forked from dotnet/fsharp
-
Notifications
You must be signed in to change notification settings - Fork 0
/
azure-pipelines.yml
235 lines (228 loc) · 10.3 KB
/
azure-pipelines.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
# CI and PR triggers
trigger:
branches:
include:
- main
- feature/*
- release/*
paths:
include:
- '*'
exclude:
- .github/*
- docs/
- .vscode/*
- .devcontainer/*
- tests/scripts/
- attributions.md
- CODE_OF_CONDUCT.md
- DEVGUIDE.md
- INTERNAL.md
- Language-Version-History.md
- License.txt
- README.md
- release-notes.md
- TESTGUIDE.md
variables:
# Release branch for F#
# Should be 'current' release branch name, i.e. 'release/dev17.10' in dotnet/fsharp/refs/heads/main, 'release/dev17.10' in dotnet/fsharp/refs/heads/release/dev17.10 and 'release/dev17.9' in dotnet/fsharp/refs/heads/release/dev17.9
# Should **never** be 'main' in dotnet/fsharp/refs/heads/main, since it will start inserting to VS twice.
- name: FSharpReleaseBranchName
value: release/dev17.12
# VS Insertion branch name (NOT the same as F# branch)
# Should be previous release branch or 'main' in 'main' and 'main' in release branch
# (since for all *new* release branches we insert into VS main and for all *previous* releases we insert into corresponding VS release),
# i.e. 'rel/d17.9' *or* 'main' in dotnet/fsharp/refs/heads/main and 'main' in F# dotnet/fsharp/refs/heads/release/dev17.10 (latest release branch)
- name: VSInsertionTargetBranchName
value: main
- name: _TeamName
value: FSharp
- name: TeamName
value: FSharp
- name: _BuildConfig
value: Release
- name: _SignType
value: Real
- name: _PublishUsingPipelines
value: true
- name: VisualStudioDropName
value: Products/$(System.TeamProject)/$(Build.Repository.Name)/$(Build.SourceBranchName)/$(Build.BuildNumber)
- name: Codeql.Enabled
value: true
- group: DotNet-FSharp-SDLValidation-Params
- template: /eng/common/templates-official/variables/pool-providers.yml@self
resources:
repositories:
- repository: MicroBuildTemplate
type: git
name: 1ESPipelineTemplates/MicroBuildTemplate
ref: refs/tags/release
extends:
template: azure-pipelines/MicroBuild.1ES.Official.yml@MicroBuildTemplate
parameters:
featureFlags:
autoBaseline: true
sdl:
binskim:
enabled: true
policheck:
enabled: true
sbom:
enabled: false # VS SBOM is generated with other steps
justificationForDisabling: 'SBOM for F# is generated via build process. Will be migrated at later date.'
tsa:
enabled: true
configFile: '$(Build.SourcesDirectory)/eng/TSAConfig.gdntsa'
sourceAnalysisPool:
name: NetCore1ESPool-Svc-Internal
image: 1es-windows-2022
os: windows
stages:
- stage: build
displayName: Build
jobs:
#-------------------------------------------------------------------------------------------------------------------#
# Signed build #
#-------------------------------------------------------------------------------------------------------------------#
# Localization: we only run it for specific release branches
- ${{ if eq(variables['Build.SourceBranch'], 'refs/heads/release/dev17.12') }}:
- template: /eng/common/templates-official/job/onelocbuild.yml@self
parameters:
MirrorRepo: fsharp
MirrorBranch: $(FSharpReleaseBranchName)
LclSource: lclFilesfromPackage
LclPackageId: 'LCL-JUNO-PROD-FSHARP'
- template: /eng/common/templates-official/jobs/jobs.yml@self
parameters:
enableMicrobuild: true
enablePublishBuildArtifacts: true
enablePublishTestResults: false
enablePublishBuildAssets: true
enablePublishUsingPipelines: $(_PublishUsingPipelines)
enableSourceBuild: true
enableTelemetry: true
helixRepo: dotnet/fsharp
jobs:
- job: Full_Signed
pool:
name: NetCore1ESPool-Svc-Internal
image: windows.vs2022preview.amd64
timeoutInMinutes: 300
templateContext:
mb:
signing:
enabled: true
feedSource: https://dnceng.pkgs.visualstudio.com/_packaging/MicroBuildToolset/nuget/v3/index.json
signType: $(_SignType)
zipSources: false
variables:
- group: DotNet-Symbol-Server-Pats
- group: DotNet-DevDiv-Insertion-Workflow-Variables
- name: _SignType
value: Real
steps:
- checkout: self
clean: true
- template: /eng/restore-internal-tools.yml
- script: eng\CIBuild.cmd
-configuration $(_BuildConfig)
-prepareMachine
-testAllButIntegrationAndAot
-officialSkipTests $(SkipTests)
/p:SignType=$(_SignType)
/p:DotNetSignType=$(_SignType)
/p:MicroBuild_SigningEnabled=true
/p:TeamName=$(_TeamName)
/p:DotNetPublishUsingPipelines=$(_PublishUsingPipelines)
/p:OfficialBuildId=$(BUILD.BUILDNUMBER)
/p:VisualStudioDropName=$(VisualStudioDropName)
/p:GenerateSbom=true
env:
NativeToolsOnMachine: true
- task: PublishTestResults@2
displayName: Publish Test Results
inputs:
testResultsFormat: 'XUnit'
testResultsFiles: '*.xml'
searchFolder: '$(Build.SourcesDirectory)/artifacts/TestResults/$(_BuildConfig)'
continueOnError: true
condition: ne(variables['SkipTests'], 'true')
- task: 1ES.PublishPipelineArtifact@1
displayName: Publish Test Logs
inputs:
targetPath: '$(Build.SourcesDirectory)\artifacts\TestResults\$(_BuildConfig)'
artifactName: 'Test Logs'
publishLocation: Container
continueOnError: true
condition: ne(variables['SkipTests'], 'true')
- task: 1ES.PublishPipelineArtifact@1
displayName: Publish Artifact Packages
inputs:
targetPath: '$(Build.SourcesDirectory)\artifacts\packages\$(_BuildConfig)'
artifactName: 'Packages'
condition: succeeded()
- task: 1ES.PublishPipelineArtifact@1
displayName: Publish Artifact VSSetup
inputs:
targetPath: '$(Build.SourcesDirectory)\artifacts\VSSetup\$(_BuildConfig)\Insertion'
artifactName: 'VSSetup'
condition: succeeded()
- task: 1ES.PublishPipelineArtifact@1
displayName: Publish Artifact Nightly
inputs:
targetPath: '$(Build.SourcesDirectory)\artifacts\VSSetup\$(_BuildConfig)\VisualFSharpDebug.vsix'
artifactName: 'Nightly'
condition: succeeded()
- task: 1ES.PublishPipelineArtifact@1
displayName: Publish Artifact Symbols
inputs:
targetPath: '$(Build.SourcesDirectory)\artifacts\SymStore\$(_BuildConfig)'
artifactName: 'NativeSymbols'
condition: succeeded()
- task: 1ES.MicroBuildVstsDrop@1
displayName: Upload VSTS Drop
inputs:
dropName: $(VisualStudioDropName)
dropFolder: '$(Build.SourcesDirectory)\artifacts\VSSetup\$(_BuildConfig)\Insertion'
dropRetentionDays: 90
accessToken: $(dn-bot-devdiv-drop-rw-code-rw)
dropServiceUri: 'https://devdiv.artifacts.visualstudio.com'
vsDropServiceUri: 'https://vsdrop.corp.microsoft.com/file/v1'
condition: succeeded()
#---------------------------------------------------------------------------------------------------------------------#
# Post Build #
#---------------------------------------------------------------------------------------------------------------------#
- template: eng/common/templates-official/post-build/post-build.yml@self
parameters:
publishingInfraVersion: 3
# Symbol validation is not entirely reliable as of yet, so should be turned off until https://github.com/dotnet/arcade/issues/2871 is resolved.
enableSymbolValidation: false
# SourceLink improperly looks for generated files. See https://github.com/dotnet/arcade/issues/3069
enableSourceLinkValidation: false
# Enable SDL validation, passing through values from the 'DotNet-FSharp-SDLValidation-Params' group.
SDLValidationParameters:
enable: true
params: >-
-SourceToolsList @("policheck","credscan")
-ArtifactToolsList @("binskim")
-BinskimAdditionalRunConfigParams @("IgnorePdbLoadError < True","Recurse < True")
-TsaInstanceURL $(_TsaInstanceURL)
-TsaProjectName $(_TsaProjectName)
-TsaNotificationEmail $(_TsaNotificationEmail)
-TsaCodebaseAdmin $(_TsaCodebaseAdmin)
-TsaBugAreaPath $(_TsaBugAreaPath)
-TsaIterationPath $(_TsaIterationPath)
-TsaRepositoryName "FSharp"
-TsaCodebaseName "FSharp-GitHub"
-TsaPublish $True
-PoliCheckAdditionalRunConfigParams @("UserExclusionPath < $(Build.SourcesDirectory)/eng/policheck_exclusions.xml")
#---------------------------------------------------------------------------------------------------------------------#
# VS Insertion #
#---------------------------------------------------------------------------------------------------------------------#
- template: eng/release/insert-into-vs.yml@self
parameters:
componentBranchName: refs/heads/${{ variables.FSharpReleaseBranchName }}
insertTargetBranch: ${{ variables.VSInsertionTargetBranchName }}
insertTeamEmail: [email protected]
insertTeamName: 'F#'
completeInsertion: 'auto'