diff --git a/.devops/CredScanSuppressions.json b/.devops/CredScanSuppressions.json new file mode 100644 index 00000000000000..9af57020c37196 --- /dev/null +++ b/.devops/CredScanSuppressions.json @@ -0,0 +1,37 @@ +{ + "tool": "Credential Scanner", + "suppressions": [ + { + "file": ".git/config", + "_justification": "Standard token for CI pipeline" + }, + { + "file": "node_modules/node-ipc/local-node-ipc-certs/private/oldclient.key", + "_justification": "External dependency node-ipc, not shipping these files" + }, + { + "file": "node_modules/node-ipc/local-node-ipc-certs/private/server.key", + "_justification": "External dependency node-ipc, not shipping these files" + }, + { + "file": "node_modules/node-ipc/local-node-ipc-certs/private/oldserver.key", + "_justification": "External dependency node-ipc, not shipping these files" + }, + { + "file": "node_modules/node-ipc/local-node-ipc-certs/private/client.key", + "_justification": "External dependency node-ipc, not shipping these files" + }, + { + "file": "node_modules/danger/node_modules/agent-base/test/ssl-cert-snakeoil.key", + "_justification": "External dependency danger has dependency agent-base with test certs, not shipping these files" + }, + { + "file": "node_modules/danger/node_modules/http-proxy-agent/test/ssl-cert-snakeoil.key", + "_justification": "External dependency danger has dependency http-proxy-agent with test certs, not shipping these files" + }, + { + "file": "node_modules/rollup-plugin-filesize/node_modules/node-gyp/test/fixtures/server.key", + "_justification": "External dependency rollup-plugin-filesize has dependency node-gyp with test certs, not shipping these files" + } + ] +} diff --git a/.devops/templates/build-test-lint.yml b/.devops/templates/build-test-lint.yml new file mode 100644 index 00000000000000..4a1e816b292c39 --- /dev/null +++ b/.devops/templates/build-test-lint.yml @@ -0,0 +1,48 @@ +steps: + - template: tools.yml + + - task: Bash@3 + inputs: + filePath: yarn-ci.sh + displayName: yarn (install packages) + + - script: | + yarn nx run @fluentui/workspace-plugin:check-graph + yarn nx g @fluentui/workspace-plugin:tsconfig-base-all --verify + yarn nx g @fluentui/workspace-plugin:normalize-package-dependencies --verify + + displayName: Workspace lint + + - script: | + # @fluentui/api-docs is used within apps/public-docsite-resources/just.config.ts, thus it needs to be build in advance + yarn workspace @fluentui/api-docs build + # @fluentui/digest is used within packages/fluentui/perf-test-northstar/just.config.ts, thus it needs to be build in advance + yarn workspace @fluentui/digest build + yarn tsc -p ./tsconfig.json + displayName: Type-check just.config.ts files + + - script: | + yarn check:installed-dependencies-versions + displayName: 'check packages: installed dependencies versions' + + - script: | + if [[ -n "$(targetBranch)" ]]; then + yarn format --since $(targetBranch) --check + else + yarn format --all --check + fi + displayName: check formatting + + ## Danger.js checks for Fluent UI N* + - script: | + DANGER_DISABLE_TRANSPILATION="true" yarn danger ci + displayName: danger + condition: eq(variables.isPR, true) + env: + DANGER_GITHUB_API_TOKEN: $(DANGER_GITHUB_API_TOKEN) + + - script: | + yarn buildci $(sinceArg) + displayName: build, test, lint, test-ssr + + - template: cleanup.yml diff --git a/.devops/templates/compliance-job.yml b/.devops/templates/compliance-job.yml deleted file mode 100644 index ad5838dc9b94a9..00000000000000 --- a/.devops/templates/compliance-job.yml +++ /dev/null @@ -1,50 +0,0 @@ -# These steps have to run on a windows machine, -# and therefore unfortunately can't be integrated in the regular steps - -jobs: - - job: compliance - displayName: Compliance checks - pool: uifabric-windows-2019-small - steps: - - task: UseDotNet@2 - condition: succeededOrFailed() - displayName: 'Use .NET Core sdk 3.x' - inputs: - version: 3.x - steps: - - - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3 - condition: succeededOrFailed() - displayName: '🧭 Run Credential Scanner' - inputs: - debugMode: false - - - task: securedevelopmentteam.vss-secure-development-tools.build-task-eslint.ESLint@1 - condition: succeededOrFailed() - displayName: '🧭 Run ESLint' - - - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@3 - displayName: '🧭 Publish Guardian Artifacts - All Tools' - inputs: - ArtifactType: M365 - condition: succeededOrFailed() - - - task: AssetRetention@3 - displayName: 🧭 Arrow Retention - inputs: - ArrowServiceConnection: 'Arrow_uifabric_uifabric_PROD' - AssetGroupName: '$(System.TeamProject)_$(Build.DefinitionName)' - AssetNumber: '$(Build.BuildId)' - IsShipped: false - DropsToRetain: 'CodeAnalysisLogs' - condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/master')) - - - task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2 - displayName: '🧭 Guardian Break' - inputs: - GdnBreakPolicyMinSev: Warning - GdnBreakAllTools: true - GdnBreakGdnToolESLint: true - GdnBreakGdnToolESLintSeverity: Warning - GdnBreakPolicy: M365 - condition: succeededOrFailed() diff --git a/.devops/templates/deployE2E.yml b/.devops/templates/deployE2E.yml new file mode 100644 index 00000000000000..19d4a1a605630c --- /dev/null +++ b/.devops/templates/deployE2E.yml @@ -0,0 +1,46 @@ +steps: + - template: tools.yml + + - task: Bash@3 + inputs: + filePath: yarn-ci.sh + displayName: yarn + + # this also builds FUI N* docs if appropriate + - script: | + yarn bundle $(sinceArg) + displayName: bundle + + - script: | + yarn lage build-storybook --verbose $(sinceArg) + displayName: build Storybooks + + ## This runs regardless of scope, the app will adapt to the scope as well + - script: | + yarn workspace @fluentui/pr-deploy-site generate:site + displayName: generate PR Deploy Site + + - task: AzureUpload@2 + displayName: Upload PR deploy site + inputs: + azureSubscription: $(azureSubscription) + BlobPrefix: $(deployBasePath) + ContainerName: '$web' + SourcePath: 'apps/pr-deploy-site/dist' + storage: $(azureStorage) + + - task: GithubPRStatus@0 + displayName: 'Update PR deploy site github status' + inputs: + githubOwner: microsoft + githubRepo: fluentui + githubContext: 'Pull request demo site' + githubDescription: 'Click "Details" to go to the deployed demo site for this pull request' + # This MUST have a trailing slash, or the links to PR deploy site assets won't work + githubTargetLink: $(deployUrl)/ + + - script: | + yarn e2e $(sinceArg) + displayName: Cypress E2E tests + + - template: cleanup.yml diff --git a/azure-pipelines-ci.yml b/azure-pipelines-ci.yml new file mode 100644 index 00000000000000..976622f1e697cd --- /dev/null +++ b/azure-pipelines-ci.yml @@ -0,0 +1,62 @@ +pr: none + +trigger: none + +variables: + - ${{ if not(startsWith(variables['Build.SourceBranch'], 'refs/heads/')) }}: + - name: sinceArg + value: --since $(targetBranch) + + - group: fabric-variables + + - template: .devops/templates/variables.yml + +resources: + repositories: + - repository: 1esPipelines + type: git + name: 1ESPipelineTemplates/1ESPipelineTemplates + ref: refs/tags/release + +extends: + template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines + parameters: + pool: + name: Azure-Pipelines-1ESPT-ExDShared + image: windows-latest + os: windows # We need windows because compliance task only run on windows. + customBuildTags: null # send empty tags since it is not supported on GH repo's for PR's + customLogIssues: null # send empty tags since it is not supported on GH repo's for PR's + stages: + - stage: main + jobs: + - job: BuildTestLint + pool: + name: '1ES-Host-Ubuntu' + image: '1ES-PT-Ubuntu-20.04' + os: linux + workspace: + clean: all + steps: + - template: .devops/templates/build-test-lint.yml@self + + - job: DeployE2E + displayName: Deploy and E2E + workspace: + clean: all + pool: + name: '1ES-Host-Ubuntu' + image: '1ES-PT-Ubuntu-20.04' + os: linux + templateContext: + outputs: + - output: pipelineArtifact + targetPath: $(System.DefaultWorkingDirectory)/apps/pr-deploy-site/dist + artifactName: web + steps: + - template: .devops/templates/deployE2E.yml@self + + # False positive AV. Wi'l follow up with AV owners. For now to get compliant deleting file before. + - script: | + rm apps/pr-deploy-site/dist/public-docsite-v9/storybook/407.13419a99614bf685f100.manager.bundle.js + displayName: 'Remove false positive file' diff --git a/azure-pipelines-pr.yml b/azure-pipelines-pr.yml new file mode 100644 index 00000000000000..50459ff3ee73f5 --- /dev/null +++ b/azure-pipelines-pr.yml @@ -0,0 +1,31 @@ +pr: + - master + +# There's a separate pipeline for CI which also uses this file, but with a trigger override in the UI +# https://dev.azure.com/uifabric/fabricpublic/_apps/hub/ms.vss-ciworkflow.build-ci-hub?_a=edit-build-definition&id=164&view=Tab_Triggers +trigger: none + +variables: + - ${{ if not(startsWith(variables['Build.SourceBranch'], 'refs/heads/')) }}: + - name: sinceArg + value: --since $(targetBranch) + + - group: fabric-variables + + - template: .devops/templates/variables.yml + +pool: '1ES-Host-Ubuntu' + +jobs: + - job: BuildTestLint + workspace: + clean: all + steps: + - template: .devops/templates/build-test-lint.yml + + - job: DeployE2E + displayName: Deploy and E2E + workspace: + clean: all + steps: + - template: .devops/templates/deployE2E.yml diff --git a/azure-pipelines.hotfix.yml b/azure-pipelines.hotfix.yml index 464b614ba3f89d..c0814563af48ce 100644 --- a/azure-pipelines.hotfix.yml +++ b/azure-pipelines.hotfix.yml @@ -11,68 +11,78 @@ parameters: variables: - template: .devops/templates/variables.yml - - group: InfoSec-SecurityResults - name: tags value: production,externalfacing -jobs: - - template: .devops/templates/compliance-job.yml - - - job: Release - dependsOn: Compliance - pool: '1ES-Host-Ubuntu' - workspace: - clean: all - steps: - - template: .devops/templates/tools.yml - - - script: | - node -e "if('$(targetNpmVersion)' === '') throw new Error('targetNpmVersion is not specified');" - displayName: 'Checking for targetNpmVersion variable' - - - script: | - npm install semver - node -e "let semver = require('semver');if(semver.valid('$(targetNpmVersion)') === null){ throw new Error('Invalid version specified'); }" - displayName: 'Check targetNpmVersion is valid semver' - - - task: Bash@3 - inputs: - filePath: yarn-ci.sh - displayName: yarn - - - script: | - npm version $(targetNpmVersion) - workingDirectory: 'packages/react' - displayName: 'Manually set package version' - - - script: | - yarn buildto @fluentui/react --production - displayName: yarn build to FUIR (Create production build) - - - script: yarn workspace @fluentui/react bundle --production - displayName: yarn bundle FUIR - - - script: | - npm pack - displayName: 'Create tarball' - workingDirectory: 'packages/react' - - - ${{ if ne(parameters.isTestRun, true) }}: - - script: | - npm publish packages/react/react-$(targetNpmVersion).tgz --tag hf8 --//registry.npmjs.org/:_authToken=$(npmToken) - displayName: Publish new version - - - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0 - displayName: 📒 Generate Manifest - inputs: - BuildDropPath: $(System.DefaultWorkingDirectory) - - - task: PublishPipelineArtifact@1 - displayName: 📒 Publish Manifest - inputs: - artifactName: SBom-$(System.JobAttempt) - targetPath: $(System.DefaultWorkingDirectory)/_manifest - - - template: .devops/templates/cleanup.yml - parameters: - checkForModifiedFiles: false +resources: + repositories: + - repository: 1esPipelines + type: git + name: 1ESPipelineTemplates/1ESPipelineTemplates + ref: refs/tags/release + +extends: + template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines + parameters: + pool: + name: Azure-Pipelines-1ESPT-ExDShared + image: windows-latest + os: windows # We need windows because compliance task only run on windows. + stages: + - stage: main + jobs: + - job: Release + dependsOn: Compliance + pool: + name: '1ES-Host-Ubuntu' + image: '1ES-PT-Ubuntu-20.04' + os: linux + workspace: + clean: all + templateContext: + outputs: + - output: pipelineArtifact + targetPath: $(System.DefaultWorkingDirectory) + artifactName: output + steps: + - template: .devops/templates/tools.yml@self + + - script: | + node -e "if('$(targetNpmVersion)' === '') throw new Error('targetNpmVersion is not specified');" + displayName: 'Checking for targetNpmVersion variable' + + - script: | + npm install semver + node -e "let semver = require('semver');if(semver.valid('$(targetNpmVersion)') === null){ throw new Error('Invalid version specified'); }" + displayName: 'Check targetNpmVersion is valid semver' + + - task: Bash@3 + inputs: + filePath: yarn-ci.sh + displayName: yarn + + - script: | + npm version $(targetNpmVersion) + workingDirectory: 'packages/react' + displayName: 'Manually set package version' + + - script: | + yarn buildto @fluentui/react --production + displayName: yarn build to FUIR (Create production build) + + - script: yarn workspace @fluentui/react bundle --production + displayName: yarn bundle FUIR + + - script: | + npm pack + displayName: 'Create tarball' + workingDirectory: 'packages/react' + + - ${{ if ne(parameters.isTestRun, true) }}: + - script: | + npm publish packages/react/react-$(targetNpmVersion).tgz --tag hf8 --//registry.npmjs.org/:_authToken=$(npmToken) + displayName: Publish new version + + - template: .devops/templates/cleanup.yml@self + parameters: + checkForModifiedFiles: false diff --git a/azure-pipelines.release-fluentui.yml b/azure-pipelines.release-fluentui.yml index 0347f224c19c26..7cdbf4052ef663 100644 --- a/azure-pipelines.release-fluentui.yml +++ b/azure-pipelines.release-fluentui.yml @@ -18,11 +18,15 @@ resources: - repository: self type: git ref: master + - repository: 1esPipelines + type: git + name: 1ESPipelineTemplates/1ESPipelineTemplates + ref: refs/tags/release variables: # below are variables that cannot be configured at queue time - group: 'Github and NPM secrets' - - template: .devops/templates/variables.yml + - template: .devops/templates/variables.yml@self parameters: deployBasePath: 0.0.0-nightly - name: docsiteVersion # used by docsite @@ -31,7 +35,6 @@ variables: value: true - name: nightlyReleaseDate # used by nightly built docsite to setup codesandbox correctly value: empty - - group: InfoSec-SecurityResults - name: tags value: production,externalfacing @@ -43,189 +46,191 @@ variables: # - name: releaseVersion # version to publish to npm; only make sense when publishOfficial=true # value: canary # value can only be canary/patch/minor -jobs: - - template: .devops/templates/compliance-job.yml - - - job: Job_build_publish - dependsOn: Compliance - pool: '1ES-Host-Ubuntu' - workspace: - clean: all - displayName: Build and Release Fluent Packages - # skip this job if publishDocsiteOnly is true - condition: and(succeeded(), eq(variables.publishDocsiteOnly, false)) - - steps: - - template: .devops/templates/tools.yml - - - script: | - git config user.name "Fluent UI Build" - git config user.email "fluentui-internal@service.microsoft.com" - git remote set-url origin https://$(githubUser):$(githubPAT)@github.com/microsoft/fluentui.git - displayName: Authenticate git for pushes - - - task: CmdLine@2 - displayName: Checkout branch for version pushes - condition: and(succeeded(), eq(variables.publishOfficial, true)) - inputs: - script: | - BRANCH_NAME=`echo $(Build.SourceBranch) | sed "s/refs\/heads\///"` - git checkout $BRANCH_NAME - git pull - - - task: Bash@3 - inputs: - filePath: yarn-ci.sh - displayName: yarn - - - task: CmdLine@2 - displayName: yarn buildci - inputs: - script: yarn buildci - - - task: CmdLine@2 - displayName: '[Nightly] Pack fluentui packages to ArtifactStagingDirectory' - condition: and(succeeded(), eq(variables.publishOfficial, false)) - inputs: - script: | - today=`date +%Y-%m-%d` - echo date today $today - echo "##vso[task.setvariable variable=date]$today" - yarn release:fluentui:pack-nightly - - - task: AzureUpload@2 - displayName: '[Nightly] Upload tarballs' - condition: and(succeeded(), eq(variables.publishOfficial, false)) - inputs: - SourcePath: $(Build.ArtifactStagingDirectory) - azureSubscription: 'UI Fabric (private)' - storage: fluentsite - ContainerName: nightly-builds - BlobPrefix: $(date) # upload tarballs to folder named by today's date - Gzip: true - - - task: CmdLine@2 - displayName: '[NPM] Publish to NPM' - condition: and(succeeded(), eq(variables.publishOfficial, true)) - timeoutInMinutes: 2 - inputs: - script: | - yarn logout - - NPM_TOKEN=$(npmToken) - - touch packages/fluentui/.npmrc - - echo "@fluentui:registry=https://registry.npmjs.org/" > packages/fluentui/.npmrc - echo "registry=https://registry.npmjs.org/" >> packages/fluentui/.npmrc - echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" >> packages/fluentui/.npmrc - - yarn release:fluentui:$(releaseVersion) --yes - - yarn release:fluentui:post-validation - - - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0 - displayName: 📒 Generate Manifest - inputs: - BuildDropPath: $(System.DefaultWorkingDirectory) - - - task: PublishPipelineArtifact@1 - displayName: 📒 Publish Manifest - inputs: - artifactName: SBom-Build-$(System.JobAttempt) - targetPath: $(System.DefaultWorkingDirectory)/_manifest - - - template: .devops/templates/cleanup.yml - - - job: Job_build_publish_doc - workspace: - clean: all - displayName: Build and Publish Docsite - dependsOn: Job_build_publish - # run this job when the previous job is succeeded or when publishDocsiteOnly is true - condition: or(succeeded(), eq(variables.publishDocsiteOnly, true)) - - steps: - - template: .devops/templates/tools.yml - - - task: CmdLine@2 - displayName: Checkout branch for pull - condition: and(succeeded(), eq(variables.publishOfficial, true)) - inputs: - script: | - BRANCH_NAME=`echo $(Build.SourceBranch) | sed "s/refs\/heads\///"` - git checkout $BRANCH_NAME - git pull - - - task: Bash@3 - displayName: Yarn - inputs: - filePath: yarn-ci.sh - - - task: CmdLine@2 - displayName: 'Set nightlyReleaseDate' - condition: and(succeeded(), eq(variables.publishOfficial, false)) - inputs: - script: | - today=`date +%Y-%m-%d` - echo date today $today - echo "##vso[task.setvariable variable=nightlyReleaseDate]$today" - - - task: CmdLine@2 - displayName: 'Set base path and version' - condition: and(succeeded(), eq(variables.publishOfficial, true), ne(variables.releaseVersion, 'canary')) - inputs: - script: | - ver=`node -p "require('./packages/fluentui/react-northstar/package.json').version"` - echo "Docsite base path published for version $ver" - echo "##vso[task.setvariable variable=deployBasePath]$ver" - echo "##vso[task.setvariable variable=docsiteVersion]$ver" - echo "##vso[task.setvariable variable=nightlyReleaseDate]" - - - task: CmdLine@2 - displayName: 'Set base path and version for canary' - condition: and(succeeded(), eq(variables.publishOfficial, true), eq(variables.releaseVersion, 'canary')) - inputs: - script: | - ver=`node -p "require('./packages/fluentui/lerna.json').version"` - echo "Docsite base path published for version $ver" - echo "##vso[task.setvariable variable=deployBasePath]$ver" - echo "##vso[task.setvariable variable=docsiteVersion]$ver" - echo "##vso[task.setvariable variable=nightlyReleaseDate]" - - - task: CmdLine@2 - displayName: Build - inputs: - script: | - echo deployBasePath $(deployBasePath) docsiteVersion $(docsiteVersion) nightlyReleaseDate $(nightlyReleaseDate) - NODE_ENV=production yarn build:fluentui:docs - - - task: AzureUpload@2 - displayName: Upload to Azure - inputs: - SourcePath: packages/fluentui/docs/dist - azureSubscription: 'Azure - fluentsite storage' - storage: fluentsite - ContainerName: $web - BlobPrefix: $(deployBasePath) - Gzip: true - - - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0 - displayName: 📒 Generate Manifest Docsite - inputs: - BuildDropPath: $(System.DefaultWorkingDirectory) - - # Publish the manifest to a separate artifact to avoid hosting the _manifest files on the website - - task: PublishPipelineArtifact@1 - displayName: 📒 Publish Manifest DocSite - inputs: - artifactName: SBom-DocSite-$(System.JobAttempt) - targetPath: $(System.DefaultWorkingDirectory)/_manifest - - - task: PublishPipelineArtifact@1 - displayName: Publish Docsite as Pipeline Artifact - inputs: - path: packages/fluentui/docs/dist - artifactName: docsite_v$(docsiteVersion) - - - template: .devops/templates/cleanup.yml +extends: + template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines + parameters: + pool: + name: Azure-Pipelines-1ESPT-ExDShared + image: windows-latest + os: windows # We need windows because compliance task only run on windows. + stages: + - stage: main + jobs: + - job: Job_build_publish + pool: + name: '1ES-Host-Ubuntu' + image: '1ES-PT-Ubuntu-20.04' + os: linux + workspace: + clean: all + displayName: Build and Release Fluent Packages + # skip this job if publishDocsiteOnly is true + condition: and(succeeded(), eq(variables.publishDocsiteOnly, false)) + + steps: + - template: .devops/templates/tools.yml@self + + - script: | + git config user.name "Fluent UI Build" + git config user.email "fluentui-internal@service.microsoft.com" + git remote set-url origin https://$(githubUser):$(githubPAT)@github.com/microsoft/fluentui.git + displayName: Authenticate git for pushes + + - task: CmdLine@2 + displayName: Checkout branch for version pushes + condition: and(succeeded(), eq(variables.publishOfficial, true)) + inputs: + script: | + BRANCH_NAME=`echo $(Build.SourceBranch) | sed "s/refs\/heads\///"` + git checkout $BRANCH_NAME + git pull + + - task: Bash@3 + inputs: + filePath: yarn-ci.sh + displayName: yarn + + - task: CmdLine@2 + displayName: yarn buildci + inputs: + script: yarn buildci + + - task: CmdLine@2 + displayName: '[Nightly] Pack fluentui packages to ArtifactStagingDirectory' + condition: and(succeeded(), eq(variables.publishOfficial, false)) + inputs: + script: | + today=`date +%Y-%m-%d` + echo date today $today + echo "##vso[task.setvariable variable=date]$today" + yarn release:fluentui:pack-nightly + + - task: AzureUpload@2 + displayName: '[Nightly] Upload tarballs' + condition: and(succeeded(), eq(variables.publishOfficial, false)) + inputs: + SourcePath: $(Build.ArtifactStagingDirectory) + azureSubscription: 'UI Fabric (private)' + storage: fluentsite + ContainerName: nightly-builds + BlobPrefix: $(date) # upload tarballs to folder named by today's date + Gzip: true + + - task: CmdLine@2 + displayName: '[NPM] Publish to NPM' + condition: and(succeeded(), eq(variables.publishOfficial, true)) + timeoutInMinutes: 2 + inputs: + script: | + yarn logout + + NPM_TOKEN=$(npmToken) + + touch packages/fluentui/.npmrc + + echo "@fluentui:registry=https://registry.npmjs.org/" > packages/fluentui/.npmrc + echo "registry=https://registry.npmjs.org/" >> packages/fluentui/.npmrc + echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" >> packages/fluentui/.npmrc + + yarn release:fluentui:$(releaseVersion) --yes + + yarn release:fluentui:post-validation + + - template: .devops/templates/cleanup.yml@self + + - job: Job_build_publish_doc + workspace: + clean: all + displayName: Build and Publish Docsite + dependsOn: Job_build_publish + pool: + name: '1ES-Host-Ubuntu' + image: '1ES-PT-Ubuntu-20.04' + os: linux + # run this job when the previous job is succeeded or when publishDocsiteOnly is true + condition: or(succeeded(), eq(variables.publishDocsiteOnly, true)) + + steps: + - template: .devops/templates/tools.yml@self + + - task: CmdLine@2 + displayName: Checkout branch for pull + condition: and(succeeded(), eq(variables.publishOfficial, true)) + inputs: + script: | + BRANCH_NAME=`echo $(Build.SourceBranch) | sed "s/refs\/heads\///"` + git checkout $BRANCH_NAME + git pull + + - task: Bash@3 + displayName: Yarn + inputs: + filePath: yarn-ci.sh + + - task: CmdLine@2 + displayName: 'Set nightlyReleaseDate' + condition: and(succeeded(), eq(variables.publishOfficial, false)) + inputs: + script: | + today=`date +%Y-%m-%d` + echo date today $today + echo "##vso[task.setvariable variable=nightlyReleaseDate]$today" + + - task: CmdLine@2 + displayName: 'Set base path and version' + condition: and(succeeded(), eq(variables.publishOfficial, true), ne(variables.releaseVersion, 'canary')) + inputs: + script: | + ver=`node -p "require('./packages/fluentui/react-northstar/package.json').version"` + echo "Docsite base path published for version $ver" + echo "##vso[task.setvariable variable=deployBasePath]$ver" + echo "##vso[task.setvariable variable=docsiteVersion]$ver" + echo "##vso[task.setvariable variable=nightlyReleaseDate]" + + - task: CmdLine@2 + displayName: 'Set base path and version for canary' + condition: and(succeeded(), eq(variables.publishOfficial, true), eq(variables.releaseVersion, 'canary')) + inputs: + script: | + ver=`node -p "require('./packages/fluentui/lerna.json').version"` + echo "Docsite base path published for version $ver" + echo "##vso[task.setvariable variable=deployBasePath]$ver" + echo "##vso[task.setvariable variable=docsiteVersion]$ver" + echo "##vso[task.setvariable variable=nightlyReleaseDate]" + + - task: CmdLine@2 + displayName: Build + inputs: + script: | + echo deployBasePath $(deployBasePath) docsiteVersion $(docsiteVersion) nightlyReleaseDate $(nightlyReleaseDate) + NODE_ENV=production yarn build:fluentui:docs + + - task: AzureUpload@2 + displayName: Upload to Azure + inputs: + SourcePath: packages/fluentui/docs/dist + azureSubscription: 'Azure - fluentsite storage' + storage: fluentsite + ContainerName: $web + BlobPrefix: $(deployBasePath) + Gzip: true + + - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0 + displayName: 📒 Generate Manifest Docsite + inputs: + BuildDropPath: $(System.DefaultWorkingDirectory) + + # Publish the manifest to a separate artifact to avoid hosting the _manifest files on the website + - task: PublishPipelineArtifact@1 + displayName: 📒 Publish Manifest DocSite + inputs: + artifactName: SBom-DocSite-$(System.JobAttempt) + targetPath: $(System.DefaultWorkingDirectory)/_manifest + + - task: PublishPipelineArtifact@1 + displayName: Publish Docsite as Pipeline Artifact + inputs: + path: packages/fluentui/docs/dist + artifactName: docsite_v$(docsiteVersion) + + - template: .devops/templates/cleanup.yml@self diff --git a/azure-pipelines.release-vnext-nightly.yml b/azure-pipelines.release-vnext-nightly.yml index 580b676bc983c7..9d4a074013a1c8 100644 --- a/azure-pipelines.release-vnext-nightly.yml +++ b/azure-pipelines.release-vnext-nightly.yml @@ -12,7 +12,6 @@ variables: skipComponentGovernanceDetection: false - name: release.vnext # Used to scope beachball to release only vnext packages value: true - - group: InfoSec-SecurityResults - name: tags value: production,externalfacing @@ -26,80 +25,82 @@ schedules: include: - master -jobs: - - template: .devops/templates/compliance-job.yml - - - job: Release - dependsOn: Compliance - pool: '1ES-Host-Ubuntu' - workspace: - clean: all - steps: - - template: .devops/templates/tools.yml - - - script: | - git config user.name "Fluent UI Build" - git config user.email "fluentui-internal@service.microsoft.com" - displayName: Configure git user (used by beachball) - - - task: Bash@3 - inputs: - filePath: yarn-ci.sh - displayName: yarn - - # Deletes all existing changefiles so that only bump that happens is for nightly - - script: | - rm -f change/* - displayName: 'Delete existing changefiles' - - # Bumps all v9 packages to a x.x.x-nightly.commitSha version and checks in change files - - script: | - date=$(date +"%Y%m%d-%H%M") - #release version name will follow a 0.0.0-nightly-{year}{month}{day}-{hour}{minute} format. - yarn nx g @fluentui/workspace-plugin:version-bump --all --bumpType nightly --prereleaseTag "nightly-${date}" - git add . - git commit -m "bump nightly versions" - yarn change --type prerelease --message "Release nightly v9" --dependent-change-type "prerelease" - displayName: 'Bump and commit nightly versions' - - # --only makes it only run tests (otherwise due to the missing --production arg, lage would re-run the build) - # https://github.com/microsoft/fluentui/issues/21686 - - script: | - yarn lage test --to @fluentui/react-components - displayName: yarn test - - - script: | - yarn lage lint --to @fluentui/react-components - displayName: yarn lint - - - script: | - yarn lage build --to @fluentui/react-components - displayName: yarn build - - - script: | - yarn publish:beachball -n $(npmToken) --no-push --tag nightly --config scripts/beachball/release-vNext.config.js - git reset --hard origin/master - displayName: Publish changes and bump versions - - - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0 - displayName: 📒 Generate Manifest - inputs: - BuildDropPath: $(System.DefaultWorkingDirectory) - - - task: PublishPipelineArtifact@1 - displayName: 📒 Publish Manifest - inputs: - artifactName: SBom-$(System.JobAttempt) - targetPath: $(System.DefaultWorkingDirectory)/_manifest - - - task: ComponentGovernanceComponentDetection@0 - displayName: 'Component governance detection' - inputs: - sourceScanPath: $(Agent.BuildDirectory) - condition: succeeded() - timeoutInMinutes: 5 - continueOnError: true - - - template: .devops/templates/cleanup.yml - parameters: - checkForModifiedFiles: false +resources: + repositories: + - repository: 1esPipelines + type: git + name: 1ESPipelineTemplates/1ESPipelineTemplates + ref: refs/tags/release + +extends: + template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines + parameters: + pool: + name: Azure-Pipelines-1ESPT-ExDShared + image: windows-latest + os: windows # We need windows because compliance task only run on windows. + stages: + - stage: main + jobs: + - job: Release + pool: + name: '1ES-Host-Ubuntu' + image: '1ES-PT-Ubuntu-20.04' + os: linux + workspace: + clean: all + templateContext: + outputs: + - output: pipelineArtifact + targetPath: $(System.DefaultWorkingDirectory) + artifactName: output + steps: + - template: .devops/templates/tools.yml@self + + - script: | + git config user.name "Fluent UI Build" + git config user.email "fluentui-internal@service.microsoft.com" + displayName: Configure git user (used by beachball) + + - task: Bash@3 + inputs: + filePath: yarn-ci.sh + displayName: yarn + + # Deletes all existing changefiles so that only bump that happens is for nightly + - script: | + rm -f change/* + displayName: 'Delete existing changefiles' + + # Bumps all v9 packages to a x.x.x-nightly.commitSha version and checks in change files + - script: | + date=$(date +"%Y%m%d-%H%M") + #release version name will follow a 0.0.0-nightly-{year}{month}{day}-{hour}{minute} format. + yarn nx g @fluentui/workspace-plugin:version-bump --all --bumpType nightly --prereleaseTag "nightly-${date}" + git add . + git commit -m "bump nightly versions" + yarn change --type prerelease --message "Release nightly v9" --dependent-change-type "prerelease" + displayName: 'Bump and commit nightly versions' + + # --only makes it only run tests (otherwise due to the missing --production arg, lage would re-run the build) + # https://github.com/microsoft/fluentui/issues/21686 + - script: | + yarn lage test --to @fluentui/react-components + displayName: yarn test + + - script: | + yarn lage lint --to @fluentui/react-components + displayName: yarn lint + + - script: | + yarn lage build --to @fluentui/react-components + displayName: yarn build + + - script: | + yarn publish:beachball -n $(npmToken) --no-push --tag nightly --config scripts/beachball/release-vNext.config.js + git reset --hard origin/master + displayName: Publish changes and bump versions + + - template: .devops/templates/cleanup.yml@self + parameters: + checkForModifiedFiles: false diff --git a/azure-pipelines.release-vnext.yml b/azure-pipelines.release-vnext.yml index 5d98caa2d80145..014cf998f57196 100644 --- a/azure-pipelines.release-vnext.yml +++ b/azure-pipelines.release-vnext.yml @@ -12,7 +12,6 @@ variables: skipComponentGovernanceDetection: false - name: release.vnext # Used to scope beachball to release only vnext packages value: true - - group: InfoSec-SecurityResults - name: tags value: production,externalfacing @@ -27,85 +26,88 @@ variables: # include: # - master -jobs: - - template: .devops/templates/compliance-job.yml - - - job: Release - dependsOn: Compliance - pool: '1ES-Host-Ubuntu' - workspace: - clean: all - steps: - - template: .devops/templates/tools.yml - - - script: | - git config user.name "Fluent UI Build" - git config user.email "fluentui-internal@service.microsoft.com" - git remote set-url origin https://$(githubUser):$(githubPAT)@github.com/microsoft/fluentui.git - displayName: Authenticate git for pushes - - - task: Bash@3 - inputs: - filePath: yarn-ci.sh - displayName: yarn - - # --only makes it only run tests (otherwise due to the missing --production arg, lage would re-run the build) - # https://github.com/microsoft/fluentui/issues/21686 - - script: | - yarn run:published test - displayName: yarn test - - - script: | - yarn run:published lint - displayName: yarn lint - - - script: | - yarn run:published build --production - displayName: yarn build - - - script: | - yarn publish:beachball -n $(npmToken) --config scripts/beachball/release-vNext.config.js - git reset --hard origin/master - env: - GITHUB_PAT: $(githubPAT) - displayName: Publish changes and bump versions - - - script: | - node -r ./scripts/ts-node/register scripts/executors/tag-react-components.ts --token $(npmToken) - displayName: Tag prelease packages with prerelease tag - continueOnError: true - - - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0 - displayName: 📒 Generate Manifest - inputs: - BuildDropPath: $(System.DefaultWorkingDirectory) - - - task: PublishPipelineArtifact@1 - displayName: 📒 Publish Manifest - inputs: - artifactName: SBom-$(System.JobAttempt) - targetPath: $(System.DefaultWorkingDirectory)/_manifest - - # Since releases are scoped, this should warn for any packages that were mistakenly not included in scoping - - script: | - yarn syncpack list-mismatches - displayName: Check for dependency mismatches - - # TODO update release notes script for v9 - # - script: | - # node -r ./scripts/ts-node/register ./scripts/update-release-notes/index.ts --token=$(githubPAT) --apply --debug - # displayName: 'Update github release notes' - - # This would usually be run automatically (via a pipeline decorator from an extension), but the - # thorough cleanup step prevents it from working. So run it manually here. - - task: ComponentGovernanceComponentDetection@0 - displayName: 'Component governance detection' - inputs: - sourceScanPath: $(Agent.BuildDirectory) - condition: succeeded() - timeoutInMinutes: 5 - continueOnError: true - - - template: .devops/templates/cleanup.yml - parameters: - checkForModifiedFiles: false +resources: + repositories: + - repository: 1esPipelines + type: git + name: 1ESPipelineTemplates/1ESPipelineTemplates + ref: refs/tags/release + +extends: + template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines + parameters: + pool: + name: Azure-Pipelines-1ESPT-ExDShared + image: windows-latest + os: windows # We need windows because compliance task only run on windows. + stages: + - stage: main + jobs: + - job: Release + pool: + name: '1ES-Host-Ubuntu' + image: '1ES-PT-Ubuntu-20.04' + os: linux + workspace: + clean: all + templateContext: + outputs: + - output: pipelineArtifact + targetPath: $(System.DefaultWorkingDirectory) + artifactName: output + steps: + - template: .devops/templates/tools.yml@self + + - script: | + git config user.name "Fluent UI Build" + git config user.email "fluentui-internal@service.microsoft.com" + git remote set-url origin https://$(githubUser):$(githubPAT)@github.com/microsoft/fluentui.git + displayName: Authenticate git for pushes + + - task: Bash@3 + inputs: + filePath: yarn-ci.sh + displayName: yarn + + # --only makes it only run tests (otherwise due to the missing --production arg, lage would re-run the build) + # https://github.com/microsoft/fluentui/issues/21686 + - script: | + yarn run:published test + displayName: yarn test + + - script: | + yarn run:published lint + displayName: yarn lint + + - script: | + yarn run:published build --production + displayName: yarn build + + - script: | + yarn publish:beachball -n $(npmToken) --config scripts/beachball/release-vNext.config.js + git reset --hard origin/master + env: + GITHUB_PAT: $(githubPAT) + displayName: Publish changes and bump versions + + - script: | + node -r ./scripts/ts-node/register scripts/executors/tag-react-components.ts --token $(npmToken) + displayName: Tag prelease packages with prerelease tag + continueOnError: true + + # Since releases are scoped, this should warn for any packages that were mistakenly not included in scoping + - script: | + yarn syncpack list-mismatches + displayName: Check for dependency mismatches + + # TODO update release notes script for v9 + # - script: | + # node -r ./scripts/ts-node/register ./scripts/update-release-notes/index.ts --token=$(githubPAT) --apply --debug + # displayName: 'Update github release notes' + + # This would usually be run automatically (via a pipeline decorator from an extension), but the + # thorough cleanup step prevents it from working. So run it manually here. + + - template: .devops/templates/cleanup.yml@self + parameters: + checkForModifiedFiles: false diff --git a/azure-pipelines.release.yml b/azure-pipelines.release.yml index 19f7254d4f823b..d4110dc1ae6b8a 100644 --- a/azure-pipelines.release.yml +++ b/azure-pipelines.release.yml @@ -10,7 +10,6 @@ variables: - template: .devops/templates/variables.yml parameters: skipComponentGovernanceDetection: false - - group: InfoSec-SecurityResults - name: tags value: production,externalfacing @@ -24,178 +23,141 @@ schedules: include: - master -jobs: - - template: .devops/templates/compliance-job.yml - - - job: Release - dependsOn: Compliance - pool: '1ES-Host-Ubuntu' - workspace: - clean: all - steps: - - template: .devops/templates/tools.yml - - - script: | - git config user.name "Fluent UI Build" - git config user.email "fluentui-internal@service.microsoft.com" - git remote set-url origin https://$(githubUser):$(githubPAT)@github.com/microsoft/fluentui.git - displayName: Authenticate git for pushes - - - task: Bash@3 - inputs: - filePath: yarn-ci.sh - displayName: yarn - - - script: | - yarn generate-version-files - displayName: Generate version files - - - script: | - yarn run:published build --production - displayName: yarn build - - # --only makes it only run tests (otherwise due to the missing --production arg, lage would re-run the build) - # https://github.com/microsoft/fluentui/issues/21686 - - script: | - yarn run:published test --only - displayName: yarn [test] - - - script: | - yarn run:published lint --only - displayName: yarn lint - - - script: | - yarn run:published bundle --only --production - displayName: yarn bundle - - - script: | - yarn publish:beachball -n $(npmToken) --config scripts/beachball/release-v8.config.js - git reset --hard origin/master - env: - GITHUB_PAT: $(githubPAT) - displayName: Publish changes and bump versions - - - script: | - echo Making $(Build.ArtifactStagingDirectory)/api - mkdir -p $(Build.ArtifactStagingDirectory)/api - cp packages/*/dist/*.api.json $(Build.ArtifactStagingDirectory)/api - displayName: Copy api.json files to artifact staging directory - - - task: PublishBuildArtifacts@1 - inputs: - pathtoPublish: $(Build.ArtifactStagingDirectory)/api - artifactName: 'api-json' - publishLocation: 'Container' - displayName: 'Publish artifact: api-json' - - - task: PublishBuildArtifacts@1 - inputs: - pathtoPublish: apps/public-docsite/dist - artifactName: 'fabric-website' - publishLocation: 'Container' - displayName: 'Publish artifact: fabric-website (public-docsite)' - - - task: PublishBuildArtifacts@1 - inputs: - pathtoPublish: packages/react/dist - artifactName: 'fabric' - publishLocation: 'Container' - displayName: 'Publish artifact: fabric (packages/react/dist)' - - - script: | - oufrVersion=$(node -p -e "require('./packages/react/package.json').version") - echo "OUFR Version: $oufrVersion" - echo $oufrVersion > oufr-version.txt - echo "##vso[task.setvariable variable=oufrVersion;]$oufrVersion" - displayName: 'Set oufrVersion variable' - - - task: PublishBuildArtifacts@1 - inputs: - pathtoPublish: ./oufr-version.txt - artifactName: 'oufr-version' - publishLocation: 'Container' - displayName: 'Publish artifact: oufr-version' - - # create-site-manifests is a script defined in @fluentui/public-docsite-setup. - # It generates manifest files used to load the current version on developer.microsoft.com/fluentui. - - script: | - yarn create-site-manifests ./packages/react - displayName: 'Generate website manifests' - - - task: PublishBuildArtifacts@1 - inputs: - pathtoPublish: ./site-manifests - artifactName: 'fabric-website-manifests' - publishLocation: 'Container' - displayName: 'Publish artifact: fabric-website-manifests' - - - task: PublishBuildArtifacts@1 - inputs: - pathtoPublish: apps/public-docsite-resources/dist/demo - artifactName: 'fabric-website-resources' - publishLocation: 'Container' - displayName: 'Publish artifact: fabric-website-resources (public-docsite-resources)' - - # Generate the homepage.htm file used to load developer.microsoft.com/fluentui. Note that the - # generated file must be manually checked in to an internal repo, it's just generated as a build - # artifact for convenience and tracking. - - script: | - node ./packages/public-docsite-setup/scripts/generateHomepage ./homepage - displayName: 'Generate homepage.htm' - - - task: PublishBuildArtifacts@1 - inputs: - # This includes the actual homepage.htm as well as a non-minified JS file for debugging - pathtoPublish: ./homepage - artifactName: 'homepage.htm' - publishLocation: 'Container' - displayName: 'Publish artifact: homepage.htm' - - - script: | - node ./scripts/generators/generate-package-manifest - displayName: 'Generate package manifest' - - - task: PublishBuildArtifacts@1 - inputs: - pathtoPublish: package-manifest - artifactName: 'package-manifest' - publishLocation: 'Container' - displayName: 'Publish artifact: package-manifest' - - - task: PublishBuildArtifacts@1 - inputs: - pathtoPublish: packages/fluentui/docs/src/public - artifactName: 'demo-images' - publishLocation: 'Container' - displayName: 'Publish artifact: demo-images' - - # Run this near the end because it's more likely to fail than the artifact upload tasks, and its - # failure doesn't need to block anything else - - script: | - node -r ./scripts/ts-node/register ./scripts/update-release-notes/index.ts --token=$(githubPAT) --apply --debug - displayName: 'Update github release notes' - - - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0 - displayName: 📒 Generate Manifest - inputs: - BuildDropPath: $(System.DefaultWorkingDirectory) - - - task: PublishPipelineArtifact@1 - displayName: 📒 Publish Manifest - inputs: - artifactName: SBom-$(System.JobAttempt) - targetPath: $(System.DefaultWorkingDirectory)/_manifest - - # This would usually be run automatically (via a pipeline decorator from an extension), but the - # thorough cleanup step prevents it from working. So run it manually here. - - task: ComponentGovernanceComponentDetection@0 - displayName: 'Component governance detection' - inputs: - sourceScanPath: $(Agent.BuildDirectory) - condition: succeeded() - timeoutInMinutes: 5 - continueOnError: true - - - template: .devops/templates/cleanup.yml - parameters: - checkForModifiedFiles: false +resources: + repositories: + - repository: 1esPipelines + type: git + name: 1ESPipelineTemplates/1ESPipelineTemplates + ref: refs/tags/release + +extends: + template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines + parameters: + pool: + name: Azure-Pipelines-1ESPT-ExDShared + image: windows-latest + os: windows # We need windows because compliance task only run on windows. + stages: + - stage: main + jobs: + - job: Release + pool: + name: '1ES-Host-Ubuntu' + image: '1ES-PT-Ubuntu-20.04' + os: linux + timeoutInMinutes: 90 + workspace: + clean: all + templateContext: + outputParentDirectory: $(System.DefaultWorkingDirectory) + outputs: + - output: pipelineArtifact + targetPath: $(System.DefaultWorkingDirectory)/homepage + artifactName: homepage.htm + displayName: homepage.htm + - output: pipelineArtifact + targetPath: $(System.DefaultWorkingDirectory)/packages/fluentui/docs/src/public + artifactName: demo-images + displayName: demo-images + - output: pipelineArtifact + targetPath: $(System.DefaultWorkingDirectory)/oufr-version.txt + artifactName: oufr-version + displayName: oufr-version + - output: pipelineArtifact + targetPath: $(System.DefaultWorkingDirectory)/site-manifests + artifactName: fabric-website-manifests + displayName: fabric-website-manifests + - output: pipelineArtifact + targetPath: $(System.DefaultWorkingDirectory)/apps/public-docsite-resources/dist/demo + artifactName: fabric-website-resources + displayName: fabric-website-resources + - output: pipelineArtifact + targetPath: $(System.DefaultWorkingDirectory)/apps/public-docsite/dist + artifactName: fabric-website + displayName: fabric-website + - output: pipelineArtifact + targetPath: $(System.DefaultWorkingDirectory)/packages/react/dist + artifactName: fabric + displayName: fabric + - output: pipelineArtifact + targetPath: $(Build.ArtifactStagingDirectory)/api + artifactName: api-json + displayName: api-json + steps: + - template: .devops/templates/tools.yml@self + + - script: | + git config user.name "Fluent UI Build" + git config user.email "fluentui-internal@service.microsoft.com" + git remote set-url origin https://$(githubUser):$(githubPAT)@github.com/microsoft/fluentui.git + displayName: Authenticate git for pushes + + - task: Bash@3 + inputs: + filePath: yarn-ci.sh + displayName: yarn + + - script: | + yarn generate-version-files + displayName: Generate version files + + - script: | + yarn run:published build --production + displayName: yarn build + + # --only makes it only run tests (otherwise due to the missing --production arg, lage would re-run the build) + # https://github.com/microsoft/fluentui/issues/21686 + - script: | + yarn run:published test --only + displayName: yarn [test] + + - script: | + yarn run:published lint --only + displayName: yarn lint + + - script: | + yarn run:published bundle --only --production + displayName: yarn bundle + + - script: | + yarn publish:beachball -n $(npmToken) --config scripts/beachball/release-v8.config.js + git reset --hard origin/master + env: + GITHUB_PAT: $(githubPAT) + displayName: Publish changes and bump versions + + - script: | + echo Making $(Build.ArtifactStagingDirectory)/api + mkdir -p $(Build.ArtifactStagingDirectory)/api + cp packages/*/dist/*.api.json $(Build.ArtifactStagingDirectory)/api + displayName: Copy api.json files to artifact staging directory + + - script: | + oufrVersion=$(node -p -e "require('./packages/react/package.json').version") + echo "OUFR Version: $oufrVersion" + echo $oufrVersion > oufr-version.txt + echo "##vso[task.setvariable variable=oufrVersion;]$oufrVersion" + displayName: 'Set oufrVersion variable' + + # create-site-manifests is a script defined in @fluentui/public-docsite-setup. + # It generates manifest files used to load the current version on developer.microsoft.com/fluentui. + - script: | + yarn create-site-manifests ./packages/react + displayName: 'Generate website manifests' + + # Generate the homepage.htm file used to load developer.microsoft.com/fluentui. Note that the + # generated file must be manually checked in to an internal repo, it's just generated as a build + # artifact for convenience and tracking. + - script: | + node ./packages/public-docsite-setup/scripts/generateHomepage ./homepage + displayName: 'Generate homepage.htm' + + # Run this near the end because it's more likely to fail than the artifact upload tasks, and its + # failure doesn't need to block anything else + - script: | + node -r ./scripts/ts-node/register ./scripts/update-release-notes/index.ts --token=$(githubPAT) --apply --debug + displayName: 'Update github release notes' + + - template: .devops/templates/cleanup.yml@self + parameters: + checkForModifiedFiles: false diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 8f90f7e4737c1d..b6229bb0250d07 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -14,125 +14,51 @@ variables: - template: .devops/templates/variables.yml -pool: '1ES-Host-Ubuntu' - -jobs: - - job: BuildTestLint - workspace: - clean: all - steps: - - template: .devops/templates/tools.yml - - - task: Bash@3 - inputs: - filePath: yarn-ci.sh - displayName: yarn (install packages) - - - script: | - yarn nx run @fluentui/workspace-plugin:check-graph - yarn nx g @fluentui/workspace-plugin:tsconfig-base-all --verify - yarn nx g @fluentui/workspace-plugin:normalize-package-dependencies --verify - - displayName: Workspace lint - - - script: | - # @fluentui/api-docs is used within apps/public-docsite-resources/just.config.ts, thus it needs to be build in advance - yarn workspace @fluentui/api-docs build - # @fluentui/digest is used within packages/fluentui/perf-test-northstar/just.config.ts, thus it needs to be build in advance - yarn workspace @fluentui/digest build - yarn tsc -p ./tsconfig.json - displayName: Type-check just.config.ts files - - - script: | - yarn check:installed-dependencies-versions - displayName: 'check packages: installed dependencies versions' - - - script: | - if [[ -n "$(targetBranch)" ]]; then - yarn format --since $(targetBranch) --check - else - yarn format --all --check - fi - displayName: check formatting - - ## Danger.js checks for Fluent UI N* - - script: | - DANGER_DISABLE_TRANSPILATION="true" yarn danger ci - displayName: danger - condition: eq(variables.isPR, true) - env: - DANGER_GITHUB_API_TOKEN: $(DANGER_GITHUB_API_TOKEN) - - - script: | - yarn buildci $(sinceArg) - displayName: build, test, lint, test-ssr - - - template: .devops/templates/cleanup.yml - - - job: DeployE2E - displayName: Deploy and E2E - workspace: - clean: all - steps: - - template: .devops/templates/tools.yml - - - task: Bash@3 - inputs: - filePath: yarn-ci.sh - displayName: yarn - - # this also builds FUI N* docs if appropriate - - script: | - yarn bundle $(sinceArg) - displayName: bundle - - - script: | - yarn lage build-storybook --verbose $(sinceArg) - displayName: build Storybooks - - ## This runs regardless of scope, the app will adapt to the scope as well - - script: | - yarn workspace @fluentui/pr-deploy-site generate:site - displayName: generate PR Deploy Site - - - bash: | - mkdir -p apps/pr-deploy-site/sbom - displayName: 📒 Create dir for manifest Deploy-Site - - - task: ManifestGeneratorTask@0 - displayName: 📒 Generate Manifest Deploy-Site - inputs: - BuildDropPath: apps/pr-deploy-site/dist - ManifestDirPath: 'apps/pr-deploy-site/sbom' - Verbosity: Verbose - - - task: PublishPipelineArtifact@1 - displayName: 📒 Publish Manifest Deploy-Site - inputs: - artifactName: SBom-Deploy-Site-$(System.JobAttempt) - targetPath: apps/pr-deploy-site/sbom - - - task: AzureUpload@2 - displayName: Upload PR deploy site - inputs: - azureSubscription: $(azureSubscription) - BlobPrefix: $(deployBasePath) - ContainerName: '$web' - SourcePath: 'apps/pr-deploy-site/dist' - storage: $(azureStorage) - - - task: GithubPRStatus@0 - displayName: 'Update PR deploy site github status' - inputs: - githubOwner: microsoft - githubRepo: fluentui - githubContext: 'Pull request demo site' - githubDescription: 'Click "Details" to go to the deployed demo site for this pull request' - # This MUST have a trailing slash, or the links to PR deploy site assets won't work - githubTargetLink: $(deployUrl)/ - - - script: | - yarn e2e $(sinceArg) - displayName: Cypress E2E tests - - - template: .devops/templates/cleanup.yml +resources: + repositories: + - repository: 1esPipelines + type: git + name: 1ESPipelineTemplates/1ESPipelineTemplates + ref: refs/tags/release + +extends: + template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines + parameters: + pool: + name: Azure-Pipelines-1ESPT-ExDShared + image: windows-latest + os: windows # We need windows because compliance task only run on windows. + customBuildTags: null # send empty tags since it is not supported on GH repo's for PR's + customLogIssues: null # send empty tags since it is not supported on GH repo's for PR's + stages: + - stage: main + jobs: + - job: BuildTestLint + pool: + name: '1ES-Host-Ubuntu' + image: '1ES-PT-Ubuntu-20.04' + os: linux + workspace: + clean: all + steps: + - template: .devops/templates/build-test-lint.yml@self + + - job: DeployE2E + displayName: Deploy and E2E + workspace: + clean: all + pool: + name: '1ES-Host-Ubuntu' + image: '1ES-PT-Ubuntu-20.04' + os: linux + templateContext: + outputs: + - output: pipelineArtifact + targetPath: $(System.DefaultWorkingDirectory)/apps/pr-deploy-site/dist + artifactName: web + steps: + - template: .devops/templates/deployE2E.yml@self + + - script: | + rm apps/pr-deploy-site/dist/public-docsite-v9/storybook/407.13419a99614bf685f100.manager.bundle.js + displayName: 'Remove false positive file'