diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 4c5623c..7ac24bc 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -1,12 +1,22 @@ trigger: -- main + branches: + include: + - main + tags: + include: + - v*.*.* + +pr: + branches: + include: + - main resources: repositories: - - repository: 1ESPipelineTemplates + - repository: odspPipelines type: git - name: 1ESPipelineTemplates/1ESPipelineTemplates - ref: refs/tags/release + name: EFun/ODSPTemplates + ref: refs/heads/main variables: - name: toolchainFeed @@ -15,28 +25,24 @@ variables: value: sparse+https://onedrive.pkgs.visualstudio.com/b52099a6-3b13-4b08-9270-a07884a10e3d/_packaging/RustCratesIO/Cargo/index/ extends: - template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates + template: v1/OdspPipeline.yml@odspPipelines parameters: + settings: + template: Official sdl: - clippy: + clippy: enabled: false - sourceAnalysisPool: - # SDL tools only support Windows. - name: Azure-Pipelines-1ESPT-ExDShared - os: windows - image: windows-latest stages: ## For more details on the Rust build workflow, see https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/1es-pipeline-templates/features/buildworkflows/rust - stage: BuildStage displayName: 🏗️ Cargo build + pool: + name: 1ESHostedAgents_Windows2022_v2 + os: windows jobs: - job: BuildJob displayName: 🏗️ Cargo build - pool: - name: Azure-Pipelines-1ESPT-ExDShared - os: windows - image: windows-latest templateContext: type: buildJob workflow: Rust @@ -54,6 +60,7 @@ extends: postBuildSteps: - script: | cargo build --workspace --locked 2>&1 + cargo test --no-run --workspace --locked 2>&1 displayName: "Build debug" @@ -70,6 +77,7 @@ extends: mergeTestResults: true - script: | + set CL=/Qspectre /sdl /Zi /W3 set RUSTFLAGS=-Ccontrol-flow-guard -Ctarget-feature=+crt-static,+avx2,+lzcnt -Clink-args=/DYNAMICBASE -Clink-args=/CETCOMPAT cargo build --workspace --locked --release 2>&1 copy target\release\lepton_jpeg.dll target\release\lepton_jpeg_avx2.dll @@ -81,19 +89,19 @@ extends: rd /s /q target\release\build displayName: 'Build Release' - + - task: UseDotNet@2 inputs: packageType: 'sdk' version: '6.x' - + - task: EsrpCodeSigning@5 inputs: ConnectedServiceName: 'ESRP CodeSigningV2-OneDrive Service' - AppRegistrationClientId: 'bd3fbc52-4cf5-4cca-a25d-94160e5ed309' - AppRegistrationTenantId: 'cdc5aeea-15c5-4db6-b079-fcadd2505dc2' - AuthAKVName: 'ODSP-ESRP' - AuthCertName: 'ODSP-ESRP-Auth-V2' + AppRegistrationClientId: 'bd3fbc52-4cf5-4cca-a25d-94160e5ed309' + AppRegistrationTenantId: 'cdc5aeea-15c5-4db6-b079-fcadd2505dc2' + AuthAKVName: 'ODSP-ESRP' + AuthCertName: 'ODSP-ESRP-Auth-V2' AuthSignCertName: 'CodeSigningCertificate' FolderPath: '$(Build.SourcesDirectory)' Pattern: ' @@ -137,7 +145,7 @@ extends: Contents: | target\debug\?(*.dll|*.exe|*.pdb) target\release\?(*.dll|*.exe|*.pdb) - + TargetFolder: '$(Build.ArtifactStagingDirectory)' - task: PublishSymbols@2 @@ -155,7 +163,7 @@ extends: - task: 1ES.PublishNuGet@1 displayName: 'NuGet push' - condition: and(succeeded(), in(variables['Build.Reason'], 'Manual'), eq(variables['Build.SourceBranch'], 'refs/heads/main')) + condition: and(succeeded(), startsWith(variables['Build.SourceBranch'], 'refs/tags/v')) inputs: packageParentPath: '$(Pipeline.Workspace)' packagesToPush: '$(Build.ArtifactStagingDirectory)\*.nupkg'