From c8516bb78115e89f657b8f4578a4790f8c7f175a Mon Sep 17 00:00:00 2001 From: Philip Gichuhi Date: Wed, 9 Oct 2024 07:51:44 +0300 Subject: [PATCH] Use 1ES pipeline template for build pipeline --- .azure-pipelines/ci-build.yml | 145 +++++++++++++++++++--------------- 1 file changed, 82 insertions(+), 63 deletions(-) diff --git a/.azure-pipelines/ci-build.yml b/.azure-pipelines/ci-build.yml index 5ff37759cb..cf13425739 100644 --- a/.azure-pipelines/ci-build.yml +++ b/.azure-pipelines/ci-build.yml @@ -2,86 +2,105 @@ # Licensed under the MIT License. name: $(BuildDefinitionName)_$(SourceBranchName)_$(Date:yyyyMMdd)$(Rev:.r) parameters: - - name: BuildAgent - default: 1es-windows-ps-compute - displayName: Build Agent - - name: Test - type: boolean - default: true - - name: Pack - type: boolean - default: true - - name: Sign - type: boolean - default: true +- name: BuildAgent + default: 1es-windows-ps-compute + displayName: Build Agent +- name: Test + type: boolean + default: true +- name: Pack + type: boolean + default: true +- name: Sign + type: boolean + default: true variables: BuildAgent: ${{ parameters.BuildAgent }} GitUserEmail: "GraphTooling@service.microsoft.com" GitUserName: "Microsoft Graph DevX Tooling" -pool: $(BuildAgent) - trigger: branches: include: - - main - - dev + - main + - dev pr: branches: include: - - main - - dev - -jobs: - - job: MsGraphPsSdkCiBuild - displayName: Microsoft Graph PowerShell SDK CI Build - timeoutInMinutes: 840 - steps: - - script: | - git submodule update --init --recursive - - template: ./common-templates/install-tools.yml - - template: ./common-templates/security-pre-checks.yml - - - template: ./generation-templates/authentication-module.yml - parameters: - Test: ${{ parameters.Test }} - Pack: ${{ parameters.Pack }} - Sign: ${{ parameters.Sign }} + - main + - dev +resources: + repositories: + - repository: 1ESPipelineTemplates + type: git + name: 1ESPipelineTemplates/1ESPipelineTemplates + ref: refs/tags/release +extends: + template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates + parameters: + pool: $(BuildAgent) + sdl: + binskim: + enabled: false + justificationForDisabling: "Binskim keeps on crushing and failing the weekly build pipeline. Disabling it for now because we are unable to publish the artifacts to internal feeds." + credscan: + suppressionsFile: $(Build.SourcesDirectory)/.azure-pipelines/config/credscan/credscan-suppressions.json + policheck: + exclusionFile: $(Build.SourcesDirectory)/.azure-pipelines/config/policheck/policheck-exclusions.xml + customBuildTags: + - ES365AIMigrationTooling + stages: + - stage: stage + jobs: + - job: MsGraphPsSdkCiBuild + displayName: Microsoft Graph PowerShell SDK CI Build + timeoutInMinutes: 840 + templateContext: + outputs: + - ${{ if and(eq(parameters.Pack, true), eq(parameters.Sign, true)) }}: + - output: pipelineArtifact + displayName: 'Publish Module Artifacts' + targetPath: '$(Build.ArtifactStagingDirectory)' + artifactName: 'drop' + publishLocation: 'Container' + - ${{ if and(eq(parameters.Pack, true), eq(parameters.Sign, true)) }}: + - output: nuget + displayName: 'Publish NuGet to feed' + packageParentPath: '$(Build.ArtifactStagingDirectory)' + packagesToPush: $(Build.ArtifactStagingDirectory)/**/Microsoft.Graph.*.nupkg + publishVstsFeed: $(PROJECT_NAME)/$(FEED_NAME) + allowPackageConflicts: true + steps: + - script: | + git submodule update --init --recursive + - template: .azure-pipelines/common-templates/install-tools.yml@self + - template: .azure-pipelines/common-templates/security-pre-checks.yml@self + + - template: .azure-pipelines/generation-templates/authentication-module.yml@self + parameters: + Test: ${{ parameters.Test }} + Pack: ${{ parameters.Pack }} + Sign: ${{ parameters.Sign }} - - template: ./generation-templates/workload-modules.yml - parameters: - Test: ${{ parameters.Test }} - Pack: ${{ parameters.Pack }} - Sign: ${{ parameters.Sign }} + - template: .azure-pipelines/generation-templates/workload-modules.yml@self + parameters: + Test: ${{ parameters.Test }} + Pack: ${{ parameters.Pack }} + Sign: ${{ parameters.Sign }} - - template: ./generation-templates/meta-module.yml - parameters: - Test: ${{ parameters.Test }} - Pack: ${{ parameters.Pack }} - Sign: ${{ parameters.Sign }} + - template: .azure-pipelines/generation-templates/meta-module.yml@self + parameters: + Test: ${{ parameters.Test }} + Pack: ${{ parameters.Pack }} + Sign: ${{ parameters.Sign }} - - template: ./common-templates/guardian-analyzer.yml + - template: .azure-pipelines/common-templates/guardian-analyzer.yml@self - - ${{ if and(eq(parameters.Pack, true), eq(parameters.Sign, true)) }}: - - template: ./common-templates/esrp/codesign-nuget.yml + - ${{ if and(eq(parameters.Pack, true), eq(parameters.Sign, true)) }}: + - template: .azure-pipelines/common-templates/esrp/codesign-nuget.yml@self parameters: FolderPath: "$(Build.ArtifactStagingDirectory)" Pattern: "Microsoft.Graph*.nupkg" - - task: PublishBuildArtifacts@1 - displayName: Publish Module Artifacts - inputs: - PathtoPublish: "$(Build.ArtifactStagingDirectory)" - ArtifactName: "drop" - publishLocation: "Container" - - - task: NuGetCommand@2 - displayName: Publish NuGet to feed - inputs: - command: push - packagesToPush: $(Build.ArtifactStagingDirectory)/**/Microsoft.Graph.*.nupkg - publishVstsFeed: $(PROJECT_NAME)/$(FEED_NAME) - allowPackageConflicts: true - - - template: ./common-templates/security-post-checks.yml + - template: .azure-pipelines/common-templates/security-post-checks.yml@self \ No newline at end of file