forked from microsoft/griffel
-
Notifications
You must be signed in to change notification settings - Fork 0
/
azure-pipelines.yml
99 lines (86 loc) · 3.54 KB
/
azure-pipelines.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
# Release pipeline
pr: none
trigger: none
variables:
- group: 'Github and NPM secrets'
- group: InfoSec-SecurityResults
- name: tags
value: production,externalfacing
jobs:
# These steps have to run on a windows machine,
# and therefore unfortunately can't be integrated in the regular steps
- job: Compliance
displayName: Compliance checks
pool: uifabric-windows-2019-small
workspace:
clean: all
steps:
- task: UseDotNet@2
condition: succeededOrFailed()
displayName: 'Use .NET Core sdk 3.x'
inputs:
version: 3.x
steps:
- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3
condition: succeededOrFailed()
displayName: '🧭 Run Credential Scanner'
inputs:
debugMode: false
- task: securedevelopmentteam.vss-secure-development-tools.build-task-eslint.ESLint@1
condition: succeededOrFailed()
displayName: '🧭 Run ESLint'
- task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@3
displayName: '🧭 Publish Guardian Artifacts - All Tools'
inputs:
ArtifactType: M365
condition: succeededOrFailed()
- task: AssetRetention@3
displayName: 🧭 Arrow Retention
inputs:
ArrowServiceConnection: 'Arrow_uifabric_uifabric_PROD'
AssetGroupName: '$(System.TeamProject)_$(Build.DefinitionName)'
AssetNumber: '$(Build.BuildId)'
IsShipped: false
DropsToRetain: 'CodeAnalysisLogs'
condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main'))
- task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2
displayName: '🧭 Guardian Break'
inputs:
GdnBreakPolicyMinSev: Warning
GdnBreakAllTools: true
GdnBreakGdnToolESLint: true
GdnBreakGdnToolESLintSeverity: Warning
GdnBreakPolicy: M365
condition: succeededOrFailed()
- job: Release
dependsOn: Compliance
pool: '1ES-Host-Ubuntu'
workspace:
clean: all
steps:
# For multiline scripts, we want the whole task to fail if any line of the script fails.
# ADO doesn't have bash configured this way by default. To fix we override the SHELLOPTS built-in variable.
# https://www.gnu.org/software/bash/manual/html_node/The-Set-Builtin.html
# The options below include ADO defaults (braceexpand:hashall:interactive-comments) plus
# errexit:errtrace for better error behavior.
- script: |
echo "##vso[task.setvariable variable=shellopts]braceexpand:hashall:interactive-comments:errexit:errtrace"
displayName: Force exit on error (bash)
- task: NodeTool@0
inputs:
versionSpec: '14.x'
checkLatest: true
displayName: 'Install Node.js'
- script: yarn install --frozen-lockfile
displayName: Install dependencies
- script: |
git config user.name "Fluent UI Build"
git config user.email "[email protected]"
git remote set-url origin https://$(githubUser):$(githubPAT)@github.com/microsoft/griffel.git
displayName: Authenticate git for pushes
- script: |
yarn beachball publish -b origin/main --access public -y -n $(npmToken)
git reset --hard origin/main
env:
GITHUB_PAT: $(githubPAT)
displayName: Publish to NPM & bump versions