forked from dotnet/arcade
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Move common parts of sdl templates to additional templates
SDL Validation is done in both the repos and the staging/validaiton pipelines. Today, we have a large amount of the sdl job template duplicated for the staging/validation pipelines because we need to use different sources/we don't need all the artifact downloading (and if we did, we would want to get the artifacts from a different place). This duplication leads to issues like dotnet#8243 (among others), where versions changed in arcade, but they weren't properly migrated to dotnet-release, and the validation pipeline started failing. This change moves the duplicated steps to a steps template, and the duplicated variables to a variables template, so we can more easily share between these repos/pipelines.
- Loading branch information
1 parent
3ea6c47
commit 3a15e17
Showing
3 changed files
with
84 additions
and
60 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
parameters: | ||
overrideGuadianVersion: '' | ||
executeAllSdlToolsScript: '' | ||
overrideParameters: '' | ||
additionalParameters: '' | ||
publishGuardianDirectoryToPipeline: false | ||
sdlContinueOnError: false | ||
condition: '' | ||
|
||
steps: | ||
- ${{ if ne(parameters.overrideGuardianVersion, '') }}: | ||
- powershell: | | ||
$content = Get-Content $(GuardianPackagesConfigFile) | ||
Write-Host "packages.config content was:`n$content" | ||
$content = $content.Replace('$(DefaultGuardianVersion)', '$(GuardianVersion)') | ||
$content | Set-Content $(GuardianPackagesConfigFile) | ||
Write-Host "packages.config content updated to:`n$content" | ||
displayName: Use overridden Guardian version ${{ parameters.overrideGuardianVersion }} | ||
- task: NuGetToolInstaller@1 | ||
displayName: 'Install NuGet.exe' | ||
|
||
- task: NuGetCommand@2 | ||
displayName: 'Install Guardian' | ||
inputs: | ||
restoreSolution: $(Build.SourcesDirectory)\eng\common\sdl\packages.config | ||
feedsToUse: config | ||
nugetConfigPath: $(Build.SourcesDirectory)\eng\common\sdl\NuGet.config | ||
externalFeedCredentials: GuardianConnect | ||
restoreDirectory: $(Build.SourcesDirectory)\.packages | ||
|
||
- ${{ if ne(parameters.overrideParameters, '') }}: | ||
- powershell: ${{ parameters.executeAllSdlToolsScript }} ${{ parameters.overrideParameters }} | ||
displayName: Execute SDL | ||
continueOnError: ${{ parameters.sdlContinueOnError }} | ||
condition: ${{ parameters.condition }} | ||
|
||
- ${{ if eq(parameters.overrideParameters, '') }}: | ||
- powershell: ${{ parameters.executeAllSdlToolsScript }} | ||
-GuardianPackageName Microsoft.Guardian.Cli.$(GuardianVersion) | ||
-NugetPackageDirectory $(Build.SourcesDirectory)\.packages | ||
-AzureDevOpsAccessToken $(dn-bot-dotnet-build-rw-code-rw) | ||
${{ parameters.additionalParameters }} | ||
displayName: Execute SDL | ||
continueOnError: ${{ parameters.sdlContinueOnError }} | ||
condition: ${{ parameters.condition }} | ||
|
||
- ${{ if ne(parameters.publishGuardianDirectoryToPipeline, 'false') }}: | ||
# We want to publish the Guardian results and configuration for easy diagnosis. However, the | ||
# '.gdn' dir is a mix of configuration, results, extracted dependencies, and Guardian default | ||
# tooling files. Some of these files are large and aren't useful during an investigation, so | ||
# exclude them by simply deleting them before publishing. (As of writing, there is no documented | ||
# way to selectively exclude a dir from the pipeline artifact publish task.) | ||
- task: DeleteFiles@1 | ||
displayName: Delete Guardian dependencies to avoid uploading | ||
inputs: | ||
SourceFolder: $(Agent.BuildDirectory)/.gdn | ||
Contents: | | ||
c | ||
i | ||
condition: succeededOrFailed() | ||
- publish: $(Agent.BuildDirectory)/.gdn | ||
artifact: GuardianConfiguration | ||
displayName: Publish GuardianConfiguration | ||
condition: succeededOrFailed() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
variables: | ||
# The Guardian version specified in 'eng/common/sdl/packages.config'. This value must be kept in | ||
# sync with the packages.config file. | ||
- name: DefaultGuardianVersion | ||
value: 0.109.0 | ||
- name: GuardianPackagesConfigFile | ||
value: $(Build.SourcesDirectory)\eng\common\sdl\packages.config |