-
Notifications
You must be signed in to change notification settings - Fork 553
Expand file tree
/
Copy pathazure-pipelines.yml
More file actions
148 lines (147 loc) · 6.38 KB
/
azure-pipelines.yml
File metadata and controls
148 lines (147 loc) · 6.38 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
parameters:
- name: IsFinalBuild
type: boolean
default: false
variables:
- name: IsFinalBuild
value: ${{ parameters.IsFinalBuild }}
- name: _BuildConfig
value: Release
- name: _TeamName
value: AspNetCore
- name: DOTNET_SKIP_FIRST_TIME_EXPERIENCE
value: true
- name: _PublishUsingPipelines
value: true
- name: _DotNetArtifactsCategory
value: ASPNETENTITYFRAMEWORK6
- group: DotNet-MSRC-Storage
- name: _InternalRuntimeDownloadArgs
value: /p:DotNetRuntimeSourceFeed=https://dotnetclimsrc.blob.core.windows.net/dotnet /p:DotNetRuntimeSourceFeedKey=$(dotnetclimsrc-read-sas-token-base64)
- template: /eng/common/templates-official/variables/pool-providers.yml@self
trigger:
batch: true
branches:
include:
- main
- release/*
- internal/release/6.*
pr: ['*']
resources:
repositories:
- repository: 1ESPipelineTemplates
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release
extends:
template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
parameters:
featureFlags:
autoBaseline: false
usePrefastVersion3: true
sdl:
createAdoIssuesForJustificationsForDisablement: false
sourceAnalysisPool:
name: $(DncEngInternalBuildPool)
image: 1es-windows-2022
os: windows
baseline:
baselineFile: $(Build.SourcesDirectory)\.config\guardian\.gdnbaselines
binskim:
scanOutputDirectoryOnly: true
preReleaseVersion: '4.3.1'
analyzeTargetGlob: +:f|artifacts/bin/**/*.dll;+:f|artifacts/bin/**/*.exe;
env:
GDN_EXTRACT_TOOLS: "binskim"
GDN_EXTRACT_TARGETS: true
GDN_EXTRACT_FILTER: "f|**\\*.zip;f|**\\*.nupkg;f|**\\*.vsix;f|**\\*.cspkg;f|**\\*.sfpkg;f|**\\*.package"
policheck:
enabled: true
tsa:
enabled: true
settings:
networkIsolationPolicy: Permissive,CFSClean,CFSClean2
customBuildTags:
- ES365AIMigrationTooling
stages:
- stage: build
displayName: Build
jobs:
- template: /eng/common/templates-official/jobs/jobs.yml@self
parameters:
enableMicrobuild: true
enablePublishBuildArtifacts: true
enablePublishBuildAssets: true
enablePublishTestResults: true
enablePublishUsingPipelines: ${{ variables._PublishUsingPipelines }}
enableTelemetry: true
helixRepo: dotnet/ef6
# WORKAROUND: BinSkim requires the folder to exist prior to scanning.
preSteps:
- powershell: New-Item -ItemType Directory -Path $(Build.SourcesDirectory)/artifacts/bin -Force
displayName: Create artifacts/bin directory
jobs:
- job: Windows
pool:
name: $(DncEngInternalBuildPool)
demands: ImageOverride -equals 1es-windows-2022
os: windows
timeoutInMinutes: 240
variables:
- _AdditionalBuildArgs: ''
- _InternalBuildArgs: ''
- ${{ if notin(variables['Build.Reason'], 'PullRequest') }}:
- _SignType: real
- _Sign: true
- _InternalBuildArgs: /p:DotNetSignType=$(_SignType) /p:TeamName=$(_TeamName) /p:OfficialBuildId=$(BUILD.BUILDNUMBER) /p:DotNetPublishUsingPipelines=$(_PublishUsingPipelines) /p:DotNetArtifactsCategory=$(_DotNetArtifactsCategory)
- ${{ if eq(parameters.IsFinalBuild, true) }}:
- _AdditionalBuildArgs: /p:StabilizePackageVersion=true
# Ignore test and infrastructure code.
- Codeql.SourceRoot: src
# CodeQL3000 needs this plumbed along as a variable to enable TSA.
- Codeql.TSAEnabled: true
# Default expects tsaoptions.json under SourceRoot.
- Codeql.TSAOptionsPath: '$(Build.SourcesDirectory)/.config/tsaoptions.json'
steps:
- powershell: >
Get-ChildItem -ErrorAction SilentlyContinue -Recurse 'C:\Program Files\Microsoft SQL Server\sqlcmd.exe' | Sort-Object -Property @{Expression={$_.FullName.Length}; Descending=$true},@{Expression={$_.FullName}; Descending=$true} | Select-Object -First 1 | Foreach-Object {Write-Host "##vso[task.prependpath]$($_.DirectoryName)"}
displayName: Add SqlCmd to path
- script: tools\CleanMSSQLLocalDB.cmd
displayName: Cleanup LocalDB databases
- task: NuGetCommand@2
displayName: 'Clear NuGet caches'
condition: succeeded()
inputs:
command: custom
arguments: 'locals all -clear'
- task: PowerShell@2
displayName: Setup Private Feeds Credentials
inputs:
filePath: $(Build.SourcesDirectory)/eng/common/SetupNugetSources.ps1
arguments: -ConfigFile $(Build.SourcesDirectory)/NuGet.config -Password $Env:Token
env:
Token: $(dn-bot-dnceng-artifact-feeds-rw)
- script: eng\common\cibuild.cmd -configuration $(_BuildConfig) -prepareMachine $(_InternalBuildArgs) $(_InternalRuntimeDownloadArgs) $(_AdditionalBuildArgs)
name: Build
- script: "echo ##vso[build.addbuildtag]release-candidate"
condition: and(succeeded(), notin(variables['Build.Reason'], 'PullRequest'), eq(variables['IsFinalBuild'], 'true'))
templateContext:
outputs:
- output: pipelineArtifact
displayName: Upload TestResults
condition: always()
path: artifacts/TestResults/$(_BuildConfig)/
artifact: $(Agent.Os)_$(Agent.JobName)$(System.JobAttempt) TestResults
- output: pipelineArtifact
displayName: Upload PackageArtifacts
condition: and(succeeded(), notin(variables['Build.Reason'], 'PullRequest'))
path: artifacts/packages/$(_BuildConfig)/Shipping
artifact: PackageArtifactsSbom
- ${{ if notin(variables['Build.Reason'], 'PullRequest') }}:
- template: /eng/common/templates-official/post-build/post-build.yml@self
parameters:
publishingInfraVersion: 3
enableSigningValidation: false
enableNugetValidation: false
enableSourceLinkValidation: false
publishAssetsImmediately: true