Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update CI build tasks #1200

Merged
merged 3 commits into from
Jan 12, 2024
Merged

Update CI build tasks #1200

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
7e98da4
Update build tasks
MaggieKimani1 Mar 30, 2023
d8b89d9
Fix indentation
MaggieKimani1 Mar 30, 2023
163b7bb
Fix binskim target argument
MaggieKimani1 Mar 31, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
49 changes: 27 additions & 22 deletions .azure-pipelines/ci-build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ pool:
variables:
buildPlatform: 'Any CPU'
buildConfiguration: 'Release'
ProductBinPath: '$(Build.SourcesDirectory)\src\Microsoft.OpenApi\bin\$(BuildConfiguration)'
ProductBinPath: '$(Build.SourcesDirectory)\src\Microsoft.OpenApi\bin\$(BuildConfiguration)'


stages:
Expand All @@ -31,22 +31,22 @@ stages:
- job: build
steps:
- task: UseDotNet@2
displayName: 'Use .NET 2' # needed for ESRP signing
displayName: 'Use .NET 6' # needed for ESRP signing
inputs:
version: 2.x
version: 6.x

- task: UseDotNet@2
displayName: 'Use .NET 7'
inputs:
version: 7.x

- task: PoliCheck@1
- task: PoliCheck@2
displayName: 'Run PoliCheck "/src"'
inputs:
inputType: CmdLine
cmdLineArgs: '/F:$(Build.SourcesDirectory)/src /T:9 /Sev:"1|2" /PE:2 /O:poli_result_src.xml'

- task: PoliCheck@1
- task: PoliCheck@2
displayName: 'Run PoliCheck "/test"'
inputs:
inputType: CmdLine
Expand Down Expand Up @@ -75,14 +75,14 @@ stages:
arguments: '--configuration $(BuildConfiguration) --no-build'

# CredScan
- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3
displayName: 'Run CredScan - Src'
inputs:
toolMajorVersion: 'V2'
scanFolder: '$(Build.SourcesDirectory)\src'
debugMode: false

- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3
displayName: 'Run CredScan - Test'
inputs:
toolMajorVersion: 'V2'
Expand All @@ -95,34 +95,38 @@ stages:
FileDirPath: '$(ProductBinPath)'
enabled: false

- task: BinSkim@3
- task: BinSkim@4
displayName: 'Run BinSkim - Product Binaries'
inputs:
InputType: Basic
AnalyzeTarget: '$(ProductBinPath)\**\Microsoft.OpenApi.dll'
AnalyzeTargetGlob: '$(ProductBinPath)\**\Microsoft.OpenApi.dll'
AnalyzeSymPath: '$(ProductBinPath)'
AnalyzeVerbose: true
AnalyzeHashes: true
AnalyzeEnvironment: true

- task: PublishSecurityAnalysisLogs@2
- task: PublishSecurityAnalysisLogs@3
displayName: 'Publish Security Analysis Logs'
inputs:
ArtifactName: SecurityLogs

- task: PostAnalysis@1
- task: PostAnalysis@2
displayName: 'Post Analysis'
inputs:
BinSkim: true
CredScan: true
PoliCheck: true

- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1
- task: EsrpCodeSigning@2
displayName: 'ESRP CodeSigning'
inputs:
ConnectedServiceName: 'microsoftgraph ESRP CodeSign DLL and NuGet (AKV)'
FolderPath: src
signConfigType: inlineSignParams
UseMinimatch: true
Pattern: |
**\*.exe
**\*.dll
inlineOperation: |
[
{
Expand Down Expand Up @@ -162,26 +166,27 @@ stages:
}
]
SessionTimeout: 20

# Pack
- pwsh: dotnet pack $(Build.SourcesDirectory)/src/Microsoft.OpenApi/Microsoft.OpenApi.csproj -o $(Build.ArtifactStagingDirectory) --configuration $(BuildConfiguration) --no-build --include-symbols --include-source /p:SymbolPackageFormat=snupkg
displayName: 'pack OpenAPI'

# Pack
- pwsh: dotnet pack $(Build.SourcesDirectory)/src/Microsoft.OpenApi.Readers/Microsoft.OpenApi.Readers.csproj -o $(Build.ArtifactStagingDirectory) --configuration $(BuildConfiguration) --no-build --include-symbols --include-source /p:SymbolPackageFormat=snupkg
displayName: 'pack Readers'

# Pack
- pwsh: dotnet pack $(Build.SourcesDirectory)/src/Microsoft.OpenApi.Hidi/Microsoft.OpenApi.Hidi.csproj -o $(Build.ArtifactStagingDirectory) --configuration $(BuildConfiguration) --no-build --include-symbols --include-source /p:SymbolPackageFormat=snupkg
displayName: 'pack Hidi'
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1
displayName: 'pack Hidi'

- task: EsrpCodeSigning@2
displayName: 'ESRP CodeSigning Nuget Packages'
inputs:
ConnectedServiceName: 'microsoftgraph ESRP CodeSign DLL and NuGet (AKV)'
FolderPath: '$(Build.ArtifactStagingDirectory)'
Pattern: '*.nupkg'
signConfigType: inlineSignParams
UseMinimatch: true
inlineOperation: |
[
{
Expand Down Expand Up @@ -209,7 +214,7 @@ stages:
$xml = [Xml] (Get-Content .\src\Microsoft.OpenApi.Hidi\Microsoft.OpenApi.Hidi.csproj)
$version = $xml.Project.PropertyGroup.Version
echo $version
echo "##vso[task.setvariable variable=hidiversion]$version"
echo "##vso[task.setvariable variable=hidiversion]$version"

# publish hidi as an .exe
- task: DotNetCoreCLI@2
Expand All @@ -219,7 +224,7 @@ stages:
arguments: -c Release --runtime win-x64 /p:PublishSingleFile=true /p:PackAsTool=false --self-contained --output $(Build.ArtifactStagingDirectory)/Microsoft.OpenApi.Hidi-v$(hidiversion)
projects: 'src/Microsoft.OpenApi.Hidi/Microsoft.OpenApi.Hidi.csproj'
publishWebProjects: False
zipAfterPublish: false
zipAfterPublish: false

- task: CopyFiles@2
displayName: Prepare staging folder for upload
Expand All @@ -236,7 +241,7 @@ stages:

- task: PublishBuildArtifacts@1
displayName: 'Publish Artifact: Hidi'
inputs:
inputs:
ArtifactName: Microsoft.OpenApi.Hidi-v$(hidiversion)
PathtoPublish: '$(Build.ArtifactStagingDirectory)/Microsoft.OpenApi.Hidi-v$(hidiversion)'

Expand Down Expand Up @@ -295,8 +300,8 @@ stages:
{ "label" : "enhancement", "V2-Enhancement", "displayName" : "Enhancements", "state" : "closed" },
{ "label" : "bug", "bug-fix", "displayName" : "Bugs", "state" : "closed" },
{ "label" : "documentation", "doc", "displayName" : "Documentation", "state" : "closed"},
{ "label" : "dependencies", "displayName" : "Package Updates", "state" : "closed" }]'
{ "label" : "dependencies", "displayName" : "Package Updates", "state" : "closed" }]'

- deployment: deploy_lib
dependsOn: []
environment: nuget-org
Expand Down
Loading