From 9e2af8feb550dd8b372906686e3027ac06646b37 Mon Sep 17 00:00:00 2001 From: Rui Marinho Date: Tue, 5 Mar 2024 08:38:04 +0000 Subject: [PATCH] =?UTF-8?q?[ci]=C2=A0Enable=201espt=20(#15871)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [ci]Initial draft espt * Set build configuration * Cleanup * Fix * Update build-nuget.yml * Update global.json * Add gdnsuppress * Add supression * Update build-windows.yml * Update source.gdnsuppress * Update xf-release.yml * Revert "Update build-windows.yml" This reverts commit ff20ad5bcad8bba2bcb93ae671fba0cb55102ced. * Update xf-release.yml * Revert "Update global.json" This reverts commit 36fbb8cfe189a990da41cc4786f192752708db47. * Update xf-release.yml * Update build-windows.yml * Try pass binaries a better way * try again * Update build-nuget.yml * Update build-nuget.yml * Update xf-release.yml * Update xf-release.yml * Update build-nuget.yml * We are not usign matrix anymore * Update build-nuget.yml * Fix the path to publish * Update xf-release.yml --------- Co-authored-by: Gerald Versluis --- build/automation/guardian/source.gdnsuppress | 35 ++ build/automation/guardian/tsaoptions-v2.json | 11 + build/steps/build-nuget.yml | 72 +--- build/steps/build-windows.yml | 23 +- eng/automation/guardian/source.gdnsuppress | 374 +++++++++++++++++++ eng/xf-release.yml | 184 +++++---- 6 files changed, 564 insertions(+), 135 deletions(-) create mode 100644 build/automation/guardian/source.gdnsuppress create mode 100644 build/automation/guardian/tsaoptions-v2.json create mode 100644 eng/automation/guardian/source.gdnsuppress diff --git a/build/automation/guardian/source.gdnsuppress b/build/automation/guardian/source.gdnsuppress new file mode 100644 index 00000000000..a1c668a7ad5 --- /dev/null +++ b/build/automation/guardian/source.gdnsuppress @@ -0,0 +1,35 @@ +{ + "hydrated": false, + "properties": { + "helpUri": "https://eng.ms/docs/microsoft-security/security/azure-security/cloudai-security-fundamentals-engineering/security-integration/guardian-wiki/microsoft-guardian/general/suppressions", + "hydrationStatus": "This file does not contain identifying data. It is safe to check into your repo. To hydrate this file with identifying data, run `guardian hydrate --help` and follow the guidance." + }, + "version": "1.0.0", + "suppressionSets": { + "default": { + "name": "default", + "createdDate": "2024-03-01 14:41:58Z", + "lastUpdatedDate": "2024-03-01 14:41:58Z" + } + }, + "results": { + "269549c010eaec1246c156e063e64c56200363edbeb4fc9f0640b01793a130d6": { + "signature": "269549c010eaec1246c156e063e64c56200363edbeb4fc9f0640b01793a130d6", + "alternativeSignatures": [], + "target": "debug.keystore", + "memberOf": [ + "default" + ], + "createdDate": "2024-03-01 14:41:58Z" + }, + "2c3e6f9b445213109abaa36b16af43d146fe88b4fb5f637b388c6fde1f7957e8": { + "signature": "2c3e6f9b445213109abaa36b16af43d146fe88b4fb5f637b388c6fde1f7957e8", + "alternativeSignatures": [], + "target": "Xamarin.Forms.ControlGallery.WindowsUniversal/Xamarin.Forms.ControlGallery.WindowsUniversal_TemporaryKey.pfx", + "memberOf": [ + "default" + ], + "createdDate": "2024-03-01 14:41:58Z" + } + } +} \ No newline at end of file diff --git a/build/automation/guardian/tsaoptions-v2.json b/build/automation/guardian/tsaoptions-v2.json new file mode 100644 index 00000000000..9a009363ec8 --- /dev/null +++ b/build/automation/guardian/tsaoptions-v2.json @@ -0,0 +1,11 @@ +{ + "codebaseName": "xamarin.xamarinforms_5.0.0", + "notificationAliases": [ + "dotnet-maui-eng@microsoft.com" + ], + "instanceUrl": "https://devdiv.visualstudio.com/", + "projectName": "DevDiv", + "areaPath": "DevDiv\\VS Client - Runtime SDKs\\Xamarin Forms", + "iterationPath": "DevDiv", + "allTools": true +} \ No newline at end of file diff --git a/build/steps/build-nuget.yml b/build/steps/build-nuget.yml index 1408bb1433c..a973cb6f3a7 100644 --- a/build/steps/build-nuget.yml +++ b/build/steps/build-nuget.yml @@ -1,29 +1,34 @@ parameters: nugetForDebug: 'true' nugetForRelease: 'true' + publishArtifacts: 'true' + binariesArtifact: 'win_build' + artifact: 'nuget' + artifactsTargetFolder: '$(build.artifactstagingdirectory)/nuget' + steps: - checkout: self clean: true - - task: DownloadBuildArtifacts@0 - displayName: 'Download build artifact win_build' + - task: DownloadBuildArtifacts@1 + displayName: 'Download build artifact ${{ parameters.binariesArtifact }}' inputs: - artifactName: 'win_build' - downloadPath: '$(Build.ArtifactsDirectory)' + artifactName: ${{ parameters.binariesArtifact }} + downloadPath: '$(Build.ArtifactsDirectory)/${{ parameters.binariesArtifact }}' - task: CopyFiles@2 displayName: 'Copy Files to: $(System.DefaultWorkingDirectory)' inputs: - SourceFolder: '$(Build.ArtifactsDirectory)/win_build' + SourceFolder: '$(Build.ArtifactsDirectory)/${{ parameters.binariesArtifact }}' TargetFolder: '$(System.DefaultWorkingDirectory)' - task: CopyFiles@2 displayName: 'Copy SignList.xml Files' inputs: Contents: build/SignList.xml - TargetFolder: '$(build.artifactstagingdirectory)/nuget' + TargetFolder: ${{ parameters.artifactsTargetFolder}} flattenFolders: true - task: PowerShell@1 @@ -40,62 +45,25 @@ steps: - task: NuGetCommand@2 displayName: 'Make NuGet Package' - condition: eq(${{ parameters.nugetForDebug }}, 'true') inputs: command: pack feedsToUse: config packagesToPack: '.nuspec/*.nuspec' - packDestination: '$(Build.ArtifactStagingDirectory)/nuget/debug' + packDestination: '${{ parameters.artifactsTargetFolder}}/$(BuildConfiguration)' versioningScheme: byEnvVar versionEnvVar: nugetPackageVersion - configuration: Debug + configuration: $(BuildConfiguration) - task: CopyFiles@2 displayName: 'Copy SignList.xml Files' - condition: eq(${{ parameters.nugetForDebug }}, 'true') inputs: Contents: build/SignList.xml - TargetFolder: '$(build.artifactstagingdirectory)/nuget/debug' + TargetFolder: '${{ parameters.artifactsTargetFolder}}/$(BuildConfiguration)' flattenFolders: true - - # - powershell: | - # $buildConfiguration = "Release" - # $formsNugetVersion = "" + $env:nugetPackageVersion - - # Write-Host("Update nuspecs") - # Get-ChildItem './.nuspec/*.nuspec' -Recurse | Foreach-Object { - # (Get-Content $_) | Foreach-Object { - # $_ -replace '\$version\$', $formsNugetVersion ` - # -replace '\$Configuration\$', $buildConfiguration ` - # } | Set-Content $_ - # } - # failOnStderr: true - # displayName: 'Update nuspecs' - # condition: and(succeeded(), or(eq(${{ parameters.nugetForRelease }}, 'true') , or(eq(variables['Sign'], 'true'), or(eq(variables['DefaultBuildConfiguration'], 'Release'), eq(variables['Build.SourceBranch'], 'refs/heads/main'), startsWith(variables['Build.SourceBranch'],'refs/tags/'))))) - - - task: NuGetCommand@2 - displayName: 'Make NuGet Package Release' - inputs: - command: pack - feedsToUse: config - packagesToPack: '.nuspec/*.nuspec' - packDestination: '$(Build.ArtifactStagingDirectory)/nuget/release' - versioningScheme: byEnvVar - versionEnvVar: nugetPackageVersion - configuration: Release - condition: and(succeeded(), or(eq(${{ parameters.nugetForRelease }}, 'true') , or(eq(variables['Sign'], 'true'), or(eq(variables['DefaultBuildConfiguration'], 'Release'), eq(variables['Build.SourceBranch'], 'refs/heads/main'), startsWith(variables['Build.SourceBranch'],'refs/tags/'))))) - - - task: CopyFiles@2 - displayName: 'Copy SignList.xml Files' - condition: eq(${{ parameters.nugetForRelease }}, 'true') - inputs: - Contents: build/SignList.xml - TargetFolder: '$(build.artifactstagingdirectory)/nuget/release' - flattenFolders: true - - - task: PublishBuildArtifacts@1 - displayName: 'Publish Artifact: nuget' - inputs: - PathtoPublish: '$(Build.ArtifactStagingDirectory)/nuget' - ArtifactName: nuget + - ${{ if eq(parameters.publishArtifacts, 'true') }}: + - task: PublishBuildArtifacts@1 + displayName: 'Publish Artifact: nuget' + inputs: + PathtoPublish: '${{ parameters.artifactsTargetFolder }}/$(BuildConfiguration)' + ArtifactName: ${{ parameters.artifact }} diff --git a/build/steps/build-windows.yml b/build/steps/build-windows.yml index 48c953fa6d2..ecb8fd09704 100644 --- a/build/steps/build-windows.yml +++ b/build/steps/build-windows.yml @@ -1,12 +1,15 @@ parameters: msbuildExtraArguments : '' artifactsTargetFolder: '$(build.artifactstagingdirectory)' - artifactsName: 'win_build' nunitTestFolder: '$(build.sourcesdirectory)' includeUwp: 'true' includeAndroid: 'true' includeNonUwpAndNonAndroid: 'true' runTests: 'true' + artifact: 'nuget' + artifactBinaries: 'win_build' + artifactDocs: 'pack-docs' + publishArtifacts: true steps: - checkout: self @@ -59,7 +62,7 @@ steps: Xamarin.Forms.ControlGallery.WindowsUniversal/AppPackages/*/Add-AppDevPackage.resources/** Xamarin.Forms.ControlGallery.WindowsUniversal/AppPackages/*/TelemetryDependencies/** Xamarin.Forms.ControlGallery.WindowsUniversal/AppPackages/*/Dependencies/x86/** - TargetFolder: '$(build.artifactstagingdirectory)' + TargetFolder: ${{ parameters.artifactsTargetFolder }} - script: build.cmd -Target BuildForNuget -ScriptArgs '--BUILD_CONFIGURATION="$(BuildConfiguration)"','--Build_ArtifactStagingDirectory="$(Build.ArtifactStagingDirectory)"','--MSBUILD="$(msbuild)"' name: winbuild @@ -171,7 +174,6 @@ steps: Xamarin.Forms.DualScreen.UnitTests/bin/$(BuildConfiguration)/**/*.dll TargetFolder: ${{ parameters.artifactsTargetFolder }} - - task: CopyFiles@2 displayName: 'Copy Android Files dlls' @@ -212,7 +214,7 @@ steps: condition: eq(variables['BuildConfiguration'], 'Release') inputs: SourceFolder: Xamarin.Forms.Core.Windows.UITests/bin/Debug/ - TargetFolder: '$(build.artifactstagingdirectory)/UITests' + TargetFolder: '${{ parameters.artifactsTargetFolder }}/UITests' - task: CopyFiles@2 displayName: 'Copy Certificate File' @@ -220,12 +222,13 @@ steps: inputs: Contents: | Xamarin.Forms.ControlGallery.WindowsUniversal\Xamarin.Forms.ControlGallery.WindowsUniversal_TemporaryKey.pfx - TargetFolder: '$(build.artifactstagingdirectory)' + TargetFolder: ${{ parameters.artifactsTargetFolder }} CleanTargetFolder: false flattenFolders: false - - task: PublishBuildArtifacts@1 - displayName: 'Publish Artifact: ${{ parameters.artifactsName }}' - condition: always() - inputs: - ArtifactName: ${{ parameters.artifactsName }} + - ${{ if eq(parameters.publishArtifacts, 'true') }}: + - task: PublishBuildArtifacts@1 + displayName: 'Publish Artifact: ${{ parameters.artifactBinaries }}' + condition: always() + inputs: + ArtifactName: ${{ parameters.artifactBinaries }} diff --git a/eng/automation/guardian/source.gdnsuppress b/eng/automation/guardian/source.gdnsuppress new file mode 100644 index 00000000000..35fb1d4614c --- /dev/null +++ b/eng/automation/guardian/source.gdnsuppress @@ -0,0 +1,374 @@ +{ + "hydrated": false, + "properties": { + "helpUri": "https://eng.ms/docs/microsoft-security/security/azure-security/cloudai-security-fundamentals-engineering/security-integration/guardian-wiki/microsoft-guardian/general/suppressions", + "hydrationStatus": "This file does not contain identifying data. It is safe to check into your repo. To hydrate this file with identifying data, run `guardian hydrate --help` and follow the guidance." + }, + "version": "1.0.0", + "suppressionSets": { + "default": { + "name": "default", + "createdDate": "2024-01-09 12:36:17Z", + "lastUpdatedDate": "2024-01-09 12:36:17Z" + } + }, + "results": { + "5489b0c675ef7f202f45925e8859a82158f1a7928205bed93828c6726860ad30": { + "signature": "5489b0c675ef7f202f45925e8859a82158f1a7928205bed93828c6726860ad30", + "alternativeSignatures": [ + "0f11ddff568cbac9b7a4b593123f152a4aa8cb9bbc5f901d0e44cc02ce26803c" + ], + "memberOf": [ + "default" + ], + "createdDate": "2024-01-09 12:36:17Z" + }, + "27d4de55a7a5059e67b646cfeeb2b5a702b951081af1b8540a0f7f650fa051de": { + "signature": "27d4de55a7a5059e67b646cfeeb2b5a702b951081af1b8540a0f7f650fa051de", + "alternativeSignatures": [ + "0d680498f9d2f8f220f995ed22c07b965279e1ef8b206ef9a6fc82b9cf5b6885" + ], + "memberOf": [ + "default" + ], + "createdDate": "2024-01-09 12:36:17Z" + }, + "1ac0652a8b143d8c215d4935d5bcb388b4591be43bc4e762a9e4fc081343c098": { + "signature": "1ac0652a8b143d8c215d4935d5bcb388b4591be43bc4e762a9e4fc081343c098", + "alternativeSignatures": [ + "604ebc3a93ff0ea0ddf21b3dec28253589ddabb0dad0b364c296f9e656aa1a45" + ], + "memberOf": [ + "default" + ], + "createdDate": "2024-01-09 12:36:17Z" + }, + "45e61f7572af5b09f51b5cbd35c6d4e0f7ba19983167dbc50f52a27bdd2b6511": { + "signature": "45e61f7572af5b09f51b5cbd35c6d4e0f7ba19983167dbc50f52a27bdd2b6511", + "alternativeSignatures": [ + "604ebc3a93ff0ea0ddf21b3dec28253589ddabb0dad0b364c296f9e656aa1a45" + ], + "memberOf": [ + "default" + ], + "createdDate": "2024-01-09 12:36:17Z" + }, + "3edea3109ca4ddbabec0f4b4217b3eac1b8d3b455ceed69277a462d46a20e03e": { + "signature": "3edea3109ca4ddbabec0f4b4217b3eac1b8d3b455ceed69277a462d46a20e03e", + "alternativeSignatures": [ + "ac6468ba6e19854bb98a1bd02e0179ca06acd5b7e566fa605846b910a13905b7" + ], + "memberOf": [ + "default" + ], + "createdDate": "2024-01-09 12:36:17Z" + }, + "132e2afb6b493ee558a78fe33ee1b0b505b07fb881a14bdeaaff57d2215d0a99": { + "signature": "132e2afb6b493ee558a78fe33ee1b0b505b07fb881a14bdeaaff57d2215d0a99", + "alternativeSignatures": [ + "2aab898cd0ad6bbf9b7654cafd98a5756b3b937c0f9b0b890680680c179bccff" + ], + "memberOf": [ + "default" + ], + "createdDate": "2024-01-09 12:36:17Z" + }, + "d26464bb72e0618e20db8fa331e890e2f3bd2e6fd118764fdf1dbf30becabda5": { + "signature": "d26464bb72e0618e20db8fa331e890e2f3bd2e6fd118764fdf1dbf30becabda5", + "alternativeSignatures": [ + "7d0587c445695c5dbb3fcf3fe7020307ad6f1885beaa18d7b6026957e6685c4b" + ], + "memberOf": [ + "default" + ], + "createdDate": "2024-01-09 12:36:17Z" + }, + "c3f9e77813668eb5d9df53324088ce31252985414e148d97c4eabf250fd36a36": { + "signature": "c3f9e77813668eb5d9df53324088ce31252985414e148d97c4eabf250fd36a36", + "alternativeSignatures": [ + "7d0587c445695c5dbb3fcf3fe7020307ad6f1885beaa18d7b6026957e6685c4b" + ], + "memberOf": [ + "default" + ], + "createdDate": "2024-01-09 12:36:17Z" + }, + "e30dd8ed5636952cdd2dac2c9ffdf3f97ad6242e1455dac2a3949bd694e5a99d": { + "signature": "e30dd8ed5636952cdd2dac2c9ffdf3f97ad6242e1455dac2a3949bd694e5a99d", + "alternativeSignatures": [ + "7d0587c445695c5dbb3fcf3fe7020307ad6f1885beaa18d7b6026957e6685c4b" + ], + "memberOf": [ + "default" + ], + "createdDate": "2024-01-09 12:36:17Z" + }, + "bf2774bb3f4300420b3654e12c779bd23b7dec537284b31f162b5bcc72858609": { + "signature": "bf2774bb3f4300420b3654e12c779bd23b7dec537284b31f162b5bcc72858609", + "alternativeSignatures": [ + "af692b4a8a5282d2d76c00a08a61ca6127c426b2489acb9da6777d50b1bd91a3" + ], + "memberOf": [ + "default" + ], + "createdDate": "2024-01-09 12:36:17Z" + }, + "2f11a88fffc474d24f626ec7d54a933f201df8b60bf41e5385cc0b99417462b4": { + "signature": "2f11a88fffc474d24f626ec7d54a933f201df8b60bf41e5385cc0b99417462b4", + "alternativeSignatures": [ + "49fef0080c7d93c7f9353cfad42da8b2708816b633ef181c0ceb680b6f1ac719" + ], + "memberOf": [ + "default" + ], + "createdDate": "2024-01-09 12:36:17Z" + }, + "19bc2600d8f09e219c2214bf6fe199e1efa22ab0d3016f1eca3fe71a36962dd6": { + "signature": "19bc2600d8f09e219c2214bf6fe199e1efa22ab0d3016f1eca3fe71a36962dd6", + "alternativeSignatures": [ + "f29377bb9bd04d62f0ebb142c93406f67c4e69c10b841461264efd2d34d6c39d" + ], + "memberOf": [ + "default" + ], + "createdDate": "2024-01-09 12:36:17Z" + }, + "e877450cda72a29c4c874cf9f1bdb6633ccfe5168bd6338f49ba3bcfbbbd7ecd": { + "signature": "e877450cda72a29c4c874cf9f1bdb6633ccfe5168bd6338f49ba3bcfbbbd7ecd", + "alternativeSignatures": [ + "d54c632057fcda3f31da4b77cb84479a730bf7efb14cc0f9f451d575bee78c2d" + ], + "memberOf": [ + "default" + ], + "createdDate": "2024-01-09 12:36:17Z" + }, + "2ef308f1837f92f92926414e2ba08794842abe8df80652c7bb60efd118f9f215": { + "signature": "2ef308f1837f92f92926414e2ba08794842abe8df80652c7bb60efd118f9f215", + "alternativeSignatures": [ + "15bb63faad21282961af9daf80b41e89f14926e06d5a72df681aaec4ccc1f90f" + ], + "memberOf": [ + "default" + ], + "createdDate": "2024-01-09 12:36:17Z" + }, + "99e48f72edea37e63c8c24d90eab95165b48e791b3598bfb41115446af46e058": { + "signature": "99e48f72edea37e63c8c24d90eab95165b48e791b3598bfb41115446af46e058", + "alternativeSignatures": [ + "346dfda304d0ef02caf550c9ee3678af9323ad5481a17f9cc3b1afc155b82fcf" + ], + "memberOf": [ + "default" + ], + "createdDate": "2024-01-09 12:36:17Z" + }, + "89f6d3c01205a9c0112f90ef4429c22daa1840f6c6237db0e2ef045ff4092d3e": { + "signature": "89f6d3c01205a9c0112f90ef4429c22daa1840f6c6237db0e2ef045ff4092d3e", + "alternativeSignatures": [ + "44fb8417a8fac23fb2fa826297f9da51a2f2096a3279db36291244ebbddc7088" + ], + "memberOf": [ + "default" + ], + "createdDate": "2024-01-09 12:36:17Z" + }, + "2d874aea5d6a0acdf5bfd247aa2e6a1fb869c7160e733e194558cb899b19f3af": { + "signature": "2d874aea5d6a0acdf5bfd247aa2e6a1fb869c7160e733e194558cb899b19f3af", + "alternativeSignatures": [ + "b15ad06da149218c52ae92814ddbde6d7ec63d941751537e61964b4f555e350a" + ], + "memberOf": [ + "default" + ], + "createdDate": "2024-01-09 12:36:17Z" + }, + "9c0e8af6cc926f515e85d26207a3db7df65c1ed1663f06431bef56ee7a499e39": { + "signature": "9c0e8af6cc926f515e85d26207a3db7df65c1ed1663f06431bef56ee7a499e39", + "alternativeSignatures": [ + "6a2fa567ff5e589c240ea0f069be84aee6791c9a3686f2711d7d4090d02c0080" + ], + "memberOf": [ + "default" + ], + "createdDate": "2024-01-09 12:36:17Z" + }, + "e052fa8c89a560b181b0a5fe6c00f2e5c08e3ae017255fd0359464ef26b2045f": { + "signature": "e052fa8c89a560b181b0a5fe6c00f2e5c08e3ae017255fd0359464ef26b2045f", + "alternativeSignatures": [ + "6a2fa567ff5e589c240ea0f069be84aee6791c9a3686f2711d7d4090d02c0080" + ], + "memberOf": [ + "default" + ], + "createdDate": "2024-01-09 12:36:17Z" + }, + "6b222610fad89bfd7c318e3d5272c4fe321693329a9888f103270603b10a2a91": { + "signature": "6b222610fad89bfd7c318e3d5272c4fe321693329a9888f103270603b10a2a91", + "alternativeSignatures": [ + "6a2fa567ff5e589c240ea0f069be84aee6791c9a3686f2711d7d4090d02c0080" + ], + "memberOf": [ + "default" + ], + "createdDate": "2024-01-09 12:36:17Z" + }, + "51ee22d7727e624ae914a792bf21abc2e831fe0e3d1e2db6673fd31ab3f7e60b": { + "signature": "51ee22d7727e624ae914a792bf21abc2e831fe0e3d1e2db6673fd31ab3f7e60b", + "alternativeSignatures": [ + "6a2fa567ff5e589c240ea0f069be84aee6791c9a3686f2711d7d4090d02c0080" + ], + "memberOf": [ + "default" + ], + "createdDate": "2024-01-09 12:36:17Z" + }, + "d1f1a49f96d3ac2d43782b8e3ea41179581e36b860bc65ca4faa6de718befca5": { + "signature": "d1f1a49f96d3ac2d43782b8e3ea41179581e36b860bc65ca4faa6de718befca5", + "alternativeSignatures": [ + "a0a736bec06a7527c3a1fbdfb30b08253d5a881541d5cbc26c4f65c05d35aceb" + ], + "memberOf": [ + "default" + ], + "createdDate": "2024-01-09 12:36:17Z" + }, + "fcb54743ffc2b91bd735d0e07a2ce6c0d5c47304d34149493fdd9544cb449e3f": { + "signature": "fcb54743ffc2b91bd735d0e07a2ce6c0d5c47304d34149493fdd9544cb449e3f", + "alternativeSignatures": [ + "a2ac1729e152b49bdee6f62e063b7783449b9f1f4c6d4b848b1b34a98919c0a0" + ], + "memberOf": [ + "default" + ], + "createdDate": "2024-01-09 12:36:17Z" + }, + "132e8aa7a43cd4905dd3b571d68ee022fc553c8b579f69c650c4175283a170e6": { + "signature": "132e8aa7a43cd4905dd3b571d68ee022fc553c8b579f69c650c4175283a170e6", + "alternativeSignatures": [ + "1c269332a7faf46747f79eb4e86f8b9a73aa604c7faa653e39e3e7fdd7db3ee7" + ], + "memberOf": [ + "default" + ], + "createdDate": "2024-01-09 12:36:17Z" + }, + "3df899a6c5e3b5ab7020b7f7b6484188931e19eccd92402181e6930bd83de291": { + "signature": "3df899a6c5e3b5ab7020b7f7b6484188931e19eccd92402181e6930bd83de291", + "alternativeSignatures": [ + "c2a88dc887daef62f700f11e15b4f8a77e04b2f5a144140f97610976884c0a9b" + ], + "memberOf": [ + "default" + ], + "createdDate": "2024-01-09 12:36:17Z" + }, + "8ea2bfe96e5d7beba879084f59e644c7fbc43dfe87666a78a55943ffb4e9cfc9": { + "signature": "8ea2bfe96e5d7beba879084f59e644c7fbc43dfe87666a78a55943ffb4e9cfc9", + "alternativeSignatures": [ + "700d30fbc1208fdf18ced0ec285d494947f49baf46f30c18c8647e183f151245" + ], + "memberOf": [ + "default" + ], + "createdDate": "2024-01-09 12:36:17Z" + }, + "13d82c6e3e6e60e0e84998944e2f5c94393501375ca935ea0f0582461696025d": { + "signature": "13d82c6e3e6e60e0e84998944e2f5c94393501375ca935ea0f0582461696025d", + "alternativeSignatures": [ + "26f7af9f02f484d0b9b5cbdc1986d58b222d930c2c75632faf730be68c79c864" + ], + "memberOf": [ + "default" + ], + "createdDate": "2024-01-09 12:36:17Z" + }, + "ac2b54b1763b69c30cd0ff6f4525d5af4eb30559f30cd9ab1fcf7663beabb608": { + "signature": "ac2b54b1763b69c30cd0ff6f4525d5af4eb30559f30cd9ab1fcf7663beabb608", + "alternativeSignatures": [ + "26f7af9f02f484d0b9b5cbdc1986d58b222d930c2c75632faf730be68c79c864" + ], + "memberOf": [ + "default" + ], + "createdDate": "2024-01-09 12:36:17Z" + }, + "b07a87f63b55ddb3972feb7ccf6a4316dbd347790e476084a5f317a4c88187d4": { + "signature": "b07a87f63b55ddb3972feb7ccf6a4316dbd347790e476084a5f317a4c88187d4", + "alternativeSignatures": [ + "700d30fbc1208fdf18ced0ec285d494947f49baf46f30c18c8647e183f151245" + ], + "memberOf": [ + "default" + ], + "createdDate": "2024-01-09 12:36:17Z" + }, + "8049619c68188d32ef33cf8ccdd49bd18659de231854874f510aa0209aec333d": { + "signature": "8049619c68188d32ef33cf8ccdd49bd18659de231854874f510aa0209aec333d", + "alternativeSignatures": [ + "f18b4e78ed317dccc6832ebcbe1ad9eeaf272575b23255aa72b4b2e14bc8a036" + ], + "memberOf": [ + "default" + ], + "createdDate": "2024-01-09 12:36:17Z" + }, + "cc660d64452bd37126b2ae3ffa9f5f69300a2bfa07072fb29371736ae6573076": { + "signature": "cc660d64452bd37126b2ae3ffa9f5f69300a2bfa07072fb29371736ae6573076", + "alternativeSignatures": [ + "af2c6ba72cf6c562a5185807fb383dfc3d64404cab116a6f7402ad3da9f7e9b6" + ], + "memberOf": [ + "default" + ], + "createdDate": "2024-01-09 12:36:17Z" + }, + "42ac1ecc9266e3ae9cdf98d4fa701147731ddf604b9012bd7517bb6c5ff638e4": { + "signature": "42ac1ecc9266e3ae9cdf98d4fa701147731ddf604b9012bd7517bb6c5ff638e4", + "alternativeSignatures": [ + "245359e3b55da7a1f315d3c943a028acde80ec1289d4d5f442a0149e053d5b27" + ], + "memberOf": [ + "default" + ], + "createdDate": "2024-01-09 12:36:17Z" + }, + "f2f93b7c1db0da8fad5cff29c7275e06ad8c0f9ec95a17433e43c348acca628b": { + "signature": "f2f93b7c1db0da8fad5cff29c7275e06ad8c0f9ec95a17433e43c348acca628b", + "alternativeSignatures": [ + "4521583f13980b124f85db1930f5c1003aeaadbfbe2e002ddba2710c553dd39f" + ], + "memberOf": [ + "default" + ], + "createdDate": "2024-01-09 12:36:17Z" + }, + "7c4c48bfa3b117c9ca768880c85e037a45bb1a47bf56eeb5076d50358efecb3c": { + "signature": "7c4c48bfa3b117c9ca768880c85e037a45bb1a47bf56eeb5076d50358efecb3c", + "alternativeSignatures": [ + "d499425f3a00e985ada5912310d56de27198d740f7b5dc0081c5e011f0e91c43" + ], + "memberOf": [ + "default" + ], + "createdDate": "2024-01-09 12:36:17Z" + }, + "269549c010eaec1246c156e063e64c56200363edbeb4fc9f0640b01793a130d6": { + "signature": "269549c010eaec1246c156e063e64c56200363edbeb4fc9f0640b01793a130d6", + "alternativeSignatures": [], + "target": "debug.keystore", + "memberOf": [ + "default" + ], + "createdDate": "2024-03-01 14:41:58Z" + }, + "2c3e6f9b445213109abaa36b16af43d146fe88b4fb5f637b388c6fde1f7957e8": { + "signature": "2c3e6f9b445213109abaa36b16af43d146fe88b4fb5f637b388c6fde1f7957e8", + "alternativeSignatures": [], + "target": "Xamarin.Forms.ControlGallery.WindowsUniversal/Xamarin.Forms.ControlGallery.WindowsUniversal_TemporaryKey.pfx", + "memberOf": [ + "default" + ], + "createdDate": "2024-03-01 14:41:58Z" + } +} \ No newline at end of file diff --git a/eng/xf-release.yml b/eng/xf-release.yml index 660b13fff22..5220ce2c68b 100644 --- a/eng/xf-release.yml +++ b/eng/xf-release.yml @@ -15,6 +15,25 @@ variables: value: and(succeeded(), or(eq(variables['Sign'], 'true'), or(eq(variables['Build.SourceBranch'], 'refs/heads/main'), startsWith(variables['Build.SourceBranch'],'refs/tags/')))) - group: Xamarin-Secrets +parameters: + - name: VM_IMAGE_HOST + type: object + default: + name: AzurePipelines-EO + image: 1ESPT-Windows2019 + os: windows + + - name: PackPlatform + type: object + default: + name: Windows + artifact: nuget + binariesArtifact: win_build + docsArtifact: xml-docs + + - name: Skip1ESComplianceTasks + default: false + resources: repositories: - repository: xamarin-templates @@ -22,6 +41,10 @@ resources: name: xamarin/yaml-templates endpoint: xamarin ref: refs/heads/main + - repository: 1ESPipelineTemplates + type: git + name: 1ESPipelineTemplates/1ESPipelineTemplates + ref: refs/tags/release trigger: branches: @@ -49,77 +72,92 @@ schedules: include: - 5.0.0 -stages: - - stage: windows - displayName: Build Windows - jobs: - - job: win_hosted - workspace: - clean: all - displayName: Build Windows Phase - timeoutInMinutes: 60 - pool: - name: $(windowsPool) - vmImage: $(windowsvmImage) - demands: - msbuild - strategy: - matrix: - release: - BuildConfiguration: 'Release' - steps: - - template: ../build/steps/build-windows.yml - parameters: - provisionatorPath : 'build/provisioning/provisioning.csx' - provisionatorVSPath : 'build/provisioning/vs.csx' - runTests: false - - job: nuget_pack_hosted - workspace: - clean: all - displayName: Nuget Phase - dependsOn: - - win_hosted - condition: succeeded() - pool: - name: $(windowsPool) - vmImage: $(windowsvmImage) - demands: - msbuild - variables: - FormsIdAppend: '' - buildConfiguration: $(DefaultBuildConfiguration) - nugetPackageVersion : $[ dependencies.win_hosted.outputs['release.winbuild.xamarinformspackageversion'] ] - steps: - - template: ../build/steps/build-nuget.yml - parameters: - nugetForRelease : true - nugetForDebug : false - - - stage: nuget_signing - dependsOn: windows - displayName: Sign Nuget - jobs: - - template: sign-artifacts/jobs/v2.yml@xamarin-templates - parameters: - targetFolder: $(Build.ArtifactStagingDirectory)/nuget/signed - artifactPath: release - signedArtifactName: nuget - signedArtifactPath: signed - displayName: Sign Phase - condition: ${{ variables.signingCondition }} - preSignSteps: - - task: NuGetToolInstaller@1 - inputs: - versionSpec: $(NUGET_VERSION) +extends: + template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates + parameters: + pool: ${{ parameters.VM_IMAGE_HOST }} + sdl: + ${{ if eq('${{ parameters.Skip1ESComplianceTasks }}', 'true') }}: + enableAllTools: false + binskim: + scanOutputDirectoryOnly: true + codeql: + runSourceLanguagesInSourceAnalysis: true + policheck: + enabled: true + spotBugs: + enabled: false + justification: 'Failing with "Could not successfully find the java tool launcher"' + sourceRepositoriesToScan: + exclude: + - repository: yaml-templates + suppression: + suppressionFile: $(Build.SourcesDirectory)\build\automation\guardian\source.gdnsuppress + stages: + - stage: windows + displayName: Build Windows + jobs: + - job: win_hosted + workspace: + clean: all + displayName: ${{ parameters.PackPlatform.name }} + timeoutInMinutes: 60 + pool: ${{ parameters.VM_IMAGE_HOST }} + templateContext: + outputs: + - output: pipelineArtifact + displayName: 'Publish the ${{ parameters.PackPlatform.binariesArtifact }} artifacts' + artifactName: ${{ parameters.PackPlatform.binariesArtifact }} + targetPath: '$(Build.ArtifactStagingDirectory)' + variables: + BuildConfiguration: Release + steps: + - template: /build/steps/build-windows.yml@self + parameters: + provisionatorPath : 'build/provisioning/provisioning.csx' + provisionatorVSPath : 'build/provisioning/vs.csx' + runTests: false + publishArtifacts: false + binariesArtifact: ${{ parameters.PackPlatform.binariesArtifact }} + artifact: ${{ parameters.PackPlatform.artifact }} + artifactBinaries: ${{ parameters.PackPlatform.binariesArtifact }} + artifactsTargetFolder: '$(Build.ArtifactStagingDirectory)' + + - job: nuget_pack_hosted + workspace: + clean: all + displayName: Nuget Phase + dependsOn: + - win_hosted + condition: succeeded() + pool: ${{ parameters.VM_IMAGE_HOST }} + templateContext: + outputs: + - output: pipelineArtifact + displayName: 'Publish the ${{ parameters.PackPlatform.artifact }} artifacts' + artifactName: ${{ parameters.PackPlatform.artifact }} + targetPath: '$(Build.ArtifactStagingDirectory)/nuget/Release' + variables: + FormsIdAppend: '' + buildConfiguration: Release + nugetPackageVersion : $[ dependencies.win_hosted.outputs['winbuild.xamarinformspackageversion'] ] + steps: + - template: /build/steps/build-nuget.yml@self + parameters: + nugetForRelease : true + nugetForDebug : false + publishArtifacts: false + artifact: ${{ parameters.PackPlatform.artifact }} + binariesArtifact: ${{ parameters.PackPlatform.binariesArtifact }} + artifactsTargetFolder: '$(build.artifactstagingdirectory)/${{ parameters.PackPlatform.artifact }}' - - stage: sbom - dependsOn: nuget_signing - displayName: 'Software Bill of Materials' - jobs: - - template: compliance/sbom/job.v1.yml@xamarin-templates # Software Bill of Materials (SBOM): https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/secure-supply-chain/ado-sbom-generator - parameters: - artifactNames: ['nuget'] - artifactMap: ['nuget/signed'] - packageName: 'Xamarin Forms' - packageFilter: '*.nupkg' - condition: ${{ variables.signingCondition }} + - stage: nuget_signing + dependsOn: windows + displayName: Sign Nuget + jobs: + - template: sign-artifacts/jobs/v2.yml@xamarin-templates + parameters: + displayName: Sign Phase + condition: ${{ variables.signingCondition }} + use1ESTemplate: true + usePipelineArtifactTasks: true