|
| 1 | +# Copyright (c) Microsoft Corporation. All rights reserved. |
| 2 | +# Licensed under the MIT License. |
| 3 | +name: $(BuildDefinitionName)_$(SourceBranchName)_$(Date:yyyyMMdd)$(Rev:.r) |
| 4 | +parameters: |
| 5 | +- name: BuildAgent |
| 6 | + default: 1es-windows-ps-compute-m |
| 7 | + displayName: Build Agent |
| 8 | +- name: Test |
| 9 | + type: boolean |
| 10 | + default: true |
| 11 | +- name: Pack |
| 12 | + type: boolean |
| 13 | + default: true |
| 14 | +- name: Sign |
| 15 | + type: boolean |
| 16 | + default: true |
| 17 | +- name: InternalFeed |
| 18 | + type: string |
| 19 | + default: '0985d294-5762-4bc2-a565-161ef349ca3e/PowerShell_V2_Build' |
| 20 | + displayName: Internal NuGet Feed |
| 21 | + values: |
| 22 | + - '0985d294-5762-4bc2-a565-161ef349ca3e/PowerShell_v2' |
| 23 | + - 'ATPopFeed' |
| 24 | + - '0985d294-5762-4bc2-a565-161ef349ca3e/PowerShell_V2_Build' |
| 25 | + |
| 26 | +variables: |
| 27 | + BuildAgent: ${{ parameters.BuildAgent }} |
| 28 | + GitUserEmail: "GraphTooling@service.microsoft.com" |
| 29 | + GitUserName: "Microsoft Graph DevX Tooling" |
| 30 | + REGISTRY: 'msgraphprodregistry.azurecr.io' |
| 31 | + IMAGE_NAME: 'public/microsoftgraph/powershell' |
| 32 | + PREVIEW_BRANCH: 'refs/heads/main' # Updated to target your branch |
| 33 | + |
| 34 | +trigger: |
| 35 | + branches: |
| 36 | + include: |
| 37 | + - main |
| 38 | + tags: |
| 39 | + include: |
| 40 | + - v* |
| 41 | + |
| 42 | +resources: |
| 43 | + repositories: |
| 44 | + - repository: 1ESPipelineTemplates |
| 45 | + type: git |
| 46 | + name: 1ESPipelineTemplates/1ESPipelineTemplates |
| 47 | + ref: refs/tags/release |
| 48 | +extends: |
| 49 | + template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates |
| 50 | + parameters: |
| 51 | + pool: $(BuildAgent) |
| 52 | + sdl: |
| 53 | + binskim: |
| 54 | + enabled: false |
| 55 | + justificationForDisabling: "Binskim keeps on crushing and failing the weekly build pipeline. Disabling it for now because we are unable to publish the artifacts to internal feeds." |
| 56 | + credscan: |
| 57 | + suppressionsFile: $(Build.SourcesDirectory)/.azure-pipelines/config/credscan/credscan-suppressions.json |
| 58 | + policheck: |
| 59 | + exclusionFile: $(Build.SourcesDirectory)/.azure-pipelines/config/policheck/policheck-exclusions.xml |
| 60 | + customBuildTags: |
| 61 | + - ES365AIMigrationTooling |
| 62 | + stages: |
| 63 | + - stage: stage |
| 64 | + jobs: |
| 65 | + - job: SDK_Release_Build |
| 66 | + displayName: Microsoft Graph PowerShell SDK Release Build |
| 67 | + timeoutInMinutes: 840 |
| 68 | + templateContext: |
| 69 | + outputs: |
| 70 | + - ${{ if and(eq(parameters.Pack, true), eq(parameters.Sign, true)) }}: |
| 71 | + - output: pipelineArtifact |
| 72 | + displayName: 'Publish Module Artifacts' |
| 73 | + targetPath: '$(Build.ArtifactStagingDirectory)' |
| 74 | + artifactName: 'drop' |
| 75 | + publishLocation: 'Container' |
| 76 | + steps: |
| 77 | + - script: | |
| 78 | + git submodule update --init --recursive |
| 79 | + - template: .azure-pipelines/common-templates/install-tools.yml@self |
| 80 | + - template: .azure-pipelines/common-templates/security-pre-checks.yml@self |
| 81 | + |
| 82 | + - template: .azure-pipelines/generation-templates/authentication-module.yml@self |
| 83 | + parameters: |
| 84 | + Test: ${{ parameters.Test }} |
| 85 | + Pack: ${{ parameters.Pack }} |
| 86 | + Sign: ${{ parameters.Sign }} |
| 87 | + |
| 88 | + - template: .azure-pipelines/generation-templates/workload-modules.yml@self |
| 89 | + parameters: |
| 90 | + Test: ${{ parameters.Test }} |
| 91 | + Pack: ${{ parameters.Pack }} |
| 92 | + Sign: ${{ parameters.Sign }} |
| 93 | + |
| 94 | + - template: .azure-pipelines/generation-templates/meta-module.yml@self |
| 95 | + parameters: |
| 96 | + Test: ${{ parameters.Test }} |
| 97 | + Pack: ${{ parameters.Pack }} |
| 98 | + Sign: ${{ parameters.Sign }} |
| 99 | + |
| 100 | + - template: .azure-pipelines/common-templates/guardian-analyzer.yml@self |
| 101 | + |
| 102 | + - ${{ if and(eq(parameters.Pack, true), eq(parameters.Sign, true)) }}: |
| 103 | + - template: .azure-pipelines/common-templates/esrp/codesign-nuget.yml@self |
| 104 | + parameters: |
| 105 | + FolderPath: "$(Build.ArtifactStagingDirectory)" |
| 106 | + Pattern: "Microsoft.Graph*.nupkg" |
| 107 | + |
| 108 | + - template: .azure-pipelines/common-templates/security-post-checks.yml@self |
| 109 | + - stage: 'Deploy_to_Internal_Feed' |
| 110 | + dependsOn: stage |
| 111 | + jobs: |
| 112 | + - deployment: 'DeployToInternalFeed' |
| 113 | + displayName: 'Deploy to Internal Feed' |
| 114 | + environment: 'PowerShellInternalFeed' |
| 115 | + templateContext: |
| 116 | + type: releaseJob |
| 117 | + isProduction: true |
| 118 | + inputs: |
| 119 | + - input: pipelineArtifact |
| 120 | + artifactName: drop |
| 121 | + targetPath: '$(System.DefaultWorkingDirectory)/drop' |
| 122 | + strategy: |
| 123 | + runOnce: |
| 124 | + deploy: |
| 125 | + steps: |
| 126 | + - task: 1ES.PublishNuget@1 |
| 127 | + displayName: 'Publish NuGet to feed' |
| 128 | + inputs: |
| 129 | + useDotNetTask: false |
| 130 | + packageParentPath: '$(System.DefaultWorkingDirectory)' |
| 131 | + packagesToPush: '$(System.DefaultWorkingDirectory)/**/drop/**/*.nupkg' |
| 132 | + publishVstsFeed: ${{ parameters.InternalFeed }} |
| 133 | + nuGetFeedType: internal |
| 134 | + allowPackageConflicts: true |
| 135 | + - stage: 'Deploy_to_PsGallery' |
| 136 | + dependsOn: stage |
| 137 | + condition: succeeded() # Only deploy to PSGallery on main branch, this only runs on main branch due to trigger settings |
| 138 | + jobs: |
| 139 | + - deployment: 'DeployToPowerShellGallery' |
| 140 | + displayName: 'Deploy to PowerShell Gallery' |
| 141 | + environment: 'PowerShellGallery' |
| 142 | + templateContext: |
| 143 | + type: releaseJob |
| 144 | + isProduction: true |
| 145 | + inputs: |
| 146 | + - input: pipelineArtifact |
| 147 | + artifactName: drop |
| 148 | + targetPath: '$(System.DefaultWorkingDirectory)/drop' |
| 149 | + strategy: |
| 150 | + runOnce: |
| 151 | + deploy: |
| 152 | + steps: |
| 153 | + - task: 1ES.PublishNuget@1 |
| 154 | + displayName: 'Publish NuGet to feed' |
| 155 | + inputs: |
| 156 | + useDotNetTask: false |
| 157 | + packageParentPath: '$(System.DefaultWorkingDirectory)' |
| 158 | + packagesToPush: '$(System.DefaultWorkingDirectory)/**/drop/**/*.nupkg' |
| 159 | + nuGetFeedType: external |
| 160 | + publishFeedCredentials: 'microsoftgraph PowerShell Gallery connection' |
| 161 | + |
| 162 | + - stage: PushDockerImageToRegistry |
| 163 | + condition: and(or(startsWith(variables['Build.SourceBranch'], 'refs/tags/v'), eq(variables['Build.SourceBranch'], variables['PREVIEW_BRANCH'])), not(contains(variables['Build.SourceBranch'], '-preview'))) |
| 164 | + dependsOn: stage |
| 165 | + displayName: 'Push docker image' |
| 166 | + jobs: |
| 167 | + - job: PushDockerImage |
| 168 | + displayName: 'Push docker image' |
| 169 | + pool: |
| 170 | + name: Azure-Pipelines-1ESPT-ExDShared |
| 171 | + image: ubuntu-latest |
| 172 | + os: linux |
| 173 | + steps: |
| 174 | + - checkout: self |
| 175 | + |
| 176 | + # Display the contents of the Build.SourcesDirectory |
| 177 | + - bash: | |
| 178 | + echo "Build.SourcesDirectory: $(Build.SourcesDirectory)" |
| 179 | + ls -la $(Build.SourcesDirectory) |
| 180 | + displayName: 'List contents of Build.SourcesDirectory' |
| 181 | + |
| 182 | + - task: AzureCLI@2 |
| 183 | + displayName: "Log in to Azure Container Registry" |
| 184 | + inputs: |
| 185 | + azureSubscription: 'ACR Images Push Service Connection' # service connection |
| 186 | + scriptType: 'bash' |
| 187 | + scriptLocation: 'inlineScript' |
| 188 | + 'inlineScript': | |
| 189 | + az acr login --name $(REGISTRY) |
| 190 | + - powershell: | |
| 191 | + $date = Get-Date -Format "yyyyMMdd" |
| 192 | + Write-Host "##vso[task.setvariable variable=currentDate]$date" |
| 193 | + |
| 194 | + - script: | |
| 195 | + docker run --privileged --rm tonistiigi/binfmt --install all |
| 196 | + displayName: 'Enable multi-platform builds' |
| 197 | + |
| 198 | + - script: | |
| 199 | + docker buildx create --use --name mybuilder |
| 200 | + displayName: 'Set up Docker BuildX' |
| 201 | + |
| 202 | + - powershell: | |
| 203 | + $version = $Env:BUILD_SOURCEBRANCH.replace("refs/tags/", "") |
| 204 | + Write-Output "##vso[task.setvariable variable=version]$version" |
| 205 | + displayName: 'Get truncated run number' |
| 206 | + |
| 207 | + - bash: | |
| 208 | + echo "Build Number: $(Build.BuildNumber)" |
| 209 | + # Extract the last 3 characters for the run number |
| 210 | + runnumber=$(echo "$(Build.BuildNumber)" | grep -o '[0-9]\+$') |
| 211 | + echo "Extracted Run Number: $runnumber" |
| 212 | + |
| 213 | + # If extraction fails, set a default |
| 214 | + if [ -z "$runnumber" ]; then |
| 215 | + echo "Extraction failed, using default value" |
| 216 | + runnumber=$(date +"%S%N" | cut -c1-3) |
| 217 | + echo "Generated fallback run number: $runnumber" |
| 218 | + fi |
| 219 | + |
| 220 | + # Set the variable for later steps |
| 221 | + echo "##vso[task.setvariable variable=RUNNUMBER]$runnumber" |
| 222 | + echo "##vso[task.setvariable variable=RUNNUMBER;isOutput=true]$runnumber" |
| 223 | + displayName: 'Get truncated run number' |
| 224 | + name: getrunnumber |
| 225 | + |
| 226 | + - bash: | |
| 227 | + echo "Building docker images" |
| 228 | + # Format the date to be compatible with Docker tags |
| 229 | + formatted_date=$(date +"%Y%m%d%H%M%S") |
| 230 | + docker buildx build \ |
| 231 | + --platform linux/amd64 \ |
| 232 | + --push \ |
| 233 | + -t "$(REGISTRY)/$(IMAGE_NAME):latest" \ |
| 234 | + -t "$(REGISTRY)/$(IMAGE_NAME):$formatted_date.$RUNNUMBER" \ |
| 235 | + "$(Build.SourcesDirectory)" |
| 236 | + displayName: 'Build and push docker images' |
| 237 | +
|
0 commit comments