diff --git a/.config/tsaoptions.json b/.config/tsaoptions.json new file mode 100644 index 0000000..a16f020 --- /dev/null +++ b/.config/tsaoptions.json @@ -0,0 +1,8 @@ +{ + "codebaseName": "Forge", + "instanceUrl": "https://msazure.visualstudio.com", + "projectName": "One", + "areaPath": "One\\Azure Compute\\OneFleet Node\\Availability Platform\\Anvil", + "TSADocumentation": "https://aka.ms/OBTSA", + "notificationAliases": ["ForgeTreeWalker@microsoft.com"] +} diff --git a/azure-pipelines.yml b/azure-pipelines.yml index dc3bb23..0d5162e 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -1,143 +1,164 @@ trigger: - master -pool: - vmImage: 'windows-latest' - timeoutInMinutes: 10 +resources: + repositories: + - repository: onebranchTemplates + type: git + name: OneBranch.Pipelines/GovernedTemplates + ref: refs/heads/main -steps: -- task: NuGetCommand@2 - displayName: 'NuGet restore' - inputs: - restoreSolution: '$(Build.SourcesDirectory)\Forge.sln' + +variables: + WindowsContainerImage: 'onebranch.azurecr.io/windows/ltsc2019/vse2022:latest' # Docker image which is used to build the project https://aka.ms/obpipelines/containers -- task: VSBuild@1 - displayName: 'Build .NET sln for tests' - inputs: - solution: '$(Build.SourcesDirectory)\Forge.sln' - platform: 'Any CPU' - configuration: Release - -- task: VSTest@2 - displayName: 'Run Tests' - inputs: - testAssemblyVer2: | - $(Build.SourcesDirectory)\Forge.TreeWalker.UnitTests\obj\Release\Microsoft.Forge.TreeWalker.UnitTests.dll - runInParallel: True - -- task: VSBuild@1 - displayName: 'Build .NET sln and pack' - inputs: - solution: '$(Build.SourcesDirectory)\Forge.sln' - platform: 'Any CPU' - configuration: Release - msbuildArgs: '-t:pack' - -- task: UseDotNet@2 - inputs: - packageType: 'sdk' - version: '6.0.100' -- task: UseDotNet@2 - inputs: - packageType: 'runtime' - version: '2.1.23' - -- task: EsrpCodeSigning@5 - displayName: 'ESRP CodeSigning - Authenticode MI' - inputs: - ConnectedServiceName: 'ForgeServiceConnection' - UseMSIAuthentication: true - AppRegistrationClientId: 'ee5bddcd-7e6d-40c7-a645-8f0be9da4e24' - AppRegistrationTenantId: '33e01921-4d64-4f8c-a055-5bdaffd5e33d' - EsrpClientId: 'ec6597cc-b900-43a4-9d2b-ffc5cc4f8c56' - AuthAKVName: 'ForgeKeyVault2' - AuthSignCertName: 'ForgeKeyVault2Certificate' - ServiceEndpointUrl: 'https://api.esrp.microsoft.com/api/v2' - signConfigType: 'inlineSignParams' - FolderPath: '$(Build.SourcesDirectory)\Forge.TreeWalker\bin\Release' - Pattern: 'Microsoft.Forge.TreeWalker.dll' - OpusName: 'Microsoft Forge TreeWalker' - OpusInfo: 'https://www.github.com/microsoft/forge' - inlineOperation: | - [ { - "keyCode": "CP-230012", - "operationSetCode": "SigntoolSign", - "parameters": [ - { - "parameterName": "OpusName", - "parameterValue": "Microsoft" - }, - { - "parameterName": "OpusInfo", - "parameterValue": "http://www.microsoft.com" - }, - { - "parameterName": "Append", - "parameterValue": "/as" - }, - { - "parameterName": "FileDigest", - "parameterValue": "/fd \"SHA256\"" - }, - { - "parameterName": "PageHash", - "parameterValue": "/NPH" - }, - { - "parameterName": "TimeStamp", - "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" - } - ], - "toolName": "sign", - "toolVersion": "1.0" - }, - { - "keyCode": "CP-230012", - "operationSetCode": "SigntoolVerify", - "parameters": [ ], - "toolName": "sign", - "toolVersion": "1.0" - }] - -- task: EsrpCodeSigning@5 - displayName: 'ESRP CodeSigning - NuGet MI' - inputs: - ConnectedServiceName: 'ForgeServiceConnection' - UseMSIAuthentication: true - AppRegistrationClientId: 'ee5bddcd-7e6d-40c7-a645-8f0be9da4e24' - AppRegistrationTenantId: '33e01921-4d64-4f8c-a055-5bdaffd5e33d' - EsrpClientId: 'ec6597cc-b900-43a4-9d2b-ffc5cc4f8c56' - AuthAKVName: 'ForgeKeyVault2' - AuthSignCertName: 'ForgeKeyVault2Certificate' - ServiceEndpointUrl: 'https://api.esrp.microsoft.com/api/v2' - signConfigType: 'inlineSignParams' - FolderPath: '$(Build.SourcesDirectory)\Forge.TreeWalker\bin\Release' - Pattern: 'Microsoft.Forge.TreeWalker*.symbols.nupkg' - inlineOperation: | - [ - { - "keyCode": "CP-401405", - "operationSetCode": "NuGetSign", - "parameters": [ ], - "toolName": "sign", - "toolVersion": "1.0" - }, - { - "keyCode": "CP-401405", - "operationSetCode": "NuGetVerify", - "parameters": [ ], - "toolName": "sign", - "toolVersion": "1.0" - } - ] - SessionTimeout: '60' - MaxConcurrency: '50' - MaxRetryAttempts: '5' - -- task: NuGetCommand@2 - displayName: 'NuGet push AzureArtifacts' - inputs: - command: push - packagesToPush: '$(Build.SourcesDirectory)\Forge.TreeWalker\bin\Release\Microsoft.Forge.TreeWalker*.symbols.nupkg' - publishVstsFeed: 'ForgeArtifacts' - allowPackageConflicts: true \ No newline at end of file +extends: + template: v2/OneBranch.Official.CrossPlat.yml@onebranchTemplates + parameters: + customStages: + - stage: stage + jobs: + - job: job + pool: + vmImage: 'windows-latest' + variables: + - name: ob_nugetPublishing_enabled + value: true + - name: ob_outputDirectory + value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' + steps: + - task: NuGetCommand@2 + displayName: 'NuGet restore' + inputs: + restoreSolution: '$(Build.SourcesDirectory)\Forge.sln' + + - task: VSBuild@1 + displayName: 'Build .NET sln for tests' + inputs: + solution: '$(Build.SourcesDirectory)\Forge.sln' + platform: 'Any CPU' + configuration: Release + + - task: VSTest@2 + displayName: 'Run Tests' + inputs: + testAssemblyVer2: | + $(Build.SourcesDirectory)\Forge.TreeWalker.UnitTests\obj\Release\Microsoft.Forge.TreeWalker.UnitTests.dll + runInParallel: True + + - task: VSBuild@1 + displayName: 'Build .NET sln and pack' + inputs: + solution: '$(Build.SourcesDirectory)\Forge.sln' + platform: 'Any CPU' + configuration: Release + msbuildArgs: '-t:pack' + + - task: UseDotNet@2 + inputs: + packageType: 'sdk' + version: '6.0.100' + - task: UseDotNet@2 + inputs: + packageType: 'runtime' + version: '2.1.23' + + - task: EsrpCodeSigning@5 + displayName: 'ESRP CodeSigning - Authenticode MI' + inputs: + ConnectedServiceName: 'ForgeManagedIdentity' + UseMSIAuthentication: true + AppRegistrationClientId: 'ee5bddcd-7e6d-40c7-a645-8f0be9da4e24' + AppRegistrationTenantId: '33e01921-4d64-4f8c-a055-5bdaffd5e33d' + EsrpClientId: 'ec6597cc-b900-43a4-9d2b-ffc5cc4f8c56' + AuthAKVName: 'ForgeKeyVault2' + AuthSignCertName: 'ForgeKeyVault2Certificate' + ServiceEndpointUrl: 'https://api.esrp.microsoft.com/api/v2' + signConfigType: 'inlineSignParams' + FolderPath: '$(Build.SourcesDirectory)\Forge.TreeWalker\bin\Release' + Pattern: 'Microsoft.Forge.TreeWalker.dll' + OpusName: 'Microsoft Forge TreeWalker' + OpusInfo: 'https://www.github.com/microsoft/forge' + inlineOperation: | + [ { + "keyCode": "CP-230012", + "operationSetCode": "SigntoolSign", + "parameters": [ + { + "parameterName": "OpusName", + "parameterValue": "Microsoft" + }, + { + "parameterName": "OpusInfo", + "parameterValue": "http://www.microsoft.com" + }, + { + "parameterName": "Append", + "parameterValue": "/as" + }, + { + "parameterName": "FileDigest", + "parameterValue": "/fd \"SHA256\"" + }, + { + "parameterName": "PageHash", + "parameterValue": "/NPH" + }, + { + "parameterName": "TimeStamp", + "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" + } + ], + "toolName": "sign", + "toolVersion": "1.0" + }, + { + "keyCode": "CP-230012", + "operationSetCode": "SigntoolVerify", + "parameters": [ ], + "toolName": "sign", + "toolVersion": "1.0" + }] + + - task: EsrpCodeSigning@5 + displayName: 'ESRP CodeSigning - NuGet MI' + inputs: + ConnectedServiceName: 'ForgeManagedIdentity' + UseMSIAuthentication: true + AppRegistrationClientId: 'ee5bddcd-7e6d-40c7-a645-8f0be9da4e24' + AppRegistrationTenantId: '33e01921-4d64-4f8c-a055-5bdaffd5e33d' + EsrpClientId: 'ec6597cc-b900-43a4-9d2b-ffc5cc4f8c56' + AuthAKVName: 'ForgeKeyVault2' + AuthSignCertName: 'ForgeKeyVault2Certificate' + ServiceEndpointUrl: 'https://api.esrp.microsoft.com/api/v2' + signConfigType: 'inlineSignParams' + FolderPath: '$(Build.SourcesDirectory)\Forge.TreeWalker\bin\Release' + Pattern: 'Microsoft.Forge.TreeWalker*.symbols.nupkg' + inlineOperation: | + [ + { + "keyCode": "CP-401405", + "operationSetCode": "NuGetSign", + "parameters": [ ], + "toolName": "sign", + "toolVersion": "1.0" + }, + { + "keyCode": "CP-401405", + "operationSetCode": "NuGetVerify", + "parameters": [ ], + "toolName": "sign", + "toolVersion": "1.0" + } + ] + SessionTimeout: '60' + MaxConcurrency: '50' + MaxRetryAttempts: '5' + + - task: NuGetCommand@2 + displayName: 'NuGet push AzureArtifacts' + inputs: + command: push + packagesToPush: '$(Build.SourcesDirectory)\Forge.TreeWalker\bin\Release\Microsoft.Forge.TreeWalker*.symbols.nupkg' + publishVstsFeed: 'ForgeArtifacts' + allowPackageConflicts: true