You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
147 lines
5.8 KiB
147 lines
5.8 KiB
#################################################################################
|
|
# Licensed to the .NET Foundation under one or more agreements. #
|
|
# The .NET Foundation licenses this file to you under the MIT license. #
|
|
# See the LICENSE file in the project root for more information. #
|
|
#################################################################################
|
|
|
|
name: $(Year:YY)$(DayOfYear)$(Rev:.r)
|
|
|
|
# @TODO: Add triggers and schedules
|
|
|
|
parameters:
|
|
- name: oneBranchType
|
|
displayName: 'OneBranch template'
|
|
type: 'string'
|
|
values:
|
|
- 'Official'
|
|
- 'NonOfficial'
|
|
default: 'Official'
|
|
|
|
- name: buildConfiguration
|
|
displayName: 'Build configuration'
|
|
type: 'string'
|
|
values:
|
|
- 'Release'
|
|
- 'Debug'
|
|
default: 'Release'
|
|
|
|
- name: publishSymbols
|
|
displayName: 'Publish symbols'
|
|
type: 'boolean'
|
|
default: false
|
|
|
|
- name: runSdlTasks
|
|
displayName: 'Run SDL Tasks'
|
|
type: 'boolean'
|
|
default: true
|
|
|
|
variables:
|
|
- template: /eng/pipelines/variables/common-variables.yml@self
|
|
- template: /eng/pipelines/variables/onebranch-variables.yml@self
|
|
- template: /eng/pipelines/variables/esrp-signing-variables.yml@self
|
|
- template: /eng/pipelines/variables/akv-official-variables.yml@self
|
|
|
|
resources:
|
|
repositories:
|
|
- repository: templates
|
|
type: 'git'
|
|
name: 'OneBranch.Pipelines/GovernedTemplates'
|
|
ref: 'refs/heads/main'
|
|
|
|
extends:
|
|
template: 'v2/OneBranch.${{ parameters.oneBranchType }}.CrossPlat.yml@templates'
|
|
|
|
parameters:
|
|
featureFlags:
|
|
WindowsHostVersion:
|
|
Version: '2022'
|
|
|
|
globalSdl:
|
|
# See https://aka.ms/obpipelines/sdl
|
|
|
|
apiscan:
|
|
enabled: ${{ parameters.runSdlTasks }}
|
|
softwareFolder: '${{ variables.apiScanDllPath }}'
|
|
softwareName: 'Microsoft.Data.SqlClient' # Note: This name is registered with ApiScan
|
|
softwareVersionNum: '${{ variables.assemblyFileVersion }}'
|
|
symbolsFolder: '${{ variables.apiScanPdbPath }}'
|
|
|
|
armory:
|
|
enabled: ${{ parameters.runSdlTasks }}
|
|
break: true
|
|
|
|
asyncSdl:
|
|
# If this should be enabled, move supported tools under this item,
|
|
# see https://aka.ms/obpipelines/asyncsdl
|
|
enabled: false
|
|
|
|
binskim:
|
|
enabled: ${{ parameters.runSdlTasks }}
|
|
break: true
|
|
|
|
codeinspector:
|
|
enabled: ${{ parameters.runSdlTasks }}
|
|
logLevel: Error
|
|
|
|
codeql:
|
|
enabled: ${{ parameters.runSdlTasks }}
|
|
sourceRoot: '$(REPO_ROOT)/src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider'
|
|
# Note, this can only be done if project doesn't depend on other projects. In
|
|
# package reference mode, this is true, but if we ever enable project reference
|
|
# builds, this will have to be removed.
|
|
|
|
credscan:
|
|
enabled: ${{ parameters.runSdlTasks }}
|
|
suppressionsFile: '$(REPO_ROOT)/.config/CredScanSuppressions.json'
|
|
|
|
eslint:
|
|
enabled: false
|
|
|
|
policheck:
|
|
enabled: ${{ parameters.runSdlTasks }}
|
|
break: true
|
|
exclusionFile: '$(REPO_ROOT)/.config/PolicheckExclusions.xml'
|
|
|
|
roslyn:
|
|
enabled: ${{ parameters.runSdlTasks }}
|
|
break: true
|
|
# Requires RoslynAnalyzers task to be added after build task
|
|
|
|
publishLogs:
|
|
enabled: ${{ parameters.runSdlTasks }}
|
|
|
|
sbom:
|
|
enabled: ${{ parameters.runSdlTasks }}
|
|
packageName: 'Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider'
|
|
packageVersion: ${{ variables.nugetPackageVersion }}
|
|
|
|
tsa:
|
|
# OneBranch publishes all sdl results to TSA. If TSA is disabled all SDL tools will
|
|
# be forced into 'break' build mode.
|
|
enabled: ${{ eq(parameters.oneBranchType, 'Official') }}
|
|
configFile: '$(REPO_ROOT)/.config/tsaoptions.json'
|
|
|
|
stages:
|
|
- stage: BuildAkv
|
|
displayName: 'Build AKV'
|
|
jobs:
|
|
- template: /eng/pipelines/jobs/build-akv-official-job.yml@self
|
|
parameters:
|
|
apiScanDllPath: '${{ variables.apiScanDllPath }}'
|
|
apiScanPdbPath: '${{ variables.apiScanPdbPath }}'
|
|
assemblyFileVersion: '${{ variables.assemblyFileVersion }}'
|
|
buildConfiguration: '${{ parameters.buildConfiguration }}'
|
|
nugetPackageVersion: '${{ variables.nugetPackageVersion }}'
|
|
mdsPackageVersion: '${{ variables.mdsPackageVersion }}'
|
|
publishSymbols: '${{ parameters.publishSymbols }}'
|
|
signingAppRegistrationClientId: '$(SigningAppRegistrationClientId)'
|
|
signingAppRegistrationTenantId: '$(SigningAppRegistrationTenantId)'
|
|
signingAuthAkvName: '$(SigningAuthAkvName)'
|
|
signingAuthSignCertName: '$(SigningAuthSignCertName)'
|
|
signingEsrpClientId: '$(SigningEsrpClientId)'
|
|
signingEsrpConnectedServiceName: '$(SigningEsrpConnectedServiceName)'
|
|
symbolsAzureSubscription: '$(SymbolsAzureSubscription)'
|
|
symbolsPublishProjectName: '$(SymbolsPublishProjectName)'
|
|
symbolsPublishServer: '$(SymbolsPublishServer)'
|
|
symbolsPublishTokenUri: '$(SymbolsPublishTokenUri)'
|
|
symbolsUploadAccount: '$(SymbolsUploadAccount)'
|