diff --git a/.azure-pipelines/ci-build.yml b/.azure-pipelines/ci-build.yml index d22a1fc..227acaa 100644 --- a/.azure-pipelines/ci-build.yml +++ b/.azure-pipelines/ci-build.yml @@ -12,308 +12,263 @@ pr: include: - main -pool: - name: Azure Pipelines - vmImage: windows-latest - variables: buildPlatform: 'Any CPU' buildConfiguration: 'Release' ProductBinPath: '$(Build.SourcesDirectory)\src\bin\$(BuildConfiguration)' +resources: + repositories: + - repository: 1ESPipelineTemplates + type: git + name: 1ESPipelineTemplates/1ESPipelineTemplates + ref: refs/tags/release -stages: - -- stage: build - jobs: - - job: build - steps: - - - task: UseDotNet@2 - displayName: 'Use .NET 8' - inputs: - version: 8.x - - - task: UseDotNet@2 - displayName: 'Use .NET 6 (for code signing tasks)' - inputs: - packageType: sdk - version: 6.x - - - task: PoliCheck@2 - displayName: 'Run PoliCheck "/src"' - inputs: - inputType: CmdLine - cmdLineArgs: '/F:$(Build.SourcesDirectory)/src /T:9 /Sev:"1|2" /PE:2 /O:poli_result_src.xml' - - - task: PoliCheck@2 - displayName: 'Run PoliCheck "/Microsoft.Kiota.Http.HttpClientLibrary.Tests"' - inputs: - inputType: CmdLine - cmdLineArgs: '/F:$(Build.SourcesDirectory)/Microsoft.Kiota.Http.HttpClientLibrary.Tests /T:9 /Sev:"1|2" /PE:2 /O:poli_result_test.xml' - - # Install the nuget tool. - - task: NuGetToolInstaller@1 - displayName: 'Install Nuget dependency manager' - inputs: - versionSpec: '>=5.2.0' - checkLatest: true - - - task: PowerShell@2 - displayName: 'Enable signing' - inputs: - targetType: filePath - filePath: 'scripts\EnableSigning.ps1' - arguments: '-projectPath "$(Build.SourcesDirectory)/src/Microsoft.Kiota.Http.HttpClientLibrary.csproj"' - pwsh: true - enabled: true - - - task: PowerShell@2 - displayName: 'Enable signing' - inputs: - targetType: filePath - filePath: 'scripts\EnableSigning.ps1' - arguments: '-projectPath "$(Build.SourcesDirectory)/Microsoft.Kiota.Http.HttpClientLibrary.Tests/Microsoft.Kiota.Http.HttpClientLibrary.Tests.csproj"' - pwsh: true - enabled: true - # Build the Product project - - task: DotNetCoreCLI@2 - displayName: 'Build Microsoft.Kiota.Http.HttpClientLibrary' - inputs: - projects: '$(Build.SourcesDirectory)\Microsoft.Kiota.Http.HttpClientLibrary.sln' - arguments: '--configuration $(BuildConfiguration) --no-incremental' +extends: + template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates + parameters: + pool: + name: Azure-Pipelines-1ESPT-ExDShared + vmImage: windows-latest + stages: - # Run the Unit test - - task: DotNetCoreCLI@2 - displayName: 'Test Microsoft.Kiota.Http.HttpClientLibrary' - inputs: - command: test - projects: '$(Build.SourcesDirectory)\Microsoft.Kiota.Http.HttpClientLibrary.sln' - arguments: '--configuration $(BuildConfiguration) --no-build -f net8.0' + - stage: build + jobs: + - job: build + steps: - # CredScan - - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3 - displayName: 'Run CredScan - Src' - inputs: - toolMajorVersion: 'V2' - scanFolder: '$(Build.SourcesDirectory)\src' - debugMode: false + - task: UseDotNet@2 + displayName: 'Use .NET 8' + inputs: + version: 8.x - - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3 - displayName: 'Run CredScan - Test' - inputs: - toolMajorVersion: 'V2' - scanFolder: '$(Build.SourcesDirectory)\Microsoft.Kiota.Http.HttpClientLibrary.Tests' - debugMode: false + - task: UseDotNet@2 + displayName: 'Use .NET 6 (for code signing tasks)' + inputs: + packageType: sdk + version: 6.x - - task: AntiMalware@3 - displayName: 'Run MpCmdRun.exe - ProductBinPath' - inputs: - FileDirPath: '$(ProductBinPath)' - enabled: false + # Install the nuget tool. + - task: NuGetToolInstaller@1 + displayName: 'Install Nuget dependency manager' + inputs: + versionSpec: '>=5.2.0' + checkLatest: true - - task: BinSkim@4 - displayName: 'Run BinSkim - Product Binaries' - inputs: - InputType: Basic - AnalyzeTargetGlob: '$(ProductBinPath)\**\Microsoft.Kiota.Http.HttpClientLibrary.dll' - AnalyzeSymPath: '$(ProductBinPath)' - AnalyzeVerbose: true - AnalyzeHashes: true - AnalyzeEnvironment: true + - task: PowerShell@2 + displayName: 'Enable signing' + inputs: + targetType: filePath + filePath: 'scripts\EnableSigning.ps1' + arguments: '-projectPath "$(Build.SourcesDirectory)/src/Microsoft.Kiota.Http.HttpClientLibrary.csproj"' + pwsh: true + enabled: true - - task: PublishSecurityAnalysisLogs@3 - displayName: 'Publish Security Analysis Logs' - inputs: - ArtifactName: SecurityLogs + - task: PowerShell@2 + displayName: 'Enable signing' + inputs: + targetType: filePath + filePath: 'scripts\EnableSigning.ps1' + arguments: '-projectPath "$(Build.SourcesDirectory)/Microsoft.Kiota.Http.HttpClientLibrary.Tests/Microsoft.Kiota.Http.HttpClientLibrary.Tests.csproj"' + pwsh: true + enabled: true - - task: PostAnalysis@2 - displayName: 'Post Analysis' - inputs: - BinSkim: true - CredScan: true - PoliCheck: true + # Build the Product project + - task: DotNetCoreCLI@2 + displayName: 'Build Microsoft.Kiota.Http.HttpClientLibrary' + inputs: + projects: '$(Build.SourcesDirectory)\Microsoft.Kiota.Http.HttpClientLibrary.sln' + arguments: '--configuration $(BuildConfiguration) --no-incremental' - - task: EsrpCodeSigning@2 - displayName: 'ESRP DLL Strong Name' - inputs: - ConnectedServiceName: 'microsoftgraph ESRP CodeSign DLL and NuGet (AKV)' - FolderPath: $(ProductBinPath) - UseMinimatch: true - Pattern: '**\*Microsoft.Kiota.Http.HttpClientLibrary.dll' - signConfigType: inlineSignParams - inlineOperation: | - [ - { - "keyCode": "CP-233863-SN", - "operationSetCode": "StrongNameSign", - "parameters": [], - "toolName": "sign", - "toolVersion": "1.0" - }, - { - "keyCode": "CP-233863-SN", - "operationSetCode": "StrongNameVerify", - "parameters": [], - "toolName": "sign", - "toolVersion": "1.0" - } - ] - SessionTimeout: 20 + # Run the Unit test + - task: DotNetCoreCLI@2 + displayName: 'Test Microsoft.Kiota.Http.HttpClientLibrary' + inputs: + command: test + projects: '$(Build.SourcesDirectory)\Microsoft.Kiota.Http.HttpClientLibrary.sln' + arguments: '--configuration $(BuildConfiguration) --no-build -f net8.0' - - task: EsrpCodeSigning@2 - displayName: 'ESRP DLL CodeSigning' - inputs: - ConnectedServiceName: 'microsoftgraph ESRP CodeSign DLL and NuGet (AKV)' - FolderPath: src - Pattern: '**\*Microsoft.Kiota.Http.HttpClientLibrary.dll' - UseMinimatch: true - signConfigType: inlineSignParams - inlineOperation: | - [ - { - "keyCode": "CP-230012", - "operationSetCode": "SigntoolSign", - "parameters": [ + - task: EsrpCodeSigning@2 + displayName: 'ESRP DLL Strong Name' + inputs: + ConnectedServiceName: 'microsoftgraph ESRP CodeSign DLL and NuGet (AKV)' + FolderPath: $(ProductBinPath) + UseMinimatch: true + Pattern: '**\*Microsoft.Kiota.Http.HttpClientLibrary.dll' + signConfigType: inlineSignParams + inlineOperation: | + [ { - "parameterName": "OpusName", - "parameterValue": "Microsoft" + "keyCode": "CP-233863-SN", + "operationSetCode": "StrongNameSign", + "parameters": [], + "toolName": "sign", + "toolVersion": "1.0" }, { - "parameterName": "OpusInfo", - "parameterValue": "http://www.microsoft.com" - }, - { - "parameterName": "FileDigest", - "parameterValue": "/fd \"SHA256\"" - }, + "keyCode": "CP-233863-SN", + "operationSetCode": "StrongNameVerify", + "parameters": [], + "toolName": "sign", + "toolVersion": "1.0" + } + ] + SessionTimeout: 20 + + - task: EsrpCodeSigning@2 + displayName: 'ESRP DLL CodeSigning' + inputs: + ConnectedServiceName: 'microsoftgraph ESRP CodeSign DLL and NuGet (AKV)' + FolderPath: src + Pattern: '**\*Microsoft.Kiota.Http.HttpClientLibrary.dll' + UseMinimatch: true + signConfigType: inlineSignParams + inlineOperation: | + [ { - "parameterName": "PageHash", - "parameterValue": "/NPH" + "keyCode": "CP-230012", + "operationSetCode": "SigntoolSign", + "parameters": [ + { + "parameterName": "OpusName", + "parameterValue": "Microsoft" + }, + { + "parameterName": "OpusInfo", + "parameterValue": "http://www.microsoft.com" + }, + { + "parameterName": "FileDigest", + "parameterValue": "/fd \"SHA256\"" + }, + { + "parameterName": "PageHash", + "parameterValue": "/NPH" + }, + { + "parameterName": "TimeStamp", + "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" + } + ], + "toolName": "sign", + "toolVersion": "1.0" }, { - "parameterName": "TimeStamp", - "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" + "keyCode": "CP-230012", + "operationSetCode": "SigntoolVerify", + "parameters": [ ], + "toolName": "sign", + "toolVersion": "1.0" } - ], - "toolName": "sign", - "toolVersion": "1.0" - }, - { - "keyCode": "CP-230012", - "operationSetCode": "SigntoolVerify", - "parameters": [ ], - "toolName": "sign", - "toolVersion": "1.0" - } - ] - SessionTimeout: 20 + ] + SessionTimeout: 20 - # arguments are not parsed in DotNetCoreCLI@2 task for `pack` command, that's why we have a custom pack command here - - pwsh: dotnet pack $env:BUILD_SOURCESDIRECTORY/src/Microsoft.Kiota.Http.HttpClientLibrary.csproj /p:IncludeSymbols=true /p:SymbolPackageFormat=snupkg --no-build --output $env:BUILD_ARTIFACTSTAGINGDIRECTORY --configuration $env:BUILD_CONFIGURATION - env: - BUILD_CONFIGURATION: $(BuildConfiguration) - displayName: Dotnet pack + # arguments are not parsed in DotNetCoreCLI@2 task for `pack` command, that's why we have a custom pack command here + - pwsh: dotnet pack $env:BUILD_SOURCESDIRECTORY/src/Microsoft.Kiota.Http.HttpClientLibrary.csproj /p:IncludeSymbols=true /p:SymbolPackageFormat=snupkg --no-build --output $env:BUILD_ARTIFACTSTAGINGDIRECTORY --configuration $env:BUILD_CONFIGURATION + env: + BUILD_CONFIGURATION: $(BuildConfiguration) + displayName: Dotnet pack - - task: PowerShell@2 - displayName: 'Validate project version has been incremented' - condition: and(contains(variables['build.sourceBranch'], 'refs/heads/main'), succeeded()) - inputs: - targetType: 'filePath' - filePath: $(System.DefaultWorkingDirectory)\scripts\ValidateProjectVersionUpdated.ps1 - arguments: '-projectPath "$(Build.SourcesDirectory)/src/Microsoft.Kiota.Http.HttpClientLibrary.csproj" -packageName "Microsoft.Kiota.Http.HttpClientLibrary"' - pwsh: true + - task: PowerShell@2 + displayName: 'Validate project version has been incremented' + condition: and(contains(variables['build.sourceBranch'], 'refs/heads/main'), succeeded()) + inputs: + targetType: 'filePath' + filePath: $(System.DefaultWorkingDirectory)\scripts\ValidateProjectVersionUpdated.ps1 + arguments: '-projectPath "$(Build.SourcesDirectory)/src/Microsoft.Kiota.Http.HttpClientLibrary.csproj" -packageName "Microsoft.Kiota.Http.HttpClientLibrary"' + pwsh: true - - task: EsrpCodeSigning@2 - displayName: 'ESRP CodeSigning Nuget Packages' - inputs: - ConnectedServiceName: 'microsoftgraph ESRP CodeSign DLL and NuGet (AKV)' - FolderPath: '$(Build.ArtifactStagingDirectory)' - UseMinimatch: true - Pattern: '*.nupkg' - signConfigType: inlineSignParams - inlineOperation: | - [ - { - "keyCode": "CP-401405", - "operationSetCode": "NuGetSign", - "parameters": [ ], - "toolName": "sign", - "toolVersion": "1.0" - }, - { - "keyCode": "CP-401405", - "operationSetCode": "NuGetVerify", - "parameters": [ ], - "toolName": "sign", - "toolVersion": "1.0" - } - ] - SessionTimeout: 20 + - task: EsrpCodeSigning@2 + displayName: 'ESRP CodeSigning Nuget Packages' + inputs: + ConnectedServiceName: 'microsoftgraph ESRP CodeSign DLL and NuGet (AKV)' + FolderPath: '$(Build.ArtifactStagingDirectory)' + UseMinimatch: true + Pattern: '*.nupkg' + signConfigType: inlineSignParams + inlineOperation: | + [ + { + "keyCode": "CP-401405", + "operationSetCode": "NuGetSign", + "parameters": [ ], + "toolName": "sign", + "toolVersion": "1.0" + }, + { + "keyCode": "CP-401405", + "operationSetCode": "NuGetVerify", + "parameters": [ ], + "toolName": "sign", + "toolVersion": "1.0" + } + ] + SessionTimeout: 20 - - task: CopyFiles@2 - displayName: 'Copy release scripts to artifact staging directory' - condition: and(contains(variables['build.sourceBranch'], 'refs/heads/main'), succeeded()) - inputs: - SourceFolder: '$(Build.SourcesDirectory)' - Contents: 'scripts\**' - TargetFolder: '$(Build.ArtifactStagingDirectory)' + - task: CopyFiles@2 + displayName: 'Copy release scripts to artifact staging directory' + condition: and(contains(variables['build.sourceBranch'], 'refs/heads/main'), succeeded()) + inputs: + SourceFolder: '$(Build.SourcesDirectory)' + Contents: 'scripts\**' + TargetFolder: '$(Build.ArtifactStagingDirectory)' - - task: PublishPipelineArtifact@1 - displayName: 'Upload Artifact: Nugets' - inputs: - artifactName: Nugets - targetPath: $(Build.ArtifactStagingDirectory) + - task: 1ES.PublishPipelineArtifact@1 + displayName: 'Upload Artifact: Nugets' + inputs: + artifactName: Nugets + targetPath: $(Build.ArtifactStagingDirectory) -- stage: deploy - condition: and(contains(variables['build.sourceBranch'], 'refs/heads/main'), succeeded()) - dependsOn: build - jobs: - - deployment: deploy_dotnet_http_httpclientlibrary - dependsOn: [] - environment: nuget-org - strategy: - runOnce: - deploy: - pool: - vmImage: ubuntu-latest - steps: - # Install the nuget tool. - - task: NuGetToolInstaller@0 - displayName: 'Use NuGet >=5.2.0' - inputs: - versionSpec: '>=5.2.0' - checkLatest: true - - task: DownloadPipelineArtifact@2 - displayName: Download nupkg from artifacts - inputs: - artifact: Nugets - source: current - - task: PowerShell@2 - displayName: 'Extract release information to pipeline' - inputs: - targetType: 'filePath' - filePath: $(Pipeline.Workspace)\Nugets\scripts\GetNugetPackageVersion.ps1 - pwsh: true - arguments: '-packageDirPath "$(Pipeline.Workspace)/Nugets/"' - - task: NuGetCommand@2 - displayName: 'NuGet push' - inputs: - command: push - packagesToPush: '$(Pipeline.Workspace)/Nugets/Microsoft.Kiota.Http.HttpClientLibrary.*.nupkg' - nuGetFeedType: external - publishFeedCredentials: 'Kiota Nuget Connection' - - task: GitHubRelease@1 - displayName: 'GitHub release (create)' - inputs: - gitHubConnection: 'Kiota_Release' - target: $(Build.SourceVersion) - tagSource: userSpecifiedTag - tag: 'v$(VERSION_STRING)' - title: '$(VERSION_STRING)' - releaseNotesSource: inline - assets: '!**/**' - changeLogType: issueBased - isPreRelease : '$(IS_PRE_RELEASE)' - addChangeLog : true + - stage: deploy + condition: and(contains(variables['build.sourceBranch'], 'refs/heads/main'), succeeded()) + dependsOn: build + jobs: + - deployment: deploy_dotnet_http_httpclientlibrary + dependsOn: [] + environment: nuget-org + strategy: + runOnce: + deploy: + pool: + vmImage: ubuntu-latest + steps: + # Install the nuget tool. + - task: NuGetToolInstaller@0 + displayName: 'Use NuGet >=5.2.0' + inputs: + versionSpec: '>=5.2.0' + checkLatest: true + - task: DownloadPipelineArtifact@2 + displayName: Download nupkg from artifacts + inputs: + artifact: Nugets + source: current + - task: PowerShell@2 + displayName: 'Extract release information to pipeline' + inputs: + targetType: 'filePath' + filePath: $(Pipeline.Workspace)\scripts\GetNugetPackageVersion.ps1 + pwsh: true + arguments: '-packageDirPath "$(Pipeline.Workspace)/"' + - task: NuGetCommand@2 + displayName: 'NuGet push' + inputs: + command: push + packagesToPush: '$(Pipeline.Workspace)/Microsoft.Kiota.Http.HttpClientLibrary.*.nupkg' + packageParentPath: '$(Pipeline.Workspace)' + nuGetFeedType: external + publishFeedCredentials: 'Kiota Nuget Connection' + - task: GitHubRelease@1 + displayName: 'GitHub release (create)' + inputs: + gitHubConnection: 'Kiota_Release' + target: $(Build.SourceVersion) + tagSource: userSpecifiedTag + tag: 'v$(VERSION_STRING)' + title: '$(VERSION_STRING)' + releaseNotesSource: inline + assets: '!**/**' + changeLogType: issueBased + isPreRelease : '$(IS_PRE_RELEASE)' + addChangeLog : true