-
Notifications
You must be signed in to change notification settings - Fork 34
/
azure-pipelines.yml
119 lines (112 loc) · 4.13 KB
/
azure-pipelines.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
trigger:
batch: true
branches:
include:
- main
- release/*.*
variables:
# Cannot use key:value syntax in root defined variables
- name: _TeamName
value: DotNetCore
- name: TeamName
value: DotNetCore
- name: _PublishUsingPipelines
value: true
- name: _DotNetArtifactsCategory
value: .NETCore
- name: Codeql.Enabled
value: true
- template: /eng/common/templates-official/variables/pool-providers.yml@self
- group: DotNet-AspNet-SDLValidation-Params
resources:
repositories:
- repository: MicroBuildTemplate
type: git
name: 1ESPipelineTemplates/MicroBuildTemplate
ref: refs/tags/release
extends:
template: azure-pipelines/MicroBuild.1ES.Official.yml@MicroBuildTemplate
parameters:
sdl:
sourceAnalysisPool:
name: $(DncEngInternalBuildPool)
image: 1es-windows-2022
os: windows
policheck:
enabled: true
tsa:
enabled: true
configFile: '$(Build.SourcesDirectory)\.config\tsaoptions.json'
customBuildTags:
- ES365AIMigrationTooling
stages:
- stage: build
displayName: Build
jobs:
- template: /eng/common/templates-official/jobs/jobs.yml@self
parameters:
enableMicrobuild: true
enablePublishBuildArtifacts: true
enablePublishTestResults: true
enablePublishBuildAssets: true
enablePublishUsingPipelines: ${{ variables._PublishUsingPipelines }}
enableSourceBuild: true
enableTelemetry: true
helixRepo: dotnet/xdt
jobs:
- job: Windows_NT
pool:
name: $(DncEngInternalBuildPool)
image: 1es-windows-2022
variables:
- _Script: eng\common\cibuild.cmd
- _ValidateSdkArgs: ''
- _InternalBuildArgs: ''
# DotNet-Symbol-Server-Pats provides: microsoft-symbol-server-pat, symweb-symbol-server-pat
# Publish-Build-Assets provides: MaestroAccessToken, BotAccount-dotnet-maestro-bot-PAT
- group: DotNet-Symbol-Server-Pats
- group: Publish-Build-Assets
- _InternalBuildArgs: /p:DotNetSignType=$(_SignType) /p:TeamName=$(_TeamName)
/p:DotNetPublishUsingPipelines=$(_PublishUsingPipelines)
/p:DotNetArtifactsCategory=$(_DotNetArtifactsCategory)
/p:DotNetSymbolServerTokenMsdl=$(microsoft-symbol-server-pat)
/p:DotNetSymbolServerTokenSymWeb=$(symweb-symbol-server-pat)
/p:OfficialBuildId=$(BUILD.BUILDNUMBER)
strategy:
matrix:
Build_Release:
_BuildConfig: Release
_PublishType: blob
_SignType: real
# _Script: eng\validate-sdk.cmd
# _ValidateSdkArgs: -gitHubPat $(BotAccount-dotnet-maestro-bot-PAT) -barToken $(MaestroAccessToken)
steps:
- checkout: self
clean: true
# Use utility script to run script command dependent on agent OS.
- script: $(_Script)
-configuration $(_BuildConfig)
-prepareMachine
$(_InternalBuildArgs)
$(_ValidateSdkArgs)
displayName: Windows Build / Publish
- template: eng/common/templates-official/post-build/post-build.yml@self
parameters:
publishDependsOn:
- Validate
# This is to enable SDL runs part of Post-Build Validation Stage
SDLValidationParameters:
enable: true
continueOnError: false
params: ' -SourceToolsList @("policheck","credscan")
-ArtifactToolsList @("binskim")
-BinskimAdditionalRunConfigParams @("IgnorePdbLoadError < True","Recurse < True")
-TsaInstanceURL $(_TsaInstanceURL)
-TsaProjectName $(_TsaProjectName)
-TsaNotificationEmail $(_TsaNotificationEmail)
-TsaCodebaseAdmin $(_TsaCodebaseAdmin)
-TsaBugAreaPath $(_TsaBugAreaPath)
-TsaIterationPath $(_TsaIterationPath)
-TsaRepositoryName "xdt"
-TsaCodebaseName "xdt"
-TsaPublish $True'