diff --git a/.config/CredScanSuppressions.json b/.ado/CredScanSuppressions.json similarity index 100% rename from .config/CredScanSuppressions.json rename to .ado/CredScanSuppressions.json diff --git a/.ado/apple-integration.yml b/.ado/apple-integration.yml index e2a6cda3edddb5..81b20b0ffbff5f 100644 --- a/.ado/apple-integration.yml +++ b/.ado/apple-integration.yml @@ -29,7 +29,6 @@ jobs: cancelTimeoutInMinutes: 5 steps: - template: templates/apple-tools-setup.yml - - template: templates/apple-xcode-select.yml parameters: slice_name: $(slice_name) xcode_version: $(xcode_version) diff --git a/.ado/apple-pr.yml b/.ado/apple-pr.yml index c6cbc72c056686..5077c6795f1f1f 100644 --- a/.ado/apple-pr.yml +++ b/.ado/apple-pr.yml @@ -36,7 +36,7 @@ jobs: xcode_sdk: iphonesimulator xcode_scheme: 'RNTester' xcode_configuration: 'Debug' - xcode_destination: 'platform=iOS Simulator,OS=latest,name=iPhone 14' + xcode_destination: 'platform=iOS Simulator,OS=$(ios_version),name=$(ios_simulator)' xcode_actions: 'build test' xcode_extraArgs: '-xcconfig $(Build.Repository.LocalPath)/.ado/xcconfig/debug_overrides.xcconfig' new_arch_enabled: '0' @@ -46,7 +46,7 @@ jobs: xcode_sdk: iphonesimulator xcode_scheme: 'RNTester' xcode_configuration: 'Release' - xcode_destination: 'platform=iOS Simulator,OS=latest,name=iPhone 14' + xcode_destination: 'platform=iOS Simulator,OS=$(ios_version),name=$(ios_simulator)' xcode_actions: 'build' xcode_extraArgs: '-xcconfig $(Build.Repository.LocalPath)/.ado/xcconfig/release_overrides.xcconfig' new_arch_enabled: '0' @@ -76,7 +76,7 @@ jobs: xcode_sdk: iphonesimulator xcode_scheme: 'RNTester' xcode_configuration: 'Debug' - xcode_destination: 'platform=iOS Simulator,OS=latest,name=iPhone 14' + xcode_destination: 'platform=iOS Simulator,OS=$(ios_version),name=$(ios_simulator)' xcode_actions: 'build' # https://github.com/facebook/react-native/issues/39719 Tests fail on RNTester with `RCT_NEW_ARCH_ENABLED` xcode_extraArgs: '-xcconfig $(Build.Repository.LocalPath)/.ado/xcconfig/debug_overrides.xcconfig' new_arch_enabled: '1' @@ -86,7 +86,7 @@ jobs: xcode_sdk: iphonesimulator xcode_scheme: 'RNTester' xcode_configuration: 'Release' - xcode_destination: 'platform=iOS Simulator,OS=latest,name=iPhone 14' + xcode_destination: 'platform=iOS Simulator,OS=$(ios_version),name=$(ios_simulator)' xcode_actions: 'build' xcode_extraArgs: '-xcconfig $(Build.Repository.LocalPath)/.ado/xcconfig/release_overrides.xcconfig' new_arch_enabled: '1' @@ -117,7 +117,7 @@ jobs: # xcode_sdk: iphonesimulator # xcode_scheme: 'RNTester' # xcode_configuration: 'Debug' - # xcode_destination: 'platform=iOS Simulator,OS=latest,name=iPhone 14' + # xcode_destination: 'platform=iOS Simulator,OS=$(ios_version),name=$(ios_simulator)' # xcode_actions: 'build test' # xcode_extraArgs: '-xcconfig $(Build.Repository.LocalPath)/.ado/xcconfig/debug_overrides.xcconfig' # new_arch_enabled: '0' @@ -127,7 +127,7 @@ jobs: # xcode_sdk: iphonesimulator # xcode_scheme: 'RNTester' # xcode_configuration: 'Release' - # xcode_destination: 'platform=iOS Simulator,OS=latest,name=iPhone 14' + # xcode_destination: 'platform=iOS Simulator,OS=$(ios_version),name=$(ios_simulator)' # xcode_extraArgs: '-xcconfig $(Build.Repository.LocalPath)/.ado/xcconfig/release_overrides.xcconfig' # xcode_actions: 'build' # new_arch_enabled: '0' @@ -157,7 +157,7 @@ jobs: # xcode_sdk: iphonesimulator # xcode_scheme: 'RNTester' # xcode_configuration: 'Debug' - # xcode_destination: 'platform=iOS Simulator,OS=latest,name=iPhone 14' + # xcode_destination: 'platform=iOS Simulator,OS=$(ios_version),name=$(ios_simulator)' # xcode_actions: 'build' # https://github.com/facebook/react-native/issues/39719 Tests fail on RNTester with `RCT_NEW_ARCH_ENABLED` # xcode_extraArgs: '-xcconfig $(Build.Repository.LocalPath)/.ado/xcconfig/debug_overrides.xcconfig' # new_arch_enabled: '1' @@ -167,7 +167,7 @@ jobs: # xcode_sdk: iphonesimulator # xcode_scheme: 'RNTester' # xcode_configuration: 'Release' - # xcode_destination: 'platform=iOS Simulator,OS=latest,name=iPhone 14' + # xcode_destination: 'platform=iOS Simulator,OS=$(ios_version),name=$(ios_simulator)' # xcode_actions: 'build' # xcode_extraArgs: '-xcconfig $(Build.Repository.LocalPath)/.ado/xcconfig/release_overrides.xcconfig' # new_arch_enabled: '1' diff --git a/.ado/publish.yml b/.ado/publish.yml index 2a346dfbfc4199..2bed0922ea8d1e 100644 --- a/.ado/publish.yml +++ b/.ado/publish.yml @@ -22,159 +22,158 @@ variables: - name: tags value: production,externalfacing -jobs: - - job: RNGithubNpmJSPublish - displayName: NPM Publish React-native-macos +resources: + repositories: + - repository: OfficePipelineTemplates + type: git + name: 1ESPipelineTemplates/OfficePipelineTemplates + ref: refs/tags/release + +extends: + template: v1/Office.Official.PipelineTemplate.yml@OfficePipelineTemplates + parameters: pool: - vmImage: $(VmImageApple) - variables: - - name: BUILDSECMON_OPT_IN - value: true - timeoutInMinutes: 90 # how long to run the job before automatically cancelling - cancelTimeoutInMinutes: 5 # how much time to give 'run always even if cancelled tasks' before killing them - dependsOn: - - Compliance - steps: - - checkout: self # self represents the repo where the initial Pipelines YAML file was found - clean: true # whether to fetch clean each time - # fetchDepth: 2 # the depth of commits to ask Git to fetch - lfs: false # whether to download Git-LFS files - submodules: recursive # set to 'true' for a single level of submodules or 'recursive' to get submodules of submodules - persistCredentials: true # set to 'true' to leave the OAuth token in the Git config after the initial fetch - - # Setup the repo to be ready for release. This includes: - # - Autogenerating the next version number - # - Calling the approprate scripts that upstream React Native uses to prepare a release - # - Skipping the actual `git tag`, `git push`, and `npm publish steps as we do that here instead - - - ${{ if eq(variables['Build.SourceBranch'], 'refs/heads/main') }}: - - template: templates/apple-job-publish.yml - parameters: - build_type: nightly - - ${{ elseif endsWith(variables['Build.SourceBranchName'], '-stable') }}: - - template: templates/apple-job-publish.yml - parameters: - build_type: release - - ${{ else }}: - - task: CmdLine@2 - displayName: Unknown branch, skipping publish - inputs: - script: | - echo "Skipping publish for branch $(Build.SourceBranchName)" - exit 1 - - # Set the NPM dist-tag and do the actual NPM publish - - - bash: echo "##vso[task.setvariable variable=npmDistTag]latest" - displayName: Set dist-tag to latest - condition: eq(variables['Build.SourceBranchName'], variables.latestStableBranch) - - - bash: echo "##vso[task.setvariable variable=npmDistTag]canary" - displayName: Set dist-tag to canary - condition: eq(variables['Build.SourceBranchName'], 'main') - - - bash: echo "##vso[task.setvariable variable=npmDistTag]v${{variables['Build.SourceBranchName']}}" - displayName: Set dist-tag to v0.x-stable - condition: and(ne(variables['Build.SourceBranchName'], 'main'), ne(variables['Build.SourceBranchName'], variables.latestStableBranch)) - - - task: CmdLine@2 - displayName: Actual NPM Publish - inputs: - script: | - npm publish ./packages/react-native --tag $(npmDistTag) --registry https://registry.npmjs.org/ --//registry.npmjs.org/:_authToken=$(npmAuthToken) - - # Set the git tag and push the version update back to Github - - - template: templates/configure-git.yml - - - task: CmdLine@2 - displayName: 'Tag and push to Github' - inputs: - script: node .ado/gitTagRelease.js - env: - BUILD_STAGINGDIRECTORY: $(Build.StagingDirectory) - BUILD_SOURCEBRANCH: $(Build.SourceBranch) - SYSTEM_ACCESSTOKEN: $(System.AccessToken) - githubAuthToken: $(githubAuthToken) - condition: and(succeeded(), ne(variables['Build.SourceBranchName'], 'main')) - - # Generate and publish the SBOM - - - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0 - displayName: 📒 Generate Manifest - inputs: - BuildDropPath: $(System.DefaultWorkingDirectory) - - - task: PublishPipelineArtifact@1 - displayName: 📒 Publish Manifest - inputs: - artifactName: SBom-RNGithubNpmJSPublish-$(System.JobAttempt) - targetPath: $(System.DefaultWorkingDirectory)/_manifest - - - - job: RNMacOSInitNpmJSPublish - displayName: NPM Publish beachball packages (e.g., react-native-macos-init) - pool: cxeiss-ubuntu-20-04-large - timeoutInMinutes: 90 # how long to run the job before automatically cancelling - cancelTimeoutInMinutes: 5 # how much time to give 'run always even if cancelled tasks' before killing them - condition: eq(variables['Build.SourceBranchName'], 'main') - dependsOn: - - Compliance - steps: - - checkout: self # self represents the repo where the initial Pipelines YAML file was found - clean: true # whether to fetch clean each time - # fetchDepth: 2 # the depth of commits to ask Git to fetch - lfs: false # whether to download Git-LFS files - submodules: recursive # set to 'true' for a single level of submodules or 'recursive' to get submodules of submodules - persistCredentials: true # set to 'true' to leave the OAuth token in the Git config after the initial fetch - - - template: templates/configure-git.yml - - - task: CmdLine@2 - displayName: yarn install - inputs: - script: | - cd packages/react-native-macos-init - yarn install - - - task: CmdLine@2 - displayName: Build react-native-macos-init - inputs: - script: | - cd packages/react-native-macos-init - yarn build - - - task: CmdLine@2 - displayName: Code tested in other pipeline [test] - inputs: - script: echo "This code is tested as part of an integration test. See the 'Verify react-native-macos-init' task." - - - task: CmdLine@2 - displayName: "Publish beachball packages to npmjs.org" - inputs: - script: | - npx beachball publish --scope '!packages/react-native' --branch origin/$(Build.SourceBranchName) -n $(npmAuthToken) -yes -m "applying package updates ***NO_CI***" --access public - - # beachball modifies the package.json files so run manifest generation after it. - - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0 - displayName: 📒 Generate Manifest - inputs: - BuildDropPath: $(System.DefaultWorkingDirectory) - - - task: PublishPipelineArtifact@1 - displayName: 📒 Publish Manifest - inputs: - artifactName: SBom-RNMacOSInitNpmJSPublish-$(System.JobAttempt) - targetPath: $(System.DefaultWorkingDirectory)/_manifest - - - job: Compliance - displayName: React-Native GitHub Compliance pipeline - pool: OE-OfficePublic - timeoutInMinutes: 15 # how long to run the job before automatically cancelling - steps: - - checkout: self # self represents the repo where the initial Pipelines YAML file was found - clean: true # whether to fetch clean each time - fetchDepth: 10 # the depth of commits to ask Git to fetch - lfs: false # whether to download Git-LFS files - submodules: recursive # set to 'true' for a single level of submodules or 'recursive' to get submodules of submodules - persistCredentials: true # set to 'true' to leave the OAuth token in the Git config after the initial fetch + name: Azure-Pipelines-1ESPT-ExDShared + image: windows-latest + os: windows + sdl: + eslint: + configuration: 'recommended' + parser: '@typescript-eslint/parser' + parserOptions: '' + enableExclusions: true + # Justification: js files in this repo are flow files. the built-in eslint does not support this. Adding a separate step to run the sdl rules for flow files. + exclusionPatterns: '**/*.js' + credscan: + suppressionsFile: .ado/CredScanSuppressions.json + stages: + - stage: main + jobs: + - job: RNGithubNpmJSPublish + displayName: NPM Publish React-native-macos + pool: + name: Azure Pipelines + vmImage: macos-13 + os: macOS + variables: + - name: BUILDSECMON_OPT_IN + value: true + timeoutInMinutes: 90 # how long to run the job before automatically cancelling + cancelTimeoutInMinutes: 5 # how much time to give 'run always even if cancelled tasks' before killing them + templateContext: + outputs: + - output: pipelineArtifact + targetPath: $(System.DefaultWorkingDirectory) + artifactName: github-npm-js-publish + steps: + - checkout: self # self represents the repo where the initial Pipelines YAML file was found + clean: true # whether to fetch clean each time + # fetchDepth: 2 # the depth of commits to ask Git to fetch + lfs: false # whether to download Git-LFS files + submodules: recursive # set to 'true' for a single level of submodules or 'recursive' to get submodules of submodules + persistCredentials: true # set to 'true' to leave the OAuth token in the Git config after the initial fetch + + # Setup the repo to be ready for release. This includes: + # - Autogenerating the next version number + # - Calling the approprate scripts that upstream React Native uses to prepare a release + # - Skipping the actual `git tag`, `git push`, and `npm publish steps as we do that here instead + + - ${{ if eq(variables['Build.SourceBranch'], 'refs/heads/1espt') }}: + - template: .ado/templates/apple-job-publish.yml@self + parameters: + build_type: nightly + - ${{ elseif endsWith(variables['Build.SourceBranchName'], '-stable') }}: + - template: .ado/templates/apple-job-publish.yml@self + parameters: + build_type: release + - ${{ else }}: + - task: CmdLine@2 + displayName: Unknown branch, skipping publish + inputs: + script: | + echo "Skipping publish for branch $(Build.SourceBranchName)" + exit 1 + + # Set the NPM dist-tag and do the actual NPM publish + + - bash: echo "##vso[task.setvariable variable=npmDistTag]latest" + displayName: Set dist-tag to latest + condition: eq(variables['Build.SourceBranchName'], variables.latestStableBranch) + + - bash: echo "##vso[task.setvariable variable=npmDistTag]canary" + displayName: Set dist-tag to canary + condition: eq(variables['Build.SourceBranchName'], 'main') + + - bash: echo "##vso[task.setvariable variable=npmDistTag]v${{variables['Build.SourceBranchName']}}" + displayName: Set dist-tag to v0.x-stable + condition: and(ne(variables['Build.SourceBranchName'], 'main'), ne(variables['Build.SourceBranchName'], variables.latestStableBranch)) + + - task: CmdLine@2 + displayName: Actual NPM Publish + inputs: + script: | + npm publish ./packages/react-native --tag $(npmDistTag) --registry https://registry.npmjs.org/ --//registry.npmjs.org/:_authToken=$(npmAuthToken) + + # Set the git tag and push the version update back to Github + + - template: .ado/templates/configure-git.yml@self + + - task: CmdLine@2 + displayName: 'Tag and push to Github' + inputs: + script: node .ado/gitTagRelease.js + env: + BUILD_STAGINGDIRECTORY: $(Build.StagingDirectory) + BUILD_SOURCEBRANCH: $(Build.SourceBranch) + SYSTEM_ACCESSTOKEN: $(System.AccessToken) + githubAuthToken: $(githubAuthToken) + condition: and(succeeded(), ne(variables['Build.SourceBranchName'], 'main')) + + - job: RNMacOSInitNpmJSPublish + displayName: NPM Publish beachball packages (e.g., react-native-macos-init) + pool: + name: cxeiss-ubuntu-20-04-large + image: cxe-ubuntu-20-04-1es-pt + os: linux + timeoutInMinutes: 90 # how long to run the job before automatically cancelling + cancelTimeoutInMinutes: 5 # how much time to give 'run always even if cancelled tasks' before killing them + condition: eq(variables['Build.SourceBranchName'], '1espt') + templateContext: + outputs: + - output: pipelineArtifact + targetPath: $(System.DefaultWorkingDirectory) + artifactName: macos-init-npm-js-publish + steps: + - checkout: self # self represents the repo where the initial Pipelines YAML file was found + clean: true # whether to fetch clean each time + # fetchDepth: 2 # the depth of commits to ask Git to fetch + lfs: false # whether to download Git-LFS files + submodules: recursive # set to 'true' for a single level of submodules or 'recursive' to get submodules of submodules + persistCredentials: true # set to 'true' to leave the OAuth token in the Git config after the initial fetch + + - template: .ado/templates/configure-git.yml@self + + - task: CmdLine@2 + displayName: yarn install + inputs: + script: | + cd packages/react-native-macos-init + yarn install + + - task: CmdLine@2 + displayName: Build react-native-macos-init + inputs: + script: | + cd packages/react-native-macos-init + yarn build + + - task: CmdLine@2 + displayName: Code tested in other pipeline [test] + inputs: + script: echo "This code is tested as part of an integration test. See the 'Verify react-native-macos-init' task." + + - task: CmdLine@2 + displayName: "Publish beachball packages to npmjs.org" + inputs: + script: | + npx beachball publish --scope '!packages/react-native' --branch origin/$(Build.SourceBranchName) -n NOAUTH -yes -m "applying package updates ***NO_CI***" --access public diff --git a/.ado/templates/apple-job-javascript.yml b/.ado/templates/apple-job-javascript.yml index d17c55f63cdeab..149edc15c422d3 100644 --- a/.ado/templates/apple-job-javascript.yml +++ b/.ado/templates/apple-job-javascript.yml @@ -4,9 +4,6 @@ parameters: steps: - template: apple-tools-setup.yml - - # Task Group: Xcode select proper version - - template: apple-xcode-select.yml parameters: slice_name: ${{ parameters.slice_name }} xcode_version: ${{ parameters.xcode_version }} diff --git a/.ado/templates/apple-job-react-native.yml b/.ado/templates/apple-job-react-native.yml index e57f3ef1879d06..f97bcc2332bbe7 100644 --- a/.ado/templates/apple-job-react-native.yml +++ b/.ado/templates/apple-job-react-native.yml @@ -12,9 +12,6 @@ parameters: steps: - template: apple-tools-setup.yml - - # Task Group: Xcode select proper version - - template: apple-xcode-select.yml parameters: slice_name: ${{ parameters.slice_name }} xcode_version: ${{ parameters.xcode_version }} diff --git a/.ado/templates/apple-tools-setup.yml b/.ado/templates/apple-tools-setup.yml index 67462a2dbf5c23..5dc0ac3319ffe1 100644 --- a/.ado/templates/apple-tools-setup.yml +++ b/.ado/templates/apple-tools-setup.yml @@ -5,3 +5,17 @@ steps: - script: 'brew bundle --file .ado/Brewfile' displayName: 'brew bundle' + + - ${{ if ne(parameters.xcode_version, '')}}: + - template: apple-xcode-select.yml + parameters: + slice_name: ${{ parameters.slice_name }} + xcode_version: ${{ parameters.xcode_version }} + + - script: | + xcrun simctl list + displayName: 'List Simulators' + + - script: | + xcrun --sdk iphonesimulator --show-sdk-version + displayName: 'Determine iOS SDK version' \ No newline at end of file diff --git a/.ado/templates/apple-xcode-select.yml b/.ado/templates/apple-xcode-select.yml index 09ed6cd29f5c3c..ddbb8f5d29203c 100644 --- a/.ado/templates/apple-xcode-select.yml +++ b/.ado/templates/apple-xcode-select.yml @@ -9,5 +9,5 @@ parameters: steps: - bash: | sudo xcode-select --switch '${{ parameters.xcode_version }}' - displayName: Switch Xcode version ${{ parameters.slice_name }} + displayName: Switch Xcode version ${{ parameters.xcode_version }} for ${{ parameters.slice_name }} failOnStderr: true diff --git a/.ado/variables/vars.yml b/.ado/variables/vars.yml index 9333bc319a14a0..c442c84e1c1486 100644 --- a/.ado/variables/vars.yml +++ b/.ado/variables/vars.yml @@ -2,3 +2,5 @@ variables: VmImageApple: macOS-13 slice_name: 'Xcode_15.0' xcode_version: '/Applications/Xcode_15.0.app' + ios_version: '17.0' + ios_simulator: 'iPhone 15' \ No newline at end of file diff --git a/GuardianCustomConfiguration.json b/GuardianCustomConfiguration.json deleted file mode 100644 index d945e8c35b64e3..00000000000000 --- a/GuardianCustomConfiguration.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "Enabled": true, - "Tools": { - "CredScan": { - "Enabled": true, - "Inputs": { - "SuppressionsPath": ".config\\CredScanSuppressions.json" - } - }, - "ESLint": { - "Enabled": true, - "Inputs": { - "Configuration": "required", - "Parser": "@typescript-eslint/parser", - "ParserOptions": "", - "EnableExclusions": true, - "ExclusionPatterns": "*.js", - "_justification": "js files in this repo are flow files. the built-in eslint does not support this. Adding a separate step to run the sdl rules for flow files." - } - } - } -} \ No newline at end of file