diff --git a/.azure-pipelines/ci-build.yml b/.azure-pipelines/ci-build.yml index 04e0492407..c5e7a5fcf4 100644 --- a/.azure-pipelines/ci-build.yml +++ b/.azure-pipelines/ci-build.yml @@ -21,671 +21,714 @@ trigger: exclude: - "*preview*" # exclude preview tags so we don't publish twice schedules: -- cron: "0 18 * * 4" # 18:00 UTC every Thursday ~ 14:00 EST every Thursday - displayName: Weekly preview - branches: - include: - - main - always: true + - cron: "0 18 * * 4" # 18:00 UTC every Thursday ~ 14:00 EST every Thursday + displayName: Weekly preview + branches: + include: + - main + always: true variables: buildPlatform: "Any CPU" buildConfiguration: "Release" ProductBinPath: '$(Build.SourcesDirectory)\src\kiota\bin\$(BuildConfiguration)' - previewBranch: "refs/heads/main" - -stages: - - stage: build - jobs: - - job: update_appsettings - pool: - vmImage: ubuntu-latest - steps: - - checkout: self - clean: true - submodules: true - - - pwsh: $(Build.SourcesDirectory)/scripts/update-versions.ps1 - displayName: "Update dependencies versions" - - - pwsh: | - New-Item -Path $(Build.ArtifactStagingDirectory)/AppSettings -ItemType Directory -Force -Verbose - Copy-Item $(Build.SourcesDirectory)/src/kiota/appsettings.json $(Build.ArtifactStagingDirectory)/AppSettings/appsettings.json -Force -Verbose - displayName: Prepare staging folder for upload - - - task: PublishBuildArtifacts@1 - displayName: "Publish Artifact: AppSettings" - inputs: - ArtifactName: AppSettings - PathtoPublish: "$(Build.ArtifactStagingDirectory)/AppSettings" - - - job: build - dependsOn: [update_appsettings] - pool: - vmImage: windows-latest # needed for compliance tasks - steps: - - checkout: self - clean: true - submodules: true - - - task: DownloadPipelineArtifact@2 - inputs: - artifact: AppSettings - source: current - targetPath: $(Build.ArtifactStagingDirectory)/AppSettings - - - pwsh: | - Copy-Item $(Build.ArtifactStagingDirectory)/AppSettings/appsettings.json $(Build.SourcesDirectory)/src/kiota/appsettings.json -Force -Verbose - displayName: Copy the appsettings.json - - - task: UseDotNet@2 - displayName: "Use .NET 6" # needed for ESRP signing - inputs: - version: 6.x - - - task: UseDotNet@2 - displayName: "Use .NET 8" - inputs: - version: 8.x - - - task: PoliCheck@2 - displayName: 'Run PoliCheck "/src"' - inputs: - inputType: CmdLine - cmdLineArgs: '/F:$(Build.SourcesDirectory)/src /T:9 /Sev:"1|2" /PE:2 /O:poli_result_src.xml' - - - task: PoliCheck@2 - displayName: 'Run PoliCheck "/tests"' - inputs: - inputType: CmdLine - cmdLineArgs: '/F:$(Build.SourcesDirectory)/tests /T:9 /Sev:"1|2" /PE:2 /O:poli_result_test.xml' - - # Install the nuget tool. - - task: NuGetToolInstaller@0 - displayName: "Use NuGet >=6.1.0" - inputs: - versionSpec: ">=6.1.0" - checkLatest: true - - - pwsh: $(Build.SourcesDirectory)/scripts/get-prerelease-version.ps1 -currentBranch $(Build.SourceBranch) -previewBranch $(previewBranch) -excludeHeadingDash - displayName: "Set version suffix" - - - pwsh: $(Build.SourcesDirectory)/scripts/update-version-suffix-for-source-generator.ps1 -versionSuffix "$(versionSuffix)" - displayName: "Set version suffix in csproj for generators" - - - pwsh: $(Build.SourcesDirectory)/scripts/get-version-from-csproj.ps1 - displayName: "Get Kiota's version-number from .csproj" - - - pwsh: $(Build.SourcesDirectory)/scripts/get-release-notes.ps1 -version $(artifactVersion) - condition: eq(variables['isPrerelease'], 'false') - displayName: "Get release notes from CHANGELOG.md" - - - pwsh: $(Build.SourcesDirectory)/scripts/get-release-notes.ps1 -version Unreleased - condition: eq(variables['isPrerelease'], 'true') - - # Build the Product project - - task: DotNetCoreCLI@2 - condition: eq(variables['isPrerelease'], 'true') - displayName: "build" - inputs: - projects: '$(Build.SourcesDirectory)\kiota.sln' - arguments: '--configuration $(BuildConfiguration) --no-incremental --version-suffix "$(versionSuffix)"' - - # Build the Product project - - task: DotNetCoreCLI@2 - condition: eq(variables['isPrerelease'], 'false') - displayName: "build" - inputs: - projects: '$(Build.SourcesDirectory)\kiota.sln' - arguments: '--configuration $(BuildConfiguration) --no-incremental' - - # Run the Unit test - - task: DotNetCoreCLI@2 - displayName: "test" - inputs: - command: test - projects: '$(Build.SourcesDirectory)\kiota.sln' - arguments: "--configuration $(BuildConfiguration) --no-build" - - # CredScan - - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3 - displayName: "Run CredScan - Src" - inputs: - toolMajorVersion: "V2" - scanFolder: '$(Build.SourcesDirectory)\src' - debugMode: false - - - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3 - displayName: "Run CredScan - Tests" - inputs: - toolMajorVersion: "V2" - scanFolder: '$(Build.SourcesDirectory)\tests' - debugMode: false - - - task: AntiMalware@3 - displayName: "Run MpCmdRun.exe - ProductBinPath" - inputs: - FileDirPath: "$(ProductBinPath)" - enabled: false - - - task: BinSkim@4 - displayName: "Run BinSkim - Product Binaries" - inputs: - InputType: Basic - AnalyzeTargetGlob: '$(ProductBinPath)\**\kiota.dll' - AnalyzeSymPath: "$(ProductBinPath)" - AnalyzeVerbose: true - AnalyzeHashes: true - AnalyzeEnvironment: true - - - task: PublishSecurityAnalysisLogs@3 - displayName: "Publish Security Analysis Logs" - inputs: - ArtifactName: SecurityLogs - - - task: PostAnalysis@2 - displayName: "Post Analysis" - inputs: - BinSkim: true - CredScan: true - PoliCheck: true - - - task: EsrpCodeSigning@2 - displayName: "ESRP CodeSigning" - inputs: - ConnectedServiceName: "microsoftgraph ESRP CodeSign DLL and NuGet (AKV)" - FolderPath: src - signConfigType: inlineSignParams - UseMinimatch: true - Pattern: | - **\*.exe - **\*.dll - inlineOperation: | - [ - { - "keyCode": "CP-230012", - "operationSetCode": "SigntoolSign", - "parameters": [ - { - "parameterName": "OpusName", - "parameterValue": "Microsoft" - }, - { - "parameterName": "OpusInfo", - "parameterValue": "http://www.microsoft.com" - }, - { - "parameterName": "FileDigest", - "parameterValue": "/fd \"SHA256\"" - }, + +parameters: + - name: previewBranch + type: string + default: "refs/heads/main" + - name: distributions + type: object + default: + - architecture: "win-x86" + jobPrefix: "win_x86" + os: "windows" + image: "windows-latest" + pool: Azure-Pipelines-1ESPT-ExDShared + - architecture: "win-x64" + jobPrefix: "win_x64" + os: "windows" + image: "windows-latest" + pool: Azure-Pipelines-1ESPT-ExDShared + - architecture: "linux-x64" + jobPrefix: "linux_x64" + os: "linux" + image: "ubuntu-latest" + pool: Azure-Pipelines-1ESPT-ExDShared + - architecture: "osx-x64" + jobPrefix: "osx_x64" + os: "macOS" + image: "macOS-latest" + pool: Azure Pipelines + # MacOS images aren't available in 1ES templates + # https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/1es-pipeline-templates/onboarding/macos-support + - architecture: "osx-arm64" + jobPrefix: "osx_arm64" + os: "macOS" + image: "macOS-latest" + pool: Azure Pipelines + +resources: + repositories: + - repository: 1ESPipelineTemplates + type: git + name: 1ESPipelineTemplates/1ESPipelineTemplates + ref: refs/tags/release + +extends: + template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates + parameters: + sdl: + sourceAnalysisPool: + name: Azure-Pipelines-1ESPT-ExDShared + os: windows + image: windows-latest + stages: + - stage: build + jobs: + - job: update_appsettings + pool: + name: Azure-Pipelines-1ESPT-ExDShared + os: linux + image: ubuntu-latest + templateContext: + sdl: + baseline: + baselineFile: $(Build.SourcesDirectory)/guardian/SDL/common/.gdnbaselines + suppression: + suppressionFile: $(Build.SourcesDirectory)/guardian/SDL/common/.gdnsuppress + steps: + - checkout: self + clean: true + submodules: true + + - pwsh: $(Build.SourcesDirectory)/scripts/update-versions.ps1 + displayName: "Update dependencies versions" + + - pwsh: | + New-Item -Path $(Build.ArtifactStagingDirectory)/AppSettings -ItemType Directory -Force -Verbose + Copy-Item $(Build.SourcesDirectory)/src/kiota/appsettings.json $(Build.ArtifactStagingDirectory)/AppSettings/appsettings.json -Force -Verbose + displayName: Prepare staging folder for upload + + - task: 1ES.PublishPipelineArtifact@1 + displayName: "Publish Artifact: AppSettings" + inputs: + artifactName: AppSettings + targetPath: "$(Build.ArtifactStagingDirectory)/AppSettings" + + - job: build + dependsOn: [update_appsettings] + pool: + name: Azure-Pipelines-1ESPT-ExDShared + os: windows # needed for compliance tasks + image: windows-latest + templateContext: + sdl: + baseline: + baselineFile: $(Build.SourcesDirectory)/guardian/SDL/common/.gdnbaselines + suppression: + suppressionFile: $(Build.SourcesDirectory)/guardian/SDL/common/.gdnsuppress + steps: + - checkout: self + clean: true + submodules: true + + - task: DownloadPipelineArtifact@2 + inputs: + artifact: AppSettings + source: current + targetPath: $(Build.ArtifactStagingDirectory)/AppSettings + + - pwsh: | + Copy-Item $(Build.ArtifactStagingDirectory)/AppSettings/appsettings.json $(Build.SourcesDirectory)/src/kiota/appsettings.json -Force -Verbose + displayName: Copy the appsettings.json + + - task: UseDotNet@2 + displayName: "Use .NET 6" # needed for ESRP signing + inputs: + version: 6.x + + - task: UseDotNet@2 + displayName: "Use .NET 8" + inputs: + version: 8.x + + # Install the nuget tool. + - task: NuGetToolInstaller@0 + displayName: "Use NuGet >=6.1.0" + inputs: + versionSpec: ">=6.1.0" + checkLatest: true + + - pwsh: $(Build.SourcesDirectory)/scripts/get-prerelease-version.ps1 -currentBranch $(Build.SourceBranch) -previewBranch ${{ parameters.previewBranch }} -excludeHeadingDash + displayName: "Set version suffix" + + - pwsh: $(Build.SourcesDirectory)/scripts/update-version-suffix-for-source-generator.ps1 -versionSuffix "$(versionSuffix)" + displayName: "Set version suffix in csproj for generators" + + - pwsh: $(Build.SourcesDirectory)/scripts/get-version-from-csproj.ps1 + displayName: "Get Kiota's version-number from .csproj" + + - pwsh: $(Build.SourcesDirectory)/scripts/get-release-notes.ps1 -version $(artifactVersion) + condition: eq(variables['isPrerelease'], 'false') + displayName: "Get release notes from CHANGELOG.md" + + - pwsh: $(Build.SourcesDirectory)/scripts/get-release-notes.ps1 -version Unreleased + condition: eq(variables['isPrerelease'], 'true') + + # Build the Product project + - task: DotNetCoreCLI@2 + condition: eq(variables['isPrerelease'], 'true') + displayName: "build" + inputs: + projects: '$(Build.SourcesDirectory)\kiota.sln' + arguments: '--configuration $(BuildConfiguration) --no-incremental --version-suffix "$(versionSuffix)"' + + # Build the Product project + - task: DotNetCoreCLI@2 + condition: eq(variables['isPrerelease'], 'false') + displayName: "build" + inputs: + projects: '$(Build.SourcesDirectory)\kiota.sln' + arguments: "--configuration $(BuildConfiguration) --no-incremental" + + # Run the Unit test + - task: DotNetCoreCLI@2 + displayName: "test" + inputs: + command: test + projects: '$(Build.SourcesDirectory)\kiota.sln' + arguments: "--configuration $(BuildConfiguration) --no-build" + + - task: EsrpCodeSigning@2 + displayName: "ESRP CodeSigning" + inputs: + ConnectedServiceName: "microsoftgraph ESRP CodeSign DLL and NuGet (AKV)" + FolderPath: src + signConfigType: inlineSignParams + UseMinimatch: true + Pattern: | + **\*.exe + **\*.dll + inlineOperation: | + [ { - "parameterName": "PageHash", - "parameterValue": "/NPH" + "keyCode": "CP-230012", + "operationSetCode": "SigntoolSign", + "parameters": [ + { + "parameterName": "OpusName", + "parameterValue": "Microsoft" + }, + { + "parameterName": "OpusInfo", + "parameterValue": "http://www.microsoft.com" + }, + { + "parameterName": "FileDigest", + "parameterValue": "/fd \"SHA256\"" + }, + { + "parameterName": "PageHash", + "parameterValue": "/NPH" + }, + { + "parameterName": "TimeStamp", + "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" + } + ], + "toolName": "sign", + "toolVersion": "1.0" }, { - "parameterName": "TimeStamp", - "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" + "keyCode": "CP-230012", + "operationSetCode": "SigntoolVerify", + "parameters": [ ], + "toolName": "sign", + "toolVersion": "1.0" } - ], - "toolName": "sign", - "toolVersion": "1.0" - }, - { - "keyCode": "CP-230012", - "operationSetCode": "SigntoolVerify", - "parameters": [ ], - "toolName": "sign", - "toolVersion": "1.0" - } - ] - SessionTimeout: 20 - - # Pack - - pwsh: dotnet pack $(Build.SourcesDirectory)/src/kiota/kiota.csproj -o $(Build.ArtifactStagingDirectory) --configuration $(BuildConfiguration) --no-build --include-symbols --include-source /p:SymbolPackageFormat=snupkg --version-suffix "$(versionSuffix)" - condition: eq(variables['isPrerelease'], 'true') - displayName: "pack kiota" - - - pwsh: dotnet pack $(Build.SourcesDirectory)/src/kiota/kiota.csproj -o $(Build.ArtifactStagingDirectory) --configuration $(BuildConfiguration) --no-build --include-symbols --include-source /p:SymbolPackageFormat=snupkg - condition: eq(variables['isPrerelease'], 'false') - displayName: "pack kiota" - - - pwsh: dotnet pack $(Build.SourcesDirectory)/src/Kiota.Builder/Kiota.Builder.csproj -o $(Build.ArtifactStagingDirectory) --configuration $(BuildConfiguration) --no-build --include-symbols --include-source /p:SymbolPackageFormat=snupkg --version-suffix "$(versionSuffix)" - condition: eq(variables['isPrerelease'], 'true') - displayName: "pack kiota builder" - - - pwsh: dotnet pack $(Build.SourcesDirectory)/src/Kiota.Builder/Kiota.Builder.csproj -o $(Build.ArtifactStagingDirectory) --configuration $(BuildConfiguration) --no-build --include-symbols --include-source /p:SymbolPackageFormat=snupkg - condition: eq(variables['isPrerelease'], 'false') - displayName: "pack kiota builder" - - - task: EsrpCodeSigning@2 - displayName: "ESRP CodeSigning Nuget Packages" - inputs: - ConnectedServiceName: "microsoftgraph ESRP CodeSign DLL and NuGet (AKV)" - FolderPath: "$(Build.ArtifactStagingDirectory)" - UseMinimatch: true - Pattern: "*.nupkg" - signConfigType: inlineSignParams - inlineOperation: | - [ - { - "keyCode": "CP-401405", - "operationSetCode": "NuGetSign", - "parameters": [ ], - "toolName": "sign", - "toolVersion": "1.0" - }, - { - "keyCode": "CP-401405", - "operationSetCode": "NuGetVerify", - "parameters": [ ], - "toolName": "sign", - "toolVersion": "1.0" - } - ] - SessionTimeout: 20 - - - task: CopyFiles@2 - displayName: Prepare staging folder for upload - inputs: - targetFolder: $(Build.ArtifactStagingDirectory)/Nugets - sourceFolder: $(Build.ArtifactStagingDirectory) - content: "*.nupkg" - - - task: PublishBuildArtifacts@1 - displayName: "Publish Artifact: Nugets" - inputs: - ArtifactName: Nugets - PathtoPublish: "$(Build.ArtifactStagingDirectory)/Nugets" - - - - job: build_binaries - dependsOn: [update_appsettings] - pool: - vmImage: $(vmImage) - strategy: - matrix: - win-x86: - architecture: 'win-x86' - vmImage: 'ubuntu-latest' - win-x64: - architecture: 'win-x64' - vmImage: 'ubuntu-latest' - linux-x64: - architecture: 'linux-x64' - vmImage: 'ubuntu-latest' - osx-x64: - architecture: 'osx-x64' - vmImage: 'macOS-latest' - osx-arm64: - architecture: 'osx-arm64' - vmImage: 'macOS-latest' - steps: - - checkout: self - clean: true - submodules: true - - task: UseDotNet@2 - displayName: "Use .NET 6" # needed for ESRP signing - inputs: - version: 6.x - - task: UseDotNet@2 - displayName: "Use .NET 8" - inputs: - version: 8.x - - - task: DownloadPipelineArtifact@2 - inputs: - artifact: AppSettings - source: current - targetPath: $(Build.ArtifactStagingDirectory)/AppSettings - - - pwsh: | - Copy-Item $(Build.ArtifactStagingDirectory)/AppSettings/appsettings.json $(Build.SourcesDirectory)/src/kiota/appsettings.json -Force -Verbose - displayName: Copy the appsettings.json - - - pwsh: $(Build.SourcesDirectory)/scripts/get-prerelease-version.ps1 -currentBranch $(Build.SourceBranch) -previewBranch $(previewBranch) -excludeHeadingDash - displayName: "Set version suffix" - - - pwsh: $(Build.SourcesDirectory)/scripts/update-version-suffix-for-source-generator.ps1 -versionSuffix "$(versionSuffix)" - displayName: "Set version suffix in csproj for generators" - - - pwsh: dotnet publish src/kiota/kiota.csproj -c Release --runtime $(architecture) -p:PublishSingleFile=true --self-contained --output $(Build.ArtifactStagingDirectory)/binaries/$(architecture) --version-suffix "$(versionSuffix)" - condition: eq(variables['isPrerelease'], 'true') - displayName: publish kiota as executable - - - pwsh: dotnet publish src/kiota/kiota.csproj -c Release --runtime $(architecture) -p:PublishSingleFile=true --self-contained --output $(Build.ArtifactStagingDirectory)/binaries/$(architecture) - condition: eq(variables['isPrerelease'], 'false') - displayName: publish kiota as executable - - - task: AzureKeyVault@2 - displayName: "Azure Key Vault: Get Secrets" - inputs: - azureSubscription: "MicrosofGraphKeyVault connection" - KeyVaultName: MicrosofGraphKeyVault - SecretsFilter: "graph-cli-apple-developer-certificate,graph-cli-apple-developer-certificate-password" - condition: and(succeeded(), startsWith(variables['architecture'], 'osx')) - - bash: | - set -e - security create-keychain -p pwd $(agent.tempdirectory)/buildagent.keychain - security default-keychain -s $(agent.tempdirectory)/buildagent.keychain - security unlock-keychain -p pwd $(agent.tempdirectory)/buildagent.keychain - echo "$(graph-cli-apple-developer-certificate)" | base64 -D > $(agent.tempdirectory)/cert.p12 - security import $(agent.tempdirectory)/cert.p12 -k $(agent.tempdirectory)/buildagent.keychain -P "$(graph-cli-apple-developer-certificate-password)" -T /usr/bin/codesign - security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k pwd $(agent.tempdirectory)/buildagent.keychain - codesign -s 6V7V694XP3 --deep --force --options runtime --entitlements scripts/entitlements.plist $(Build.ArtifactStagingDirectory)/binaries/$(architecture)/kiota - displayName: Set Hardened Entitlements - condition: and(succeeded(), startsWith(variables['architecture'], 'osx')) - - - task: EsrpCodeSigning@2 - condition: and(succeeded(), startsWith(variables['architecture'], 'win')) - inputs: - ConnectedServiceName: "microsoftgraph ESRP CodeSign DLL and NuGet (AKV)" - FolderPath: $(Build.ArtifactStagingDirectory)/binaries/$(architecture) - signConfigType: inlineSignParams - UseMinimatch: true - inlineOperation: | - [ - { - "keyCode": "CP-230012", - "operationSetCode": "SigntoolSign", - "parameters": [ + ] + SessionTimeout: 20 + + # Pack + - pwsh: dotnet pack $(Build.SourcesDirectory)/src/kiota/kiota.csproj -o $(Build.ArtifactStagingDirectory) --configuration $(BuildConfiguration) --no-build --include-symbols --include-source /p:SymbolPackageFormat=snupkg --version-suffix "$(versionSuffix)" + condition: eq(variables['isPrerelease'], 'true') + displayName: "pack kiota" + + - pwsh: dotnet pack $(Build.SourcesDirectory)/src/kiota/kiota.csproj -o $(Build.ArtifactStagingDirectory) --configuration $(BuildConfiguration) --no-build --include-symbols --include-source /p:SymbolPackageFormat=snupkg + condition: eq(variables['isPrerelease'], 'false') + displayName: "pack kiota" + + - pwsh: dotnet pack $(Build.SourcesDirectory)/src/Kiota.Builder/Kiota.Builder.csproj -o $(Build.ArtifactStagingDirectory) --configuration $(BuildConfiguration) --no-build --include-symbols --include-source /p:SymbolPackageFormat=snupkg --version-suffix "$(versionSuffix)" + condition: eq(variables['isPrerelease'], 'true') + displayName: "pack kiota builder" + + - pwsh: dotnet pack $(Build.SourcesDirectory)/src/Kiota.Builder/Kiota.Builder.csproj -o $(Build.ArtifactStagingDirectory) --configuration $(BuildConfiguration) --no-build --include-symbols --include-source /p:SymbolPackageFormat=snupkg + condition: eq(variables['isPrerelease'], 'false') + displayName: "pack kiota builder" + + - task: EsrpCodeSigning@2 + displayName: "ESRP CodeSigning Nuget Packages" + inputs: + ConnectedServiceName: "microsoftgraph ESRP CodeSign DLL and NuGet (AKV)" + FolderPath: "$(Build.ArtifactStagingDirectory)" + UseMinimatch: true + Pattern: "*.nupkg" + signConfigType: inlineSignParams + inlineOperation: | + [ { - "parameterName": "OpusName", - "parameterValue": "Microsoft" + "keyCode": "CP-401405", + "operationSetCode": "NuGetSign", + "parameters": [ ], + "toolName": "sign", + "toolVersion": "1.0" }, { - "parameterName": "OpusInfo", - "parameterValue": "http://www.microsoft.com" - }, - { - "parameterName": "FileDigest", - "parameterValue": "/fd \"SHA256\"" - }, - { - "parameterName": "PageHash", - "parameterValue": "/NPH" - }, - { - "parameterName": "TimeStamp", - "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" + "keyCode": "CP-401405", + "operationSetCode": "NuGetVerify", + "parameters": [ ], + "toolName": "sign", + "toolVersion": "1.0" } - ], - "toolName": "sign", - "toolVersion": "1.0" - }, - { - "keyCode": "CP-230012", - "operationSetCode": "SigntoolVerify", - "parameters": [ ], - "toolName": "sign", - "toolVersion": "1.0" - } - ] - SessionTimeout: 20 - Pattern: | - **\*.exe - **\*.dll - - pwsh: Remove-Item $(Build.ArtifactStagingDirectory)/binaries/$(architecture)/*.md -Verbose -Force -ErrorAction SilentlyContinue - - task: ArchiveFiles@2 - displayName: Archive binaries - inputs: - rootFolderOrFile: $(Build.ArtifactStagingDirectory)/binaries/$(architecture) - includeRootFolder: false - archiveType: zip - archiveFile: $(Build.ArtifactStagingDirectory)/binaries/$(architecture).zip - replaceExistingArchive: true - - task: EsrpCodeSigning@2 - condition: and(succeeded(), startsWith(variables['architecture'], 'osx')) - inputs: - ConnectedServiceName: "microsoftgraph ESRP CodeSign DLL and NuGet (AKV)" - FolderPath: $(Build.ArtifactStagingDirectory)/binaries - signConfigType: inlineSignParams - UseMinimatch: true - inlineOperation: | - [ - { - "keyCode": "CP-401337-Apple", - "OperationCode": "MacAppDeveloperSign", - "Parameters": { - "Hardening": "--options=runtime" - }, - "ToolName": "sign", - "ToolVersion": "1.0" - } - ] - SessionTimeout: 20 - Pattern: | - **/*.zip - - task: EsrpCodeSigning@2 - condition: and(succeeded(), startsWith(variables['architecture'], 'osx')) - inputs: - ConnectedServiceName: "microsoftgraph ESRP CodeSign DLL and NuGet (AKV)" - FolderPath: $(Build.ArtifactStagingDirectory)/binaries - signConfigType: inlineSignParams - UseMinimatch: true - inlineOperation: | - [ - { - "keyCode": "CP-401337-Apple", - "OperationCode": "MacAppNotarize", - "Parameters": { - "BundleId": "com.microsoft.kiota" - }, - "ToolName": "sign", - "ToolVersion": "1.0" - } - ] - SessionTimeout: 20 - Pattern: | - **/*.zip - - task: PublishBuildArtifacts@1 - displayName: "Publish Artifact: binaries" - inputs: - ArtifactName: Binaries - PathToPublish: "$(Build.ArtifactStagingDirectory)/binaries/$(architecture).zip" - - - - job: build_vscode_extension - dependsOn: [build_binaries] - pool: - vmImage: ubuntu-latest - steps: - - checkout: self - clean: true - submodules: true - - task: NodeTool@0 - inputs: - versionSpec: "18.x" - - task: DownloadPipelineArtifact@2 - inputs: - artifact: Binaries - source: current - targetPath: $(Build.ArtifactStagingDirectory)/Binaries - - pwsh: $(Build.SourcesDirectory)/scripts/get-prerelease-version.ps1 -currentBranch $(Build.SourceBranch) -previewBranch $(previewBranch) - displayName: "Set version suffix" - - pwsh: $(Build.SourcesDirectory)/scripts/get-version-from-csproj.ps1 - displayName: "Get Kiota's version-number from .csproj" - - pwsh: $(Build.SourcesDirectory)/scripts/update-vscode-releases.ps1 -version $(artifactVersion)$(versionSuffix) -filePath $(Build.SourcesDirectory)/vscode/microsoft-kiota/package.json -binaryFolderPath $(Build.ArtifactStagingDirectory)/Binaries - displayName: "Update VSCode extension version-number" - - pwsh: npm i -g @vscode/vsce - displayName: "Install vsce" - - pwsh: npm ci - displayName: "Install dependencies" - workingDirectory: $(Build.SourcesDirectory)/vscode/microsoft-kiota - - pwsh: vsce package --pre-release - displayName: "Package VSCode extension as pre-release" - workingDirectory: $(Build.SourcesDirectory)/vscode/microsoft-kiota - condition: eq(variables['isPrerelease'], 'true') - - pwsh: vsce package - displayName: "Package VSCode extension as release" - workingDirectory: $(Build.SourcesDirectory)/vscode/microsoft-kiota - condition: eq(variables['isPrerelease'], 'false') - - task: CopyFiles@2 - displayName: Prepare staging folder for upload - inputs: - targetFolder: $(Build.ArtifactStagingDirectory)/VSCode - sourceFolder: $(Build.SourcesDirectory)/vscode/microsoft-kiota - contents: "*.vsix" - - task: PublishBuildArtifacts@1 - displayName: "Publish Artifact: VSCode" - inputs: - ArtifactName: VSCode - PathToPublish: "$(Build.ArtifactStagingDirectory)/VSCode" - - - stage: deploy - condition: and(or(contains(variables['build.sourceBranch'], 'refs/tags/v'), eq(variables['build.sourceBranch'], variables['previewBranch'])), succeeded()) - dependsOn: build - jobs: - - job: vs_marketplace - variables: - - group: kiota-vscode-extension-publish - dependsOn: - - github_release - pool: - vmImage: ubuntu-latest - steps: - - download: none - - checkout: self - clean: true - submodules: true - - task: DownloadPipelineArtifact@2 - inputs: - artifact: VSCode - source: current - - task: NodeTool@0 - inputs: - versionSpec: "18.x" - - pwsh: npm i -g @vscode/vsce - - pwsh: $(Build.SourcesDirectory)/scripts/get-prerelease-version.ps1 -currentBranch $(Build.SourceBranch) -previewBranch $(previewBranch) - displayName: "Set version suffix" - - pwsh: | - Get-ChildItem -Path $(Pipeline.Workspace) -Filter *.vsix -Recurse | ForEach-Object { - Write-Host "Publishing $_.FullName" - if ($Env:isPrerelease -eq "true") { - Write-Host "Publishing $_.FullName as a pre-release" - vsce publish --pat "$(vs-marketplace-token)" --packagePath $_.FullName --pre-release - } - else { - Write-Host "Publishing $_.FullName as a release" - vsce publish --pat "$(vs-marketplace-token)" --packagePath $_.FullName - } - } - env: - isPrerelease: $(isPrerelease) - - deployment: github_release - dependsOn: [] - environment: kiota-github-releases - pool: - vmImage: ubuntu-latest - strategy: - runOnce: - deploy: - steps: - - download: none - - checkout: self - clean: true - submodules: true - - task: DownloadPipelineArtifact@2 - inputs: - artifact: Binaries - source: current - - task: DownloadPipelineArtifact@2 - inputs: - artifact: VSCode - source: current + ] + SessionTimeout: 20 + + - task: CopyFiles@2 + displayName: Prepare staging folder for upload + inputs: + targetFolder: $(Build.ArtifactStagingDirectory)/Nugets + sourceFolder: $(Build.ArtifactStagingDirectory) + content: "*.nupkg" + + - task: 1ES.PublishPipelineArtifact@1 + displayName: "Publish Artifact: Nugets" + inputs: + artifactName: Nugets + targetPath: "$(Build.ArtifactStagingDirectory)/Nugets" + + # using a loop instead of a matrix due to 1ES template limitations + # https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/1es-pipeline-templates/faqs + - ${{ each distribution in parameters.distributions }}: + - job: ${{ distribution.jobPrefix }}_build_binaries + dependsOn: [update_appsettings] + pool: + name: ${{ distribution.pool }} + os: ${{ distribution.os }} + image: ${{ distribution.image }} + templateContext: + sdl: + baseline: + baselineFile: $(Build.SourcesDirectory)/guardian/SDL/common/.gdnbaselines + suppression: + suppressionFile: $(Build.SourcesDirectory)/guardian/SDL/common/.gdnsuppress + + steps: + - checkout: self + clean: true + submodules: true + - task: UseDotNet@2 + displayName: "Use .NET 6" # needed for ESRP signing + inputs: + version: 6.x + - task: UseDotNet@2 + displayName: "Use .NET 8" + inputs: + version: 8.x + + - task: DownloadPipelineArtifact@2 + inputs: + artifact: AppSettings + source: current + targetPath: $(Build.ArtifactStagingDirectory)/AppSettings + + - pwsh: | + Copy-Item $(Build.ArtifactStagingDirectory)/AppSettings/appsettings.json $(Build.SourcesDirectory)/src/kiota/appsettings.json -Force -Verbose + displayName: Copy the appsettings.json + + - pwsh: $(Build.SourcesDirectory)/scripts/get-prerelease-version.ps1 -currentBranch $(Build.SourceBranch) -previewBranch ${{ parameters.previewBranch }} -excludeHeadingDash + displayName: "Set version suffix" + + - pwsh: $(Build.SourcesDirectory)/scripts/update-version-suffix-for-source-generator.ps1 -versionSuffix "$(versionSuffix)" + displayName: "Set version suffix in csproj for generators" + + - pwsh: dotnet publish src/kiota/kiota.csproj -c Release --runtime ${{ distribution.architecture }} -p:PublishSingleFile=true --self-contained --output $(Build.ArtifactStagingDirectory)/binaries/${{ distribution.architecture }} --version-suffix "$(versionSuffix)" + condition: eq(variables['isPrerelease'], 'true') + displayName: publish kiota as executable + + - pwsh: dotnet publish src/kiota/kiota.csproj -c Release --runtime ${{ distribution.architecture }} -p:PublishSingleFile=true --self-contained --output $(Build.ArtifactStagingDirectory)/binaries/${{ distribution.architecture }} + condition: eq(variables['isPrerelease'], 'false') + displayName: publish kiota as executable + + - task: AzureKeyVault@2 + displayName: "Azure Key Vault: Get Secrets" + inputs: + azureSubscription: "MicrosofGraphKeyVault connection" + KeyVaultName: MicrosofGraphKeyVault + SecretsFilter: "graph-cli-apple-developer-certificate,graph-cli-apple-developer-certificate-password" + condition: and(succeeded(), startsWith('${{ distribution.architecture }}', 'osx')) + - bash: | + set -e + security create-keychain -p pwd $(agent.tempdirectory)/buildagent.keychain + security default-keychain -s $(agent.tempdirectory)/buildagent.keychain + security unlock-keychain -p pwd $(agent.tempdirectory)/buildagent.keychain + echo "$(graph-cli-apple-developer-certificate)" | base64 -D > $(agent.tempdirectory)/cert.p12 + security import $(agent.tempdirectory)/cert.p12 -k $(agent.tempdirectory)/buildagent.keychain -P "$(graph-cli-apple-developer-certificate-password)" -T /usr/bin/codesign + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k pwd $(agent.tempdirectory)/buildagent.keychain + codesign -s 6V7V694XP3 --deep --force --options runtime --entitlements scripts/entitlements.plist $(Build.ArtifactStagingDirectory)/binaries/${{ distribution.architecture }}/kiota + displayName: Set Hardened Entitlements + condition: and(succeeded(), startsWith('${{ distribution.architecture }}', 'osx')) + + - task: EsrpCodeSigning@2 + condition: and(succeeded(), startsWith('${{ distribution.architecture }}', 'win')) + inputs: + ConnectedServiceName: "microsoftgraph ESRP CodeSign DLL and NuGet (AKV)" + FolderPath: $(Build.ArtifactStagingDirectory)/binaries/${{ distribution.architecture }} + signConfigType: inlineSignParams + UseMinimatch: true + inlineOperation: | + [ + { + "keyCode": "CP-230012", + "operationSetCode": "SigntoolSign", + "parameters": [ + { + "parameterName": "OpusName", + "parameterValue": "Microsoft" + }, + { + "parameterName": "OpusInfo", + "parameterValue": "http://www.microsoft.com" + }, + { + "parameterName": "FileDigest", + "parameterValue": "/fd \"SHA256\"" + }, + { + "parameterName": "PageHash", + "parameterValue": "/NPH" + }, + { + "parameterName": "TimeStamp", + "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" + } + ], + "toolName": "sign", + "toolVersion": "1.0" + }, + { + "keyCode": "CP-230012", + "operationSetCode": "SigntoolVerify", + "parameters": [ ], + "toolName": "sign", + "toolVersion": "1.0" + } + ] + SessionTimeout: 20 + Pattern: | + **\*.exe + **\*.dll + - pwsh: Remove-Item $(Build.ArtifactStagingDirectory)/binaries/${{ distribution.architecture }}/*.md -Verbose -Force -ErrorAction SilentlyContinue + - task: ArchiveFiles@2 + displayName: Archive binaries + inputs: + rootFolderOrFile: $(Build.ArtifactStagingDirectory)/binaries/${{ distribution.architecture }} + includeRootFolder: false + archiveType: zip + archiveFile: $(Build.ArtifactStagingDirectory)/binaries/${{ distribution.architecture }}.zip + replaceExistingArchive: true + - task: EsrpCodeSigning@2 + condition: and(succeeded(), startsWith('${{ distribution.architecture }}', 'osx')) + inputs: + ConnectedServiceName: "microsoftgraph ESRP CodeSign DLL and NuGet (AKV)" + FolderPath: $(Build.ArtifactStagingDirectory)/binaries + signConfigType: inlineSignParams + UseMinimatch: true + inlineOperation: | + [ + { + "keyCode": "CP-401337-Apple", + "OperationCode": "MacAppDeveloperSign", + "Parameters": { + "Hardening": "--options=runtime" + }, + "ToolName": "sign", + "ToolVersion": "1.0" + } + ] + SessionTimeout: 20 + Pattern: | + **/*.zip + - task: EsrpCodeSigning@2 + condition: and(succeeded(), startsWith('${{ distribution.architecture }}', 'osx')) + inputs: + ConnectedServiceName: "microsoftgraph ESRP CodeSign DLL and NuGet (AKV)" + FolderPath: $(Build.ArtifactStagingDirectory)/binaries + signConfigType: inlineSignParams + UseMinimatch: true + inlineOperation: | + [ + { + "keyCode": "CP-401337-Apple", + "OperationCode": "MacAppNotarize", + "Parameters": { + "BundleId": "com.microsoft.kiota" + }, + "ToolName": "sign", + "ToolVersion": "1.0" + } + ] + SessionTimeout: 20 + Pattern: | + **/*.zip + - task: 1ES.PublishPipelineArtifact@1 + displayName: "Publish Artifact: binaries" + inputs: + artifactName: Binaries_${{ distribution.jobPrefix }} + sbomBuildDropPath: $(Build.ArtifactStagingDirectory)/binaries/${{ distribution.architecture }} + targetPath: "$(Build.ArtifactStagingDirectory)/binaries/${{ distribution.architecture }}.zip" + + - job: build_vscode_extension + dependsOn: + [ + win_x64_build_binaries, + win_x86_build_binaries, + linux_x64_build_binaries, + osx_x64_build_binaries, + osx_arm64_build_binaries, + ] + pool: + name: Azure-Pipelines-1ESPT-ExDShared + os: linux + image: ubuntu-latest + templateContext: + sdl: + baseline: + baselineFile: $(Build.SourcesDirectory)/guardian/SDL/common/.gdnbaselines + suppression: + suppressionFile: $(Build.SourcesDirectory)/guardian/SDL/common/.gdnsuppress + steps: + - checkout: self + clean: true + submodules: true + - task: NodeTool@0 + inputs: + versionSpec: "18.x" + - ${{ each distribution in parameters.distributions }}: - task: DownloadPipelineArtifact@2 + displayName: Download ${{ distribution.jobPrefix }} binaries from artifacts inputs: - artifact: Nugets + artifact: Binaries_${{ distribution.jobPrefix }} source: current - - pwsh: $(Build.SourcesDirectory)/scripts/get-prerelease-version.ps1 -currentBranch $(Build.SourceBranch) -previewBranch $(previewBranch) - displayName: "Set version suffix" - - pwsh: $(Build.SourcesDirectory)/scripts/get-version-from-csproj.ps1 - displayName: "Get Kiota's version-number from .csproj" - - pwsh: $(Build.SourcesDirectory)/scripts/get-release-notes.ps1 -version $(artifactVersion) -createNotes - condition: eq(variables['isPrerelease'], 'false') - displayName: "Get release notes from CHANGELOG.md" - - pwsh: $(Build.SourcesDirectory)/scripts/get-release-notes.ps1 -version Unreleased -createNotes - condition: eq(variables['isPrerelease'], 'true') - displayName: "Get release notes from CHANGELOG.md" - - task: GitHubRelease@1 - condition: eq(variables['isPrerelease'], 'false') - inputs: - gitHubConnection: 'microsoftkiota' - tagSource: userSpecifiedTag - tag: 'v$(artifactVersion)' - title: 'v$(artifactVersion)' - releaseNotesSource: filePath - releaseNotesFilePath: $(Build.SourcesDirectory)/release-notes.txt - assets: | - $(Pipeline.Workspace)/*.zip - $(Pipeline.Workspace)/*.vsix - $(Pipeline.Workspace)/*.nupkg - $(Pipeline.Workspace)/*.snupkg - addChangeLog: false - - task: GitHubRelease@1 - condition: eq(variables['isPrerelease'], 'true') - inputs: - gitHubConnection: 'microsoftkiota' - tagSource: userSpecifiedTag - tag: 'v$(artifactVersion)$(versionSuffix)' - title: 'v$(artifactVersion)$(versionSuffix)' - releaseNotesSource: filePath - releaseNotesFilePath: $(Build.SourcesDirectory)/release-notes.txt - assets: | - $(Pipeline.Workspace)/*.zip - $(Pipeline.Workspace)/*.vsix - $(Pipeline.Workspace)/*.nupkg - $(Pipeline.Workspace)/*.snupkg - addChangeLog: false - isPreRelease: true - - - deployment: deploy_kiota - dependsOn: [] - environment: nuget-org - pool: - vmImage: ubuntu-latest - strategy: - runOnce: - deploy: - steps: - - download: none - - task: DownloadPipelineArtifact@2 - displayName: Download nupkg from artifacts - inputs: - artifact: Nugets - source: current - - powershell: | - Remove-Item "$(Pipeline.Workspace)/Microsoft.OpenApi.Kiota.Builder.*.nupkg" -Verbose - displayName: remove other nupkgs to avoid duplication - - task: NuGetCommand@2 - displayName: "NuGet push" - inputs: - command: push - packagesToPush: "$(Pipeline.Workspace)/Microsoft.OpenApi.Kiota.*.nupkg" - nuGetFeedType: external - publishFeedCredentials: "OpenAPI Nuget Connection" - - - deployment: deploy_builder - dependsOn: [] - environment: nuget-org - pool: - vmImage: ubuntu-latest - strategy: - runOnce: - deploy: - steps: - - download: none - - task: DownloadPipelineArtifact@2 - displayName: Download nupkg from artifacts - inputs: - artifact: Nugets - source: current - - powershell: | - Remove-Item "$(Pipeline.Workspace)/Microsoft.OpenApi.Kiota.*.nupkg" -Verbose -Exclude "*.Builder.*" - displayName: remove other nupkgs to avoid duplication - - task: NuGetCommand@2 - displayName: "NuGet push" - inputs: - command: push - packagesToPush: "$(Pipeline.Workspace)/Microsoft.OpenApi.Kiota.Builder.*.nupkg" - nuGetFeedType: external - publishFeedCredentials: "OpenAPI Nuget Connection" + targetPath: $(Build.ArtifactStagingDirectory)/Binaries + - pwsh: $(Build.SourcesDirectory)/scripts/get-prerelease-version.ps1 -currentBranch $(Build.SourceBranch) -previewBranch ${{ parameters.previewBranch }} + displayName: "Set version suffix" + - pwsh: $(Build.SourcesDirectory)/scripts/get-version-from-csproj.ps1 + displayName: "Get Kiota's version-number from .csproj" + - pwsh: $(Build.SourcesDirectory)/scripts/update-vscode-releases.ps1 -version $(artifactVersion)$(versionSuffix) -filePath $(Build.SourcesDirectory)/vscode/microsoft-kiota/package.json -binaryFolderPath $(Build.ArtifactStagingDirectory)/Binaries + displayName: "Update VSCode extension version-number" + - pwsh: npm i -g @vscode/vsce + displayName: "Install vsce" + - pwsh: npm ci + displayName: "Install dependencies" + workingDirectory: $(Build.SourcesDirectory)/vscode/microsoft-kiota + - pwsh: vsce package --pre-release + displayName: "Package VSCode extension as pre-release" + workingDirectory: $(Build.SourcesDirectory)/vscode/microsoft-kiota + condition: eq(variables['isPrerelease'], 'true') + - pwsh: vsce package + displayName: "Package VSCode extension as release" + workingDirectory: $(Build.SourcesDirectory)/vscode/microsoft-kiota + condition: eq(variables['isPrerelease'], 'false') + - task: CopyFiles@2 + displayName: Prepare staging folder for upload + inputs: + targetFolder: $(Build.ArtifactStagingDirectory)/VSCode + sourceFolder: $(Build.SourcesDirectory)/vscode/microsoft-kiota + contents: "*.vsix" + - task: 1ES.PublishPipelineArtifact@1 + displayName: "Publish Artifact: VSCode" + inputs: + artifactName: VSCode + targetPath: "$(Build.ArtifactStagingDirectory)/VSCode" + + - stage: deploy + condition: and(or(contains(variables['build.sourceBranch'], 'refs/tags/v'), eq(variables['build.sourceBranch'], '${{ parameters.previewBranch }}')), succeeded()) + dependsOn: build + jobs: + - job: vs_marketplace + pool: + name: Azure-Pipelines-1ESPT-ExDShared + os: linux + image: ubuntu-latest + templateContext: + sdl: + baseline: + baselineFile: $(Build.SourcesDirectory)/guardian/SDL/common/.gdnbaselines + suppression: + suppressionFile: $(Build.SourcesDirectory)/guardian/SDL/common/.gdnsuppress + variables: + - group: kiota-vscode-extension-publish + dependsOn: + - github_release + steps: + - download: none + - checkout: self + clean: true + submodules: true + - task: DownloadPipelineArtifact@2 + inputs: + artifact: VSCode + source: current + - task: NodeTool@0 + inputs: + versionSpec: "18.x" + - pwsh: npm i -g @vscode/vsce + - pwsh: $(Build.SourcesDirectory)/scripts/get-prerelease-version.ps1 -currentBranch $(Build.SourceBranch) -previewBranch ${{ parameters.previewBranch }} + displayName: "Set version suffix" + - pwsh: | + Get-ChildItem -Path $(Pipeline.Workspace) -Filter *.vsix -Recurse | ForEach-Object { + Write-Host "Publishing $_.FullName" + if ($Env:isPrerelease -eq "true") { + Write-Host "Publishing $_.FullName as a pre-release" + vsce publish --pat "$(vs-marketplace-token)" --packagePath $_.FullName --pre-release + } + else { + Write-Host "Publishing $_.FullName as a release" + vsce publish --pat "$(vs-marketplace-token)" --packagePath $_.FullName + } + } + env: + isPrerelease: $(isPrerelease) + - deployment: github_release + pool: + name: Azure-Pipelines-1ESPT-ExDShared + os: linux + image: ubuntu-latest + templateContext: + sdl: + baseline: + baselineFile: $(Build.SourcesDirectory)/guardian/SDL/common/.gdnbaselines + suppression: + suppressionFile: $(Build.SourcesDirectory)/guardian/SDL/common/.gdnsuppress + dependsOn: [] + environment: kiota-github-releases + strategy: + runOnce: + deploy: + steps: + - download: none + - checkout: self + clean: true + submodules: true + - ${{ each distribution in parameters.distributions }}: + - task: DownloadPipelineArtifact@2 + displayName: Download ${{ distribution.jobPrefix }} binaries from artifacts + inputs: + artifact: Binaries_${{ distribution.jobPrefix }} + source: current + - task: DownloadPipelineArtifact@2 + inputs: + artifact: VSCode + source: current + - task: DownloadPipelineArtifact@2 + inputs: + artifact: Nugets + source: current + - pwsh: $(Build.SourcesDirectory)/scripts/get-prerelease-version.ps1 -currentBranch $(Build.SourceBranch) -previewBranch ${{ parameters.previewBranch }} + displayName: "Set version suffix" + - pwsh: $(Build.SourcesDirectory)/scripts/get-version-from-csproj.ps1 + displayName: "Get Kiota's version-number from .csproj" + - pwsh: $(Build.SourcesDirectory)/scripts/get-release-notes.ps1 -version $(artifactVersion) -createNotes + condition: eq(variables['isPrerelease'], 'false') + displayName: "Get release notes from CHANGELOG.md" + - pwsh: $(Build.SourcesDirectory)/scripts/get-release-notes.ps1 -version Unreleased -createNotes + condition: eq(variables['isPrerelease'], 'true') + displayName: "Get release notes from CHANGELOG.md" + - task: GitHubRelease@1 + condition: eq(variables['isPrerelease'], 'false') + inputs: + gitHubConnection: "microsoftkiota" + tagSource: userSpecifiedTag + tag: "v$(artifactVersion)" + title: "v$(artifactVersion)" + releaseNotesSource: filePath + releaseNotesFilePath: $(Build.SourcesDirectory)/release-notes.txt + assets: | + $(Pipeline.Workspace)/*.zip + $(Pipeline.Workspace)/*.vsix + $(Pipeline.Workspace)/*.nupkg + $(Pipeline.Workspace)/*.snupkg + addChangeLog: false + - task: GitHubRelease@1 + condition: eq(variables['isPrerelease'], 'true') + inputs: + gitHubConnection: "microsoftkiota" + tagSource: userSpecifiedTag + tag: "v$(artifactVersion)$(versionSuffix)" + title: "v$(artifactVersion)$(versionSuffix)" + releaseNotesSource: filePath + releaseNotesFilePath: $(Build.SourcesDirectory)/release-notes.txt + assets: | + $(Pipeline.Workspace)/*.zip + $(Pipeline.Workspace)/*.vsix + $(Pipeline.Workspace)/*.nupkg + $(Pipeline.Workspace)/*.snupkg + addChangeLog: false + isPreRelease: true + + - deployment: deploy_kiota + pool: + name: Azure-Pipelines-1ESPT-ExDShared + os: linux + image: ubuntu-latest + dependsOn: [] + environment: nuget-org + strategy: + runOnce: + deploy: + steps: + - download: none + - task: DownloadPipelineArtifact@2 + displayName: Download nupkg from artifacts + inputs: + artifact: Nugets + source: current + - powershell: | + Remove-Item "$(Pipeline.Workspace)/Microsoft.OpenApi.Kiota.Builder.*.nupkg" -Verbose + displayName: remove other nupkgs to avoid duplication + - task: 1ES.PublishNuget@1 + displayName: "NuGet push" + inputs: + packagesToPush: "$(Pipeline.Workspace)/Microsoft.OpenApi.Kiota.*.nupkg" + packageParentPath: '$(Pipeline.Workspace)' + nuGetFeedType: external + publishFeedCredentials: "OpenAPI Nuget Connection" + + - deployment: deploy_builder + pool: + name: Azure-Pipelines-1ESPT-ExDShared + os: linux + image: ubuntu-latest + dependsOn: [] + environment: nuget-org + strategy: + runOnce: + deploy: + steps: + - download: none + - task: DownloadPipelineArtifact@2 + displayName: Download nupkg from artifacts + inputs: + artifact: Nugets + source: current + - powershell: | + Remove-Item "$(Pipeline.Workspace)/Microsoft.OpenApi.Kiota.*.nupkg" -Verbose -Exclude "*.Builder.*" + displayName: remove other nupkgs to avoid duplication + - task: 1ES.PublishNuget@1 + displayName: "NuGet push" + inputs: + packagesToPush: "$(Pipeline.Workspace)/Microsoft.OpenApi.Kiota.Builder.*.nupkg" + packageParentPath: '$(Pipeline.Workspace)' + nuGetFeedType: external + publishFeedCredentials: "OpenAPI Nuget Connection" diff --git a/guardian/SDL/common/.gdnbaselines b/guardian/SDL/common/.gdnbaselines new file mode 100644 index 0000000000..1231ed2191 --- /dev/null +++ b/guardian/SDL/common/.gdnbaselines @@ -0,0 +1,28 @@ +{ + "hydrated": true, + "properties": { + "helpUri": "https://eng.ms/docs/microsoft-security/security/azure-security/cloudai-security-fundamentals-engineering/security-integration/guardian-wiki/microsoft-guardian/general/baselines", + "hydrationStatus": "This file contains identifying data. It is **NOT** safe to check into your repo. To dehydrate this file, run `guardian dehydrate --help` and follow the guidance." + }, + "version": "1.0.0", + "baselines": { + "default": { + "name": "default", + "createdDate": "2024-02-06 16:30:49Z", + "lastUpdatedDate": "2024-02-06 16:30:49Z" + } + }, + "results": { + "b3736a918ff8d688843a2c76bfce1661c484e260144140c9df23f1147da102c0": { + "signature": "b3736a918ff8d688843a2c76bfce1661c484e260144140c9df23f1147da102c0", + "alternativeSignatures": [], + "target": "spotbugs.xml", + "memberOf": [ + "default" + ], + "tool": "spotbugs", + "ruleId": "gdn.unknownFormatResult", + "createdDate": "2024-02-06 16:30:49Z" + } + } +} \ No newline at end of file diff --git a/guardian/SDL/common/.gdnsuppress b/guardian/SDL/common/.gdnsuppress new file mode 100644 index 0000000000..a699b50b61 --- /dev/null +++ b/guardian/SDL/common/.gdnsuppress @@ -0,0 +1,28 @@ +{ + "hydrated": true, + "properties": { + "helpUri": "https://eng.ms/docs/microsoft-security/security/azure-security/cloudai-security-fundamentals-engineering/security-integration/guardian-wiki/microsoft-guardian/general/suppressions", + "hydrationStatus": "This file contains identifying data. It is **NOT** safe to check into your repo. To dehydrate this file, run `guardian dehydrate --help` and follow the guidance." + }, + "version": "1.0.0", + "suppressionSets": { + "default": { + "name": "default", + "createdDate": "2024-02-06 16:30:49Z", + "lastUpdatedDate": "2024-02-06 16:30:49Z" + } + }, + "results": { + "b3736a918ff8d688843a2c76bfce1661c484e260144140c9df23f1147da102c0": { + "signature": "b3736a918ff8d688843a2c76bfce1661c484e260144140c9df23f1147da102c0", + "alternativeSignatures": [], + "target": "spotbugs.xml", + "memberOf": [ + "default" + ], + "tool": "spotbugs", + "ruleId": "gdn.unknownFormatResult", + "createdDate": "2024-02-06 16:30:49Z" + } + } +} \ No newline at end of file