1 | | - | # Starter pipeline |
2 | | - | # Start with a minimal pipeline that you can customize to build and deploy your code. |
3 | | - | # Add steps that build, run tests, deploy, and more: |
4 | | - | # https://aka.ms/yaml |
| 1 | + | ################################################################################# |
| 2 | + | # OneBranch Pipelines - Official # |
| 3 | + | # This pipeline was created by EasyStart from a sample located at: # |
| 4 | + | # https://aka.ms/obpipelines/easystart/samples # |
| 5 | + | # Documentation: https://aka.ms/obpipelines # |
| 6 | + | # Yaml Schema: https://aka.ms/obpipelines/yaml/schema # |
| 7 | + | # Retail Tasks: https://aka.ms/obpipelines/tasks # |
| 8 | + | # Support: https://aka.ms/onebranchsup # |
| 9 | + | ################################################################################# |
5 | 10 | | |
6 | 11 | | trigger: |
7 | | - | - main |
| 12 | + | batch: true |
| 13 | + | branches: |
| 14 | + | include: |
| 15 | + | - main |
8 | 16 | | |
9 | | - | pool: |
10 | | - | vmImage: ubuntu-latest |
| 17 | + | parameters: # parameters are shown up in ADO UI in a build queue time |
| 18 | + | - name: 'debug' |
| 19 | + | displayName: 'Enable debug output' |
| 20 | + | type: boolean |
| 21 | + | default: false |
11 | 22 | | |
12 | | - | steps: |
| 23 | + | variables: |
| 24 | + | CDP_DEFINITION_BUILD_COUNT: $[counter('', 0)] # needed for onebranch.pipeline.version task https://aka.ms/obpipelines/versioning |
| 25 | + | system.debug: ${{ parameters.debug }} |
| 26 | + | ENABLE_PRS_DELAYSIGN: 1 |
| 27 | + | ROOT: $(Build.SourcesDirectory) |
| 28 | + | REPOROOT: $(Build.SourcesDirectory) |
| 29 | + | OUTPUTROOT: $(REPOROOT)\out |
| 30 | + | NUGET_XMLDOC_MODE: none |
| 31 | + | |
| 32 | + | LinuxContainerImage: 'ubuntu-latest' |
13 | 33 | | |
14 | | - | - task: onebranch.pipeline.signing@1 |
15 | | - | inputs: |
16 | | - | command: 'sign' |
17 | | - | signing_environment: 'azure-ado' |
18 | | - | search_root: '$(Build.SourcesDirectory)' |
19 | | - | files_to_sign: '**/*.py;*.py' |
| 34 | + | resources: |
| 35 | + | repositories: |
| 36 | + | - repository: templates |
| 37 | + | type: git |
| 38 | + | name: OneBranch.Pipelines/GovernedTemplates |
| 39 | + | ref: refs/heads/main |
20 | 40 | | |
21 | | - | - task: CopyFiles@2 |
22 | | - | inputs: |
23 | | - | SourceFolder: '$(Build.SourcesDirectory)' |
24 | | - | Contents: '*.py commands' |
25 | | - | TargetFolder: '$(Build.SourcesDirectory)/out' |
| 41 | + | extends: |
| 42 | + | template: v2/OneBranch.Official.CrossPlat.yml@templates # https://aka.ms/obpipelines/templates |
| 43 | + | parameters: |
| 44 | + | cloudvault: # https://aka.ms/obpipelines/cloudvault |
| 45 | + | enabled: false |
| 46 | + | globalSdl: # https://aka.ms/obpipelines/sdl |
| 47 | + | tsa: |
| 48 | + | enabled: false # onebranch publish all sdl results to TSA. If TSA is disabled all SDL tools will forced into 'break' build mode. |
| 49 | + | # credscan: |
| 50 | + | # suppressionsFile: $(Build.SourcesDirectory)\.config\CredScanSuppressions.json |
| 51 | + | binskim: |
| 52 | + | break: true # always break the build on binskim issues in addition to TSA upload |
| 53 | + | policheck: |
| 54 | + | break: true # always break the build on policheck issues. You can disable it by setting to 'false' |
| 55 | + | suppression: |
| 56 | + | suppressionFile: $(Build.SourcesDirectory)\.azure\openssl.gdnsuppress |
| 57 | + | featureFlags: |
| 58 | + | linuxEsrpSigningPreview: true |