diff --git a/.devops/gctoolkit-release.yml b/.devops/gctoolkit-release.yml index 2e4a69f2..49b10dba 100644 --- a/.devops/gctoolkit-release.yml +++ b/.devops/gctoolkit-release.yml @@ -42,7 +42,7 @@ extends: template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines parameters: pool: - name: JEG-mariner2.0-x64-release + name: JEG-test-pool os: linux sdl: sourceAnalysisPool: @@ -60,12 +60,36 @@ extends: - job: build_gctoolkit workspace: clean: all - displayName: Build with Maven + displayName: Build GCToolkit with Maven + templateContext: + # Disable Defender for Linux since it is not supported by Azure Linux. + # More info here: https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/1es-pipeline-templates/features/sdlanalysis/antimalware + sdl: + antimalwareScan: + enabled: false + justificationForDisabling: Disabling Defender for Linux as its not supported in Azure Linux 3 + outputs: + - output: pipelineArtifact + targetPath: $(Build.ArtifactStagingDirectory)/staging + artifactName: staged-artifacts + steps: - checkout: gctoolkit path: gctoolkit clean: true + # Find out what is installed on the agents... + - bash: | + echo "Installed Tools and versions:" + find /opt/hostedtoolcache -mindepth 1 -type d | while read dir; do + if [[ "$dir" == *jdk* ]]; then + echo "👉 $dir" + else + echo "$dir" + fi + done + displayName: 'Show installed tools' + # Use modern Java to build - task: JavaToolInstaller@0 inputs: @@ -200,11 +224,23 @@ extends: workingDirectory: $(Build.ArtifactStagingDirectory) displayName: Create sha256sums - - task: 1ES.PublishPipelineArtifact@1 - inputs: - targetPath: '$(Build.ArtifactStagingDirectory)/staging' - artifactName: staged-artifacts + # Release jobs have to be separated from build jobs for our internal release service to be compliant + - job: release_gctoolkit_to_maven_central + dependsOn: build_gctoolkit + workspace: + clean: all + displayName: Release GCToolkit to Maven Central + templateContext: + type: releaseJob + isProduction: true + inputs: # Pull the staged artifacts from the build job. + - input: pipelineArtifact + artifactName: staged-artifacts + targetPath: '$(Build.ArtifactStagingDirectory)/staging' + + steps: + # ESRP Release task docs at aka.ms/esrp under 'ESRP Portal Help' - task: EsrpRelease@8 inputs: connectedservicename: 'JEG-Tooling-Prod' @@ -214,6 +250,8 @@ extends: clientid: '516af6d8-6ab4-4069-8f64-b18c64d16688' intent: 'PackageDistribution' # Test with contentype PyPI to avoid publishing to Maven Central + # NOTE: This is the guidance given in ESRP portal for testing + # the flow during dry-runs, see aka.ms/esrp. ${{ if eq(parameters.release_type, 'release') }}: contenttype: 'Maven' ${{ else }}: @@ -222,8 +260,12 @@ extends: folderlocation: '$(Build.ArtifactStagingDirectory)/staging/com/microsoft/gctoolkit' waitforreleasecompletion: true owners: 'dekeeler@microsoft.com' - approvers: 'milderhc@microsoft.com,john.oliver@microsoft.com,dagrieve@microsoft.com,kirk.pepperdine@microsoft.com' + approvers: 'maverbur@microsoft.com,john.oliver@microsoft.com' serviceendpointurl: 'https://api.esrp.microsoft.com' mainpublisher: 'ESRPRELPACMAN' domaintenantid: '33e01921-4d64-4f8c-a055-5bdaffd5e33d' displayName: 'Publish to Maven Central' + # For non-release runs, allow this task to fail (it should!) so the + # pipeline does not appear to fail when it doesn't. + continueOnError: ${{ ne(parameters.release_type, 'release') }} + diff --git a/.devops/weekly-build.yml b/.devops/weekly-build.yml index cbf2e9a6..11400f7e 100644 --- a/.devops/weekly-build.yml +++ b/.devops/weekly-build.yml @@ -12,7 +12,7 @@ variables: JAVA_HOME_11_X64: /usr/lib/jvm/msopenjdk-11 pool: - name: JEG-mariner2.0-x64-release + name: JEG-azurelinux-x64-release steps: - task: JavaToolInstaller@0