-
Notifications
You must be signed in to change notification settings - Fork 539
/
azure-pipelines.yml
140 lines (135 loc) · 4.59 KB
/
azure-pipelines.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
trigger:
- main
- develop
- release/*
pr:
- main
- develop
- release/*
parameters:
- name: buildExternals
displayName: 'The Build ID containing the specific native artifacts to use:'
type: string
default: 'latest'
- name: buildAgentHost
displayName: 'The generic host build agent configuration:'
type: object
default:
pool:
name: Maui-1ESPT
image: 1ESPT-Windows2022
os: windows
- name: buildAgentWindows
displayName: 'The Windows build agent configuration:'
type: object
default:
pool:
name: Maui-1ESPT
image: 1ESPT-Windows2022
os: windows
- name: buildAgentWindowsNative
displayName: 'The Windows build agent configuration for building the native assets:'
type: object
default:
pool:
name: Maui-1ESPT
image: 1ESPT-Windows2022
os: windows
- name: buildAgentMac
displayName: 'The macOS build agent configuration:'
type: object
default:
pool:
name: Azure Pipelines
vmImage: macos-14
os: macos
- name: buildAgentMacNative
displayName: 'The macOS build agent configuration for building the native assets:'
type: object
default:
pool:
name: Azure Pipelines
vmImage: macos-13
os: macos
- name: buildAgentLinux
displayName: 'The Linux build agent configuration:'
type: object
default:
pool:
name: Maui-1ESPT
image: 1ESPT-Ubuntu22.04
os: linux
- name: buildAgentLinuxNative
displayName: 'The Linux build agent configuration for building the native assets:'
type: object
default:
pool:
name: Maui-1ESPT
image: 1ESPT-Ubuntu20.04
os: linux
- name: runCompliance
displayName: 'Run post-build compliance tasks (such as API Scan and PoliCheck)'
type: boolean
default: false
- name: forceRealSigning
displayName: 'Ignore all logic and force Real signing on binaries'
type: boolean
default: false
variables:
- template: /scripts/azure-pipelines-variables.yml@self
resources:
repositories:
- repository: xamarin-templates
type: github
name: xamarin/yaml-templates
endpoint: xamarin
ref: refs/heads/main
- repository: 1ESPipelineTemplates
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release
extends:
template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
parameters:
pool: ${{ parameters.buildAgentHost.pool }}
customBuildTags:
- ES365AIMigrationTooling
stages:
- template: /scripts/azure-templates-stages.yml@self
parameters:
buildPipelineType: 'build'
buildExternals: ${{ parameters.buildExternals }}
${{ if and(eq(variables['System.TeamProject'], 'devdiv'), ne(variables['System.PullRequest.IsFork'], 'true')) }}:
enableSigning: true
forceRealSigning: ${{ parameters.forceRealSigning }}
${{ if or(parameters.runCompliance, and(eq(variables['Build.Reason'], 'Schedule'), or(eq(variables['Build.SourceBranch'], 'refs/heads/main'), startsWith(variables['Build.SourceBranch'], 'refs/heads/release/')))) }}:
sdl:
apiscan:
enabled: true
binskim:
enabled: true
break: false
codeInspector:
enabled: true
credscan:
enabled: true
# suppressionsFile: $(Build.SourcesDirectory)\scripts\guardian\CredScanSuppressions.json
policheck:
enabled: true
exclusionsFile: $(Build.SourcesDirectory)\scripts\guardian\PoliCheckExclusions.xml
spotBugs:
enabled: false
suppression:
suppressionFile: $(Build.SourcesDirectory)\scripts\guardian\source.gdnsuppress
tsa:
enabled: true
configFile: $(Build.SourcesDirectory)\scripts\guardian\tsaoptions-v2.json
use1ESPipelineTemplates: true
buildAgentHost: ${{ parameters.buildAgentHost }}
buildAgentWindows: ${{ parameters.buildAgentWindows }}
buildAgentWindowsNative: ${{ parameters.buildAgentWindowsNative }}
buildAgentMac: ${{ parameters.buildAgentMac }}
buildAgentMacNative: ${{ parameters.buildAgentMacNative }}
buildAgentLinux: ${{ parameters.buildAgentLinux }}
buildAgentLinuxNative: ${{ parameters.buildAgentLinuxNative }}
buildAgentAndroidTests: ${{ parameters.buildAgentMac }}