OneBranch Migration (#127)

* Adding OneBranch Migration * Updating source directory for copy * Disable TSA Upload * Update template-pack-and-sign-all-nugets.yaml Signed-off-by: Travis Walker <[email protected]> * Update template-restore-build-MSIdentityAbstractions.yaml Signed-off-by: Travis Walker <[email protected]> * Updating directory --------- Signed-off-by: Travis Walker <[email protected]> Co-authored-by: trwalke <[email protected]>
AzureAD · May 10, 2024 · cade7c8 · cade7c8
1 parent 477a162
commit cade7c8
Show file tree

Hide file tree

Showing 6 changed files with 62 additions and 6 deletions.
diff --git a/build/template-onebranch-build-and-sign.yaml b/build/template-onebranch-build-and-sign.yaml
@@ -0,0 +1,30 @@
+# template-onebranch-build-and-sign.yaml
+
+parameters:
+  BuildPlatform: '$(BuildPlatform)'
+  BuildConfiguration: '$(BuildConfiguration)'
+  MsIdentityWebSemVer: $(MsIdentityWebSemVer)
+
+steps:
+
+# Bootstrap the build
+- template: template-bootstrap-build.yaml
+
+# Nuget Restore and Build Microsoft.Identity.Abstractions.sln
+- template: template-restore-build-MSIdentityAbstractions.yaml
+  parameters:
+    BuildPlatform: ${{ parameters.BuildPlatform }}
+    BuildConfiguration: ${{ parameters.BuildConfiguration }}
+    MsIdentityWebSemVer: ${{ parameters.MsIdentityWebSemVer }}
+
+# Run Post-build code analysis (e.g. Roslyn)
+- template: template-postbuild-code-analysis.yaml
+
+# Pack and sign all of the nuget packages
+- template: template-pack-and-sign-all-nugets.yaml
+
+# Publish nuget packages and symbols to VSTS package manager.
+- template: template-publish-packages-and-symbols.yaml
+
+# Publish analysis and cleanup
+- template: template-publish-analysis-and-cleanup.yaml
diff --git a/build/template-pack-and-sign-all-nugets.yaml b/build/template-pack-and-sign-all-nugets.yaml
@@ -10,13 +10,13 @@ steps:
 - template: template-pack-and-sign-nuget.yaml
   parameters:
     BuildConfiguration: ${{ parameters.BuildConfiguration }}
-    ProjectRootPath: '$(Build.SourcesDirectory)\src\Microsoft.Identity.Abstractions'
+    ProjectRootPath: '$(Build.SourcesDirectory)\$(IdAbstractionsSourceDir)src\Microsoft.Identity.Abstractions'
     AssemblyName: 'Microsoft.Identity.Abstractions'
     HasRefAssembly: 'false'
 
 # Copy all packages out to staging
 - task: CopyFiles@2
-  displayName: 'Copy Files from $(Build.SourcesDirectory) to: $(Build.ArtifactStagingDirectory)\packages'
+  displayName: 'Copy Files from $(Build.SourcesDirectory)\$(IdAbstractionsSourceDir) to: $(Build.ArtifactStagingDirectory)\packages'
   inputs:
     SourceFolder: '$(Build.SourcesDirectory)'
     Contents: '**\*nupkg'
@@ -51,3 +51,13 @@ steps:
     SessionTimeout: 20
     VerboseLogin: true
   timeoutInMinutes: 5
+  condition: and(succeeded(), eq(variables['PipelineType'], 'Legacy'))
+
+- task: onebranch.pipeline.signing@1
+  displayName: 'Sign Packages with OneBranch'
+  inputs:
+    command: 'sign'
+    signing_profile: 'CP-401405'
+    files_to_sign: '*.nupkg'
+    search_root: '$(Build.ArtifactStagingDirectory)\packages'
+  condition: and(succeeded(), eq(variables['PipelineType'], 'OneBranch'))
diff --git a/build/template-publish-analysis-and-cleanup.yaml b/build/template-publish-analysis-and-cleanup.yaml
@@ -12,6 +12,7 @@ steps:
     GdnPublishTsaOnboard: false
     GdnPublishTsaConfigFile: '$(Build.SourcesDirectory)/build/tsaConfig.json'
   continueOnError: true
+  condition: and(succeeded(), eq(variables['PipelineType'], 'Legacy'))
 
 - task: mspremier.PostBuildCleanup.PostBuildCleanup-task.PostBuildCleanup@3
   displayName: 'Clean Agent Directories'
diff --git a/build/template-publish-packages-and-symbols.yaml b/build/template-publish-packages-and-symbols.yaml
@@ -14,17 +14,20 @@ steps:
     command: custom
     arguments: 'verify -Signature ${{ parameters.NugetPackagesWildcard }}'
   continueOnError: true
+  condition: and(succeeded(), eq(variables['PipelineType'], 'Legacy'))
 
 - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
   displayName: 'Generation Task'
   inputs:
     BuildDropPath: '${{ parameters.ArtifactPublishPath }}'
+  condition: and(succeeded(), eq(variables['PipelineType'], 'Legacy'))
 
 - task: PublishBuildArtifacts@1
   displayName: 'Publish Artifact: packages'
   inputs:
     PathtoPublish: '${{ parameters.ArtifactPublishPath }}'
     ArtifactName: '${{ parameters.DropArtifactName }}'
+  condition: and(succeeded(), eq(variables['PipelineType'], 'Legacy'))
 
 - task: NuGetCommand@2
   displayName: 'Publish packages to VSTS feed'

diff --git a/build/template-restore-build-MSIdentityAbstractions.yaml b/build/template-restore-build-MSIdentityAbstractions.yaml
@@ -11,15 +11,15 @@ steps:
   displayName: 'Build solution Microsoft.Identity.Abstractions.sln and run tests'
   inputs:
     command: test
-    projects: 'Microsoft.Identity.Abstractions.sln'
-    arguments: '--collect "Code Coverage" --settings "build\CodeCoverage.runsettings" --configuration ${{ parameters.BuildConfiguration }} -p:RunCodeAnalysis=true -p:MsIdentityAbstractionsSemVer=${{ parameters.MsIdentityAbstractionsSemVer }} -p:SourceLinkCreate=true'
+    projects: '$(IdAbstractionsSourceDir)Microsoft.Identity.Abstractions.sln'
+    arguments: '--collect "Code Coverage" --settings "$(IdAbstractionsSourceDir)build\CodeCoverage.runsettings" --configuration ${{ parameters.BuildConfiguration }} -p:RunCodeAnalysis=true -p:MsIdentityAbstractionsSemVer=${{ parameters.MsIdentityAbstractionsSemVer }} -p:SourceLinkCreate=true'
 
 # This task is needed so that the 1CS Rolsyn analyzers task works.
 # The previous task does the restore
 - task: VSBuild@1
   displayName: 'Build solution Microsoft.Identity.Abstractions.sln for governance'
   inputs:
-    solution: Microsoft.Identity.Abstractions.sln
+    solution: $(IdAbstractionsSourceDir)Microsoft.Identity.Abstractions.sln
     msbuildArgs: '/p:RunCodeAnalysis=false /p:MsIdentityAbstractionsSemVer=${{ parameters.MsIdentityAbstractionsSemVer }} /p:SourceLinkCreate=true'
     platform: ${{ parameters.BuildPlatform }}
     configuration: ${{ parameters.BuildConfiguration }}
@@ -30,4 +30,4 @@ steps:
     failOnAlert: true
     scanType: 'Register'
     verbosity: 'Verbose'
-    alertWarningLevel: 'High'
+    alertWarningLevel: 'High'
diff --git a/build/template-sign-binary.yaml b/build/template-sign-binary.yaml
@@ -61,6 +61,16 @@ steps:
     SessionTimeout: 20
     VerboseLogin: true
   timeoutInMinutes: 10
+  condition: and(succeeded(), eq(variables['PipelineType'], 'Legacy'))
+
+- task: onebranch.pipeline.signing@1
+  displayName: 'Sign ${{ parameters.Pattern }} with OneBranch'
+  inputs:
+    command: 'sign'
+    signing_profile: 'external_distribution' #CP-230012 -> https://eng.ms/docs/products/onebranch/signing/containerbuildsigning#signing-using-onebranchpipelinesigning-ado-task
+    files_to_sign: '${{ parameters.Pattern }}'
+    search_root: '${{ parameters.FolderPath }}'
+  condition: and(succeeded(), eq(variables['PipelineType'], 'OneBranch'))
 
 - task: securedevelopmentteam.vss-secure-development-tools.build-task-binskim.BinSkim@4
   displayName: 'Run BinSkim ${{ parameters.Pattern }}'
@@ -69,8 +79,10 @@ steps:
     AnalyzeTargetGlob: ${{ parameters.Pattern }}
     AnalyzeVerbose: true
     AnalyzeHashes: true
+  condition: and(succeeded(), eq(variables['PipelineType'], 'Legacy'))
 
 - task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2
   displayName: 'Check BinSkim Results'
   inputs:
     GdnBreakGdnToolBinSkim: true
+  condition: and(succeeded(), eq(variables['PipelineType'], 'Legacy'))