-
Notifications
You must be signed in to change notification settings - Fork 12
/
Copy pathazure-pipelines.yml
473 lines (452 loc) · 18 KB
/
azure-pipelines.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
trigger:
branches:
include:
- main
- refs/tags/*
resources:
repositories:
- repository: internal-templates
type: github
name: xamarin/yaml-templates
endpoint: xamarin
ref: refs/heads/main
- repository: 1esPipelines
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release
parameters:
- name: OneLocSourceBranch
default: refs/heads/main
- name: ApiScanSourceBranch
default: refs/heads/main
- name: Skip1ESComplianceTasks
default: false
- name: SignArtifacts
default: false
variables:
- group: Xamarin-Secrets
- name: ApiScanSoftwareName
value: VS
- name: ApiScanSoftwareVersion
value: 17.10
- name: DisablePipelineConfigDetector
value: true
- name: WindowsPoolImage1ESPT
value: 1ESPT-Windows2022
- name: LinuxPoolImage1ESPT
value: 1ESPT-Ubuntu22.04
- name: MicroBuildPoolName
value: VSEngSS-MicroBuild2022-1ES
extends:
${{ if or(eq(variables['Build.Reason'], 'PullRequest'), eq('${{ parameters.Skip1ESComplianceTasks }}', 'true')) }}:
template: v1/1ES.Unofficial.PipelineTemplate.yml@1esPipelines
${{ else }}:
template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines
parameters:
sdl:
${{ if eq('${{ parameters.Skip1ESComplianceTasks }}', 'true') }}:
enableAllTools: false
binskim:
scanOutputDirectoryOnly: true
codeql:
runSourceLanguagesInSourceAnalysis: true
suppression:
suppressionFile: $(Build.SourcesDirectory)\.gdn\.gdnsuppress
sourceAnalysisPool:
name: AzurePipelines-EO
image: $(WindowsPoolImage1ESPT)
os: windows
stages:
- stage: Build
jobs:
- job: buildWindows
pool:
name: AzurePipelines-EO
image: $(WindowsPoolImage1ESPT)
os: windows
variables:
Codeql.Enabled: true
templateContext:
outputs:
- output: pipelineArtifact
displayName: upload artifacts
artifactName: native - windows
targetPath: $(Build.ArtifactStagingDirectory)
steps:
- script: |
echo "Hello"
git submodule update --init --recursive
displayName: "Update Submodules"
- script: |
build_windows.bat
displayName: "Build"
- task: ArchiveFiles@2
inputs:
rootFolderOrFile: lzsbuild\lib\win32\RelWithDebInfo\
includeRootFolder: false
archiveType: tar
tarCompression: bz2
replaceExistingArchive: true
archiveFile: $(Build.ArtifactStagingDirectory)\libzip-windows-x86.tar.bz2
- task: ArchiveFiles@2
inputs:
rootFolderOrFile: lzsbuild\lib\win64\RelWithDebInfo\
includeRootFolder: false
archiveType: tar
tarCompression: bz2
replaceExistingArchive: true
archiveFile: $(Build.ArtifactStagingDirectory)\libzip-windows-x64.tar.bz2
- task: ArchiveFiles@2
inputs:
rootFolderOrFile: lzsbuild\lib\winarm64\RelWithDebInfo\
includeRootFolder: false
archiveType: tar
tarCompression: bz2
replaceExistingArchive: true
archiveFile: $(Build.ArtifactStagingDirectory)\libzip-windows-arm-x64.tar.bz2
- job: buildLinux
pool:
name: AzurePipelines-EO
image: $(LinuxPoolImage1ESPT)
os: linux
templateContext:
outputs:
- output: pipelineArtifact
displayName: upload artifacts
artifactName: native - linux
targetPath: $(Build.ArtifactStagingDirectory)
steps:
- bash: |
sudo dpkg --add-architecture i386
sudo apt -y update
sudo apt -f -u install ninja-build -y
git submodule update --init --recursive
displayName: 'Install Tools'
- bash: |
./build.sh -v
displayName: 'Build Linux x64'
- task: ArchiveFiles@2
inputs:
rootFolderOrFile: lzsbuild/lib/Linux/
includeRootFolder: false
archiveType: tar
tarCompression: bz2
replaceExistingArchive: true
archiveFile: $(Build.ArtifactStagingDirectory)/libzip-linux-x64.tar.bz2
- job: buildMacOS
dependsOn:
- buildlinux
- buildWindows
pool:
name: Azure Pipelines
vmImage: macOS-14
os: macOS
templateContext:
outputs:
- output: pipelineArtifact
displayName: upload artifacts
artifactName: nuget
targetPath: $(Build.ArtifactStagingDirectory)
steps:
- bash: |
brew install ninja
git submodule update --init --recursive
displayName: 'Install toolchain'
- bash: |
./build.sh -v
mkdir -p lzsbuild/lib/Linux
mkdir -p lzsbuild/lib/win64
mkdir -p lzsbuild/lib/win32
find lzsbuild -name '*ZipSharpNative*'
displayName: 'Build native'
- task: DownloadPipelineArtifact@2
displayName: download windows artifacts
inputs:
artifactName: native - windows
downloadPath: $(Build.ArtifactStagingDirectory)
- task: DownloadPipelineArtifact@2
displayName: download linux artifacts
inputs:
artifactName: native - linux
downloadPath: $(Build.ArtifactStagingDirectory)
- task: ExtractFiles@1
displayName: Extract 64 bit Linux native
inputs:
archiveFilePatterns: $(Build.ArtifactStagingDirectory)/libzip-linux-x64.tar.bz2
destinationFolder: lzsbuild/lib/Linux
- task: ExtractFiles@1
displayName: Extract 64 bit Windows native
inputs:
archiveFilePatterns: $(Build.ArtifactStagingDirectory)/libzip-windows-x64.tar.bz2
destinationFolder: lzsbuild/lib/win64
- task: ExtractFiles@1
displayName: Extract 64 bit ARM Windows native
inputs:
archiveFilePatterns: $(Build.ArtifactStagingDirectory)/libzip-windows-arm-x64.tar.bz2
destinationFolder: lzsbuild/lib/winarm64
- task: ExtractFiles@1
displayName: Extract 32 bit Windows native
inputs:
archiveFilePatterns: $(Build.ArtifactStagingDirectory)/libzip-windows-x86.tar.bz2
destinationFolder: lzsbuild/lib/win32
- bash: |
rm $(Build.ArtifactStagingDirectory)/libzip-linux-*.tar.bz2
rm $(Build.ArtifactStagingDirectory)/libzip-windows-*.tar.bz2
displayName: 'Find libzip'
- task: DotNetCoreCLI@2
displayName: 'Build solution libZipSharp.csproj'
inputs:
projects: LibZipSharp/libZipSharp.csproj
configuration: Release
arguments: -v:diag -p:RunningOnCI=true
- task: DotNetCoreCLI@2
displayName: NuGet pack libZipSharp
inputs:
projects: LibZipSharp/libZipSharp.csproj
configuration: Release
arguments: -t:Pack
- task: CopyFiles@2
displayName: Copy nupkg
inputs:
contents: 'LibZipSharp/*.nupkg'
flattenFolders: true
targetFolder: $(Build.ArtifactStagingDirectory)
- task: CopyFiles@2
displayName: Copy SignList
inputs:
contents: 'SignList.xml'
targetFolder: $(Build.ArtifactStagingDirectory)
- task: CopyFiles@2
displayName: Copy snupkg
inputs:
contents: 'LibZipSharp/*.snupkg'
flattenFolders: true
targetFolder: $(Build.ArtifactStagingDirectory)
- stage: Test
dependsOn: Build
variables:
DotNetCoreVersion: 3.1.201
DotNetVersion: 7.0.406
jobs:
- job: testlinux
displayName: 'Test Linux'
pool:
name: AzurePipelines-EO
image: $(LinuxPoolImage1ESPT)
os: linux
steps:
- template: yaml-templates/use-dot-net.yaml@self
parameters:
version: $(DotNetCoreVersion)
- template: yaml-templates/use-dot-net.yaml@self
parameters:
version: $(DotNetVersion)
- task: DownloadPipelineArtifact@2
displayName: download artifacts
inputs:
artifactName: nuget
downloadPath: $(Build.SourcesDirectory)
- task: DotNetCoreCLI@2
displayName: 'Build solution LibZipSharp.UnitTest/LibZipSharp.UnitTest.csproj'
inputs:
projects: LibZipSharp.UnitTest/LibZipSharp.UnitTest.csproj
configuration: Release
arguments: -p:ReferenceNuget=True -v:diag
- task: DotNetCoreCLI@2
displayName: 'Run Unit tests for .net'
inputs:
command: test
projects: LibZipSharp.UnitTest/LibZipSharp.UnitTest.csproj
configuration: Release
arguments: -p:ReferenceNuget=True -v:diag
- job: testmacos
displayName: 'Test MacOS'
pool:
name: Azure Pipelines
vmImage: macOS-14
os: macOS
steps:
- template: yaml-templates/use-dot-net.yaml@self
parameters:
version: $(DotNetCoreVersion)
- template: yaml-templates/use-dot-net.yaml@self
parameters:
version: $(DotNetVersion)
- task: DownloadPipelineArtifact@2
displayName: download artifacts
inputs:
artifactName: nuget
downloadPath: $(Build.SourcesDirectory)
- task: DotNetCoreCLI@2
displayName: 'Build solution LibZipSharp.UnitTest/LibZipSharp.UnitTest.csproj'
inputs:
projects: LibZipSharp.UnitTest/LibZipSharp.UnitTest.csproj
configuration: Release
arguments: -p:ReferenceNuget=True -v:diag
- task: DotNetCoreCLI@2
displayName: 'Run Tests under .net'
inputs:
command: test
projects: LibZipSharp.UnitTest/LibZipSharp.UnitTest.csproj
configuration: Release
arguments: -p:ReferenceNuget=True -v:diag
- job: testwindows
displayName: 'Test Windows'
pool:
name: AzurePipelines-EO
image: $(WindowsPoolImage1ESPT)
os: windows
steps:
- template: yaml-templates/use-dot-net.yaml@self
parameters:
version: $(DotNetCoreVersion)
- template: yaml-templates/use-dot-net.yaml@self
parameters:
version: $(DotNetVersion)
- task: DownloadPipelineArtifact@2
displayName: download artifacts
inputs:
artifactName: nuget
downloadPath: $(Build.SourcesDirectory)
- task: DotNetCoreCLI@2
displayName: 'Build solution LibZipSharp.UnitTest/LibZipSharp.UnitTest.csproj'
inputs:
projects: LibZipSharp.UnitTest/LibZipSharp.UnitTest.csproj
configuration: Release
arguments: -p:ReferenceNuget=True -v:diag
- task: DotNetCoreCLI@2
displayName: 'Run Tests LibZipSharp.UnitTest/LibZipSharp.UnitTest.csproj'
inputs:
command: test
projects: LibZipSharp.UnitTest/LibZipSharp.UnitTest.csproj
configuration: Release
arguments: -p:ReferenceNuget=True -v:diag
- stage: Publish
dependsOn: Build
condition: and(eq(dependencies.Build.result, 'Succeeded'), eq(variables['System.TeamProject'], 'devdiv'), or(startsWith(variables['Build.SourceBranch'], 'refs/tags/'), eq('${{ parameters.SignArtifacts }}', 'true'))) # only sign the packages when running on Windows, and using the private server which has the certificates
jobs:
- template: sign-artifacts/jobs/v2.yml@internal-templates
parameters:
usePipelineArtifactTasks: true
use1ESTemplate: true
signListPath: 'SignList.xml'
- stage: Localization
dependsOn: []
condition: and(eq(variables['System.TeamProject'], 'DevDiv'), eq(variables['Build.SourceBranch'], '${{ parameters.OneLocSourceBranch }}'))
jobs:
- job: OneLocBuild
displayName: OneLocBuild
pool:
name: AzurePipelines-EO
demands:
- ImageOverride -equals 1ESPT-Windows2022
timeoutInMinutes: 30
variables:
- group: Xamarin-Secrets
workspace:
clean: all
templateContext:
outputs:
- output: pipelineArtifact
displayName: Publish Localization Files
condition: succeededOrFailed()
targetPath: $(Build.StagingDirectory)/loc
artifactName: Loc
steps:
- checkout: self
clean: true
# https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/1es-security-configuration/configuration-guides/pat-burndown-guidance#authentication-from-pipelines
# Requires Azure client 2.x
- task: AzureCLI@2
displayName: 'Set AzDO.OneLocBuildToken'
enabled: true
inputs:
azureSubscription: 'VSEng-AzureDevOps-ceapex-OneLocBuild' # Azure DevOps service connection
scriptType: 'pscore'
scriptLocation: 'inlineScript'
inlineScript: |
# if this fails, check out this bash script that includes diagnostics:
# https://gist.github.com/johnterickson/19f80a3e969e39f1000d118739176e62
# Note that the resource is specified to limit the token to Azure DevOps
$token = az account get-access-token --query accessToken --resource 499b84ac-1321-427f-aa17-267ca6975798 -o tsv
Write-Host "##vso[task.setvariable variable=AzDO.OneLocBuildToken;issecret=true]${token}"
- task: OneLocBuild@2
displayName: OneLocBuild
env:
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
inputs:
locProj: Localize/LocProject.json
outDir: $(Build.StagingDirectory)
packageSourceAuth: patAuth
patVariable: $(AzDO.OneLocBuildToken)
isCreatePrSelected: true
repoType: gitHub
gitHubPatVariable: $(github--pat--vs-mobiletools-engineering-service2)
prSourceBranchPrefix: locpr
isShouldReusePrSelected: true
isAutoCompletePrSelected: false
isUseLfLineEndingsSelected: true
- stage: Compliance
displayName: Compliance
dependsOn: Build
condition: and(eq(dependencies.Build.result, 'Succeeded'), eq(variables['Build.SourceBranch'], '${{ parameters.ApiScanSourceBranch }}'))
jobs:
- job: api_scan
displayName: API Scan
pool:
name: Maui-1ESPT
image: $(WindowsPoolImage1ESPT)
os: windows
timeoutInMinutes: 360
workspace:
clean: all
steps:
- task: DownloadPipelineArtifact@2
displayName: download nuget artifact
inputs:
artifactName: nuget
downloadPath: $(Build.StagingDirectory)
itemPattern: '*.nupkg'
- task: ExtractFiles@1
displayName: Extract nuget
inputs:
archiveFilePatterns: $(Build.StagingDirectory)\**\*.nupkg
destinationFolder: $(Build.SourcesDirectory)\nuget
- task: CopyFiles@2
displayName: Collect Files for APIScan
inputs:
Contents: |
$(Build.SourcesDirectory)\nuget\**\?(*.dll|*.exe|*.pdb)
!$(Build.SourcesDirectory)\**\runtimes\win-arm64\native\libzipsharpnative*.dll
TargetFolder: $(Agent.TempDirectory)\T
- powershell: Get-ChildItem -Path "$(Agent.TempDirectory)\T" -Recurse
displayName: List Files for APIScan
- task: APIScan@2
displayName: Run APIScan
inputs:
softwareFolder: $(Agent.TempDirectory)\T
symbolsFolder: 'SRV*http://symweb;$(Agent.TempDirectory)\T'
softwareName: $(ApiScanSoftwareName)
softwareVersionNum: $(ApiScanSoftwareVersion)
toolVersion: Latest
env:
AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanMAUI1ESPTManagedId)
- task: SdtReport@2
displayName: Guardian Export - Security Report
inputs:
GdnExportAllTools: false
GdnExportGdnToolApiScan: true
GdnExportOutputSuppressionFile: apiscan.gdnsuppress
- task: PublishSecurityAnalysisLogs@3
displayName: Publish Guardian Artifacts
inputs:
ArtifactName: APIScan Logs
ArtifactType: Container
AllTools: false
APIScan: true
ToolLogsNotFoundAction: Warning
- task: PostAnalysis@2
displayName: Fail Build on Guardian Issues
inputs:
GdnBreakAllTools: false
GdnBreakGdnToolApiScan: true