summaryrefslogtreecommitdiffstats
path: root/azure-pipelines
diff options
context:
space:
mode:
Diffstat (limited to 'azure-pipelines')
-rw-r--r--azure-pipelines/release-pypi.yml35
-rw-r--r--azure-pipelines/release.yml36
-rw-r--r--azure-pipelines/source_scan.yml11
-rw-r--r--azure-pipelines/template/build_packages.yml31
-rw-r--r--azure-pipelines/template/publish_pypi.yml43
-rw-r--r--azure-pipelines/template/static_analysis.yml72
6 files changed, 228 insertions, 0 deletions
diff --git a/azure-pipelines/release-pypi.yml b/azure-pipelines/release-pypi.yml
new file mode 100644
index 0000000..37df592
--- /dev/null
+++ b/azure-pipelines/release-pypi.yml
@@ -0,0 +1,35 @@
+trigger: none
+pr: none
+
+resources:
+ repositories:
+ - repository: templates
+ type: github
+ name: microsoft/vscode-engineering
+ ref: main
+ endpoint: Monaco
+
+parameters:
+ - name: publishPackage
+ displayName: 🚀 Publish Package
+ type: boolean
+ default: false
+
+extends:
+ template: azure-pipelines/pypi-package/pipeline.yml@templates
+ parameters:
+ publishPackage: ${{ parameters.publishPackage }}
+ pythonVersion: '3.7'
+ # We don't ship any built in packages.
+ generateNotice: false
+ pyProjectTomlPath: $(Build.SourcesDirectory)/packages/python/pyproject.toml
+ buildSteps:
+ - script: python -m pip install nox
+ displayName: Install nox
+
+ - script: python -m nox --session build
+ displayName: Build package (sdist and wheels)
+
+ - publish: $(Build.SourcesDirectory)/packages/python/dist
+ artifact: dist
+ displayName: 🚛 Publish artifact
diff --git a/azure-pipelines/release.yml b/azure-pipelines/release.yml
new file mode 100644
index 0000000..6c12d7d
--- /dev/null
+++ b/azure-pipelines/release.yml
@@ -0,0 +1,36 @@
+trigger: none
+pr: none
+
+variables:
+ Codeql.Enabled: true
+
+parameters:
+ - name: publishPyPI
+ displayName: 🚀 Publish To PyPI
+ type: string
+ values: [Skip, Test, Real]
+ default: Test
+
+stages:
+ - stage: pre_build
+ displayName: Pre-build validation
+ jobs:
+ - template: template/static_analysis.yml
+
+ - stage: build
+ displayName: Build sdist and wheels
+ dependsOn: pre_build
+ variables:
+ skipComponentGovernanceDetection: true # handled by pre_build
+ jobs:
+ - template: template/build_packages.yml
+
+ - stage: publish
+ displayName: Publish
+ dependsOn: build
+ variables:
+ skipComponentGovernanceDetection: true # handled by pre_build
+ jobs:
+ - template: template/publish_pypi.yml
+ parameters:
+ publishPyPI: ${{parameters.publishPyPI}}
diff --git a/azure-pipelines/source_scan.yml b/azure-pipelines/source_scan.yml
new file mode 100644
index 0000000..14dc842
--- /dev/null
+++ b/azure-pipelines/source_scan.yml
@@ -0,0 +1,11 @@
+trigger:
+ - main
+
+variables:
+ Codeql.Enabled: true
+
+stages:
+ - stage: pre_build
+ displayName: Pre-build validation
+ jobs:
+ - template: template/static_analysis.yml
diff --git a/azure-pipelines/template/build_packages.yml b/azure-pipelines/template/build_packages.yml
new file mode 100644
index 0000000..ca99144
--- /dev/null
+++ b/azure-pipelines/template/build_packages.yml
@@ -0,0 +1,31 @@
+jobs:
+ - job: BuildPkg
+ displayName: Build package
+
+ pool:
+ vmImage: windows-latest
+
+ steps:
+ - task: UsePythonVersion@0
+ displayName: "Use Python 3.7"
+ inputs:
+ versionSpec: 3.7
+
+ - script: python -m pip install -U pip
+ displayName: Upgrade Pip
+
+ # For faster/better builds of sdists.
+ - script: python -m pip install wheel
+ displayName: Install build pre-requisite
+
+ - script: python -m pip install nox
+ displayName: Install nox
+
+ - script: python -m nox --session build
+ displayName: Build sdist and wheels
+
+ - task: PublishBuildArtifacts@1
+ displayName: "Publish Artifact"
+ inputs:
+ pathToPublish: "$(Build.SourcesDirectory)/packages/python/dist"
+ artifactName: dist
diff --git a/azure-pipelines/template/publish_pypi.yml b/azure-pipelines/template/publish_pypi.yml
new file mode 100644
index 0000000..1f29e1b
--- /dev/null
+++ b/azure-pipelines/template/publish_pypi.yml
@@ -0,0 +1,43 @@
+parameters:
+ - name: publishPyPI
+ displayName: 🚀 Publish To PyPI
+ type: string
+
+jobs:
+ - job: PublishPkg
+ displayName: Publish Packages
+
+ pool:
+ vmImage: windows-latest
+
+ steps:
+ - task: DownloadPipelineArtifact@2
+ displayName: "Download Pipeline Artifact"
+ inputs:
+ artifactName: dist
+ targetPath: "$(Build.SourcesDirectory)/dist"
+
+ - task: UsePythonVersion@0
+ displayName: "Use Python 3.7"
+ inputs:
+ versionSpec: 3.7
+
+ - script: python -m pip install -U pip
+ displayName: Upgrade Pip
+
+ - script: python -m pip install twine
+ displayName: Install Twine
+
+ - ${{ if eq(parameters.publishPyPI, 'Test') }}:
+ - script: python -m twine upload -r testpypi dist/*
+ displayName: Publish to Test PyPI
+ env:
+ TWINE_USERNAME: __token__
+ TWINE_PASSWORD: $(test_pypi_token)
+
+ - ${{ if eq(parameters.publishPyPI, 'Real') }}:
+ - script: python -m twine upload dist/*
+ displayName: Publish to PyPI
+ env:
+ TWINE_USERNAME: __token__
+ TWINE_PASSWORD: $(real_pypi_token)
diff --git a/azure-pipelines/template/static_analysis.yml b/azure-pipelines/template/static_analysis.yml
new file mode 100644
index 0000000..ffd0f44
--- /dev/null
+++ b/azure-pipelines/template/static_analysis.yml
@@ -0,0 +1,72 @@
+jobs:
+ - job: SourceScan
+ displayName: Source Scan
+
+ pool:
+ vmImage: windows-latest
+
+ steps:
+ - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3
+ displayName: 'Run Credential Scanner'
+ inputs:
+ outputFormat: pre
+ debugMode: false
+ continueOnError: true
+
+ - task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@2
+ displayName: 'Run PoliCheck'
+ inputs:
+ targetType: F
+ continueOnError: true
+
+ - task: securedevelopmentteam.vss-secure-development-tools.build-task-antimalware.AntiMalware@4
+ displayName: 'Run AntiMalware'
+ inputs:
+ FileDirPath: '$(Build.SourcesDirectory)'
+ EnableServices: true
+ continueOnError: true
+
+ - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
+ displayName: Component Detection
+ inputs:
+ ignoreDirectories: '$(Build.SourcesDirectory)/tests'
+ continueOnError: true
+
+ - task: securedevelopmentteam.vss-secure-development-tools.build-task-report.SdtReport@2
+ displayName: Create Security Analysis Report
+ inputs:
+ AllTools: false
+ AntiMalware: true
+ BinSkim: false
+ CredScan: true
+ PoliCheck: true
+ APIScan: false
+ CodesignValidation: false
+ FortifySCA: false
+ FxCop: false
+ ModernCop: false
+ MSRD: false
+ RoslynAnalyzers: false
+ SDLNativeRules: false
+ Semmle: false
+ TSLint: false
+ WebScout: false
+ continueOnError: true
+
+ - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@3
+ displayName: Publish Security Analysis Logs
+
+ - job: VersionChk
+ displayName: Version Check
+
+ pool:
+ vmImage: ubuntu-latest
+
+ steps:
+ - task: UsePythonVersion@0
+ displayName: 'Use Python 3.11'
+ inputs:
+ versionSpec: 3.11
+
+ - script: python ./.github/workflows/version_check.py
+ displayName: Version Check