diff options
author | Michael Cummings <mcumming@microsoft.com> | 2021-03-25 18:01:59 +0300 |
---|---|---|
committer | Michael Cummings <mcumming@microsoft.com> | 2021-03-26 15:35:04 +0300 |
commit | 30ba02a399103350ce40545099282d4499b1e12a (patch) | |
tree | 4ca4b1a751940a1730016a748f5bba67d386cc1a /.build | |
parent | 1fd6c0b7f1221222bc93d0d509e267c64e19cb45 (diff) |
Migrate to OneLocBuild
refactor build automation scripts
Diffstat (limited to '.build')
-rw-r--r-- | .build/automation/scripts/Invoke-Git.psm1 | 34 | ||||
-rw-r--r-- | .build/automation/stages/localization-handback.yml | 85 | ||||
-rw-r--r-- | .build/automation/stages/localization-handoff.yml | 28 | ||||
-rw-r--r-- | .build/automation/stages/merge-translations-update.yml | 38 | ||||
-rw-r--r-- | .build/automation/stages/security_compliance.yml | 131 | ||||
-rw-r--r-- | .build/automation/stages/validate.yml | 72 | ||||
-rw-r--r-- | .build/automation/variables.yml | 25 |
7 files changed, 413 insertions, 0 deletions
diff --git a/.build/automation/scripts/Invoke-Git.psm1 b/.build/automation/scripts/Invoke-Git.psm1 new file mode 100644 index 0000000..536163d --- /dev/null +++ b/.build/automation/scripts/Invoke-Git.psm1 @@ -0,0 +1,34 @@ +<# +Copyright (c) Microsoft Corporation. All rights reserved. + #> +<# +.SYNOPSIS +Module for invoking git in a safe way that allows for stderr to be written to stdout. +#> +function Invoke-Git { + <# + .Synopsis + Wrapper function that deals with Powershell's peculiar error output when Git uses the error stream. + .Example + Invoke-Git ThrowError + $LASTEXITCODE + #> + [CmdletBinding()] + param( + [parameter(ValueFromRemainingArguments=$true)] + [string[]]$Arguments + ) + & { + [CmdletBinding()] + param( + [parameter(ValueFromRemainingArguments=$true)] + [string[]]$InnerArgs + ) + git.exe $InnerArgs + } -ErrorAction SilentlyContinue -ErrorVariable fail @Arguments + if ($fail) { + $fail.Exception + } +} +#Exports +Export-ModuleMember -Function Invoke-Git
\ No newline at end of file diff --git a/.build/automation/stages/localization-handback.yml b/.build/automation/stages/localization-handback.yml new file mode 100644 index 0000000..ff7b67e --- /dev/null +++ b/.build/automation/stages/localization-handback.yml @@ -0,0 +1,85 @@ + +stages: + - stage: localization_handback + displayName: Localization Handback + dependsOn: [] + condition: and(succeeded(), eq(variables.isLocBranch, true)) + + jobs: + - job : generate_resx + displayName: 'Process incoming translations' + pool: $(HostedWinVS2019) + steps: + - checkout: self + persistCredentials: true + clean: true + + - powershell: | + #-- Import Invoke-Git Module function + Import-Module $(Build.SourcesDirectory)\.build\automation\scripts\Invoke-Git.psm1 -Force -DisableNameChecking + git config user.email "vs-mobiletools-engineering-service2@microsoft.com" + git config user.name "VS Mobile Engineering Serice Account" + Invoke-Git checkout main + Invoke-Git merge origin/loc --no-commit + displayName: 'Merge loc Branch' + + - task: cesve.one-loc-build.one-loc-build.OneLocBuild@2 + displayName: 'Localization Build' + env: + SYSTEM_ACCESSTOKEN: $(System.AccessToken) + inputs: + locProj: '.config/LocProject.json' + outDir: '$(Build.ArtifactStagingDirectory)' + packageSourceAuth: patAuth + patVariable: "$(OneLocBuildPAT)" + isCreatePrSelected: false + repoType: gitHub + prSourceBranchPrefix: $(LocBranchPrefix) + gitHubPatVariable: '$(GitHub.Token)' + gitHubPrMergeMethod: merge + + - powershell: | + #-- Import Invoke-Git Module function + Import-Module $(Build.SourcesDirectory)\.build\automation\scripts\Invoke-Git.psm1 -Force -DisableNameChecking + #--Clear Stage + Invoke-Git reset HEAD -- . + #-- Create new branch + $branchName = "$(LocBranchPrefix)/$(new-guid)" + Invoke-Git checkout -B ${branchName} + Write-Host ("##vso[task.setvariable variable=HANDBACK_BRANCH_NAME;]$branchName") + #-- Stage Build Changes + Invoke-Git add Designer + Invoke-Git add HotReload + #-- Only commit/push if there are changed files. + $changedFiles = $(git status --porcelain | Measure-Object | Select-Object -expand Count) + if ($changedFiles -gt 0) + { + #-- Commit Changes locally + Invoke-Git commit -m "[LOC_HB] string translations" --no-verify + #-- Push changes to VSTS + Invoke-Git push origin HEAD:${branchName} + } + displayName: 'Commit updates' + + - powershell: | + $payload=@{ + title = "[LOC_HB] checkin of localized string files" + head = "$(HANDBACK_BRANCH_NAME)" + base = "main" + maintainer_can_modify = $true + } + + $headers = @{ Authorization = "token $(GitHub.Token)" } + + # let it throw + $response = Invoke-WebRequest -UseBasicParsing -Method POST -Headers $headers -Uri "https://api.github.com/repos/Xamarin/UITools/pulls" -Body ($payload | ConvertTo-json) + $newPr = $response.Content | ConvertFrom-Json + + Write-Host "Response is $newPr" + displayName: Open Pull Request + + - task: PublishBuildArtifacts@1 + inputs: + PathtoPublish: '$(Build.ArtifactStagingDirectory)' + ArtifactName: 'drop' + publishLocation: 'Container' diff --git a/.build/automation/stages/localization-handoff.yml b/.build/automation/stages/localization-handoff.yml new file mode 100644 index 0000000..9a955fe --- /dev/null +++ b/.build/automation/stages/localization-handoff.yml @@ -0,0 +1,28 @@ + +stages: + - stage: localization_handoff + displayName: Localization Handoff + dependsOn: [] + condition: and(succeeded(), eq(variables.isMainBranch, true)) + + jobs: + - job : generate_lci + displayName: 'Process outgoing strings' + pool: $(HostedWinVS2019) + steps: + + - task: cesve.one-loc-build.one-loc-build.OneLocBuild@2 + displayName: 'Localization Build' + env: + SYSTEM_ACCESSTOKEN: $(System.AccessToken) + inputs: + locProj: '.config/LocProject.json' + outDir: '$(Build.ArtifactStagingDirectory)' + packageSourceAuth: patAuth + patVariable: "$(OneLocBuildPAT)" + + - task: PublishBuildArtifacts@1 + inputs: + PathtoPublish: '$(Build.ArtifactStagingDirectory)' + ArtifactName: 'drop' + publishLocation: 'Container' diff --git a/.build/automation/stages/merge-translations-update.yml b/.build/automation/stages/merge-translations-update.yml new file mode 100644 index 0000000..e70f091 --- /dev/null +++ b/.build/automation/stages/merge-translations-update.yml @@ -0,0 +1,38 @@ +stages: + - stage: merge_translations_updates + displayName: 'Merge Translations Updates' + dependsOn: [validate] + condition: and( succeeded(), and( eq(variables.isTargetMainBranch, true), variables.isLocPRBranch ) ) + + jobs: + - job : validate_merge + displayName: 'Validate and Merge Translations' + pool: + name: VSEng-ReleasePool + variables: + pull_request_number: $(System.PullRequest.PullRequestNumber) + workspace: + clean: all + + steps: + - powershell: | + Write-Host "Validating translations for PR# $(System.PullRequest.PullRequestNumber)" + $srcDir = "$(Build.SourcesDirectory)/Xamarin.PropertyEditing" + $matches = Select-String -Path "$srcDir/**/*.resx" -Pattern '\[.*\]\s\(https:.*\)' -AllMatches + $matchCount = ($matches | Measure-Object -Line).Lines + Write-Host "Found $matchCount violations." + $matches | Write-Host + if( ($matches | Measure-Object -Line).Lines -eq 0 ) { + Write-Host "Quality Gate Succeeded." + } else { + throw "Quality Gate Failure : Check the logs for details." + } + displayName: 'Validate Markdown Urls' + + - task: github-merge-pr@1 + inputs: + github_token: $(GitHub.Token) + repository: 'xamarin/uitools' + pr_number: $(pull_request_number) + merge_method: 'rebase' + displayName: Merge PR# $(System.PullRequest.PullRequestNumber) diff --git a/.build/automation/stages/security_compliance.yml b/.build/automation/stages/security_compliance.yml new file mode 100644 index 0000000..abf481b --- /dev/null +++ b/.build/automation/stages/security_compliance.yml @@ -0,0 +1,131 @@ +stages: + - stage: security_compliance + displayName: Security and Compliance checks + jobs: + # Check - "Code Analysis CredScan" + - job: run_static_analysis + displayName: CredScan + pool: $(HostedWinVS2019) + timeoutInMinutes: 60 + cancelTimeoutInMinutes: 5 + steps: + - checkout: self + - template: security/xa-static-analysis/v2.yml@templates + parameters: + credScanSuppressionsFile: $(System.DefaultWorkingDirectory)\.config\CredScanSuppressions.json + + # Check - "Code Analysis Policheck Compliance" + # For a full list of termType and the correct code refer to https://github.com/xamarin/yaml-templates/blob/master/security/policheck/v1.yml + - job: run_policheck_compliance + displayName: 'Policheck Compliance Source' + pool: $(HostedWinVS2019) + timeoutInMinutes: 60 + cancelTimeoutInMinutes: 5 + strategy: + matrix: + SourceCodeOnly: + EXCLUSION_FILE: '$(System.DefaultWorkingDirectory)\.config\Policheck\UserExclusion.xml' + TERM_TYPE: '0029a9' + OPTIONS_PE: '' + OPTIONS_RULES_DB_PATH: '' + CzechResourceOnly: + EXCLUSION_FILE: '$(System.DefaultWorkingDirectory)\.config\Policheck\UserExclusion.cs.xml' + TERM_TYPE: '0025a1029' + OPTIONS_PE: '' + OPTIONS_RULES_DB_PATH: '' + GermanResourceOnly: + EXCLUSION_FILE: '$(System.DefaultWorkingDirectory)\.config\Policheck\UserExclusion.de.xml' + TERM_TYPE: '0036a1031' + OPTIONS_PE: '' + OPTIONS_RULES_DB_PATH: '' + EnglishResourceOnly: + EXCLUSION_FILE: '$(System.DefaultWorkingDirectory)\.config\Policheck\UserExclusion.en.xml' + TERM_TYPE: '0029a9' + OPTIONS_PE: '' + OPTIONS_RULES_DB_PATH: '' + SpanishResourceOnly: + EXCLUSION_FILE: '$(System.DefaultWorkingDirectory)\.config\Policheck\UserExclusion.es.xml' + TERM_TYPE: '0099a1034' + OPTIONS_PE: '' + OPTIONS_RULES_DB_PATH: '' + FrenchResourceOnly: + EXCLUSION_FILE: '$(System.DefaultWorkingDirectory)\.config\Policheck\UserExclusion.fr.xml' + TERM_TYPE: '0033a1036' + OPTIONS_PE: '' + OPTIONS_RULES_DB_PATH: '' + ItalianResourceOnly: + EXCLUSION_FILE: '$(System.DefaultWorkingDirectory)\.config\Policheck\UserExclusion.it.xml' + TERM_TYPE: '0051a1040' + OPTIONS_PE: '' + OPTIONS_RULES_DB_PATH: '' + JapaneseResourceOnly: + EXCLUSION_FILE: '$(System.DefaultWorkingDirectory)\.config\Policheck\UserExclusion.ja.xml' + TERM_TYPE: '0052a1041' + OPTIONS_PE: '' + OPTIONS_RULES_DB_PATH: '' + KoreanResourceOnly: + EXCLUSION_FILE: '$(System.DefaultWorkingDirectory)\.config\Policheck\UserExclusion.ko.xml' + TERM_TYPE: '0060a1042' + OPTIONS_PE: '' + OPTIONS_RULES_DB_PATH: '' + PolishResourceOnly: + EXCLUSION_FILE: '$(System.DefaultWorkingDirectory)\.config\Policheck\UserExclusion.pl.xml' + TERM_TYPE: '0079a1045' + OPTIONS_PE: '' + OPTIONS_RULES_DB_PATH: '' + PortugeseBrazilianResourceOnly: + EXCLUSION_FILE: '$(System.DefaultWorkingDirectory)\.config\Policheck\UserExclusion.pt-br.xml' + TERM_TYPE: '0080a1046' + OPTIONS_PE: '' + OPTIONS_RULES_DB_PATH: '' + RussianResourceOnly: + EXCLUSION_FILE: '$(System.DefaultWorkingDirectory)\.config\Policheck\UserExclusion.ru.xml' + TERM_TYPE: '0087a1049' + OPTIONS_PE: '' + OPTIONS_RULES_DB_PATH: '' + TurkeyResourceOnly: + EXCLUSION_FILE: '$(System.DefaultWorkingDirectory)\.config\Policheck\UserExclusion.tr.xml' + TERM_TYPE: '0107a1055' + OPTIONS_PE: '' + OPTIONS_RULES_DB_PATH: '' + ChineseSimplifiedResourceOnly: + EXCLUSION_FILE: '$(System.DefaultWorkingDirectory)\.config\Policheck\UserExclusion.zh-hans.xml' + TERM_TYPE: '0021a2052' + OPTIONS_PE: '1|2|3|4' + OPTIONS_RULES_DB_PATH: '$(System.DefaultWorkingDirectory)\.config\Policheck\Rule-zh-all.mdb' + ChineseTraditionalResourceOnly: + EXCLUSION_FILE: '$(System.DefaultWorkingDirectory)\.config\Policheck\UserExclusion.zh-hant.xml' + TERM_TYPE: '0022a3076' + OPTIONS_PE: '1|2|3|4' + OPTIONS_RULES_DB_PATH: '$(System.DefaultWorkingDirectory)\.config\Policheck\Rule-zh-all.mdb' + steps: + - checkout: self + - template: security/policheck/v1.yml@templates + parameters: + exclusionFile: $(EXCLUSION_FILE) + termType: $(TERM_TYPE) + pE: $(OPTIONS_PE) + rulesDBPath: $(OPTIONS_RULES_DB_PATH) + + - task: securedevelopmentteam.vss-secure-development-tools.build-task-uploadtotsa.TSAUpload@1 + displayName: 'TSA V2 upload to Xamarin.PropertyEditing_master' + inputs: + tsaVersion: TsaV2 + codeBaseName: 'Xamarin.PropertyEditing_master' + uploadAPIScan: false + uploadBinSkim: false + uploadCredScan: true + uploadFortifySCA: false + uploadFxCop: false + uploadModernCop: false + uploadPREfast: false + uploadRoslyn: false + uploadTSLint: false + validateCompatibility: Warning + enabled: false + + - task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@1 + displayName: 'Post Analysis' + inputs: + AllTools: true +
\ No newline at end of file diff --git a/.build/automation/stages/validate.yml b/.build/automation/stages/validate.yml new file mode 100644 index 0000000..41afedf --- /dev/null +++ b/.build/automation/stages/validate.yml @@ -0,0 +1,72 @@ +stages: + - stage: validate + displayName: 'Validation' + dependsOn: [] + jobs: + - job: 'Windows' + pool: + vmImage: 'windows-latest' + + steps: + - checkout: self + clean: true + persistCredentials: true + + - task: MSBuild@1 + displayName: Build + inputs: + solution: build.proj + msbuildVersion: "15.0" + msbuildArguments: '/restore /p:Release=true /t:Build' + + - task: MSBuild@1 + displayName: 'Run Tests' + inputs: + solution: build.proj + msbuildVersion: "15.0" + msbuildArguments: '/p:Release=true /t:Test' + + - task: PublishTestResults@2 + displayName: 'Publish Test Results' + inputs: + testResultsFormat: NUnit + testResultsFiles: '**/TestResult.xml' + condition: succeededOrFailed() + + - job: 'MacOS' + pool: + vmImage: 'macOS-latest' + + steps: + - checkout: self + clean: true + persistCredentials: true + + - task: NuGetAuthenticate@0 + + - task: CmdLine@1 + displayName: 'Set Token' + inputs: + filename: echo + arguments: '##vso[task.setvariable variable=GITHUB_TOKEN]$(GitHub.Token)' + + - task: MSBuild@1 + displayName: Build + inputs: + solution: build.proj + msbuildVersion: "15.0" + msbuildArguments: '/restore /p:Release=true /t:Build' + + - task: MSBuild@1 + displayName: 'Run Tests' + inputs: + solution: build.proj + msbuildVersion: "15.0" + msbuildArguments: '/p:Release=true /t:Test' + + - task: PublishTestResults@2 + displayName: 'Publish Test Results' + inputs: + testResultsFormat: NUnit + testResultsFiles: '**/TestResult.xml' + condition: succeededOrFailed() diff --git a/.build/automation/variables.yml b/.build/automation/variables.yml new file mode 100644 index 0000000..851d8ff --- /dev/null +++ b/.build/automation/variables.yml @@ -0,0 +1,25 @@ +variables: + +- name: DefaultBuildConfiguration + value: Release + +- name: isMainBranch + value: $[eq(variables['Build.SourceBranch'], 'refs/heads/main')] +- name: isLocBranch + value: $[eq(variables['Build.SourceBranch'], 'refs/heads/loc')] +- name: isTargetMainBranch + value: $[eq(variables['System.PullRequest.TargetBranch'], 'refs/heads/main')] +- name: isTargetLocBranch + value: $[eq(variables['System.PullRequest.TargetBranch'], 'refs/heads/loc')] +- name: isLocPRBranch + value: $[startsWith(variables['System.PullRequest.SourceBranch'], 'refs/heads/$(LocBranchPrefix)')] +- name: isPullRequest + value: $[eq(variables['Build.Reason'], 'PullRequest')] + + +# Common Agent Pools in use +- name: HostedWinVS2019 + value: Hosted Windows 2019 with VS2019 + +- name: LocBranchPrefix + value: 'loc-hb'
\ No newline at end of file |