WorkItemDirectory; incompatible with XUnitProjects
|
||||
CorrelationPayloadDirectory: '' # optional -- a directory to zip up and send to Helix as a correlation payload
|
||||
XUnitProjects: '' # optional -- semicolon-delimited list of XUnitProjects to parse and send to Helix; requires XUnitRuntimeTargetFramework, XUnitPublishTargetFramework, XUnitRunnerVersion, and IncludeDotNetCli=true
|
||||
XUnitWorkItemTimeout: '' # optional -- the workitem timeout in seconds for all workitems created from the xUnit projects specified by XUnitProjects
|
||||
XUnitPublishTargetFramework: '' # optional -- framework to use to publish your xUnit projects
|
||||
XUnitRuntimeTargetFramework: '' # optional -- framework to use for the xUnit console runner
|
||||
XUnitRunnerVersion: '' # optional -- version of the xUnit nuget package you wish to use on Helix; required for XUnitProjects
|
||||
IncludeDotNetCli: false # optional -- true will download a version of the .NET CLI onto the Helix machine as a correlation payload; requires DotNetCliPackageType and DotNetCliVersion
|
||||
DotNetCliPackageType: '' # optional -- either 'sdk', 'runtime' or 'aspnetcore-runtime'; determines whether the sdk or runtime will be sent to Helix; see https://raw.githubusercontent.com/dotnet/core/main/release-notes/releases-index.json
|
||||
DotNetCliVersion: '' # optional -- version of the CLI to send to Helix; based on this: https://raw.githubusercontent.com/dotnet/core/main/release-notes/releases-index.json
|
||||
WaitForWorkItemCompletion: true # optional -- true will make the task wait until work items have been completed and fail the build if work items fail. False is "fire and forget."
|
||||
IsExternal: false # [DEPRECATED] -- doesn't do anything, jobs are external if HelixAccessToken is empty and Creator is set
|
||||
HelixBaseUri: 'https://helix.dot.net/' # optional -- sets the Helix API base URI (allows targeting https://helix.int-dot.net )
|
||||
Creator: '' # optional -- if the build is external, use this to specify who is sending the job
|
||||
DisplayNamePrefix: 'Run Tests' # optional -- rename the beginning of the displayName of the steps in AzDO
|
||||
condition: succeeded() # optional -- condition for step to execute; defaults to succeeded()
|
||||
continueOnError: false # optional -- determines whether to continue the build if the step errors; defaults to false
|
||||
|
||||
steps:
|
||||
- powershell: 'powershell "$env:BUILD_SOURCESDIRECTORY\eng\common\msbuild.ps1 $env:BUILD_SOURCESDIRECTORY\eng\common\helixpublish.proj /restore /p:TreatWarningsAsErrors=false /t:Test /bl:$env:BUILD_SOURCESDIRECTORY\artifacts\log\$env:BuildConfig\SendToHelix.binlog"'
|
||||
displayName: ${{ parameters.DisplayNamePrefix }} (Windows)
|
||||
env:
|
||||
BuildConfig: $(_BuildConfig)
|
||||
HelixSource: ${{ parameters.HelixSource }}
|
||||
HelixType: ${{ parameters.HelixType }}
|
||||
HelixBuild: ${{ parameters.HelixBuild }}
|
||||
HelixConfiguration: ${{ parameters.HelixConfiguration }}
|
||||
HelixTargetQueues: ${{ parameters.HelixTargetQueues }}
|
||||
HelixAccessToken: ${{ parameters.HelixAccessToken }}
|
||||
HelixPreCommands: ${{ parameters.HelixPreCommands }}
|
||||
HelixPostCommands: ${{ parameters.HelixPostCommands }}
|
||||
WorkItemDirectory: ${{ parameters.WorkItemDirectory }}
|
||||
WorkItemCommand: ${{ parameters.WorkItemCommand }}
|
||||
WorkItemTimeout: ${{ parameters.WorkItemTimeout }}
|
||||
CorrelationPayloadDirectory: ${{ parameters.CorrelationPayloadDirectory }}
|
||||
XUnitProjects: ${{ parameters.XUnitProjects }}
|
||||
XUnitWorkItemTimeout: ${{ parameters.XUnitWorkItemTimeout }}
|
||||
XUnitPublishTargetFramework: ${{ parameters.XUnitPublishTargetFramework }}
|
||||
XUnitRuntimeTargetFramework: ${{ parameters.XUnitRuntimeTargetFramework }}
|
||||
XUnitRunnerVersion: ${{ parameters.XUnitRunnerVersion }}
|
||||
IncludeDotNetCli: ${{ parameters.IncludeDotNetCli }}
|
||||
DotNetCliPackageType: ${{ parameters.DotNetCliPackageType }}
|
||||
DotNetCliVersion: ${{ parameters.DotNetCliVersion }}
|
||||
WaitForWorkItemCompletion: ${{ parameters.WaitForWorkItemCompletion }}
|
||||
HelixBaseUri: ${{ parameters.HelixBaseUri }}
|
||||
Creator: ${{ parameters.Creator }}
|
||||
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
|
||||
condition: and(${{ parameters.condition }}, eq(variables['Agent.Os'], 'Windows_NT'))
|
||||
continueOnError: ${{ parameters.continueOnError }}
|
||||
- script: $BUILD_SOURCESDIRECTORY/eng/common/msbuild.sh $BUILD_SOURCESDIRECTORY/eng/common/helixpublish.proj /restore /p:TreatWarningsAsErrors=false /t:Test /bl:$BUILD_SOURCESDIRECTORY/artifacts/log/$BuildConfig/SendToHelix.binlog
|
||||
displayName: ${{ parameters.DisplayNamePrefix }} (Unix)
|
||||
env:
|
||||
BuildConfig: $(_BuildConfig)
|
||||
HelixSource: ${{ parameters.HelixSource }}
|
||||
HelixType: ${{ parameters.HelixType }}
|
||||
HelixBuild: ${{ parameters.HelixBuild }}
|
||||
HelixConfiguration: ${{ parameters.HelixConfiguration }}
|
||||
HelixTargetQueues: ${{ parameters.HelixTargetQueues }}
|
||||
HelixAccessToken: ${{ parameters.HelixAccessToken }}
|
||||
HelixPreCommands: ${{ parameters.HelixPreCommands }}
|
||||
HelixPostCommands: ${{ parameters.HelixPostCommands }}
|
||||
WorkItemDirectory: ${{ parameters.WorkItemDirectory }}
|
||||
WorkItemCommand: ${{ parameters.WorkItemCommand }}
|
||||
WorkItemTimeout: ${{ parameters.WorkItemTimeout }}
|
||||
CorrelationPayloadDirectory: ${{ parameters.CorrelationPayloadDirectory }}
|
||||
XUnitProjects: ${{ parameters.XUnitProjects }}
|
||||
XUnitWorkItemTimeout: ${{ parameters.XUnitWorkItemTimeout }}
|
||||
XUnitPublishTargetFramework: ${{ parameters.XUnitPublishTargetFramework }}
|
||||
XUnitRuntimeTargetFramework: ${{ parameters.XUnitRuntimeTargetFramework }}
|
||||
XUnitRunnerVersion: ${{ parameters.XUnitRunnerVersion }}
|
||||
IncludeDotNetCli: ${{ parameters.IncludeDotNetCli }}
|
||||
DotNetCliPackageType: ${{ parameters.DotNetCliPackageType }}
|
||||
DotNetCliVersion: ${{ parameters.DotNetCliVersion }}
|
||||
WaitForWorkItemCompletion: ${{ parameters.WaitForWorkItemCompletion }}
|
||||
HelixBaseUri: ${{ parameters.HelixBaseUri }}
|
||||
Creator: ${{ parameters.Creator }}
|
||||
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
|
||||
condition: and(${{ parameters.condition }}, ne(variables['Agent.Os'], 'Windows_NT'))
|
||||
continueOnError: ${{ parameters.continueOnError }}
|
129
eng/common/templates-official/steps/source-build.yml
Normal file
129
eng/common/templates-official/steps/source-build.yml
Normal file
|
@ -0,0 +1,129 @@
|
|||
parameters:
|
||||
# This template adds arcade-powered source-build to CI.
|
||||
|
||||
# This is a 'steps' template, and is intended for advanced scenarios where the existing build
|
||||
# infra has a careful build methodology that must be followed. For example, a repo
|
||||
# (dotnet/runtime) might choose to clone the GitHub repo only once and store it as a pipeline
|
||||
# artifact for all subsequent jobs to use, to reduce dependence on a strong network connection to
|
||||
# GitHub. Using this steps template leaves room for that infra to be included.
|
||||
|
||||
# Defines the platform on which to run the steps. See 'eng/common/templates-official/job/source-build.yml'
|
||||
# for details. The entire object is described in the 'job' template for simplicity, even though
|
||||
# the usage of the properties on this object is split between the 'job' and 'steps' templates.
|
||||
platform: {}
|
||||
|
||||
steps:
|
||||
# Build. Keep it self-contained for simple reusability. (No source-build-specific job variables.)
|
||||
- script: |
|
||||
set -x
|
||||
df -h
|
||||
|
||||
# If building on the internal project, the artifact feeds variable may be available (usually only if needed)
|
||||
# In that case, call the feed setup script to add internal feeds corresponding to public ones.
|
||||
# In addition, add an msbuild argument to copy the WIP from the repo to the target build location.
|
||||
# This is because SetupNuGetSources.sh will alter the current NuGet.config file, and we need to preserve those
|
||||
# changes.
|
||||
internalRestoreArgs=
|
||||
if [ '$(dn-bot-dnceng-artifact-feeds-rw)' != '$''(dn-bot-dnceng-artifact-feeds-rw)' ]; then
|
||||
# Temporarily work around https://github.com/dotnet/arcade/issues/7709
|
||||
chmod +x $(Build.SourcesDirectory)/eng/common/SetupNugetSources.sh
|
||||
$(Build.SourcesDirectory)/eng/common/SetupNugetSources.sh $(Build.SourcesDirectory)/NuGet.config $(dn-bot-dnceng-artifact-feeds-rw)
|
||||
internalRestoreArgs='/p:CopyWipIntoInnerSourceBuildRepo=true'
|
||||
|
||||
# The 'Copy WIP' feature of source build uses git stash to apply changes from the original repo.
|
||||
# This only works if there is a username/email configured, which won't be the case in most CI runs.
|
||||
git config --get user.email
|
||||
if [ $? -ne 0 ]; then
|
||||
git config user.email dn-bot@microsoft.com
|
||||
git config user.name dn-bot
|
||||
fi
|
||||
fi
|
||||
|
||||
# If building on the internal project, the internal storage variable may be available (usually only if needed)
|
||||
# In that case, add variables to allow the download of internal runtimes if the specified versions are not found
|
||||
# in the default public locations.
|
||||
internalRuntimeDownloadArgs=
|
||||
if [ '$(dotnetbuilds-internal-container-read-token-base64)' != '$''(dotnetbuilds-internal-container-read-token-base64)' ]; then
|
||||
internalRuntimeDownloadArgs='/p:DotNetRuntimeSourceFeed=https://dotnetbuilds.blob.core.windows.net/internal /p:DotNetRuntimeSourceFeedKey=$(dotnetbuilds-internal-container-read-token-base64) --runtimesourcefeed https://dotnetbuilds.blob.core.windows.net/internal --runtimesourcefeedkey $(dotnetbuilds-internal-container-read-token-base64)'
|
||||
fi
|
||||
|
||||
buildConfig=Release
|
||||
# Check if AzDO substitutes in a build config from a variable, and use it if so.
|
||||
if [ '$(_BuildConfig)' != '$''(_BuildConfig)' ]; then
|
||||
buildConfig='$(_BuildConfig)'
|
||||
fi
|
||||
|
||||
officialBuildArgs=
|
||||
if [ '${{ and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}' = 'True' ]; then
|
||||
officialBuildArgs='/p:DotNetPublishUsingPipelines=true /p:OfficialBuildId=$(BUILD.BUILDNUMBER)'
|
||||
fi
|
||||
|
||||
targetRidArgs=
|
||||
if [ '${{ parameters.platform.targetRID }}' != '' ]; then
|
||||
targetRidArgs='/p:TargetRid=${{ parameters.platform.targetRID }}'
|
||||
fi
|
||||
|
||||
runtimeOsArgs=
|
||||
if [ '${{ parameters.platform.runtimeOS }}' != '' ]; then
|
||||
runtimeOsArgs='/p:RuntimeOS=${{ parameters.platform.runtimeOS }}'
|
||||
fi
|
||||
|
||||
baseOsArgs=
|
||||
if [ '${{ parameters.platform.baseOS }}' != '' ]; then
|
||||
baseOsArgs='/p:BaseOS=${{ parameters.platform.baseOS }}'
|
||||
fi
|
||||
|
||||
publishArgs=
|
||||
if [ '${{ parameters.platform.skipPublishValidation }}' != 'true' ]; then
|
||||
publishArgs='--publish'
|
||||
fi
|
||||
|
||||
assetManifestFileName=SourceBuild_RidSpecific.xml
|
||||
if [ '${{ parameters.platform.name }}' != '' ]; then
|
||||
assetManifestFileName=SourceBuild_${{ parameters.platform.name }}.xml
|
||||
fi
|
||||
|
||||
${{ coalesce(parameters.platform.buildScript, './build.sh') }} --ci \
|
||||
--configuration $buildConfig \
|
||||
--restore --build --pack $publishArgs -bl \
|
||||
$officialBuildArgs \
|
||||
$internalRuntimeDownloadArgs \
|
||||
$internalRestoreArgs \
|
||||
$targetRidArgs \
|
||||
$runtimeOsArgs \
|
||||
$baseOsArgs \
|
||||
/p:SourceBuildNonPortable=${{ parameters.platform.nonPortable }} \
|
||||
/p:ArcadeBuildFromSource=true \
|
||||
/p:AssetManifestFileName=$assetManifestFileName
|
||||
displayName: Build
|
||||
|
||||
# Upload build logs for diagnosis.
|
||||
- task: CopyFiles@2
|
||||
displayName: Prepare BuildLogs staging directory
|
||||
inputs:
|
||||
SourceFolder: '$(Build.SourcesDirectory)'
|
||||
Contents: |
|
||||
**/*.log
|
||||
**/*.binlog
|
||||
artifacts/source-build/self/prebuilt-report/**
|
||||
TargetFolder: '$(Build.StagingDirectory)/BuildLogs'
|
||||
CleanTargetFolder: true
|
||||
continueOnError: true
|
||||
condition: succeededOrFailed()
|
||||
|
||||
- task: 1ES.PublishPipelineArtifact@1
|
||||
displayName: Publish BuildLogs
|
||||
inputs:
|
||||
targetPath: '$(Build.StagingDirectory)/BuildLogs'
|
||||
artifactName: BuildLogs_SourceBuild_${{ parameters.platform.name }}_Attempt$(System.JobAttempt)
|
||||
continueOnError: true
|
||||
condition: succeededOrFailed()
|
||||
|
||||
# Manually inject component detection so that we can ignore the source build upstream cache, which contains
|
||||
# a nupkg cache of input packages (a local feed).
|
||||
# This path must match the upstream cache path in property 'CurrentRepoSourceBuiltNupkgCacheDir'
|
||||
# in src\Microsoft.DotNet.Arcade.Sdk\tools\SourceBuild\SourceBuildArcade.targets
|
||||
- task: ComponentGovernanceComponentDetection@0
|
||||
displayName: Component Detection (Exclude upstream cache)
|
||||
inputs:
|
||||
ignoreDirectories: '$(Build.SourcesDirectory)/artifacts/source-build/self/src/artifacts/obj/source-built-upstream-cache'
|
45
eng/common/templates-official/variables/pool-providers.yml
Normal file
45
eng/common/templates-official/variables/pool-providers.yml
Normal file
|
@ -0,0 +1,45 @@
|
|||
# Select a pool provider based off branch name. Anything with branch name containing 'release' must go into an -Svc pool,
|
||||
# otherwise it should go into the "normal" pools. This separates out the queueing and billing of released branches.
|
||||
|
||||
# Motivation:
|
||||
# Once a given branch of a repository's output has been officially "shipped" once, it is then considered to be COGS
|
||||
# (Cost of goods sold) and should be moved to a servicing pool provider. This allows both separation of queueing
|
||||
# (allowing release builds and main PR builds to not intefere with each other) and billing (required for COGS.
|
||||
# Additionally, the pool provider name itself may be subject to change when the .NET Core Engineering Services
|
||||
# team needs to move resources around and create new and potentially differently-named pools. Using this template
|
||||
# file from an Arcade-ified repo helps guard against both having to update one's release/* branches and renaming.
|
||||
|
||||
# How to use:
|
||||
# This yaml assumes your shipped product branches use the naming convention "release/..." (which many do).
|
||||
# If we find alternate naming conventions in broad usage it can be added to the condition below.
|
||||
#
|
||||
# First, import the template in an arcade-ified repo to pick up the variables, e.g.:
|
||||
#
|
||||
# variables:
|
||||
# - template: /eng/common/templates-official/variables/pool-providers.yml
|
||||
#
|
||||
# ... then anywhere specifying the pool provider use the runtime variables,
|
||||
# $(DncEngInternalBuildPool)
|
||||
#
|
||||
# pool:
|
||||
# name: $(DncEngInternalBuildPool)
|
||||
# image: 1es-windows-2022-pt
|
||||
|
||||
variables:
|
||||
# Coalesce the target and source branches so we know when a PR targets a release branch
|
||||
# If these variables are somehow missing, fall back to main (tends to have more capacity)
|
||||
|
||||
# Any new -Svc alternative pools should have variables added here to allow for splitting work
|
||||
|
||||
- name: DncEngInternalBuildPool
|
||||
value: $[
|
||||
replace(
|
||||
replace(
|
||||
eq(contains(coalesce(variables['System.PullRequest.TargetBranch'], variables['Build.SourceBranch'], 'refs/heads/main'), 'release'), 'true'),
|
||||
True,
|
||||
'NetCore1ESPool-Svc-Internal'
|
||||
),
|
||||
False,
|
||||
'NetCore1ESPool-Internal'
|
||||
)
|
||||
]
|
|
@ -0,0 +1,7 @@
|
|||
variables:
|
||||
# The Guardian version specified in 'eng/common/sdl/packages.config'. This value must be kept in
|
||||
# sync with the packages.config file.
|
||||
- name: DefaultGuardianVersion
|
||||
value: 0.109.0
|
||||
- name: GuardianPackagesConfigFile
|
||||
value: $(Build.SourcesDirectory)\eng\common\sdl\packages.config
|
|
@ -15,6 +15,7 @@ parameters:
|
|||
timeoutInMinutes: ''
|
||||
variables: []
|
||||
workspace: ''
|
||||
templateContext: ''
|
||||
|
||||
# Job base template specific parameters
|
||||
# See schema documentation - https://github.com/dotnet/arcade/blob/master/Documentation/AzureDevOps/TemplateSchema.md
|
||||
|
@ -68,6 +69,9 @@ jobs:
|
|||
${{ if ne(parameters.timeoutInMinutes, '') }}:
|
||||
timeoutInMinutes: ${{ parameters.timeoutInMinutes }}
|
||||
|
||||
${{ if ne(parameters.templateContext, '') }}:
|
||||
templateContext: ${{ parameters.templateContext }}
|
||||
|
||||
variables:
|
||||
- ${{ if ne(parameters.enableTelemetry, 'false') }}:
|
||||
- name: DOTNET_CLI_TELEMETRY_PROFILE
|
||||
|
|
|
@ -20,7 +20,7 @@ parameters:
|
|||
enabled: false
|
||||
# Optional: Include toolset dependencies in the generated graph files
|
||||
includeToolset: false
|
||||
|
||||
|
||||
# Required: A collection of jobs to run - https://docs.microsoft.com/en-us/azure/devops/pipelines/yaml-schema?view=vsts&tabs=schema#job
|
||||
jobs: []
|
||||
|
||||
|
@ -47,7 +47,7 @@ parameters:
|
|||
jobs:
|
||||
- ${{ each job in parameters.jobs }}:
|
||||
- template: ../job/job.yml
|
||||
parameters:
|
||||
parameters:
|
||||
# pass along parameters
|
||||
${{ each parameter in parameters }}:
|
||||
${{ if ne(parameter.key, 'jobs') }}:
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
# IgnoreDirectories - Directories to ignore for SBOM generation. This will be passed through to the CG component detector.
|
||||
|
||||
parameters:
|
||||
PackageVersion: 7.0.0
|
||||
PackageVersion: 8.0.0
|
||||
BuildDropPath: '$(Build.SourcesDirectory)/artifacts'
|
||||
PackageName: '.NET'
|
||||
ManifestDirPath: $(Build.ArtifactStagingDirectory)/sbom
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
"cmake": "3.21.0"
|
||||
},
|
||||
"msbuild-sdks": {
|
||||
"Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.24113.2",
|
||||
"Microsoft.DotNet.CMake.Sdk": "8.0.0-beta.24113.2"
|
||||
"Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.24165.4",
|
||||
"Microsoft.DotNet.CMake.Sdk": "8.0.0-beta.24165.4"
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue