Release and CI build pipelines (#65)

microsoft · Sep 19, 2024 · 686547d · 686547d
1 parent 7898414
commit 686547d
Show file tree

Hide file tree

Showing 5 changed files with 204 additions and 13 deletions.
diff --git a/azure-pipelines/build.yml b/azure-pipelines/build.yml
@@ -1,10 +1,34 @@
 name: Build
-trigger: none
 pr: none
+trigger:
+  branches:
+    include:
+      - main
+  paths:
+    exclude:
+      - azure-pipelines/release.yml
 
-stages:
-  - stage: A
-    jobs:
-      - job: A1
-        steps:
-          - bash: echo "Hello world"
+resources:
+  repositories:
+    - repository: 1ESPipelineTemplates
+      type: git
+      name: 1ESPipelineTemplates/1ESPipelineTemplates
+      ref: refs/tags/release
+
+variables:
+  TeamName: sarif-tools
+
+extends:
+  template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
+  parameters:
+    sdl:
+      sourceAnalysisPool: VSEngSS-MicroBuild2022-1ES
+    pool:
+      name: AzurePipelines-EO
+      demands:
+        - ImageOverride -equals 1ESPT-Ubuntu22.04
+      os: Linux
+    customBuildTags:
+      - ES365AIMigrationTooling
+    stages:
+      - template: templates/build_stage.yml@self
diff --git a/azure-pipelines/release.yml b/azure-pipelines/release.yml
@@ -2,9 +2,125 @@ name: Release
 trigger: none
 pr: none
 
-stages:
-  - stage: A
-    jobs:
-      - job: A1
-        steps:
-          - bash: echo "Hello world"
+variables:
+  - template: templates/globals.yml
+  - name: TeamName
+    value: sarif-tools
+
+resources:
+  repositories:
+    - repository: MicroBuildTemplate
+      type: git
+      name: 1ESPipelineTemplates/MicroBuildTemplate
+      ref: refs/tags/release
+
+extends:
+  template: azure-pipelines/MicroBuild.1ES.Official.yml@MicroBuildTemplate
+  parameters:
+    sdl:
+      sourceAnalysisPool: VSEngSS-MicroBuild2022-1ES
+    pool:
+      name: AzurePipelines-EO
+      demands:
+        - ImageOverride -equals 1ESPT-Ubuntu22.04
+      os: Linux
+    customBuildTags:
+      - ES365AIMigrationTooling
+    stages:
+      - template: templates/build_stage.yml@self
+
+      - stage: CreateTag
+        displayName: Create Tag
+        dependsOn: Build
+        variables:
+          releaseVersionWithPrefix: $[ stageDependencies.Build.Build.outputs['getReleaseVersionStep.releaseVersionWithPrefix'] ]
+        jobs:
+        - job: CreateTag
+          steps:
+            - checkout: self
+              fetchDepth: 1
+              fetchTags: false
+              persistCredentials: true
+
+            - script: |
+                git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+                git config user.name "Azure Piplines"
+                git fetch --depth 1 origin $(Build.SourceBranchName)
+                git tag -a $(releaseVersionWithPrefix) -m "Release $(releaseVersionWithPrefix)" origin/$(Build.SourceBranchName)
+                git push origin $(releaseVersionWithPrefix)
+              displayName: Create git tag
+
+      - stage: CreateRelease
+        displayName: Create GitHub Release
+        dependsOn:
+          - Build
+          - CreateTag
+        variables:
+          releaseVersionWithPrefix: $[ stageDependencies.Build.Build.outputs['getReleaseVersionStep.releaseVersionWithPrefix'] ]
+        jobs:
+        - job: CreateRelease
+          templateContext:
+            type: releaseJob
+            isProduction: true
+            inputs:
+              - input: pipelineArtifact
+                artifactName: $(ARTIFACT_NAME_WHEEL)
+                targetPath: $(Build.StagingDirectory)/dist
+          steps:
+            - task: GitHubRelease@1 #https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/reference/github-release-v1?view=azure-pipelines
+              displayName: Create GitHub Release
+              inputs:
+                gitHubConnection: GitHub-sarif-tools
+                repositoryName: microsoft/sarif-tools
+                action: create
+                target: $(Build.SourceBranchName)
+                title: $(releaseVersionWithPrefix)
+                tag: $(releaseVersionWithPrefix)
+                tagSource: userSpecifiedTag
+                isDraft: true
+                addChangeLog: false
+                assets: $(Build.StagingDirectory)/dist/*
+
+      - stage: WaitForValidation
+        dependsOn: CreateRelease
+        jobs:
+          - job: wait_for_validation
+            displayName: Wait for manual validation
+            pool: server
+            steps:
+              - task: ManualValidation@0
+                timeoutInMinutes: 1440 # task times out in 1 day
+                inputs:
+                  notifyUsers: erikd@microsoft.com
+                  instructions: Please test the latest draft release and then publish it.
+                  onTimeout: reject
+
+      - stage: Release
+        dependsOn: WaitForValidation
+        jobs:
+        - job: PublishToPyPi
+          displayName: Release to PyPi
+
+          pool:
+            name: VSEngSS-MicroBuild2022-1ES # This pool is required to have the certs needed to publish to PyPi using ESRP.
+            os: windows
+            image: server2022-microbuildVS2022-1es
+
+          templateContext:
+            type: releaseJob
+            isProduction: true
+            inputs:
+              - input: pipelineArtifact
+                artifactName: $(ARTIFACT_NAME_WHEEL)
+                targetPath: $(Build.StagingDirectory)/dist
+
+          steps:
+            - template: MicroBuild.Publish.yml@MicroBuildTemplate
+              parameters:
+                intent: PackageDistribution
+                contentType: PyPi
+                contentSource: Folder
+                folderLocation: $(Build.StagingDirectory)/dist
+                waitForReleaseCompletion: true
+                owners: erikd@microsoft.com
+                approvers: grwheele@microsoft.com
diff --git a/azure-pipelines/templates/build_stage.yml b/azure-pipelines/templates/build_stage.yml
@@ -0,0 +1,43 @@
+stages:
+- stage: Build
+  variables:
+    - template: globals.yml
+  jobs:
+  - job: Build
+
+    templateContext:
+      outputs:
+        - output: pipelineArtifact
+          targetPath: $(Build.StagingDirectory)/dist
+          sbomBuildDropPath: $(Build.StagingDirectory)/dist
+          artifactName: $(ARTIFACT_NAME_WHEEL)
+
+    variables:
+      python.version: "3.8"
+      architecture: x64
+
+    steps:
+      - template: use_python.yml@self
+
+      - script: pipx install poetry
+        displayName: Install Poetry
+
+      - script: poetry build --no-interaction
+        displayName: poetry build
+
+      - powershell: |
+          $releaseVersion = & poetry version --short
+          echo "releaseVersion: $releaseVersion"
+          echo "##vso[task.setvariable variable=releaseVersion]$releaseVersion"
+          echo "##vso[task.setvariable variable=releaseVersionWithPrefix;isOutput=true]v$releaseVersion"
+        displayName: Get release version
+        name: getReleaseVersionStep
+
+      - task: CopyFiles@2
+        displayName: Copy wheel and tarball
+        inputs:
+          sourceFolder: dist
+          targetFolder: $(Build.StagingDirectory)/dist
+          contents: |
+            sarif_tools-$(releaseVersion)-py3-none-any.whl
+            sarif_tools-$(releaseVersion).tar.gz
diff --git a/azure-pipelines/templates/globals.yml b/azure-pipelines/templates/globals.yml
@@ -0,0 +1,2 @@
+variables:
+  ARTIFACT_NAME_WHEEL: wheel
diff --git a/azure-pipelines/templates/use_python.yml b/azure-pipelines/templates/use_python.yml
@@ -0,0 +1,6 @@
+steps:
+  - task: UsePythonVersion@0
+    inputs:
+      versionSpec: "$(python.version)"
+      architecture: "$(architecture)"
+    displayName: "Use Python $(python.version) $(architecture)"