Adopt 1ES PT (#207844)

* extend 1es pipeline template

* oops

* fix template references

* argh

* hmm

* hm

* hm

* use outputs for compilation artifact

* this

* use 1ES.PublishPipelineArtifact@1 instead of publish

* more 1ES.PublishPipelineArtifact@1 adoption

* provide windows pool for sdl sources

* sdl

* fix pools

* fix macos

* disable sbom for intermediate artifacts

* use mariner linux

* try inline tsa options

* fix credscan

* hm

* sudo it

* more suppressions

* be explicit with SBOM build drop paths

* fix indentation

* fix file extensions

* fix cli sbom build drop paths

* fix more build

* fix unzip cli

* careful with _manifest in artifacts

* do not close file

* add logging

* debug

* use snapcraft container

* remove size check

* fix macos cli step

* fix snap permissions

* fix macos

* better logs

* fix snap

* more cred scan suppressions

* even more supressiong

* alpine-arm64: try using x64

* Revert "alpine-arm64: try using x64"

This reverts commit bf2003bf60.

* test docker

* I wonder

* logs

* hm

* fix indentation

* hm

* hm

* fix snap finds

* remove auth

* use hostArchitecture

* snap: limit find

* hm

* sudo

* Add validateToolOutput: None to the build pipeline

* bring back sdl-scan

* try all tools: true

* use release

* Update Azure Pipelines YAML file for Linux product build and test

* hm

* hm

* same for win32

* hm

* hm

* Revert "hm"

This reverts commit 1b9dcae85b.

* use branch

* fix template file

* fix template paths
This commit is contained in:
João Moreno
2024-03-21 14:16:32 +01:00
committed by GitHub
parent e3cf2530e6
commit e5515ac702
34 changed files with 1040 additions and 974 deletions

View File

@@ -22,7 +22,7 @@ steps:
nodejsMirror: https://github.com/joaomoreno/node-mirror/releases/download
- ${{ if ne(parameters.VSCODE_QUALITY, 'oss') }}:
- template: ../cli/cli-apply-patches.yml
- template: ../cli/cli-apply-patches.yml@self
- task: Npm@1
displayName: Download openssl prebuilt
@@ -79,7 +79,7 @@ steps:
mkdir -p $(Build.SourcesDirectory)/.build
displayName: Create .build folder for misc dependencies
- template: ../cli/install-rust-posix.yml
- template: ../cli/install-rust-posix.yml@self
parameters:
targets:
- ${{ if eq(parameters.VSCODE_BUILD_LINUX_ARM64, true) }}:
@@ -90,7 +90,7 @@ steps:
- armv7-unknown-linux-gnueabihf
- ${{ if eq(parameters.VSCODE_BUILD_LINUX_ARM64, true) }}:
- template: ../cli/cli-compile.yml
- template: ../cli/cli-compile.yml@self
parameters:
VSCODE_QUALITY: ${{ parameters.VSCODE_QUALITY }}
VSCODE_CLI_TARGET: aarch64-unknown-linux-gnu
@@ -102,7 +102,7 @@ steps:
SYSROOT_ARCH: arm64
- ${{ if eq(parameters.VSCODE_BUILD_LINUX, true) }}:
- template: ../cli/cli-compile.yml
- template: ../cli/cli-compile.yml@self
parameters:
VSCODE_QUALITY: ${{ parameters.VSCODE_QUALITY }}
VSCODE_CLI_TARGET: x86_64-unknown-linux-gnu
@@ -114,7 +114,7 @@ steps:
SYSROOT_ARCH: amd64
- ${{ if eq(parameters.VSCODE_BUILD_LINUX_ARMHF, true) }}:
- template: ../cli/cli-compile.yml
- template: ../cli/cli-compile.yml@self
parameters:
VSCODE_QUALITY: ${{ parameters.VSCODE_QUALITY }}
VSCODE_CLI_TARGET: armv7-unknown-linux-gnueabihf
@@ -125,20 +125,33 @@ steps:
OPENSSL_INCLUDE_DIR: $(Build.ArtifactStagingDirectory)/openssl/arm-linux/include
SYSROOT_ARCH: armhf
- ${{ if eq(parameters.VSCODE_BUILD_LINUX_ARMHF, true) }}:
- template: ../cli/cli-publish.yml
parameters:
VSCODE_CLI_ARTIFACT: vscode_cli_linux_armhf_cli
VSCODE_CHECK_ONLY: ${{ parameters.VSCODE_CHECK_ONLY }}
- ${{ if not(parameters.VSCODE_CHECK_ONLY) }}:
- ${{ if eq(parameters.VSCODE_BUILD_LINUX_ARMHF, true) }}:
- task: 1ES.PublishPipelineArtifact@1
inputs:
targetPath: $(Build.ArtifactStagingDirectory)/vscode_cli_linux_armhf_cli.tar.gz
artifactName: vscode_cli_linux_armhf_cli
sbomBuildDropPath: $(Build.ArtifactStagingDirectory)/cli
sbomPackageName: "VS Code Linux armhf CLI"
sbomPackageVersion: $(Build.SourceVersion)
displayName: Publish vscode_cli_linux_armhf_cli artifact
- ${{ if eq(parameters.VSCODE_BUILD_LINUX, true) }}:
- template: ../cli/cli-publish.yml
parameters:
VSCODE_CLI_ARTIFACT: vscode_cli_linux_x64_cli
VSCODE_CHECK_ONLY: ${{ parameters.VSCODE_CHECK_ONLY }}
- ${{ if eq(parameters.VSCODE_BUILD_LINUX, true) }}:
- task: 1ES.PublishPipelineArtifact@1
inputs:
targetPath: $(Build.ArtifactStagingDirectory)/vscode_cli_linux_x64_cli.tar.gz
artifactName: vscode_cli_linux_x64_cli
sbomBuildDropPath: $(Build.ArtifactStagingDirectory)/cli
sbomPackageName: "VS Code Linux x64 CLI"
sbomPackageVersion: $(Build.SourceVersion)
displayName: Publish vscode_cli_linux_x64_cli artifact
- ${{ if eq(parameters.VSCODE_BUILD_LINUX_ARM64, true) }}:
- template: ../cli/cli-publish.yml
parameters:
VSCODE_CLI_ARTIFACT: vscode_cli_linux_arm64_cli
VSCODE_CHECK_ONLY: ${{ parameters.VSCODE_CHECK_ONLY }}
- ${{ if eq(parameters.VSCODE_BUILD_LINUX_ARM64, true) }}:
- task: 1ES.PublishPipelineArtifact@1
inputs:
targetPath: $(Build.ArtifactStagingDirectory)/vscode_cli_linux_arm64_cli.tar.gz
artifactName: vscode_cli_linux_arm64_cli
sbomBuildDropPath: $(Build.ArtifactStagingDirectory)/cli
sbomPackageName: "VS Code Linux arm64 CLI"
sbomPackageVersion: $(Build.SourceVersion)
displayName: Publish vscode_cli_linux_arm64_cli artifact