| 1 | | - | # Starter pipeline |
| 2 | | - | # Start with a minimal pipeline that you can customize to build and deploy your code. |
| 3 | | - | # Add steps that build, run tests, deploy, and more: |
| 4 | | - | # https://aka.ms/yaml |
| | 1 | + | ################################################################################# |
| | 2 | + | # OneBranch Pipelines - Official # |
| | 3 | + | # This pipeline was created by EasyStart from a sample located at: # |
| | 4 | + | # https://aka.ms/obpipelines/easystart/samples # |
| | 5 | + | # Documentation: https://aka.ms/obpipelines # |
| | 6 | + | # Yaml Schema: https://aka.ms/obpipelines/yaml/schema # |
| | 7 | + | # Retail Tasks: https://aka.ms/obpipelines/tasks # |
| | 8 | + | # Support: https://aka.ms/onebranchsup # |
| | 9 | + | ################################################################################# |
| 5 | 10 | | |
| 6 | 11 | | trigger: |
| 7 | | - | - main |
| | 12 | + | batch: true |
| | 13 | + | branches: |
| | 14 | + | include: |
| | 15 | + | - main |
| 8 | 16 | | |
| 9 | | - | pool: |
| 10 | | - | vmImage: ubuntu-latest |
| | 17 | + | parameters: # parameters are shown up in ADO UI in a build queue time |
| | 18 | + | - name: 'debug' |
| | 19 | + | displayName: 'Enable debug output' |
| | 20 | + | type: boolean |
| | 21 | + | default: false |
| 11 | 22 | | |
| 12 | | - | steps: |
| | 23 | + | variables: |
| | 24 | + | CDP_DEFINITION_BUILD_COUNT: $[counter('', 0)] # needed for onebranch.pipeline.version task https://aka.ms/obpipelines/versioning |
| | 25 | + | system.debug: ${{ parameters.debug }} |
| | 26 | + | ENABLE_PRS_DELAYSIGN: 1 |
| | 27 | + | ROOT: $(Build.SourcesDirectory) |
| | 28 | + | REPOROOT: $(Build.SourcesDirectory) |
| | 29 | + | OUTPUTROOT: $(REPOROOT)\out |
| | 30 | + | NUGET_XMLDOC_MODE: none |
| | 31 | + | |
| | 32 | + | LinuxContainerImage: 'ubuntu-latest' |
| 13 | 33 | | |
| 14 | | - | - task: onebranch.pipeline.signing@1 |
| 15 | | - | inputs: |
| 16 | | - | command: 'sign' |
| 17 | | - | signing_environment: 'azure-ado' |
| 18 | | - | search_root: '$(Build.SourcesDirectory)' |
| 19 | | - | files_to_sign: '**/*.py;*.py' |
| | 34 | + | resources: |
| | 35 | + | repositories: |
| | 36 | + | - repository: templates |
| | 37 | + | type: git |
| | 38 | + | name: OneBranch.Pipelines/GovernedTemplates |
| | 39 | + | ref: refs/heads/main |
| 20 | 40 | | |
| 21 | | - | - task: CopyFiles@2 |
| 22 | | - | inputs: |
| 23 | | - | SourceFolder: '$(Build.SourcesDirectory)' |
| 24 | | - | Contents: '*.py commands' |
| 25 | | - | TargetFolder: '$(Build.SourcesDirectory)/out' |
| | 41 | + | extends: |
| | 42 | + | template: v2/OneBranch.Official.CrossPlat.yml@templates # https://aka.ms/obpipelines/templates |
| | 43 | + | parameters: |
| | 44 | + | cloudvault: # https://aka.ms/obpipelines/cloudvault |
| | 45 | + | enabled: false |
| | 46 | + | globalSdl: # https://aka.ms/obpipelines/sdl |
| | 47 | + | tsa: |
| | 48 | + | enabled: false # onebranch publish all sdl results to TSA. If TSA is disabled all SDL tools will forced into 'break' build mode. |
| | 49 | + | # credscan: |
| | 50 | + | # suppressionsFile: $(Build.SourcesDirectory)\.config\CredScanSuppressions.json |
| | 51 | + | binskim: |
| | 52 | + | break: true # always break the build on binskim issues in addition to TSA upload |
| | 53 | + | policheck: |
| | 54 | + | break: true # always break the build on policheck issues. You can disable it by setting to 'false' |
| | 55 | + | suppression: |
| | 56 | + | suppressionFile: $(Build.SourcesDirectory)\.azure\openssl.gdnsuppress |
| | 57 | + | featureFlags: |
| | 58 | + | linuxEsrpSigningPreview: true |
