-
Notifications
You must be signed in to change notification settings - Fork 352
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Create azure-pipelines-public.yml (#596)
- Loading branch information
Showing
1 changed file
with
263 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,263 @@ | ||
schedules: | ||
- cron: 0 9 * * 1 | ||
displayName: "Run CodeQL3000 weekly, Monday at 2:00 AM PDT" | ||
branches: | ||
include: | ||
- main | ||
always: true | ||
|
||
parameters: | ||
# Parameter below is ignored in public builds. | ||
# | ||
# Choose whether to run the CodeQL3000 tasks. | ||
# Manual builds align w/ official builds unless this parameter is true. | ||
- name: runCodeQL3000 | ||
default: false | ||
displayName: Run CodeQL3000 tasks | ||
type: boolean | ||
|
||
|
||
variables: | ||
- name: Build.Repository.Clean | ||
value: true | ||
- name: _TeamName | ||
value: AspNetCore | ||
- name: DOTNET_SKIP_FIRST_TIME_EXPERIENCE | ||
value: true | ||
- name: _HelixType | ||
value: build/product | ||
- name: _DotNetArtifactsCategory | ||
value: .NETCore | ||
|
||
# Variables for public PR builds | ||
- ${{ if or(eq(variables['System.TeamProject'], 'public'), in(variables['Build.Reason'], 'PullRequest')) }}: | ||
- name: _HelixSource | ||
value: pr/aspnet/AspLabs/$(Build.SourceBranch) | ||
|
||
# Variables for internal Official builds | ||
- ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: | ||
- name: _HelixSource | ||
value: official/aspnet/AspLabs/$(Build.SourceBranch) | ||
|
||
- name: runCodeQL3000 | ||
value: ${{ and(ne(variables['System.TeamProject'], 'public'), or(eq(variables['Build.Reason'], 'Schedule'), and(eq(variables['Build.Reason'], 'Manual'), eq(parameters.runCodeQL3000, 'true')))) }} | ||
|
||
trigger: | ||
- main | ||
|
||
pr: | ||
- "*" | ||
|
||
stages: | ||
- stage: build | ||
displayName: Build | ||
jobs: | ||
- template: /eng/common/templates/jobs/jobs.yml | ||
parameters: | ||
enablePublishBuildArtifacts: true | ||
enablePublishTestResults: ${{ ne(variables.runCodeQL3000, 'true') }} | ||
enablePublishBuildAssets: ${{ ne(variables.runCodeQL3000, 'true') }} | ||
enablePublishUsingPipelines: true | ||
helixRepo: aspnet/AspLabs | ||
# Align w/ Maestro++ default channel when generating software bills of materials (SBOMs). | ||
PackageVersion: 6.0.0 | ||
# enableMicrobuild can't be read from a user-defined variable (Azure DevOps limitation) | ||
${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest'), ne(variables.runCodeQL3000, 'true')) }}: | ||
enableMicrobuild: true | ||
jobs: | ||
- job: Windows | ||
pool: | ||
${{ if eq(variables['System.TeamProject'], 'public') }}: | ||
name: NetCore-Public | ||
demands: ImageOverride -equals windows.vs2019.amd64.open | ||
${{ if ne(variables['System.TeamProject'], 'public') }}: | ||
name: NetCore1ESPool-Internal | ||
demands: ImageOverride -equals windows.vs2019.amd64 | ||
${{ if eq(variables.runCodeQL3000, 'true') }}: | ||
# Component governance and SBOM creation are not needed here. Disable what Arcade would inject. | ||
disableComponentGovernance: true | ||
enableSbom: false | ||
variables: | ||
- name: _HelixBuildConfig | ||
value: $(_BuildConfig) | ||
# Rely on task Arcade injects, not auto-injected build step. | ||
- skipComponentGovernanceDetection: true | ||
- ${{ if eq(variables.runCodeQL3000, 'true') }}: | ||
- Codeql.SourceRoot: src | ||
- _AdditionalBuildArgs: /p:Test=false /p:Sign=false /p:Pack=false /p:Publish=false /p:UseSharedCompilation=false | ||
# Security analysis is included in normal runs. Disable its auto-injection. | ||
- skipNugetSecurityAnalysis: true | ||
# Do not let CodeQL3000 Extension gate scan frequency. | ||
- Codeql.Cadence: 0 | ||
# Enable CodeQL3000 unconditionally so it may be run on any branch. | ||
- Codeql.Enabled: true | ||
# CodeQL3000 needs this plumbed along as a variable to enable TSA. | ||
- Codeql.TSAEnabled: ${{ eq(variables['Build.Reason'], 'Schedule') }} | ||
# Default expects tsaoptions.json under SourceRoot. | ||
- Codeql.TSAOptionsPath: '$(Build.SourcesDirectory)/.config/tsaoptions.json' | ||
strategy: | ||
matrix: | ||
${{ if in(variables['Build.Reason'], 'PullRequest') }}: | ||
Debug: | ||
_BuildConfig: Debug | ||
_SignType: test | ||
_BuildArgs: /p:DotNetSignType=$(_SignType) /p:TeamName=$(_TeamName) | ||
Release: | ||
_BuildConfig: Release | ||
# PRs and external builds are not signed. | ||
${{ if or(eq(variables['System.TeamProject'], 'public'), in(variables['Build.Reason'], 'PullRequest')) }}: | ||
_SignType: test | ||
_BuildArgs: /p:DotNetSignType=$(_SignType) /p:TeamName=$(_TeamName) | ||
${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: | ||
_SignType: real | ||
_BuildArgs: /p:DotNetSignType=$(_SignType) /p:TeamName=$(_TeamName) /p:OfficialBuildId=$(Build.BuildNumber) | ||
/p:DotNetPublishUsingPipelines=true | ||
/p:DotNetArtifactsCategory=$(_DotNetArtifactsCategory) | ||
/p:DotNetPublishBlobFeedUrl=https://dotnetfeed.blob.core.windows.net/dotnet-core/index.json | ||
/p:DotNetPublishToBlobFeed=true | ||
steps: | ||
- checkout: self | ||
clean: true | ||
- task: NodeTool@0 | ||
inputs: | ||
versionSpec: '16.x' | ||
- task: NuGetCommand@2 | ||
displayName: 'Clear NuGet caches' | ||
condition: succeeded() | ||
inputs: | ||
command: custom | ||
arguments: 'locals all -clear' | ||
- ${{ if eq(variables.runCodeQL3000, 'true') }}: | ||
- task: CodeQL3000Init@0 | ||
displayName: CodeQL Initialize | ||
- script: "echo ##vso[build.addbuildtag]CodeQL3000" | ||
displayName: 'Set CI CodeQL3000 tag' | ||
condition: ne(variables.CODEQL_DIST,'') | ||
- script: eng\common\cibuild.cmd | ||
-configuration $(_BuildConfig) | ||
-prepareMachine | ||
$(_BuildArgs) | ||
$(_AdditionalBuildArgs) | ||
name: Build | ||
displayName: Build | ||
condition: succeeded() | ||
- ${{ if eq(variables.runCodeQL3000, 'true') }}: | ||
- task: CodeQL3000Finalize@0 | ||
displayName: CodeQL Finalize | ||
- ${{ else }}: | ||
- task: PublishTestResults@2 | ||
displayName: Publish xUnit Test Results | ||
condition: always() | ||
continueOnError: true | ||
inputs: | ||
testRunner: xunit | ||
testResultsFiles: 'artifacts/TestResults/$(_BuildConfig)/*.xml' | ||
- task: PublishBuildArtifacts@1 | ||
displayName: Publish Packages | ||
condition: and(eq(variables['system.pullrequest.isfork'], false), eq(variables['_BuildConfig'], 'Release')) | ||
continueOnError: true | ||
inputs: | ||
artifactName: Packages_$(Agent.Os)_$(Agent.JobName) | ||
parallel: true | ||
pathtoPublish: '$(Build.SourcesDirectory)/artifacts/packages/$(_BuildConfig)' | ||
publishLocation: Container | ||
- task: PublishBuildArtifacts@1 | ||
displayName: Publish Logs | ||
condition: always() | ||
continueOnError: true | ||
inputs: | ||
artifactName: Logs_$(Agent.Os)_$(Agent.JobName) | ||
parallel: true | ||
pathtoPublish: '$(Build.SourcesDirectory)/artifacts/log/$(_BuildConfig)' | ||
publishLocation: Container | ||
|
||
- ${{ if ne(variables.runCodeQL3000, 'true') }}: | ||
- job: macOS | ||
pool: | ||
vmImage: macOS-11 | ||
strategy: | ||
matrix: | ||
debug: | ||
_BuildConfig: Debug | ||
release: | ||
_BuildConfig: Release | ||
variables: | ||
- name: _HelixBuildConfig | ||
value: $(_BuildConfig) | ||
steps: | ||
- checkout: self | ||
clean: true | ||
- task: NodeTool@0 | ||
inputs: | ||
versionSpec: '16.x' | ||
- script: eng/common/cibuild.sh | ||
--configuration $(_BuildConfig) | ||
--prepareMachine | ||
name: Build | ||
displayName: Build | ||
condition: succeeded() | ||
- task: PublishTestResults@2 | ||
displayName: Publish xUnit Test Results | ||
condition: always() | ||
continueOnError: true | ||
inputs: | ||
testRunner: xunit | ||
testResultsFiles: 'artifacts/TestResults/$(_BuildConfig)/*.xml' | ||
- task: PublishBuildArtifacts@1 | ||
displayName: Publish Logs | ||
condition: always() | ||
continueOnError: true | ||
inputs: | ||
artifactName: Logs_$(Agent.Os)_$(Agent.JobName) | ||
parallel: true | ||
pathtoPublish: '$(Build.SourcesDirectory)/artifacts/log/$(_BuildConfig)' | ||
publishLocation: Container | ||
|
||
- job: Linux | ||
pool: | ||
vmImage: ubuntu-20.04 | ||
strategy: | ||
matrix: | ||
debug: | ||
_BuildConfig: Debug | ||
release: | ||
_BuildConfig: Release | ||
variables: | ||
- name: _HelixBuildConfig | ||
value: $(_BuildConfig) | ||
steps: | ||
- checkout: self | ||
clean: true | ||
- script: eng/common/cibuild.sh | ||
--configuration $(_BuildConfig) | ||
--prepareMachine | ||
name: Build | ||
displayName: Build | ||
condition: succeeded() | ||
- task: PublishTestResults@2 | ||
displayName: Publish xUnit Test Results | ||
condition: always() | ||
continueOnError: true | ||
inputs: | ||
testRunner: xunit | ||
testResultsFiles: 'artifacts/TestResults/$(_BuildConfig)/*.xml' | ||
- task: PublishBuildArtifacts@1 | ||
displayName: Publish Logs | ||
condition: always() | ||
continueOnError: true | ||
inputs: | ||
artifactName: Logs_$(Agent.Os)_$(Agent.JobName) | ||
parallel: true | ||
pathtoPublish: '$(Build.SourcesDirectory)/artifacts/log/$(_BuildConfig)' | ||
publishLocation: Container | ||
|
||
- ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest'), ne(variables.runCodeQL3000, 'true')) }}: | ||
- template: eng\common\templates\post-build\post-build.yml | ||
parameters: | ||
publishingInfraVersion: 3 | ||
# Symbol validation isn't being very reliable lately. This should be enabled back | ||
# once this issue is resolved: https://github.com/dotnet/arcade/issues/2871 | ||
enableSymbolValidation: false | ||
# This is to enable SDL runs part of Post-Build Validation Stage | ||
SDLValidationParameters: | ||
enable: false |