Skip to content

Commit

Permalink
merge main
Browse files Browse the repository at this point in the history
  • Loading branch information
kostapetan committed Nov 26, 2024
2 parents ae4cb9b + cf80b1b commit d316e41
Show file tree
Hide file tree
Showing 247 changed files with 8,930 additions and 3,719 deletions.
94 changes: 94 additions & 0 deletions .azure/pipelines/build.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
trigger:
branches:
include:
- main
paths:
include:
- dotnet

schedules:
- cron: "0 0 * * *"
displayName: 'Daily midnight build (including CodeQL)'
branches:
include:
- main
always: true

parameters:
- name: build_configuration
displayName: Build configuration
type: string
default: Release
values:
- Release
- Debug
- name: include_suffix
displayName: Append version suffix
type: boolean
default: true
- name: version_suffix
displayName: Version suffix
type: string
default: dev.$(Build.BuildNumber)
- name: codesign
displayName: Enable code signing
type: boolean
default: false
- name: skip_test
displayName: Skip tests
type: boolean
default: false
- name: publish_nuget
displayName: Publish to nuget.org
type: boolean
default: false
- name: publish_nightly
displayName: Publish to autogen-nightly
type: boolean
default: true
- name: publish_artifacts
displayName: Publish artifacts
type: boolean
default: false
- name: runCodeQL3000
default: false
displayName: Run CodeQL3000 tasks
type: boolean

variables:
- template: templates/vars.yaml

resources:
repositories:
- repository: 1ESPipelineTemplates
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release

extends:
${{ if eq(variables['System.TeamProject'], 'GitHub - PR Builds') }}:
template: v1/1ES.Unofficial.PipelineTemplate.yml@1ESPipelineTemplates
${{ else }}:
template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
parameters:
settings:
skipBuildTagsForGitHubPullRequests: true
pool:
name: $(pool_name)
image: $(pool_image)
os: windows
stages:
- stage: build_test
displayName: Build and Tests
jobs:
- template: /.azure/pipelines/templates/build.yaml@self
parameters:
build_configuration: ${{ parameters.build_configuration }}
include_suffix: ${{ parameters.include_suffix }}
version_suffix: ${{ parameters.version_suffix }}
codesign: ${{ parameters.codesign }}
skip_test: ${{ parameters.skip_test }}
publish_nightly: ${{ parameters.publish_nightly }}
publish_nuget: ${{ parameters.publish_nuget }}
runCodeQL3000: ${{ parameters.runCodeQL3000 }}
publish_artifacts: ${{ parameters.publish_artifacts }}
228 changes: 228 additions & 0 deletions .azure/pipelines/templates/build.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,228 @@
parameters:
- name: build_configuration
displayName: Build configuration
type: string
default: Release
values:
- Release
- Debug
- name: include_suffix
displayName: Append version suffix
type: boolean
default: true
- name: version_suffix
displayName: Version suffix
type: string
default: ci.$(Build.BuildNumber)
- name: codesign
displayName: Enable code signing
type: boolean
default: false
- name: skip_test
displayName: Skip tests
type: boolean
default: false
- name: publish_nightly
displayName: Publish to autogen-nightly
type: boolean
default: false
- name: publish_nuget
displayName: Publish to nuget.org
type: boolean
default: false
- name: publish_artifacts
displayName: Publish artifacts
type: boolean
default: false
- name: runCodeQL3000
default: false
displayName: Run CodeQL3000 tasks
type: boolean

jobs:

# Build, sign dlls, build nuget pkgs, then sign them
- job: Build
displayName: Build and create NuGet packages
variables:
publishVstsFeed: 'AGPublic/AutoGen-Nightly'
${{ if eq(parameters.codesign, true) }}:
esrp_signing: true
${{ else }}:
esrp_signing: false
${{ if ne(variables['System.TeamProject'], 'GitHub - PR Builds') }}:
templateContext:
outputs:
# Publish artifacts if enabled
- ${{ if eq(parameters.publish_artifacts, true) }}: # TODO add eq(parameters.codesign, true)
- output: pipelineArtifact
targetPath: '$(build.sourcesdirectory)/dotnet/artifacts'
artifactName: artifacts folder
# Publish packages to nightly
- ${{ if eq(parameters.publish_nightly, true) }}: # TODO add eq(parameters.codesign, true)
- output: nuget
useDotNetTask: false
packageParentPath: $(Pipeline.Workspace)
packagesToPush: $(build.sourcesdirectory)/dotnet/artifacts/**/*.nupkg;$(build.sourcesdirectory)/dotnet/artifacts/**/*.snupkg
nuGetFeedType: internal
publishVstsFeed: $(publishVstsFeed)
allowPackageConflicts: true
- ${{ if and(eq(parameters.codesign, true), eq(parameters.publish_nuget, true)) }}:
- output: nuget
condition: succeeded()
useDotNetTask: false
packageParentPath: $(Pipeline.Workspace)
packagesToPush: $(build.sourcesdirectory)/dotnet/artifacts/**/*.nupkg;$(build.sourcesdirectory)/dotnet/artifacts/**/*.snupkg
nuGetFeedType: external
publishFeedCredentials: dotnet-orleans-nuget
publishPackageMetadata: true
allowPackageConflicts: true
steps:
- checkout: self
- task: UseDotNet@2
displayName: 'Use .NET Core sdk'
inputs:
useGlobalJson: true
workingDirectory: $(Build.SourcesDirectory)/dotnet
- task: Bash@3
displayName: Install .NET Aspire workload
inputs:
targetType: 'inline'
script: |
dotnet nuget locals all --clear
dotnet workload install aspire
- ${{ if eq(variables.runCodeQL3000, 'true') }}:
- task: CodeQL3000Init@0
displayName: CodeQL Initialize
# This task only tags a build if it actually does CodeQL3000 work.
# Those tasks no-op while the analysis is considered up to date i.e. for runs w/in a few days of each other.
- script: "echo ##vso[build.addbuildtag]CodeQL3000"
displayName: 'Set CI CodeQL3000 tag'
condition: ne(variables.CODEQL_DIST,'')
- task: DotNetCoreCLI@2
displayName: Build
inputs:
command: build
arguments: '$(build_flags) /bl:${{parameters.build_configuration}}-Build.binlog /p:Configuration=${{parameters.build_configuration}} $(solution)'
workingDirectory: $(Build.SourcesDirectory)/dotnet
env:
${{ if and(eq(parameters.include_suffix, true), eq(parameters.publish_nuget, false)) }}:
VersionSuffix: ${{parameters.version_suffix}}
OfficialBuild: $(official_build)

- ${{ if eq(variables.runCodeQL3000, 'true') }}:
- task: CodeQL3000Finalize@0
displayName: CodeQL Finalize
# DLL code signing
- ${{ if eq(variables.esrp_signing, true) }}:
- task: UseDotNet@2
displayName: 'Codesign: Use .NET Core'
inputs:
packageType: runtime
version: $(codesign_runtime)
- task: CopyFiles@2
displayName: 'Codesign: Copy Files for signing'
inputs:
SourceFolder: '$(build.sourcesdirectory)'
Contents: |
src/**/bin/${{parameters.build_configuration}}/**/AutoGen*.dll
src/**/bin/${{parameters.build_configuration}}/**/Microsoft.AutoGen.*.dll
TargetFolder: '$(build.artifactstagingdirectory)\codesign'
CleanTargetFolder: true
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1
displayName: 'Codesign: ESRP CodeSigning'
inputs:
ConnectedServiceName: 'CodeSign Service (NuGet)'
FolderPath: '$(build.artifactstagingdirectory)\codesign'
Pattern: '*'
signConfigType: inlineSignParams
inlineOperation: |
[
{
"keyCode": "CP-230012",
"operationSetCode": "SigntoolSign",
"parameters": [
{
"parameterName": "OpusName",
"parameterValue": "Microsoft"
},
{
"parameterName": "OpusInfo",
"parameterValue": "http://www.microsoft.com"
},
{
"parameterName": "FileDigest",
"parameterValue": "/fd \"SHA256\""
},
{
"parameterName": "PageHash",
"parameterValue": "/NPH"
},
{
"parameterName": "TimeStamp",
"parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
}
],
"toolName": "sign",
"toolVersion": "1.0"
},
{
"keyCode": "CP-230012",
"operationSetCode": "SigntoolVerify",
"parameters": [ ],
"toolName": "sign",
"toolVersion": "1.0"
}
]
SessionTimeout: 180
VerboseLogin: true
- task: CopyFiles@2
displayName: 'Codesign: Copy Signed Files Back'
inputs:
SourceFolder: '$(build.artifactstagingdirectory)\codesign'
Contents: '**\*'
TargetFolder: '$(build.sourcesdirectory)'
OverWrite: true
# End DLL code signing
- task: CmdLine@2
displayName: Pack
inputs:
script: 'dotnet pack --no-build --no-restore $(build_flags) /bl:${{parameters.build_configuration}}-Pack.binlog /p:Configuration=${{parameters.build_configuration}} $(solution)'
workingDirectory: $(Build.SourcesDirectory)/dotnet
env:
${{ if and(eq(parameters.include_suffix, true), eq(parameters.publish_nuget, false)) }}:
VersionSuffix: ${{parameters.version_suffix}}
OfficialBuild: $(official_build)
# NuGet code signing
- ${{ if eq(variables.esrp_signing, true) }}:
- task: UseDotNet@2
displayName: 'Codesign: Use .NET Core'
inputs:
packageType: runtime
version: $(codesign_runtime)
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1
displayName: 'Codesign: ESRP CodeSigning (nuget)'
inputs:
ConnectedServiceName: 'CodeSign Service (NuGet)'
FolderPath: '$(build.sourcesdirectory)/Artifacts/${{parameters.build_configuration}}'
Pattern: '*.nupkg'
signConfigType: inlineSignParams
inlineOperation: |
[
{
"keyCode": "CP-401405",
"operationSetCode": "NuGetSign",
"parameters": [],
"toolName": "sign",
"toolVersion": "1.0"
},
{
"keyCode": "CP-401405",
"operationSetCode": "NuGetVerify",
"parameters": [ ],
"toolName": "sign",
"toolVersion": "1.0"
}
]
SessionTimeout: 180
VerboseLogin: true
34 changes: 34 additions & 0 deletions .azure/pipelines/templates/vars.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
# It seems that variables must be defined in their own file when using templates

variables:
build_flags: ' /m /v:m'
solution: 'AutoGen.sln'
codesign_runtime: '2.1.x'
GDN_SUPPRESS_FORKED_BUILD_WARNING: true # Avoid warning "Guardian is not supported for builds from forked GitHub repositories"
MicroBuildOutputFolderOverride: '$(Agent.TempDirectory)'
# Auto-injection is not necessary because the tasks are explicitly included where they're enabled.
Codeql.SkipTaskAutoInjection: true
${{ if eq(variables['System.TeamProject'], 'GitHub - PR Builds') }}:
pool_name: '1es-agpublish-pool'
pool_image: 'agpublish-agent-image'
official_build: false
${{ else }}:
${{ if eq(variables['System.TeamProject'], 'internal') }}:
pool_name: '1es-agpublish-pool'
pool_image: 'agpublish-agent-image'
${{ else }}:
pool_name: '1es-agpublish-pool'
pool_image: 'agpublish-agent-image'
official_build: true
# Do not let CodeQL3000 Extension gate scan frequency.
Codeql.Cadence: 0
# Enable CodeQL3000 unconditionally so it may be run on any branch.
Codeql.Enabled: true
# Ignore test and infrastructure code.
Codeql.SourceRoot: src
# CodeQL3000 needs this plumbed along as a variable to enable TSA. Don't use TSA in manual builds.
Codeql.TSAEnabled: ${{ eq(variables['Build.Reason'], 'Schedule') }}
# Default expects tsaoptions.json under SourceRoot.
Codeql.TSAOptionsPath: '$(Build.SourcesDirectory)/.config/tsaoptions.json'
# Do not slow builds down w/ the CodeQL3000 tasks unless this is a nightly build or it's requested.
runCodeQL3000: ${{ or(eq(variables['Build.Reason'], 'Schedule'), and(eq(variables['Build.Reason'], 'Manual'), eq(parameters.runCodeQL3000, 'true'))) }}
22 changes: 22 additions & 0 deletions .github/workflows/checks.yml
Original file line number Diff line number Diff line change
Expand Up @@ -153,6 +153,27 @@ jobs:
poe --directory ${{ matrix.package }} docs-check
working-directory: ./python

docs-example-check:
runs-on: ubuntu-latest
strategy:
matrix:
package: ["./packages/autogen-core"]
steps:
- uses: actions/checkout@v4
- uses: astral-sh/setup-uv@v3
with:
enable-cache: true
- uses: actions/setup-python@v5
with:
python-version: "3.11"
- run: uv sync --locked --all-extras
working-directory: ./python
- name: Run task
run: |
source ${{ github.workspace }}/python/.venv/bin/activate
poe --directory ${{ matrix.package }} docs-check-examples
working-directory: ./python

check-proto-changes-python:
runs-on: ubuntu-latest
steps:
Expand All @@ -169,6 +190,7 @@ jobs:
run: |
source ${{ github.workspace }}/python/.venv/bin/activate
poe gen-proto
poe gen-test-proto
working-directory: ./python
- name: Check if there are uncommited changes
id: changes
Expand Down
Loading

0 comments on commit d316e41

Please sign in to comment.