Skip to content

Commit

Permalink
Create azure-pipelines-public.yml (#596)
Browse files Browse the repository at this point in the history
  • Loading branch information
@wtgodbe
wtgodbe committed Mar 8, 2024
1 parent 2117584 commit 5b8580a
Showing 1 changed file with 263 additions and 0 deletions.
263 changes: 263 additions & 0 deletions azure-pipelines-public.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,263 @@
schedules:
- cron: 0 9 * * 1
displayName: "Run CodeQL3000 weekly, Monday at 2:00 AM PDT"
branches:
include:
- main
always: true

parameters:
# Parameter below is ignored in public builds.
#
# Choose whether to run the CodeQL3000 tasks.
# Manual builds align w/ official builds unless this parameter is true.
- name: runCodeQL3000
default: false
displayName: Run CodeQL3000 tasks
type: boolean


variables:
- name: Build.Repository.Clean
value: true
- name: _TeamName
value: AspNetCore
- name: DOTNET_SKIP_FIRST_TIME_EXPERIENCE
value: true
- name: _HelixType
value: build/product
- name: _DotNetArtifactsCategory
value: .NETCore

# Variables for public PR builds
- ${{ if or(eq(variables['System.TeamProject'], 'public'), in(variables['Build.Reason'], 'PullRequest')) }}:
- name: _HelixSource
value: pr/aspnet/AspLabs/$(Build.SourceBranch)

# Variables for internal Official builds
- ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
- name: _HelixSource
value: official/aspnet/AspLabs/$(Build.SourceBranch)

- name: runCodeQL3000
value: ${{ and(ne(variables['System.TeamProject'], 'public'), or(eq(variables['Build.Reason'], 'Schedule'), and(eq(variables['Build.Reason'], 'Manual'), eq(parameters.runCodeQL3000, 'true')))) }}

trigger:
- main

pr:
- "*"

stages:
- stage: build
displayName: Build
jobs:
- template: /eng/common/templates/jobs/jobs.yml
parameters:
enablePublishBuildArtifacts: true
enablePublishTestResults: ${{ ne(variables.runCodeQL3000, 'true') }}
enablePublishBuildAssets: ${{ ne(variables.runCodeQL3000, 'true') }}
enablePublishUsingPipelines: true
helixRepo: aspnet/AspLabs
# Align w/ Maestro++ default channel when generating software bills of materials (SBOMs).
PackageVersion: 6.0.0
# enableMicrobuild can't be read from a user-defined variable (Azure DevOps limitation)
${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest'), ne(variables.runCodeQL3000, 'true')) }}:
enableMicrobuild: true
jobs:
- job: Windows
pool:
${{ if eq(variables['System.TeamProject'], 'public') }}:
name: NetCore-Public
demands: ImageOverride -equals windows.vs2019.amd64.open
${{ if ne(variables['System.TeamProject'], 'public') }}:
name: NetCore1ESPool-Internal
demands: ImageOverride -equals windows.vs2019.amd64
${{ if eq(variables.runCodeQL3000, 'true') }}:
# Component governance and SBOM creation are not needed here. Disable what Arcade would inject.
disableComponentGovernance: true
enableSbom: false
variables:
- name: _HelixBuildConfig
value: $(_BuildConfig)
# Rely on task Arcade injects, not auto-injected build step.
- skipComponentGovernanceDetection: true
- ${{ if eq(variables.runCodeQL3000, 'true') }}:
- Codeql.SourceRoot: src
- _AdditionalBuildArgs: /p:Test=false /p:Sign=false /p:Pack=false /p:Publish=false /p:UseSharedCompilation=false
# Security analysis is included in normal runs. Disable its auto-injection.
- skipNugetSecurityAnalysis: true
# Do not let CodeQL3000 Extension gate scan frequency.
- Codeql.Cadence: 0
# Enable CodeQL3000 unconditionally so it may be run on any branch.
- Codeql.Enabled: true
# CodeQL3000 needs this plumbed along as a variable to enable TSA.
- Codeql.TSAEnabled: ${{ eq(variables['Build.Reason'], 'Schedule') }}
# Default expects tsaoptions.json under SourceRoot.
- Codeql.TSAOptionsPath: '$(Build.SourcesDirectory)/.config/tsaoptions.json'
strategy:
matrix:
${{ if in(variables['Build.Reason'], 'PullRequest') }}:
Debug:
_BuildConfig: Debug
_SignType: test
_BuildArgs: /p:DotNetSignType=$(_SignType) /p:TeamName=$(_TeamName)
Release:
_BuildConfig: Release
# PRs and external builds are not signed.
${{ if or(eq(variables['System.TeamProject'], 'public'), in(variables['Build.Reason'], 'PullRequest')) }}:
_SignType: test
_BuildArgs: /p:DotNetSignType=$(_SignType) /p:TeamName=$(_TeamName)
${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
_SignType: real
_BuildArgs: /p:DotNetSignType=$(_SignType) /p:TeamName=$(_TeamName) /p:OfficialBuildId=$(Build.BuildNumber)
/p:DotNetPublishUsingPipelines=true
/p:DotNetArtifactsCategory=$(_DotNetArtifactsCategory)
/p:DotNetPublishBlobFeedUrl=https://dotnetfeed.blob.core.windows.net/dotnet-core/index.json
/p:DotNetPublishToBlobFeed=true
steps:
- checkout: self
clean: true
- task: NodeTool@0
inputs:
versionSpec: '16.x'
- task: NuGetCommand@2
displayName: 'Clear NuGet caches'
condition: succeeded()
inputs:
command: custom
arguments: 'locals all -clear'
- ${{ if eq(variables.runCodeQL3000, 'true') }}:
- task: CodeQL3000Init@0
displayName: CodeQL Initialize
- script: "echo ##vso[build.addbuildtag]CodeQL3000"
displayName: 'Set CI CodeQL3000 tag'
condition: ne(variables.CODEQL_DIST,'')
- script: eng\common\cibuild.cmd
-configuration $(_BuildConfig)
-prepareMachine
$(_BuildArgs)
$(_AdditionalBuildArgs)
name: Build
displayName: Build
condition: succeeded()
- ${{ if eq(variables.runCodeQL3000, 'true') }}:
- task: CodeQL3000Finalize@0
displayName: CodeQL Finalize
- ${{ else }}:
- task: PublishTestResults@2
displayName: Publish xUnit Test Results
condition: always()
continueOnError: true
inputs:
testRunner: xunit
testResultsFiles: 'artifacts/TestResults/$(_BuildConfig)/*.xml'
- task: PublishBuildArtifacts@1
displayName: Publish Packages
condition: and(eq(variables['system.pullrequest.isfork'], false), eq(variables['_BuildConfig'], 'Release'))
continueOnError: true
inputs:
artifactName: Packages_$(Agent.Os)_$(Agent.JobName)
parallel: true
pathtoPublish: '$(Build.SourcesDirectory)/artifacts/packages/$(_BuildConfig)'
publishLocation: Container
- task: PublishBuildArtifacts@1
displayName: Publish Logs
condition: always()
continueOnError: true
inputs:
artifactName: Logs_$(Agent.Os)_$(Agent.JobName)
parallel: true
pathtoPublish: '$(Build.SourcesDirectory)/artifacts/log/$(_BuildConfig)'
publishLocation: Container

- ${{ if ne(variables.runCodeQL3000, 'true') }}:
- job: macOS
pool:
vmImage: macOS-11
strategy:
matrix:
debug:
_BuildConfig: Debug
release:
_BuildConfig: Release
variables:
- name: _HelixBuildConfig
value: $(_BuildConfig)
steps:
- checkout: self
clean: true
- task: NodeTool@0
inputs:
versionSpec: '16.x'
- script: eng/common/cibuild.sh
--configuration $(_BuildConfig)
--prepareMachine
name: Build
displayName: Build
condition: succeeded()
- task: PublishTestResults@2
displayName: Publish xUnit Test Results
condition: always()
continueOnError: true
inputs:
testRunner: xunit
testResultsFiles: 'artifacts/TestResults/$(_BuildConfig)/*.xml'
- task: PublishBuildArtifacts@1
displayName: Publish Logs
condition: always()
continueOnError: true
inputs:
artifactName: Logs_$(Agent.Os)_$(Agent.JobName)
parallel: true
pathtoPublish: '$(Build.SourcesDirectory)/artifacts/log/$(_BuildConfig)'
publishLocation: Container

- job: Linux
pool:
vmImage: ubuntu-20.04
strategy:
matrix:
debug:
_BuildConfig: Debug
release:
_BuildConfig: Release
variables:
- name: _HelixBuildConfig
value: $(_BuildConfig)
steps:
- checkout: self
clean: true
- script: eng/common/cibuild.sh
--configuration $(_BuildConfig)
--prepareMachine
name: Build
displayName: Build
condition: succeeded()
- task: PublishTestResults@2
displayName: Publish xUnit Test Results
condition: always()
continueOnError: true
inputs:
testRunner: xunit
testResultsFiles: 'artifacts/TestResults/$(_BuildConfig)/*.xml'
- task: PublishBuildArtifacts@1
displayName: Publish Logs
condition: always()
continueOnError: true
inputs:
artifactName: Logs_$(Agent.Os)_$(Agent.JobName)
parallel: true
pathtoPublish: '$(Build.SourcesDirectory)/artifacts/log/$(_BuildConfig)'
publishLocation: Container

- ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest'), ne(variables.runCodeQL3000, 'true')) }}:
- template: eng\common\templates\post-build\post-build.yml
parameters:
publishingInfraVersion: 3
# Symbol validation isn't being very reliable lately. This should be enabled back
# once this issue is resolved: https://github.com/dotnet/arcade/issues/2871
enableSymbolValidation: false
# This is to enable SDL runs part of Post-Build Validation Stage
SDLValidationParameters:
enable: false

0 comments on commit 5b8580a

Please sign in to comment.