1es pipeline template

microsoft · Oct 11, 2024 · c22188b · c22188b
1 parent cb8c46f
commit c22188b
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 77 deletions.
diff --git a/.azure-devops/nova-facade-release.yml b/.azure-devops/nova-facade-release.yml
@@ -2,13 +2,13 @@ pr: none
 trigger:
   - main
 schedules:
-- cron: 0 0 * * Mon
-  displayName: Nova-Facade weekly pipeline validation
-  branches:
-    include: 
-    - main
-  always: true
-  
+  - cron: 0 0 * * Mon
+    displayName: Nova-Facade weekly pipeline validation
+    branches:
+      include:
+        - main
+    always: true
+
 variables:
   - group: InfoSec-SecurityResults
   - name: tags
@@ -18,48 +18,51 @@ variables:
   - name: adoNpmFeedBaseUrl
     value: https://pkgs.dev.azure.com/domoreexp/_apis/packaging/feeds/npm-mirror
 
-jobs:
-  - job: compliance
-    displayName: Compliance checks
+resources:
+  repositories:
+    - repository: 1ESPipelineTemplates
+      type: git
+      name: 1ESPipelineTemplates/1ESPipelineTemplates
+      ref: refs/tags/release
+extends:
+  template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
+  parameters:
     pool:
       name: 1ES-Teams-Windows-2022-DomoreexpGithub
-    steps:
-      - template: ./steps/service-tree.yml
-        parameters:
-          serviceTreeID: $(serviceTreeID)
-      - template: ./steps/compliance-steps.yml
-
-  - job: Release
-    variables:
-      - group: oss-secrets
-    dependsOn: Compliance
-    pool: "1ES-Teams-Ubuntu-Latest-Compliant-NCUS"
-    steps:
-      - template: ./steps/service-tree.yml
-        parameters:
-          serviceTreeID: $(serviceTreeID)
-      - script: yarn
-        displayName: yarn
-      - script: |
-          yarn ci
-        displayName: build and test [test]
-      - script: |
-          git config user.email "[email protected]"
-          git config user.name "Graphitation Service Account"
-          git remote set-url origin https://gql-svc:$(ossGithubPAT)@github.com/microsoft/nova-facade.git
-        displayName: Configure git for release
-      - script: yarn release -y -n $(ossNpmToken) --access public
-        displayName: Release
-      - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
-        displayName: 📒 Generate Manifest
-        inputs:
-          BuildDropPath: $(System.DefaultWorkingDirectory)
-      - task: PublishPipelineArtifact@1
-        displayName: 📒 Publish Manifest
-        inputs:
-          artifactName: SBom-$(System.JobAttempt)
-          targetPath: $(System.DefaultWorkingDirectory)/_manifest
-      - template: ./steps/pierce-ado-npm-mirror-cache.yml
-        parameters:
-          adoNpmFeedPat: $(adoNpmFeedPat)
-          adoNpmFeedBaseUrl: $(adoNpmFeedBaseUrl)
+      os: windows
+    customBuildTags:
+      - ES365AIMigrationTooling
+    stages:
+      - stage: stage
+        jobs:
+          - job: compliance
+            displayName: Compliance checks
+            steps:
+              - template: /.azure-devops/steps/service-tree.yml@self
+                parameters:
+                  serviceTreeID: $(serviceTreeID)
+              - template: /.azure-devops/steps/compliance-steps.yml@self
+          - job: Release
+            variables:
+              - group: oss-secrets
+            dependsOn: Compliance
+            steps:
+              - template: /.azure-devops/steps/service-tree.yml@self
+                parameters:
+                  serviceTreeID: $(serviceTreeID)
+              - script: yarn
+                displayName: yarn
+              - script: |
+                  yarn ci
+                displayName: build and test [test]
+              - script: |
+                  git config user.email "[email protected]"
+                  git config user.name "Graphitation Service Account"
+                  git remote set-url origin https://gql-svc:$(ossGithubPAT)@github.com/microsoft/nova-facade.git
+                displayName: Configure git for release
+              - script: yarn release -y -n $(ossNpmToken) --access public
+                displayName: Release
+              - template: /.azure-devops/steps/pierce-ado-npm-mirror-cache.yml@self
+                parameters:
+                  adoNpmFeedPat: $(adoNpmFeedPat)
+                  adoNpmFeedBaseUrl: $(adoNpmFeedBaseUrl)
diff --git a/.azure-devops/steps/compliance-steps.yml b/.azure-devops/steps/compliance-steps.yml
@@ -8,23 +8,6 @@ steps:
     inputs:
       version: 3.x
       steps:
-
-  - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3
-    condition: succeededOrFailed()
-    displayName: "🧭 Run Credential Scanner"
-    inputs:
-      debugMode: false
-
-  - task: securedevelopmentteam.vss-secure-development-tools.build-task-eslint.ESLint@1
-    condition: succeededOrFailed()
-    displayName: "🧭 Run ESLint"
-
-  - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@3
-    displayName: "🧭 Publish Guardian Artifacts - All Tools"
-    inputs:
-      ArtifactType: M365
-    condition: succeededOrFailed()
-
   - task: AssetRetention@3
     displayName: 🧭 Arrow Retention
     inputs:
@@ -34,13 +17,3 @@ steps:
       IsShipped: false
       DropsToRetain: "CodeAnalysisLogs"
     condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main'))
-
-  - task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2
-    displayName: "🧭 Guardian Break"
-    inputs:
-      GdnBreakPolicyMinSev: Warning
-      GdnBreakAllTools: true
-      GdnBreakGdnToolESLint: true
-      GdnBreakGdnToolESLintSeverity: Warning
-      GdnBreakPolicy: M365
-    condition: succeededOrFailed()