From 6a9554dc47a8c0cea0fff8380cf086da20fbdb0e Mon Sep 17 00:00:00 2001 From: Chirag Sharma <150002431+v-sharmachir@users.noreply.github.com> Date: Thu, 14 Nov 2024 23:20:23 +0530 Subject: [PATCH] feat(Pipeline migration to 1ES template): Migrated release pipeline to 1ES PT (#2225) #### Details Migrated release pipeline to 1ES PT as per the changes mentioned in the documentation link provided for the 1ES pipeline migration. Test Run link: https://dev.azure.com/mseng/1ES/_build/results?buildId=29327650&view=results ##### Motivation [Feature 2211959](https://dev.azure.com/mseng/1ES/_workitems/edit/2211959) ##### Context #### Pull request checklist - [x] Addresses an existing issue: [Feature 2211959](https://dev.azure.com/mseng/1ES/_workitems/edit/2211959) - [ ] Added relevant unit test for your changes. (`yarn test`) - [ ] Verified code coverage for the changes made. Check coverage report at: `/test-results/unit/coverage` - [x] Ran precheckin (`yarn precheckin`) --------- Co-authored-by: Vikash Yadav <95463767+v-viyada@users.noreply.github.com> --- pipelines/canary-release.yaml | 64 ++++++++++----- pipelines/package-vsix-file.yaml | 17 +--- pipelines/prod-release.yaml | 135 ++++++++++++++++++------------- pipelines/publish-vsix-file.yaml | 9 +-- pipelines/release-template.yaml | 32 +++++++- 5 files changed, 153 insertions(+), 104 deletions(-) diff --git a/pipelines/canary-release.yaml b/pipelines/canary-release.yaml index 85ef3955b..b2594625e 100644 --- a/pipelines/canary-release.yaml +++ b/pipelines/canary-release.yaml @@ -18,31 +18,53 @@ variables: trigger: none -pool: - name: $(a11yInsightsPool) - vmImage: $(linuxImage) - demands: - - ImageOverride -equals $(linuxImage) - resources: + repositories: + - repository: 1esPipelines + type: git + name: 1ESPipelineTemplates/1ESPipelineTemplates + ref: refs/tags/release pipelines: - pipeline: accessibility-insights-action-ci source: accessibility-insights-action-ci trigger: branches: [main] -stages: - - stage: package_publish_canary - variables: - - group: ${{ parameters.variableGroupName }} - jobs: - - template: release-template.yaml - parameters: - ${{ if eq(parameters.variableGroupName, 'a11y-insights-ado-extension-canary') }}: - environment: a11y-insghts-ado-extension-canary - shouldSign: true - visibility: preview - ${{ if ne(parameters.variableGroupName, 'a11y-insights-ado-extension-canary') }}: - environment: a11y-insghts-ado-extension-test - shouldSign: false - visibility: private +extends: + # Do not edit. This is the 1ES template that holds different SDL and compliance tasks that the template injects into the pipeline. + # It uses the unofficial template because it's a canary pipeline. + template: v1/1ES.Unofficial.PipelineTemplate.yml@1esPipelines + + parameters: + # Accessibility Insights team's 1ES hosted pool. + # This variable is saved in Azure DevOps from the "Edit" pipeline view. + pool: + name: $(a11yInsightsPool) + image: $(linuxImage) + os: linux + demands: + - ImageOverride -equals $(linuxImage) + + sdl: + sourceAnalysisPool: + name: a11y-ado-auth + image: windows-2022-secure + os: windows + + stages: + - stage: package_publish_canary + variables: + - group: ${{ parameters.variableGroupName }} + jobs: + - template: pipelines/release-template.yaml@self + parameters: + ${{ if eq(parameters.variableGroupName, 'a11y-insights-ado-extension-canary') }}: + environment: a11y-insghts-ado-extension-canary + shouldSign: true + visibility: preview + isProduction: false + ${{ if ne(parameters.variableGroupName, 'a11y-insights-ado-extension-canary') }}: + environment: a11y-insghts-ado-extension-test + shouldSign: false + visibility: private + isProduction: false diff --git a/pipelines/package-vsix-file.yaml b/pipelines/package-vsix-file.yaml index e27a5455e..acf958f0c 100644 --- a/pipelines/package-vsix-file.yaml +++ b/pipelines/package-vsix-file.yaml @@ -26,16 +26,7 @@ steps: inputs: version: 'v0.7.x' - - task: DownloadPipelineArtifact@2 - inputs: - source: 'specific' - runVersion: 'specific' - project: $(resources.pipeline.accessibility-insights-action-ci.projectID) - pipeline: $(resources.pipeline.accessibility-insights-action-ci.pipelineID) - runId: $(resources.pipeline.accessibility-insights-action-ci.runID) - artifact: ado-extension-drop - path: '$(System.DefaultWorkingDirectory)/ado-extension-drop' - - template: generate-vs-marketplace-token.yaml + - template: generate-vs-marketplace-token.yaml@self - task: QueryAzureDevOpsExtensionVersion@4 name: QueryVersion inputs: @@ -118,9 +109,3 @@ steps: "ToolVersion" : "1.0" } ] - - - task: PublishBuildArtifacts@1 - inputs: - PathtoPublish: '$(Build.ArtifactStagingDirectory)' - ArtifactName: '${{ parameters.environment }}-vsix' - publishLocation: 'Container' diff --git a/pipelines/prod-release.yaml b/pipelines/prod-release.yaml index 0b1c75733..a6169a561 100644 --- a/pipelines/prod-release.yaml +++ b/pipelines/prod-release.yaml @@ -13,68 +13,89 @@ parameters: trigger: none -pool: - name: $(a11yInsightsPool) - vmImage: $(linuxImage) - demands: - - ImageOverride -equals $(linuxImage) - resources: + repositories: + - repository: 1esPipelines + type: git + name: 1ESPipelineTemplates/1ESPipelineTemplates + ref: refs/tags/release pipelines: - pipeline: accessibility-insights-action-ci source: accessibility-insights-action-ci +extends: + # Do not edit. This is the 1ES template that holds different SDL and compliance tasks that the template injects into the pipeline. + # It uses the Official template because it's a production pipeline. + template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines + + parameters: + # Accessibility Insights team's 1ES hosted pool. + # This variable is saved in Azure DevOps from the "Edit" pipeline view. + pool: + name: $(a11yInsightsPool) + image: $(linuxImage) + os: linux + demands: + - ImageOverride -equals $(linuxImage) + + sdl: + sourceAnalysisPool: + name: a11y-ado-auth + image: windows-2022-secure + os: windows -stages: - - stage: package_publish_staging - variables: - - group: a11y-insights-ado-extension-staging - - ${{ if ne(parameters.stagingVersionOverride, 'increment') }}: - - name: extensionVersionOverride - value: ${{ parameters.stagingVersionOverride }} - jobs: - - template: release-template.yaml - parameters: - environment: a11y-insights-ado-extension-staging - shouldSign: true - visibility: preview + stages: + - stage: package_publish_staging + variables: + - group: a11y-insights-ado-extension-staging + - ${{ if ne(parameters.stagingVersionOverride, 'increment') }}: + - name: extensionVersionOverride + value: ${{ parameters.stagingVersionOverride }} + jobs: + - template: pipelines/release-template.yaml@self + parameters: + environment: a11y-insights-ado-extension-staging + shouldSign: true + visibility: preview + isProduction: true - - stage: create_release_tag - variables: - - name: tag - value: v${{ parameters.prodVersionOverride }}-sources-ado - jobs: - - job: 'CreateReleaseTag' - steps: - - task: DownloadPipelineArtifact@2 - inputs: - source: 'specific' - runVersion: 'specific' - project: $(resources.pipeline.accessibility-insights-action-ci.projectID) - pipeline: $(resources.pipeline.accessibility-insights-action-ci.pipelineID) - runId: $(resources.pipeline.accessibility-insights-action-ci.runID) - artifact: ado-extension-drop - path: '$(System.DefaultWorkingDirectory)/ado-extension-drop' + - stage: create_release_tag + variables: + - name: tag + value: v${{ parameters.prodVersionOverride }}-sources-ado + jobs: + - job: 'CreateReleaseTag' + steps: + - task: 1ES.DownloadPipelineArtifact@1 + inputs: + source: 'specific' + runVersion: 'specific' + project: $(resources.pipeline.accessibility-insights-action-ci.projectID) + pipeline: $(resources.pipeline.accessibility-insights-action-ci.pipelineID) + runId: $(resources.pipeline.accessibility-insights-action-ci.runID) + artifactName: ado-extension-drop + targetPath: '$(System.DefaultWorkingDirectory)/ado-extension-drop' - - task: GitHubRelease@1 - displayName: 'GitHub release' - inputs: - tag: '$(tag)' - action: edit - tagSource: userSpecifiedTag - gitHubConnection: 'a11y-insights-ada-cat-github-oauth' - isPreRelease: true - isDraft: true - target: $(resources.pipeline.accessibility-insights-action-ci.sourceCommit) - assets: '$(System.DefaultWorkingDirectory)/ado-extension-drop/NOTICE.html' + - task: GitHubRelease@1 + displayName: 'GitHub release' + inputs: + tag: '$(tag)' + action: edit + tagSource: userSpecifiedTag + gitHubConnection: 'a11y-insights-ada-cat-github-oauth' + isPreRelease: true + isDraft: true + target: $(resources.pipeline.accessibility-insights-action-ci.sourceCommit) + assets: '$(System.DefaultWorkingDirectory)/ado-extension-drop/NOTICE.html' - - stage: package_publish_prod - variables: - - group: a11y-insights-ado-extension-prod - - name: extensionVersionOverride - value: ${{ parameters.prodVersionOverride }} - jobs: - - template: release-template.yaml - parameters: - environment: a11y-insights-ado-extension-prod - shouldSign: true - visibility: preview + - stage: package_publish_prod + variables: + - group: a11y-insights-ado-extension-prod + - name: extensionVersionOverride + value: ${{ parameters.prodVersionOverride }} + jobs: + - template: pipelines/release-template.yaml@self + parameters: + environment: a11y-insights-ado-extension-prod + shouldSign: true + visibility: preview + isProduction: true diff --git a/pipelines/publish-vsix-file.yaml b/pipelines/publish-vsix-file.yaml index fba2a04ba..7e273b117 100644 --- a/pipelines/publish-vsix-file.yaml +++ b/pipelines/publish-vsix-file.yaml @@ -10,18 +10,11 @@ parameters: type: string steps: - - download: none - task: TfxInstaller@3 inputs: version: 'v0.7.x' - - task: DownloadBuildArtifacts@0 - inputs: - buildType: 'current' - downloadType: 'single' - artifactName: '${{ parameters.environment }}-vsix' - downloadPath: '$(System.DefaultWorkingDirectory)' - template: generate-vs-marketplace-token.yaml - - task: PublishAzureDevOpsExtension@3 + - task: 1ES.PublishAzureDevOpsExtension@1 inputs: connectTo: 'VsTeam' connectedServiceName: 'a11y-insights-vs-marketplace' diff --git a/pipelines/release-template.yaml b/pipelines/release-template.yaml index a49a51ec6..110019e02 100644 --- a/pipelines/release-template.yaml +++ b/pipelines/release-template.yaml @@ -11,6 +11,9 @@ parameters: - name: visibility displayName: marketplace visibility type: string + - name: isProduction + displayName: whether to deploy to production + type: string jobs: - job: package_job @@ -19,21 +22,46 @@ jobs: vmImage: $(linuxImage) demands: - ImageOverride -equals $(linuxImage) + templateContext: + inputs: + - input: pipelineArtifact + source: 'specific' + runVersion: 'specific' + project: $(resources.pipeline.accessibility-insights-action-ci.projectID) + definition: $(resources.pipeline.accessibility-insights-action-ci.pipelineID) + runId: $(resources.pipeline.accessibility-insights-action-ci.runID) + artifactName: ado-extension-drop + targetPath: '$(System.DefaultWorkingDirectory)/ado-extension-drop' + outputs: + - output: pipelineArtifact + targetPath: '$(Build.ArtifactStagingDirectory)' + artifactName: '${{ parameters.environment }}-vsix' + publishLocation: 'Container' steps: - - template: package-vsix-file.yaml + - template: package-vsix-file.yaml@self parameters: environment: ${{ parameters.environment }} shouldSign: ${{ parameters.shouldSign }} visibility: ${{parameters.visibility}} + - deployment: publish_vsix_file displayName: deploy vsix file dependsOn: package_job + templateContext: + type: releaseJob + isProduction: ${{ parameters.isProduction }} + inputs: + - input: pipelineArtifact + buildType: 'current' + downloadType: 'single' + artifactName: '${{ parameters.environment }}-vsix' + downloadPath: '$(System.DefaultWorkingDirectory)/${{ parameters.environment }}-vsix' environment: ${{ parameters.environment }} strategy: runOnce: deploy: steps: - - template: publish-vsix-file.yaml + - template: publish-vsix-file.yaml@self parameters: environment: ${{ parameters.environment }} visibility: ${{parameters.visibility}}