Merge pull request #2993 from microsoftgraph/feat/build-pipeline-1es

Use 1ES pipeline template for build pipeline
microsoftgraph · Oct 10, 2024 · 3b84057 · 3b84057
2 parents 7e13e5e + c8516bb
commit 3b84057
Showing 1 changed file with 82 additions and 63 deletions.
diff --git a/.azure-pipelines/ci-build.yml b/.azure-pipelines/ci-build.yml
@@ -2,86 +2,105 @@
 # Licensed under the MIT License.
 name: $(BuildDefinitionName)_$(SourceBranchName)_$(Date:yyyyMMdd)$(Rev:.r)
 parameters:
-  - name: BuildAgent
-    default: 1es-windows-ps-compute
-    displayName: Build Agent
-  - name: Test
-    type: boolean
-    default: true
-  - name: Pack
-    type: boolean
-    default: true
-  - name: Sign
-    type: boolean
-    default: true
+- name: BuildAgent
+  default: 1es-windows-ps-compute
+  displayName: Build Agent
+- name: Test
+  type: boolean
+  default: true
+- name: Pack
+  type: boolean
+  default: true
+- name: Sign
+  type: boolean
+  default: true
 
 variables:
   BuildAgent: ${{ parameters.BuildAgent }}
   GitUserEmail: "[email protected]"
   GitUserName: "Microsoft Graph DevX Tooling"
 
-pool: $(BuildAgent)
-
 trigger:
   branches:
     include:
-      - main
-      - dev
+    - main
+    - dev
 pr:
   branches:
     include:
-      - main
-      - dev
-
-jobs:
-  - job: MsGraphPsSdkCiBuild
-    displayName: Microsoft Graph PowerShell SDK CI Build
-    timeoutInMinutes: 840
-    steps:
-      - script: |
-          git submodule update --init --recursive
-      - template: ./common-templates/install-tools.yml
-      - template: ./common-templates/security-pre-checks.yml
-
-      - template: ./generation-templates/authentication-module.yml
-        parameters:
-          Test: ${{ parameters.Test }}
-          Pack: ${{ parameters.Pack }}
-          Sign: ${{ parameters.Sign }}
+    - main
+    - dev
+resources:
+  repositories:
+  - repository: 1ESPipelineTemplates
+    type: git
+    name: 1ESPipelineTemplates/1ESPipelineTemplates
+    ref: refs/tags/release
+extends:
+  template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
+  parameters:
+    pool: $(BuildAgent)
+    sdl:
+      binskim:
+        enabled: false
+        justificationForDisabling: "Binskim keeps on crushing and failing the weekly build pipeline. Disabling it for now because we are unable to publish the artifacts to internal feeds."
+      credscan:
+        suppressionsFile: $(Build.SourcesDirectory)/.azure-pipelines/config/credscan/credscan-suppressions.json
+      policheck:
+        exclusionFile: $(Build.SourcesDirectory)/.azure-pipelines/config/policheck/policheck-exclusions.xml
+    customBuildTags:
+    - ES365AIMigrationTooling
+    stages:
+    - stage: stage
+      jobs:
+      - job: MsGraphPsSdkCiBuild
+        displayName: Microsoft Graph PowerShell SDK CI Build
+        timeoutInMinutes: 840
+        templateContext:
+          outputs:
+          - ${{ if and(eq(parameters.Pack, true), eq(parameters.Sign, true)) }}:
+            - output: pipelineArtifact
+              displayName: 'Publish Module Artifacts'
+              targetPath: '$(Build.ArtifactStagingDirectory)'
+              artifactName: 'drop'
+              publishLocation: 'Container'
+          - ${{ if and(eq(parameters.Pack, true), eq(parameters.Sign, true)) }}:
+            - output: nuget
+              displayName: 'Publish NuGet to feed'
+              packageParentPath: '$(Build.ArtifactStagingDirectory)'
+              packagesToPush: $(Build.ArtifactStagingDirectory)/**/Microsoft.Graph.*.nupkg
+              publishVstsFeed: $(PROJECT_NAME)/$(FEED_NAME)
+              allowPackageConflicts: true
+        steps:
+        - script: |
+            git submodule update --init --recursive
+        - template: .azure-pipelines/common-templates/install-tools.yml@self
+        - template: .azure-pipelines/common-templates/security-pre-checks.yml@self
+
+        - template: .azure-pipelines/generation-templates/authentication-module.yml@self
+          parameters:
+            Test: ${{ parameters.Test }}
+            Pack: ${{ parameters.Pack }}
+            Sign: ${{ parameters.Sign }}
 
-      - template: ./generation-templates/workload-modules.yml
-        parameters:
-          Test: ${{ parameters.Test }}
-          Pack: ${{ parameters.Pack }}
-          Sign: ${{ parameters.Sign }}
+        - template: .azure-pipelines/generation-templates/workload-modules.yml@self
+          parameters:
+            Test: ${{ parameters.Test }}
+            Pack: ${{ parameters.Pack }}
+            Sign: ${{ parameters.Sign }}
 
-      - template: ./generation-templates/meta-module.yml
-        parameters:
-          Test: ${{ parameters.Test }}
-          Pack: ${{ parameters.Pack }}
-          Sign: ${{ parameters.Sign }}
+        - template: .azure-pipelines/generation-templates/meta-module.yml@self
+          parameters:
+            Test: ${{ parameters.Test }}
+            Pack: ${{ parameters.Pack }}
+            Sign: ${{ parameters.Sign }}
 
-      - template: ./common-templates/guardian-analyzer.yml
+        - template: .azure-pipelines/common-templates/guardian-analyzer.yml@self
 
-      - ${{ if and(eq(parameters.Pack, true), eq(parameters.Sign, true)) }}:
-          - template: ./common-templates/esrp/codesign-nuget.yml
+        - ${{ if and(eq(parameters.Pack, true), eq(parameters.Sign, true)) }}:
+          - template: .azure-pipelines/common-templates/esrp/codesign-nuget.yml@self
             parameters:
               FolderPath: "$(Build.ArtifactStagingDirectory)"
               Pattern: "Microsoft.Graph*.nupkg"
 
-          - task: PublishBuildArtifacts@1
-            displayName: Publish Module Artifacts
-            inputs:
-              PathtoPublish: "$(Build.ArtifactStagingDirectory)"
-              ArtifactName: "drop"
-              publishLocation: "Container"
-
-          - task: NuGetCommand@2
-            displayName: Publish NuGet to feed
-            inputs:
-              command: push
-              packagesToPush: $(Build.ArtifactStagingDirectory)/**/Microsoft.Graph.*.nupkg
-              publishVstsFeed: $(PROJECT_NAME)/$(FEED_NAME)
-              allowPackageConflicts: true
-
-      - template: ./common-templates/security-post-checks.yml
+        - template: .azure-pipelines/common-templates/security-post-checks.yml@self