build: add a OneBranch Official release pipeline #16081
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This pipeline does everything the existing release pipeline does, except it does it using the OneBranch official templates. Most of our existing build infrastructure has been reused, with the following changes: - We are no longer using `job-submit-windows-vpack`, as OneBranch does this for us. - `job-merge-msix-into-bundle` now supports afterBuildSteps, which we use to stage the msixbundle into the right place for the vpack - `job-build-project` supports deleting all non-signed files (which the OneBranch post-build validation requires) - `job-build-project` now deletes `console.dll`, which is unused in any of our builds, because XFGCheck blows up on it for some reason on x86 - `job-publish-symbols` now supports two different types of PAT ingestion - I have pulled out the NuGet filename variables into a shared variables template I have also introduced a TSA config (which files bugs on us for binary analysis failures as well as using the word 'sucks' and stuff.) I have also baselined a number of control flow guard/binary analysis failures.
DHowett
commented
Oct 1, 2023
Comment on lines
+116
to
+130
| - task: PkgESSetupBuild@12 | ||
| displayName: Package ES - Setup Build | ||
| inputs: | ||
| disableOutputRedirect: true | ||
|
|
||
| - task: UniversalPackages@0 | ||
| displayName: Download terminal-internal Universal Package | ||
| inputs: | ||
| feedListDownload: 2b3f8893-a6e8-411f-b197-a9e05576da48 | ||
| packageListDownload: e82d490c-af86-4733-9dc4-07b772033204 | ||
| versionListDownload: ${{ parameters.terminalInternalPackageVersion }} | ||
|
|
||
| - template: ./build/pipelines/templates-v2/steps-fetch-and-prepare-localizations.yml@self | ||
| parameters: | ||
| includePseudoLoc: true |
There was a problem hiding this comment.
There's some duplication here between the non-OB and OB release builds.
However: we can put the non-OB release builds on a path to deprecation.
DHowett
commented
Oct 1, 2023
| { | ||
| "instanceUrl": "https://microsoft.visualstudio.com", | ||
| "projectName": "OS", | ||
| "areaPath": "OS\\Windows Client and Services\\ADEPT\\E4D-Engineered for Developers\\SHINE\\Terminal", |
There was a problem hiding this comment.
oh no they know what our area path is oh no
There was a problem hiding this comment.
oh no, they'll think we're engineering for developers oh no
zadjii-msft
approved these changes
Oct 2, 2023
| { | ||
| "instanceUrl": "https://microsoft.visualstudio.com", | ||
| "projectName": "OS", | ||
| "areaPath": "OS\\Windows Client and Services\\ADEPT\\E4D-Engineered for Developers\\SHINE\\Terminal", |
There was a problem hiding this comment.
oh no, they'll think we're engineering for developers oh no
| NuGetPackBetaVersion: preview | ||
| ${{ elseif eq(variables['Build.SourceBranchName'], 'main') }}: | ||
| NuGetPackBetaVersion: experimental | ||
| - template: variables-nuget-package-version.yml |
carlos-zamora
approved these changes
Oct 2, 2023
DHowett
added a commit
that referenced
this pull request
Oct 3, 2023
This pipeline does everything the existing release pipeline does, except it does it using the OneBranch official templates. Most of our existing build infrastructure has been reused, with the following changes: - We are no longer using `job-submit-windows-vpack`, as OneBranch does this for us. - `job-merge-msix-into-bundle` now supports afterBuildSteps, which we use to stage the msixbundle into the right place for the vpack - `job-build-project` supports deleting all non-signed files (which the OneBranch post-build validation requires) - `job-build-project` now deletes `console.dll`, which is unused in any of our builds, because XFGCheck blows up on it for some reason on x86 - `job-publish-symbols` now supports two different types of PAT ingestion - I have pulled out the NuGet filename variables into a shared variables template I have also introduced a TSA config (which files bugs on us for binary analysis failures as well as using the word 'sucks' and stuff.) I have also baselined a number of control flow guard/binary analysis failures. (cherry picked from commit 6489f6b) Service-Card-Id: 90706777 Service-Version: 1.19
DHowett
added a commit
that referenced
this pull request
Oct 3, 2023
This pipeline does everything the existing release pipeline does, except it does it using the OneBranch official templates. Most of our existing build infrastructure has been reused, with the following changes: - We are no longer using `job-submit-windows-vpack`, as OneBranch does this for us. - `job-merge-msix-into-bundle` now supports afterBuildSteps, which we use to stage the msixbundle into the right place for the vpack - `job-build-project` supports deleting all non-signed files (which the OneBranch post-build validation requires) - `job-build-project` now deletes `console.dll`, which is unused in any of our builds, because XFGCheck blows up on it for some reason on x86 - `job-publish-symbols` now supports two different types of PAT ingestion - I have pulled out the NuGet filename variables into a shared variables template I have also introduced a TSA config (which files bugs on us for binary analysis failures as well as using the word 'sucks' and stuff.) I have also baselined a number of control flow guard/binary analysis failures. (cherry picked from commit 6489f6b) Service-Card-Id: 90706776 Service-Version: 1.18
DHowett
added a commit
that referenced
this pull request
Nov 28, 2023
This pipeline does everything the existing release pipeline does, except it does it using the OneBranch official templates. Most of our existing build infrastructure has been reused, with the following changes: - We are no longer using `job-submit-windows-vpack`, as OneBranch does this for us. - `job-merge-msix-into-bundle` now supports afterBuildSteps, which we use to stage the msixbundle into the right place for the vpack - `job-build-project` supports deleting all non-signed files (which the OneBranch post-build validation requires) - `job-build-project` now deletes `console.dll`, which is unused in any of our builds, because XFGCheck blows up on it for some reason on x86 - `job-publish-symbols` now supports two different types of PAT ingestion - I have pulled out the NuGet filename variables into a shared variables template I have also introduced a TSA config (which files bugs on us for binary analysis failures as well as using the word 'sucks' and stuff.) I have also baselined a number of control flow guard/binary analysis failures. (cherry picked from commit 6489f6b) Service-Card-Id: 91211920 Service-Version: 1.17
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pipeline does everything the existing release pipeline does, except it does it using the OneBranch official templates.
Most of our existing build infrastructure has been reused, with the following changes:
job-submit-windows-vpack, as OneBranch does this for us.job-merge-msix-into-bundlenow supports afterBuildSteps, which we use to stage the msixbundle into the right place for the vpackjob-build-projectsupports deleting all non-signed files (which the OneBranch post-build validation requires)job-build-projectnow deletesconsole.dll, which is unused in any of our builds, because XFGCheck blows up on it for some reason on x86job-publish-symbolsnow supports two different types of PAT ingestionI have also introduced a TSA config (which files bugs on us for binary analysis failures as well as using the word 'sucks' and stuff.)
I have also baselined a number of control flow guard/binary analysis failures.