[ci] Switch to using the 1ES mandated pipeline template. #844
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jpobst
force-pushed
the
1es-pipeline
branch
30 times, most recently
from
64410a7 to
455aa02
Compare
jpobst
force-pushed
the
1es-pipeline
branch
8 times, most recently
from
b43c180 to
cbca107
Compare
jpobst
force-pushed
the
1es-pipeline
branch
6 times, most recently
from
4c61599 to
cd814c7
Compare
pjcollins
reviewed
Mar 1, 2024
pjcollins
reviewed
Mar 1, 2024
pjcollins
reviewed
Mar 1, 2024
| pool: | ||
| name: AzurePipelines-EO | ||
| image: 1ESPT-Windows2022 | ||
| os: windows |
Member
There was a problem hiding this comment.
Since you are still passing pool information at the job you should be able to safely delete this top level pool value.
Member
There was a problem hiding this comment.
Looks like the latest run failed, perhaps this was needed:
/v1/1ES.Pipeline.yml@1esPipelines (Line: 345, Col: 287): Unexpected parameter 'Please specify a windows pool for SDLSources stage.
I ended up specifying this under the sdl element in other pipelines, though I'm not sure which approach is "more correct":
sdl:
sourceAnalysisPool:
name: AzurePipelines-EO
image: $(WindowsPoolImage1ESPT)
os: windows
pjcollins
approved these changes
Mar 4, 2024
jpobst
added a commit
that referenced
this pull request
Apr 19, 2024
After [migrating to the 1ES template](#844), when our build fails, no logs or artifacts are retained, making it very hard to diagnose the issue. Add an `always` condition to the output upload so these will get saved. Example build demonstrating artifacts are uploaded on failure: https://devdiv.visualstudio.com/DevDiv/_build/results?buildId=9440304&view=results
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As part of Microsoft's continued push for supply chain security, our CI that builds shipping software must extend an "official" template that can be used to ensure various safety checks have run.
Unfortunately, this requires extensive changes to our CI to fit their model. This PR requires both necessary changes and cleanup done to make our process mesh better with the template.
The only functional difference should be:
WindowsandMacOSbuilds were copied to the same artifact directory ("nuget") which was signed and released. This meant that the last one written "won" and that's what we shipped. The new template didn't like multiple agents writing to the same output directory, so now we only write tooutput-windowsandoutput-macos, and we always sign and ship theoutput-windowsoutput.