Restructure pipeline to move release steps out of Package ES (#1659)

* Pipeline update * moving download internals up in order * updated internal download step and removed duplicate isPublicRelease parameter
2021-08-26 08:47:10 -07:00
parent 10ae9430a0
commit b0e9e0ab56
10 changed files with 305 additions and 279 deletions
--- a/build/pipelines/templates/build-single-architecture.yaml
+++ b/build/pipelines/templates/build-single-architecture.yaml
@@ -1,10 +1,41 @@
-# This template contains steps to build the app for a single architecture.
-# The job containing these steps must set the variables 'BuildConfiguration' and 'BuildPlatform'.
+# This template contains a job to build the app for a single architecture.

 parameters:
-  extraMsBuildArgs: ''
+  isReleaseBuild: false
+  useTestVersionOfInternalsPackage: false
+  platform: ''
+  condition: ''
+
+jobs:
+- job: Build${{ parameters.platform }}
+  displayName: Build ${{ parameters.platform }}
+  condition: ${{ parameters.condition }}
+  pool:
+    vmImage: windows-2019
+  variables:
+    BuildConfiguration: Release
+    BuildPlatform: ${{ parameters.platform }}
+    ${{ if eq(parameters.isReleaseBuild, true) }}:
+      ExtraMSBuildArgs: '/p:IsStoreBuild=true'
+    ${{ if eq(parameters.isReleaseBuild, false) }}:
+      ExtraMSBuildArgs: ''
+  steps:
+  - checkout: self
+    fetchDepth: 1
+
+  - ${{ if eq(parameters.isReleaseBuild, true) }}:
+    - task: UniversalPackages@0
+      displayName: Download internals package
+      inputs:
+        command: download
+        downloadDirectory: $(Build.SourcesDirectory)
+        vstsFeed: WindowsInboxApps
+        vstsFeedPackage: calculator-internals
+        ${{ if eq(parameters.useTestVersionOfInternalsPackage, false) }}:
+          vstsPackageVersion: 0.0.66
+        ${{ if eq(parameters.useTestVersionOfInternalsPackage, true) }}:
+          vstsPackageVersion: 0.0.65

-steps:
  - task: NuGetToolInstaller@1
    displayName: Use NuGet 5.x
    inputs:
@@ -29,7 +60,7 @@ steps:
    inputs:
      solution: src/Calculator.sln
      vsVersion: 16.0
-      msbuildArgs: /bl:$(Build.BinariesDirectory)\$(BuildConfiguration)\$(BuildPlatform)\Calculator.binlog /p:OutDir=$(Build.BinariesDirectory)\$(BuildConfiguration)\$(BuildPlatform)\ /p:GenerateProjectSpecificOutputFolder=true /p:Version=$(Build.BuildNumber) /t:Publish /p:PublishDir=$(Build.BinariesDirectory)\$(BuildConfiguration)\$(BuildPlatform)\publish\ ${{ parameters.extraMsBuildArgs }}
+      msbuildArgs: /bl:$(Build.BinariesDirectory)\$(BuildConfiguration)\$(BuildPlatform)\Calculator.binlog /p:OutDir=$(Build.BinariesDirectory)\$(BuildConfiguration)\$(BuildPlatform)\ /p:GenerateProjectSpecificOutputFolder=true /p:Version=$(Build.BuildNumber) /t:Publish /p:PublishDir=$(Build.BinariesDirectory)\$(BuildConfiguration)\$(BuildPlatform)\publish\ $(ExtraMSBuildArgs)
      platform: $(BuildPlatform)
      configuration: $(BuildConfiguration)
      maximumCpuCount: true
@@ -40,3 +71,52 @@ steps:
      artifactName: drop
      pathToPublish: $(Build.BinariesDirectory)
      parallel: true
+
+  - ${{ if eq(parameters.isReleaseBuild, true) }}:          
+    - task: PublishSymbols@2
+      displayName: Publish symbols
+      inputs:
+        symbolsFolder: $(Build.BinariesDirectory)\$(BuildConfiguration)\$(BuildPlatform)
+        searchPattern: '**/*.pdb'
+        symbolServerType: teamServices
+        treatNotIndexedAsWarning: true
+        symbolsArtifactName: $(System.teamProject)/$(Build.BuildNumber)_$(BuildPlatform)$(BuildConfiguration)
+
+    - task: CopyFiles@2
+      displayName: Copy Files for BinSkim analysis
+      inputs:
+        SourceFolder: '$(Build.BinariesDirectory)\$(BuildConfiguration)\$(BuildPlatform)\Calculator\'
+        # Setting up a folder to store all the binary files that we need BinSkim to scan.
+        # If we put more things than we produce pdbs for and can index (such as nuget packages that ship without pdbs), binskim will fail.
+        # Below are ignored files
+        #   - clrcompression.dll
+        Contents: |
+          **\*
+          !**\clrcompression.dll
+        TargetFolder: '$(Agent.BuildDirectory)\binskim'
+        CleanTargetFolder: true
+        OverWrite: true
+        flattenFolders: false
+        analyzeTarget: '$(Agent.BuildDirectory)\binskim\*'
+
+    - task: securedevelopmentteam.vss-secure-development-tools.build-task-binskim.BinSkim@3
+      displayName: Run BinSkim
+      inputs:
+        inputType: Basic
+        analyzeTarget: '$(Agent.BuildDirectory)\binskim\*'
+        analyzeVerbose: true
+        analyzeHashes: true
+      continueOnError: true
+
+    - task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@1
+      displayName: Run PoliCheck
+      inputs:
+        targetType: F
+
+    - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2
+      displayName: Publish security analysis logs
+
+    - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
+      displayName: Detect open source components
+      inputs:
+        sourceScanPath: $(Agent.BuildDirectory)