diff --git a/.azure-pipelines/ci-build.yml b/.azure-pipelines/ci-build.yml index e343ee342..832de16a6 100644 --- a/.azure-pipelines/ci-build.yml +++ b/.azure-pipelines/ci-build.yml @@ -2,354 +2,304 @@ # Licensed under the MIT License. name: $(BuildDefinitionName)_$(SourceBranchName)_$(Date:yyyyMMdd)$(Rev:.r) - trigger: branches: include: - - master - - vnext + - master + - vnext pr: branches: include: - - master - - vnext - -pool: - name: Azure Pipelines - vmImage: windows-latest - + - master + - vnext variables: buildPlatform: 'Any CPU' buildConfiguration: 'Release' ProductBinPath: '$(Build.SourcesDirectory)\src\Microsoft.OpenApi\bin\$(BuildConfiguration)' - - -stages: - -- stage: build - jobs: - - job: build - steps: - - task: UseDotNet@2 - displayName: 'Use .NET 6' # needed for ESRP signing - inputs: - version: 6.x - - - task: UseDotNet@2 - displayName: 'Use .NET 8' - inputs: - version: 8.x - - - task: PoliCheck@2 - displayName: 'Run PoliCheck "/src"' - inputs: - inputType: CmdLine - cmdLineArgs: '/F:$(Build.SourcesDirectory)/src /T:9 /Sev:"1|2" /PE:2 /O:poli_result_src.xml' - - - task: PoliCheck@2 - displayName: 'Run PoliCheck "/test"' - inputs: - inputType: CmdLine - cmdLineArgs: '/F:$(Build.SourcesDirectory)/test /T:9 /Sev:"1|2" /PE:2 /O:poli_result_test.xml' - - # Install the nuget tool. - - task: NuGetToolInstaller@0 - displayName: 'Use NuGet >=5.2.0' - inputs: - versionSpec: '>=5.2.0' - checkLatest: true - - # Build the Product project - - task: DotNetCoreCLI@2 - displayName: 'build' - inputs: - projects: '$(Build.SourcesDirectory)\Microsoft.OpenApi.sln' - arguments: '--configuration $(BuildConfiguration) --no-incremental' - - # Run the Unit test - - task: DotNetCoreCLI@2 - displayName: 'test' - inputs: - command: test - projects: '$(Build.SourcesDirectory)\Microsoft.OpenApi.sln' - arguments: '--configuration $(BuildConfiguration) --no-build' - - # CredScan - - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3 - displayName: 'Run CredScan - Src' - inputs: - toolMajorVersion: 'V2' - scanFolder: '$(Build.SourcesDirectory)\src' - debugMode: false - - - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3 - displayName: 'Run CredScan - Test' - inputs: - toolMajorVersion: 'V2' - scanFolder: '$(Build.SourcesDirectory)\test' - debugMode: false - - - task: AntiMalware@3 - displayName: 'Run MpCmdRun.exe - ProductBinPath' - inputs: - FileDirPath: '$(ProductBinPath)' - enabled: false - - - task: BinSkim@4 - displayName: 'Run BinSkim - Product Binaries' - inputs: - InputType: Basic - AnalyzeTargetGlob: '$(ProductBinPath)\**\Microsoft.OpenApi.dll' - AnalyzeSymPath: '$(ProductBinPath)' - AnalyzeVerbose: true - AnalyzeHashes: true - AnalyzeEnvironment: true - - - task: PublishSecurityAnalysisLogs@3 - displayName: 'Publish Security Analysis Logs' - inputs: - ArtifactName: SecurityLogs - - - task: PostAnalysis@2 - displayName: 'Post Analysis' - inputs: - BinSkim: true - CredScan: true - PoliCheck: true - - - task: EsrpCodeSigning@2 - displayName: 'ESRP CodeSigning' - inputs: - ConnectedServiceName: 'microsoftgraph ESRP CodeSign DLL and NuGet (AKV)' - FolderPath: src - signConfigType: inlineSignParams - UseMinimatch: true - Pattern: | - **\*.exe - **\*.dll - inlineOperation: | - [ - { - "keyCode": "CP-230012", - "operationSetCode": "SigntoolSign", - "parameters": [ - { - "parameterName": "OpusName", - "parameterValue": "Microsoft" - }, - { - "parameterName": "OpusInfo", - "parameterValue": "http://www.microsoft.com" - }, - { - "parameterName": "FileDigest", - "parameterValue": "/fd \"SHA256\"" - }, - { - "parameterName": "PageHash", - "parameterValue": "/NPH" - }, - { - "parameterName": "TimeStamp", - "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" - } - ], - "toolName": "sign", - "toolVersion": "1.0" - }, - { - "keyCode": "CP-230012", - "operationSetCode": "SigntoolVerify", - "parameters": [ ], - "toolName": "sign", - "toolVersion": "1.0" - } - ] - SessionTimeout: 20 - - # Pack - - pwsh: dotnet pack $(Build.SourcesDirectory)/src/Microsoft.OpenApi/Microsoft.OpenApi.csproj -o $(Build.ArtifactStagingDirectory) --configuration $(BuildConfiguration) --no-build --include-symbols --include-source /p:SymbolPackageFormat=snupkg - displayName: 'pack OpenAPI' - - # Pack - - pwsh: dotnet pack $(Build.SourcesDirectory)/src/Microsoft.OpenApi.Readers/Microsoft.OpenApi.Readers.csproj -o $(Build.ArtifactStagingDirectory) --configuration $(BuildConfiguration) --no-build --include-symbols --include-source /p:SymbolPackageFormat=snupkg - displayName: 'pack Readers' - - # Pack - - pwsh: dotnet pack $(Build.SourcesDirectory)/src/Microsoft.OpenApi.Hidi/Microsoft.OpenApi.Hidi.csproj -o $(Build.ArtifactStagingDirectory) --configuration $(BuildConfiguration) --no-build --include-symbols --include-source /p:SymbolPackageFormat=snupkg - displayName: 'pack Hidi' - - - task: EsrpCodeSigning@2 - displayName: 'ESRP CodeSigning Nuget Packages' - inputs: - ConnectedServiceName: 'microsoftgraph ESRP CodeSign DLL and NuGet (AKV)' - FolderPath: '$(Build.ArtifactStagingDirectory)' - Pattern: '*.nupkg' - signConfigType: inlineSignParams - UseMinimatch: true - inlineOperation: | - [ - { - "keyCode": "CP-401405", - "operationSetCode": "NuGetSign", - "parameters": [ ], - "toolName": "sign", - "toolVersion": "1.0" - }, - { - "keyCode": "CP-401405", - "operationSetCode": "NuGetVerify", - "parameters": [ ], - "toolName": "sign", - "toolVersion": "1.0" - } - ] - SessionTimeout: 20 - - - task: PowerShell@2 - displayName: "Get Hidi's version-number from .csproj" - inputs: - targetType: 'inline' - script: | +resources: + repositories: + - repository: 1ESPipelineTemplates + type: git + name: 1ESPipelineTemplates/1ESPipelineTemplates + ref: refs/tags/release +extends: + template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates + parameters: + pool: + name: Azure-Pipelines-1ESPT-ExDShared + image: windows-2022 + os: windows + customBuildTags: + - ES365AIMigrationTooling + stages: + - stage: build + jobs: + - job: build + templateContext: + outputs: + - output: pipelineArtifact + displayName: 'Publish Artifact: Nugets' + artifactName: Nugets + targetPath: '$(Build.ArtifactStagingDirectory)/Nugets' + - output: pipelineArtifact + displayName: 'Publish Artifact: Hidi' + artifactName: Microsoft.OpenApi.Hidi-v$(hidiversion) + targetPath: '$(Build.ArtifactStagingDirectory)/Microsoft.OpenApi.Hidi-v$(hidiversion)' + steps: + - task: UseDotNet@2 + displayName: 'Use .NET 6' + inputs: + version: 6.x + + - task: UseDotNet@2 + displayName: 'Use .NET 8' + inputs: + version: 8.x + + # Install the nuget tool. + - task: NuGetToolInstaller@0 + displayName: 'Use NuGet >=5.2.0' + inputs: + versionSpec: '>=5.2.0' + checkLatest: true + + # Build the Product project + - task: DotNetCoreCLI@2 + displayName: 'build' + inputs: + projects: '$(Build.SourcesDirectory)\Microsoft.OpenApi.sln' + arguments: '--configuration $(BuildConfiguration) --no-incremental' + + # Run the Unit test + - task: DotNetCoreCLI@2 + displayName: 'test' + inputs: + command: test + projects: '$(Build.SourcesDirectory)\Microsoft.OpenApi.sln' + arguments: '--configuration $(BuildConfiguration) --no-build' + + - task: EsrpCodeSigning@2 + displayName: 'ESRP CodeSigning' + inputs: + ConnectedServiceName: 'microsoftgraph ESRP CodeSign DLL and NuGet (AKV)' + FolderPath: src + signConfigType: inlineSignParams + UseMinimatch: true + Pattern: | + **\*.exe + **\*.dll + inlineOperation: | + [ + { + "keyCode": "CP-230012", + "operationSetCode": "SigntoolSign", + "parameters": [ + { + "parameterName": "OpusName", + "parameterValue": "Microsoft" + }, + { + "parameterName": "OpusInfo", + "parameterValue": "http://www.microsoft.com" + }, + { + "parameterName": "FileDigest", + "parameterValue": "/fd \"SHA256\"" + }, + { + "parameterName": "PageHash", + "parameterValue": "/NPH" + }, + { + "parameterName": "TimeStamp", + "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" + } + ], + "toolName": "sign", + "toolVersion": "1.0" + }, + { + "keyCode": "CP-230012", + "operationSetCode": "SigntoolVerify", + "parameters": [ ], + "toolName": "sign", + "toolVersion": "1.0" + } + ] + SessionTimeout: 20 + + # Pack core lib + - pwsh: dotnet pack $(Build.SourcesDirectory)/src/Microsoft.OpenApi/Microsoft.OpenApi.csproj -o $(Build.ArtifactStagingDirectory) --configuration $(BuildConfiguration) --no-build --include-symbols --include-source /p:SymbolPackageFormat=snupkg + displayName: 'pack OpenAPI' + + # Pack readers + - pwsh: dotnet pack $(Build.SourcesDirectory)/src/Microsoft.OpenApi.Readers/Microsoft.OpenApi.Readers.csproj -o $(Build.ArtifactStagingDirectory) --configuration $(BuildConfiguration) --no-build --include-symbols --include-source /p:SymbolPackageFormat=snupkg + displayName: 'pack Readers' + + # Pack hidi + - pwsh: dotnet pack $(Build.SourcesDirectory)/src/Microsoft.OpenApi.Hidi/Microsoft.OpenApi.Hidi.csproj -o $(Build.ArtifactStagingDirectory) --configuration $(BuildConfiguration) --no-build --include-symbols --include-source /p:SymbolPackageFormat=snupkg + displayName: 'pack Hidi' + + - task: EsrpCodeSigning@2 + displayName: 'ESRP CodeSigning Nuget Packages' + inputs: + ConnectedServiceName: 'microsoftgraph ESRP CodeSign DLL and NuGet (AKV)' + FolderPath: '$(Build.ArtifactStagingDirectory)' + Pattern: '*.nupkg' + signConfigType: inlineSignParams + UseMinimatch: true + inlineOperation: | + [ + { + "keyCode": "CP-401405", + "operationSetCode": "NuGetSign", + "parameters": [ ], + "toolName": "sign", + "toolVersion": "1.0" + }, + { + "keyCode": "CP-401405", + "operationSetCode": "NuGetVerify", + "parameters": [ ], + "toolName": "sign", + "toolVersion": "1.0" + } + ] + SessionTimeout: 20 + + - task: PowerShell@2 + displayName: "Get Hidi's version-number from .csproj" + inputs: + targetType: 'inline' + script: | $xml = [Xml] (Get-Content .\src\Microsoft.OpenApi.Hidi\Microsoft.OpenApi.Hidi.csproj) $version = $xml.Project.PropertyGroup.Version echo $version echo "##vso[task.setvariable variable=hidiversion]$version" - - # publish hidi as an .exe - - task: DotNetCoreCLI@2 - displayName: publish Hidi as executable - inputs: - command: 'publish' - arguments: -c Release --runtime win-x64 /p:PublishSingleFile=true /p:PackAsTool=false --self-contained --output $(Build.ArtifactStagingDirectory)/Microsoft.OpenApi.Hidi-v$(hidiversion) - projects: 'src/Microsoft.OpenApi.Hidi/Microsoft.OpenApi.Hidi.csproj' - publishWebProjects: False - zipAfterPublish: false - - - task: CopyFiles@2 - displayName: Prepare staging folder for upload - inputs: - targetFolder: $(Build.ArtifactStagingDirectory)/Nugets - sourceFolder: $(Build.ArtifactStagingDirectory) - content: '*.nupkg' - - - task: PublishBuildArtifacts@1 - displayName: 'Publish Artifact: Nugets' - inputs: - ArtifactName: Nugets - PathtoPublish: '$(Build.ArtifactStagingDirectory)/Nugets' - - - task: PublishBuildArtifacts@1 - displayName: 'Publish Artifact: Hidi' - inputs: - ArtifactName: Microsoft.OpenApi.Hidi-v$(hidiversion) - PathtoPublish: '$(Build.ArtifactStagingDirectory)/Microsoft.OpenApi.Hidi-v$(hidiversion)' - -- stage: deploy - condition: and(contains(variables['build.sourceBranch'], 'refs/heads/master'), succeeded()) - dependsOn: build - jobs: - - deployment: deploy_hidi - dependsOn: [] - environment: nuget-org - strategy: - runOnce: - deploy: - pool: - vmImage: ubuntu-latest - steps: - - task: DownloadPipelineArtifact@2 - displayName: Download nupkg from artifacts - inputs: - artifact: Nugets - source: current - - task: DownloadPipelineArtifact@2 - displayName: Download hidi executable from artifacts - inputs: - source: current - - pwsh: | - $artifactName = Get-ChildItem -Path $(Pipeline.Workspace)\Nugets -Filter Microsoft.OpenApi.*.nupkg -recurse | select -First 1 - $artifactVersion= $artifactName.Name -replace "Microsoft.OpenApi.", "" -replace ".nupkg", "" - #Set Variable $artifactName and $artifactVersion - Write-Host "##vso[task.setvariable variable=artifactVersion; isSecret=false; isOutput=true]$artifactVersion" - Write-Host "##vso[task.setvariable variable=artifactName; isSecret=false; isOutput=true]$artifactName.FullName" - echo "$artifactName" - echo "$artifactVersion" - displayName: 'Fetch Artifact Name' - - task: NuGetCommand@2 - displayName: 'NuGet push' - inputs: - command: push - packagesToPush: '$(Pipeline.Workspace)/Nugets/Microsoft.OpenApi.Hidi.*.nupkg' - nuGetFeedType: external - publishFeedCredentials: 'OpenAPI Nuget Connection' - - task: GitHubRelease@1 - displayName: 'GitHub release (edit)' - condition: succeededOrFailed() - inputs: - gitHubConnection: 'Github-MaggieKimani1' - action: edit - tagSource: userSpecifiedTag - tag: '$(artifactVersion)' - title: '$(artifactVersion)' - releaseNotesSource: inline - assets: '$(Pipeline.Workspace)\**\*.exe' - changeLogType: issueBased - changeLogLabels: '[ - { "label" : "feature-work", "feature", "displayName" : "New Features", "state" : "closed" }, - { "label" : "enhancement", "V2-Enhancement", "displayName" : "Enhancements", "state" : "closed" }, - { "label" : "bug", "bug-fix", "displayName" : "Bugs", "state" : "closed" }, - { "label" : "documentation", "doc", "displayName" : "Documentation", "state" : "closed"}, - { "label" : "dependencies", "displayName" : "Package Updates", "state" : "closed" }]' - - - deployment: deploy_lib - dependsOn: [] - environment: nuget-org - strategy: - runOnce: - deploy: - pool: - vmImage: ubuntu-latest - steps: - - task: DownloadPipelineArtifact@2 - displayName: Download nupkg from artifacts - inputs: - artifact: Nugets - source: current - - powershell: | - $fileNames = "$(Pipeline.Workspace)/Nugets/Microsoft.OpenApi.Hidi.*.nupkg", "$(Pipeline.Workspace)/Nugets/Microsoft.OpenApi.Readers.*.nupkg", "$(Pipeline.Workspace)/Nugets/Microsoft.OpenApi.Workbench.*.nupkg" - foreach($fileName in $fileNames) { - if(Test-Path $fileName) { - rm $fileName -Verbose + + # publish hidi as an .exe + - task: DotNetCoreCLI@2 + displayName: publish Hidi as executable + inputs: + command: 'publish' + arguments: -c Release --runtime win-x64 /p:PublishSingleFile=true /p:PackAsTool=false --self-contained --output $(Build.ArtifactStagingDirectory)/Microsoft.OpenApi.Hidi-v$(hidiversion) + projects: 'src/Microsoft.OpenApi.Hidi/Microsoft.OpenApi.Hidi.csproj' + publishWebProjects: False + zipAfterPublish: false + + - task: CopyFiles@2 + displayName: Prepare staging folder for upload + inputs: + targetFolder: $(Build.ArtifactStagingDirectory)/Nugets + sourceFolder: $(Build.ArtifactStagingDirectory) + content: '*.nupkg' + + - stage: deploy + condition: and(contains(variables['build.sourceBranch'], 'refs/heads/master'), succeeded()) + dependsOn: build + jobs: + - deployment: deploy_hidi + dependsOn: [] + environment: nuget-org + strategy: + runOnce: + deploy: + pool: + vmImage: ubuntu-latest + steps: + - task: DownloadPipelineArtifact@2 + displayName: Download nupkg from artifacts + inputs: + artifact: Nugets + source: current + - task: DownloadPipelineArtifact@2 + displayName: Download hidi executable from artifacts + inputs: + source: current + - pwsh: | + $artifactName = Get-ChildItem -Path $(Pipeline.Workspace)\Nugets -Filter Microsoft.OpenApi.*.nupkg -recurse | select -First 1 + $artifactVersion= $artifactName.Name -replace "Microsoft.OpenApi.", "" -replace ".nupkg", "" + #Set Variable $artifactName and $artifactVersion + Write-Host "##vso[task.setvariable variable=artifactVersion; isSecret=false; isOutput=true]$artifactVersion" + Write-Host "##vso[task.setvariable variable=artifactName; isSecret=false; isOutput=true]$artifactName.FullName" + echo "$artifactName" + echo "$artifactVersion" + displayName: 'Fetch Artifact Name' + - task: 1ES.PublishNuget@1 + displayName: 'NuGet push' + inputs: + useDotNetTask: true + packagesToPush: '$(Pipeline.Workspace)/Nugets/Microsoft.OpenApi.Hidi.*.nupkg' + nuGetFeedType: external + publishFeedCredentials: 'OpenAPI Nuget Connection' + - task: GitHubRelease@1 + displayName: 'GitHub release (edit)' + condition: succeededOrFailed() + inputs: + gitHubConnection: 'Github-MaggieKimani1' + action: edit + tagSource: userSpecifiedTag + tag: '$(artifactVersion)' + title: '$(artifactVersion)' + releaseNotesSource: inline + assets: '$(Pipeline.Workspace)\**\*.exe' + changeLogType: issueBased + changeLogLabels: '[ + { "label" : "feature-work", "feature", "displayName" : "New Features", "state" : "closed" }, + { "label" : "enhancement", "V2-Enhancement", "displayName" : "Enhancements", "state" : "closed" }, + { "label" : "bug", "bug-fix", "displayName" : "Bugs", "state" : "closed" }, + { "label" : "documentation", "doc", "displayName" : "Documentation", "state" : "closed"}, + { "label" : "dependencies", "displayName" : "Package Updates", "state" : "closed" } + ]' + + - deployment: deploy_lib + dependsOn: [] + environment: nuget-org + strategy: + runOnce: + deploy: + pool: + vmImage: ubuntu-latest + steps: + - task: DownloadPipelineArtifact@2 + displayName: Download nupkg from artifacts + inputs: + artifact: Nugets + source: current + - powershell: | + $fileNames = "$(Pipeline.Workspace)/Nugets/Microsoft.OpenApi.Hidi.*.nupkg", "$(Pipeline.Workspace)/Nugets/Microsoft.OpenApi.Readers.*.nupkg", "$(Pipeline.Workspace)/Nugets/Microsoft.OpenApi.Workbench.*.nupkg" + foreach($fileName in $fileNames) { + if(Test-Path $fileName) { + rm $fileName -Verbose + } } - } - displayName: remove other nupkgs to avoid duplication - - task: NuGetCommand@2 - displayName: 'NuGet push' - inputs: - command: push - packagesToPush: '$(Pipeline.Workspace)/Nugets/Microsoft.OpenApi.*.nupkg' - nuGetFeedType: external - publishFeedCredentials: 'OpenAPI Nuget Connection' - - - deployment: deploy_readers - dependsOn: deploy_lib - environment: nuget-org - strategy: - runOnce: - deploy: - pool: - vmImage: ubuntu-latest - steps: - - task: DownloadPipelineArtifact@2 - displayName: Download nupkg from artifacts - inputs: - artifact: Nugets - source: current - - task: NuGetCommand@2 - displayName: 'NuGet push' - inputs: - command: push - packagesToPush: '$(Pipeline.Workspace)/Nugets/Microsoft.OpenApi.Readers.*.nupkg' - nuGetFeedType: external - publishFeedCredentials: 'OpenAPI Nuget Connection' + displayName: remove other nupkgs to avoid duplication + - task: 1ES.PublishNuget@1 + displayName: 'NuGet push' + inputs: + useDotNetTask: true + packagesToPush: '$(Pipeline.Workspace)/Nugets/Microsoft.OpenApi.*.nupkg' + nuGetFeedType: external + publishFeedCredentials: 'OpenAPI Nuget Connection' + + - deployment: deploy_readers + dependsOn: deploy_lib + environment: nuget-org + strategy: + runOnce: + deploy: + pool: + vmImage: ubuntu-latest + steps: + - task: DownloadPipelineArtifact@2 + displayName: Download nupkg from artifacts + inputs: + artifact: Nugets + source: current + - task: 1ES.PublishNuget@1 + displayName: 'NuGet push' + inputs: + useDotNetTask: true + packagesToPush: '$(Pipeline.Workspace)/Nugets/Microsoft.OpenApi.Readers.*.nupkg' + nuGetFeedType: external + publishFeedCredentials: 'OpenAPI Nuget Connection' \ No newline at end of file