diff --git a/Localize/onelocbuild.yaml b/Localize/onelocbuild.yaml new file mode 100644 index 000000000..3ce16b684 --- /dev/null +++ b/Localize/onelocbuild.yaml @@ -0,0 +1,72 @@ +trigger: none +pr: none + +schedules: +- cron: "0 6 * * *" + displayName: Run daily at 6:00 UTC + branches: + include: + - main +- cron: "0 6 * * Sunday" + displayName: Run weekly on Sunday at 6:00 UTC + branches: + include: + - main + always: true + +jobs: +- job: OneLocBuild + displayName: OneLocBuild + condition: and(eq(variables['System.TeamProject'], 'DevDiv'), eq(variables['Build.SourceBranch'], 'refs/heads/main')) + pool: + name: AzurePipelines-EO + demands: + - ImageOverride -equals 1ESPT-Windows2022 + timeoutInMinutes: 30 + variables: + - group: Xamarin-Secrets + workspace: + clean: all + steps: + - checkout: self + clean: true + + # https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/1es-security-configuration/configuration-guides/pat-burndown-guidance#authentication-from-pipelines + # Requires Azure client 2.x + - task: AzureCLI@2 + displayName: 'Set AzDO.OneLocBuildToken' + enabled: true + inputs: + azureSubscription: 'VSEng-AzureDevOps-ceapex-OneLocBuild' # Azure DevOps service connection + scriptType: 'pscore' + scriptLocation: 'inlineScript' + inlineScript: | + # if this fails, check out this bash script that includes diagnostics: + # https://gist.github.com/johnterickson/19f80a3e969e39f1000d118739176e62 + # Note that the resource is specified to limit the token to Azure DevOps + $token = az account get-access-token --query accessToken --resource 499b84ac-1321-427f-aa17-267ca6975798 -o tsv + Write-Host "##vso[task.setvariable variable=AzDO.OneLocBuildToken;issecret=true]${token}" + + - task: OneLocBuild@2 + displayName: OneLocBuild + env: + SYSTEM_ACCESSTOKEN: $(System.AccessToken) + inputs: + locProj: Localize/LocProject.json + outDir: $(Build.StagingDirectory) + packageSourceAuth: patAuth + patVariable: $(AzDO.OneLocBuildToken) + isCreatePrSelected: true + repoType: gitHub + gitHubPatVariable: $(github--pat--vs-mobiletools-engineering-service2) + prSourceBranchPrefix: locpr + isShouldReusePrSelected: true + isAutoCompletePrSelected: false + isUseLfLineEndingsSelected: true + + - task: PublishBuildArtifacts@1 + displayName: Publish Localization Files + inputs: + PathtoPublish: $(Build.StagingDirectory)/loc + ArtifactName: Loc + condition: succeededOrFailed() diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index 0625cda42..8fe06a4a7 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -3,25 +3,18 @@ trigger: - main - release/* - - d17-* - dependabot/* - - dev/* pr: branches: include: - main - release/* - - d17-* paths: exclude: - README.md - Documentation/* -parameters: -- name: ApiScanSourceBranch - default: 'refs/heads/main' - # Global variables variables: RunningOnCI: true @@ -29,22 +22,16 @@ variables: DotNetCoreVersion: 8.0.303 DotNetTargetFramework: net8.0 NetCoreTargetFrameworkPathSuffix: -$(DotNetTargetFramework) - 1ESWindowsPool: AzurePipelines-EO - 1ESWindowsImage: AzurePipelinesWindows2022compliant - 1ESMacPool: Azure Pipelines - 1ESMacImage: macOS-13 - DisablePipelineConfigDetector: true + HostedPoolName: Azure Pipelines + HostedWinImage: windows-2022 + HostedMacImage: macOS-14 jobs: - job: windows_dotnet_build displayName: Windows - .NET pool: - name: $(1ESWindowsPool) - demands: - - ImageOverride -equals $(1ESWindowsImage) - variables: - VSINSTALLDIR: C:\Program Files\Microsoft Visual Studio\2022\Enterprise\ - Codeql.Enabled: true + name: $(HostedPoolName) + vmImage: $(HostedWinImage) timeoutInMinutes: 60 workspace: clean: all @@ -76,8 +63,8 @@ jobs: - job: mac_dotnet_build displayName: Mac - .NET pool: - name: $(1ESMacPool) - vmImage: $(1ESMacImage) + name: $(HostedPoolName) + vmImage: $(HostedMacImage) timeoutInMinutes: 20 workspace: clean: all @@ -98,126 +85,3 @@ jobs: - template: templates\fail-on-dirty-tree.yaml - template: templates\fail-on-issue.yaml - - -- job: api_scan - displayName: API Scan - dependsOn: windows_dotnet_build - condition: and(eq(dependencies.windows_dotnet_build.result, 'Succeeded'), eq(variables['Build.SourceBranch'], '${{ parameters.ApiScanSourceBranch }}')) - pool: - name: MAUI-1ESPT - demands: ImageOverride -equals 1ESPT-Windows2022 - timeoutInMinutes: 480 - workspace: - clean: all - steps: - - task: DownloadPipelineArtifact@2 - displayName: Download build artifacts - inputs: - artifactName: artifacts - downloadPath: $(Build.SourcesDirectory) - - ### Copy .dll, .exe, .pdb files for APIScan - - task: CopyFiles@2 - displayName: Collect Files for APIScan - inputs: - Contents: | - $(Build.SourcesDirectory)\$(Build.Configuration)$(NetCoreTargetFrameworkPathSuffix)\**\?(*.dll|*.exe|*.pdb) - !$(Build.SourcesDirectory)\**\jnimarshalmethod-gen.* - !$(Build.SourcesDirectory)\**\Mono.CSharp.dll - !$(Build.SourcesDirectory)\**\SgmlReader.exe - !$(Build.SourcesDirectory)\**\win-*\java-interop.dll - TargetFolder: $(Build.StagingDirectory)\apiscan - OverWrite: true - flattenFolders: true - - - task: APIScan@2 - displayName: Run APIScan - inputs: - softwareFolder: $(Build.StagingDirectory)\apiscan - symbolsFolder: 'SRV*http://symweb;$(Build.StagingDirectory)\apiscan' - softwareName: $(ApiScanName) - softwareVersionNum: $(Build.SourceBranchName)-$(Build.SourceVersion)$(System.JobAttempt) - isLargeApp: true - toolVersion: Latest - env: - AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanMAUI1ESPTManagedId) - - - task: SdtReport@2 - displayName: Guardian Export - Security Report - inputs: - GdnExportAllTools: false - GdnExportGdnToolApiScan: true - GdnExportOutputSuppressionFile: source.gdnsuppress - - - task: PublishSecurityAnalysisLogs@3 - displayName: Publish Guardian Artifacts - inputs: - ArtifactName: APIScan Logs - ArtifactType: Container - AllTools: false - APIScan: true - ToolLogsNotFoundAction: Warning - - - task: PostAnalysis@2 - displayName: Fail Build on Guardian Issues - inputs: - GdnBreakAllTools: false - GdnBreakGdnToolApiScan: true - - -- job: OneLocBuild - displayName: OneLocBuild - condition: and(eq(variables['System.TeamProject'], 'DevDiv'), eq(variables['Build.SourceBranch'], 'refs/heads/main')) - pool: - name: AzurePipelines-EO - demands: - - ImageOverride -equals 1ESPT-Windows2022 - timeoutInMinutes: 30 - variables: - - group: Xamarin-Secrets - workspace: - clean: all - steps: - - checkout: self - clean: true - - # https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/1es-security-configuration/configuration-guides/pat-burndown-guidance#authentication-from-pipelines - # Requires Azure client 2.x - - task: AzureCLI@2 - displayName: 'Set AzDO.OneLocBuildToken' - enabled: true - inputs: - azureSubscription: 'VSEng-AzureDevOps-ceapex-OneLocBuild' # Azure DevOps service connection - scriptType: 'pscore' - scriptLocation: 'inlineScript' - inlineScript: | - # if this fails, check out this bash script that includes diagnostics: - # https://gist.github.com/johnterickson/19f80a3e969e39f1000d118739176e62 - # Note that the resource is specified to limit the token to Azure DevOps - $token = az account get-access-token --query accessToken --resource 499b84ac-1321-427f-aa17-267ca6975798 -o tsv - Write-Host "##vso[task.setvariable variable=AzDO.OneLocBuildToken;issecret=true]${token}" - - - task: OneLocBuild@2 - displayName: OneLocBuild - env: - SYSTEM_ACCESSTOKEN: $(System.AccessToken) - inputs: - locProj: Localize/LocProject.json - outDir: $(Build.StagingDirectory) - packageSourceAuth: patAuth - patVariable: $(AzDO.OneLocBuildToken) - isCreatePrSelected: true - repoType: gitHub - gitHubPatVariable: $(github--pat--vs-mobiletools-engineering-service2) - prSourceBranchPrefix: locpr - isShouldReusePrSelected: true - isAutoCompletePrSelected: false - isUseLfLineEndingsSelected: true - - - task: PublishBuildArtifacts@1 - displayName: Publish Localization Files - inputs: - PathtoPublish: $(Build.StagingDirectory)/loc - ArtifactName: Loc - condition: succeededOrFailed()