diff --git a/azure-pipelines-pr.yml b/azure-pipelines-pr.yml new file mode 100644 index 0000000000..f8cf65dbfe --- /dev/null +++ b/azure-pipelines-pr.yml @@ -0,0 +1,214 @@ +trigger: + batch: true + branches: + include: + - stabilize + - main + - release/* + - internal/release/* + - feature/* + - legacy/* +pr: + branches: + include: + - stabilize + - main + - release/* + - feature/* + - legacy/* + +variables: + # Cannot use key:value syntax in root defined variables + - name: _TeamName + value: NETDevUX + - name: _PublishUsingPipelines + value: true + - name: Codeql.Enabled + value: true + - name: EnableReleaseOneLocBuild + value: false + - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: + - group: Templating-SDLValidation-Params + + - ${{ if ne(variables['System.TeamProject'], 'public') }}: + - group: DotNetBuilds storage account read tokens + - name: _InternalRuntimeDownloadArgs + value: /p:DotNetRuntimeSourceFeed=https://dotnetbuilds.blob.core.windows.net/internal + /p:DotNetRuntimeSourceFeedKey=$(dotnetbuilds-internal-container-read-token-base64) + - ${{ if eq(variables['System.TeamProject'], 'public') }}: + - name: _InternalRuntimeDownloadArgs + value: '' + - template: /eng/common/templates/variables/pool-providers.yml + +stages: +- stage: build + displayName: Build + jobs: + - ${{ if and( ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: + # The localization setup for main branch. Note difference in package ID. Should not be used with release/ branches. + - ${{ if eq(variables['Build.SourceBranch'], 'refs/heads/main') }}: + - template: /eng/common/templates/job/onelocbuild.yml + parameters: + MirrorRepo: templating + LclSource: lclFilesfromPackage + LclPackageId: 'LCL-JUNO-PROD-TMPLTNGMAIN' + MirrorBranch: 'main' + JobNameSuffix: '_main' + condition: eq(variables['Build.SourceBranch'], 'refs/heads/main') + - template: /eng/common/templates/jobs/jobs.yml + parameters: + enableMicrobuild: true + enablePublishBuildArtifacts: true + enablePublishTestResults: true + enablePublishBuildAssets: true + enablePublishUsingPipelines: ${{ variables._PublishUsingPipelines }} + enableSourceBuild: true + enableTelemetry: true + helixRepo: dotnet/templating + jobs: + - job: Windows_NT + timeoutInMinutes: 90 + pool: + ${{ if eq(variables['System.TeamProject'], 'public') }}: + name: $(DncEngPublicBuildPool) + vmImage: 1es-windows-2019-open + ${{ if eq(variables['System.TeamProject'], 'internal') }}: + name: $(DncEngInternalBuildPool) + demands: ImageOverride -equals windows.vs2019.amd64 + variables: + - _InternalBuildArgs: '' + + # Only enable publishing in non-public, non PR scenarios. + - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: + # DotNet-Symbol-Server-Pats provides: microsoft-symbol-server-pat, symweb-symbol-server-pat + # Publish-Build-Assets provides: MaestroAccessToken, BotAccount-dotnet-maestro-bot-PAT + - group: Publish-Build-Assets + - _InternalBuildArgs: /p:DotNetSignType=$(_SignType) /p:TeamName=$(_TeamName) + /p:DotNetPublishUsingPipelines=$(_PublishUsingPipelines) + /p:OfficialBuildId=$(BUILD.BUILDNUMBER) + + strategy: + matrix: + Build_Release: + _BuildConfig: Release + # PRs or external builds are not signed. + ${{ if or(eq(variables['System.TeamProject'], 'public'), in(variables['Build.Reason'], 'PullRequest')) }}: + _SignType: test + ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: + _SignType: real + ${{ if or(eq(variables['System.TeamProject'], 'public'), in(variables['Build.Reason'], 'PullRequest')) }}: + Build_Debug: + _BuildConfig: Debug + _SignType: test + + steps: + - checkout: self + clean: true + - ${{ if ne(variables['System.TeamProject'], 'public') }}: + - task: PowerShell@2 + displayName: Setup Private Feeds Credentials + inputs: + filePath: $(Build.SourcesDirectory)/eng/common/SetupNugetSources.ps1 + arguments: -ConfigFile $(Build.SourcesDirectory)/NuGet.config -Password $Env:Token + env: + Token: $(dn-bot-dnceng-artifact-feeds-rw) + # Use utility script to run script command dependent on agent OS. + - script: eng/common/cibuild.cmd + -configuration $(_BuildConfig) + -prepareMachine + -integrationTest + $(_InternalBuildArgs) + $(_InternalRuntimeDownloadArgs) + displayName: Windows Build / Publish + + - ${{ if or(eq(variables['System.TeamProject'], 'public'), in(variables['Build.Reason'], 'PullRequest')) }}: + - job: OSX + pool: + vmImage: 'macOS-latest' + strategy: + matrix: + debug_configuration: + _BuildConfig: Debug + _SignType: none + release_configuration: + _BuildConfig: Release + _SignType: none + steps: + - ${{ if ne(variables['System.TeamProject'], 'public') }}: + - task: Bash@3 + displayName: Setup Private Feeds Credentials + inputs: + filePath: $(Build.SourcesDirectory)/eng/common/SetupNugetSources.sh + arguments: $(Build.SourcesDirectory)/NuGet.config $Token + env: + Token: $(dn-bot-dnceng-artifact-feeds-rw) + - script: eng/common/cibuild.sh + --configuration $(_BuildConfig) + --prepareMachine + --integrationTest + $(_InternalRuntimeDownloadArgs) + name: Build + displayName: Build + + - ${{ if or(eq(variables['System.TeamProject'], 'public'), in(variables['Build.Reason'], 'PullRequest')) }}: + - job: Linux + pool: + ${{ if eq(variables['System.TeamProject'], 'public') }}: + vmImage: ubuntu-latest + ${{ if eq(variables['System.TeamProject'], 'internal') }}: + name: $(DncEngInternalBuildPool) + demands: ImageOverride -equals Build.Ubuntu.2204.Amd64 + strategy: + matrix: + debug_configuration: + _BuildConfig: Debug + _SignType: none + release_configuration: + _BuildConfig: Release + _SignType: none + steps: + - ${{ if ne(variables['System.TeamProject'], 'public') }}: + - task: Bash@3 + displayName: Setup Private Feeds Credentials + inputs: + filePath: $(Build.SourcesDirectory)/eng/common/SetupNugetSources.sh + arguments: $(Build.SourcesDirectory)/NuGet.config $Token + env: + Token: $(dn-bot-dnceng-artifact-feeds-rw) + - script: eng/common/cibuild.sh + --configuration $(_BuildConfig) + --prepareMachine + --integrationTest + $(_InternalRuntimeDownloadArgs) + name: Build + displayName: Build + condition: succeeded() + +- ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: + - template: eng\common\templates\post-build\post-build.yml + parameters: + publishingInfraVersion: 3 + # Symbol validation isn't being very reliable lately. This should be enabled back + # once this issue is resolved: https://github.com/dotnet/arcade/issues/2871 + enableSymbolValidation: false + # Sourcelink validation isn't passing for Arcade due to some regressions. This should be + # enabled back once this issue is resolved: https://github.com/dotnet/arcade/issues/2912 + enableSourceLinkValidation: false + publishDependsOn: + - Validate + # This is to enable SDL runs part of Post-Build Validation Stage + SDLValidationParameters: + enable: true + continueOnError: false + params: ' -SourceToolsList @("policheck","credscan") + -ArtifactToolsList @("binskim") + -BinskimAdditionalRunConfigParams @("IgnorePdbLoadError < True","Recurse < True") + -TsaInstanceURL $(_TsaInstanceURL) + -TsaProjectName $(_TsaProjectName) + -TsaNotificationEmail $(_TsaNotificationEmail) + -TsaCodebaseAdmin $(_TsaCodebaseAdmin) + -TsaBugAreaPath $(_TsaBugAreaPath) + -TsaIterationPath $(_TsaIterationPath) + -TsaRepositoryName $(_TsaRepsitoryName) + -TsaCodebaseName $(_TsaCodebaseName) + -TsaPublish $True'