Skip to content

Build and release activity separated in release pipeline #446

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
d3r3kk merged 10 commits into from
Jun 28, 2025
Merged

Build and release activity separated in release pipeline #446

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
d211fe4
Udpate pipeline to classify as a 'release job' for internal Microsoft…
d3r3kk Jun 10, 2025
2511940
Separate the release tasks from the build tasks (requirement of 1ES t…
d3r3kk Jun 10, 2025
77b8084
Added missing template context for the build job.
d3r3kk Jun 10, 2025
e2033a7
Fix syntax problem
d3r3kk Jun 10, 2025
5c64eb9
Upgrade pool used to Azure Linux (3.0) as Mariner 2.0 is being deprec…
d3r3kk Jun 10, 2025
c7f15ec
TEMP: See what tools are hosted...
d3r3kk Jun 10, 2025
19e854a
TEMP: Show more depth in tools
d3r3kk Jun 10, 2025
073fab6
Use our test pool to ensure the new Azure Linux machines are set up p…
d3r3kk Jun 17, 2025
452af2a
Corrections for Azure Linux agents
d3r3kk Jun 26, 2025
416e9f3
Merge branch 'dek/release-task-ify' of https://github.com/microsoft/g…
d3r3kk Jun 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 49 additions & 7 deletions .devops/gctoolkit-release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ extends:
template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines
parameters:
pool:
name: JEG-mariner2.0-x64-release
name: JEG-test-pool
Comment thread
d3r3kk marked this conversation as resolved.
os: linux
sdl:
sourceAnalysisPool:
Expand All @@ -60,12 +60,36 @@ extends:
- job: build_gctoolkit
workspace:
clean: all
displayName: Build with Maven
displayName: Build GCToolkit with Maven
templateContext:
# Disable Defender for Linux since it is not supported by Azure Linux.
# More info here: https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/1es-pipeline-templates/features/sdlanalysis/antimalware
sdl:
antimalwareScan:
enabled: false
justificationForDisabling: Disabling Defender for Linux as its not supported in Azure Linux 3
outputs:
- output: pipelineArtifact
targetPath: $(Build.ArtifactStagingDirectory)/staging
artifactName: staged-artifacts

steps:
- checkout: gctoolkit
path: gctoolkit
clean: true

# Find out what is installed on the agents...
- bash: |
echo "Installed Tools and versions:"
find /opt/hostedtoolcache -mindepth 1 -type d | while read dir; do
if [[ "$dir" == *jdk* ]]; then
echo "👉 $dir"
else
echo "$dir"
fi
done
displayName: 'Show installed tools'

# Use modern Java to build
- task: JavaToolInstaller@0
inputs:
Expand Down Expand Up @@ -200,11 +224,23 @@ extends:
workingDirectory: $(Build.ArtifactStagingDirectory)
displayName: Create sha256sums

- task: 1ES.PublishPipelineArtifact@1
inputs:
targetPath: '$(Build.ArtifactStagingDirectory)/staging'
artifactName: staged-artifacts

# Release jobs have to be separated from build jobs for our internal release service to be compliant
- job: release_gctoolkit_to_maven_central
dependsOn: build_gctoolkit
workspace:
clean: all
displayName: Release GCToolkit to Maven Central
templateContext:
type: releaseJob
isProduction: true
inputs: # Pull the staged artifacts from the build job.
- input: pipelineArtifact
artifactName: staged-artifacts
targetPath: '$(Build.ArtifactStagingDirectory)/staging'

steps:
# ESRP Release task docs at aka.ms/esrp under 'ESRP Portal Help'
- task: EsrpRelease@8
inputs:
connectedservicename: 'JEG-Tooling-Prod'
Expand All @@ -214,6 +250,8 @@ extends:
clientid: '516af6d8-6ab4-4069-8f64-b18c64d16688'
intent: 'PackageDistribution'
# Test with contentype PyPI to avoid publishing to Maven Central
# NOTE: This is the guidance given in ESRP portal for testing
# the flow during dry-runs, see aka.ms/esrp.
${{ if eq(parameters.release_type, 'release') }}:
contenttype: 'Maven'
${{ else }}:
Expand All @@ -222,8 +260,12 @@ extends:
folderlocation: '$(Build.ArtifactStagingDirectory)/staging/com/microsoft/gctoolkit'
waitforreleasecompletion: true
owners: 'dekeeler@microsoft.com'
approvers: 'milderhc@microsoft.com,john.oliver@microsoft.com,dagrieve@microsoft.com,kirk.pepperdine@microsoft.com'
approvers: 'maverbur@microsoft.com,john.oliver@microsoft.com'
serviceendpointurl: 'https://api.esrp.microsoft.com'
mainpublisher: 'ESRPRELPACMAN'
domaintenantid: '33e01921-4d64-4f8c-a055-5bdaffd5e33d'
displayName: 'Publish to Maven Central'
# For non-release runs, allow this task to fail (it should!) so the
# pipeline does not appear to fail when it doesn't.
continueOnError: ${{ ne(parameters.release_type, 'release') }}

2 changes: 1 addition & 1 deletion .devops/weekly-build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ variables:
JAVA_HOME_11_X64: /usr/lib/jvm/msopenjdk-11

pool:
name: JEG-mariner2.0-x64-release
name: JEG-azurelinux-x64-release

steps:
- task: JavaToolInstaller@0
Expand Down