PowerShell/.pipelines/PowerShell-Release-Official-Azure.yml at master · elridder777/PowerShell · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
trigger: none

parameters: # parameters are shown up in ADO UI in a build queue time
  - name: 'debug'
    displayName: 'Enable debug output'
    type: boolean
    default: false
  - name: skipPublish
    displayName: Skip PMC Publish
    type: boolean
    default: false
  - name: SKIP_SIGNING
    displayName: Skip Signing
    type: string
    default: 'NO'

name: ev2-$(BUILD.SOURCEBRANCHNAME)-$(Build.BuildId)

variables:
  - name: CDP_DEFINITION_BUILD_COUNT
    value: $[counter('', 0)]
  - name: system.debug
    value: ${{ parameters.debug }}
  - name: ENABLE_PRS_DELAYSIGN
    value: 1
  - name: ROOT
    value: $(Build.SourcesDirectory)
  - name: REPOROOT
    value: $(Build.SourcesDirectory)
  - name: OUTPUTROOT
    value: $(REPOROOT)\out
  - name: NUGET_XMLDOC_MODE
    value: none
  - name: nugetMultiFeedWarnLevel
    value: none
  - name: NugetSecurityAnalysisWarningLevel
    value: none
  - name: skipNugetSecurityAnalysis
    value: true
  - name: ob_outputDirectory
    value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT'
  - name: ob_sdl_tsa_configFile
    value: $(Build.SourcesDirectory)\.config\tsaoptions.json
  - name: WindowsContainerImage
    value: 'onebranch.azurecr.io/windows/ltsc2022/vse2022:latest'
  - name: LinuxContainerImage
    value: mcr.microsoft.com/onebranch/cbl-mariner/build:2.0
  - group: PoolNames

resources:
  repositories:
    - repository: templates
      type: git
      name: OneBranch.Pipelines/GovernedTemplates
      ref: refs/heads/main

  pipelines:
    - pipeline: CoOrdinatedBuildPipeline
      source: 'PowerShell-Coordinated Binaries-Official'

    - pipeline: PSPackagesOfficial
      source: 'PowerShell-Packages-Official'
      trigger:
        branches:
          include:
            - master
            - releases/*

extends:
  template: v2/OneBranch.Official.CrossPlat.yml@templates
  parameters:
    featureFlags:
      WindowsHostVersion:
        Version: 2022
        Network: Netlock
      linuxEsrpSigning: true
    cloudvault:
      enabled: false
    globalSdl:
      disableLegacyManifest: true
      # disabled Armory as we dont have any ARM templates to scan. It fails on some sample ARM templates.
      armory:
        enabled: false
      asyncSdl:
        enabled: true
        tsaOptionsFile: .config/tsaoptions.json
      tsa:
        enabled: true
      credscan:
        enabled: true
        scanFolder:  $(Build.SourcesDirectory)
        suppressionsFile: $(Build.SourcesDirectory)\.config\suppress.json
      binskim:
        break: false # always break the build on binskim issues in addition to TSA upload
      policheck:
        break: true # always break the build on policheck issues. You can disable it by setting to 'false'
      tsaOptionsFile: .config\tsaoptions.json
    stages:
      - template: /.pipelines/templates/release-prep-for-ev2.yml@self
        parameters:
          skipPublish: ${{ parameters.skipPublish }}

      - template: /.pipelines/templates/release-publish-pmc.yml@self