1ES Pipelines Template Adoption (#1020)

* 1ES Pipelines Template Adoption - Added 1Es templates for azure-pipelines-extensions.yml - Changed pools for windows/ubuntu to 1ES pools * 1ES Pipelines Template Adoption - Guardian set up * 1ES Pipelines Template Adoption - Guardian set up * 1ES Pipelines Template Adoption - Guardian set up * 1ES Pipelines Template Adoption - Guardian set up * 1ES Pipelines Template Adoption - swith to 1ESPtTfsAgentBuildPool1 pool * 1ES Pipelines Template Adoption - swith to 1ES-ABTT-Shared-Pool pool * 1ES Pipelines Template Adoption - swith to 1ES-ABTT-Shared-Pool pool
microsoft · Feb 14, 2024 · e141f49 · e141f49
1 parent cc54289
commit e141f49
Show file tree

Hide file tree

Showing 2 changed files with 134 additions and 54 deletions.
diff --git a/.gdn/.gdnbaselines b/.gdn/.gdnbaselines
@@ -0,0 +1,53 @@
+{
+  "hydrated": false,
+  "properties": {
+    "helpUri": "https://eng.ms/docs/microsoft-security/security/azure-security/cloudai-security-fundamentals-engineering/security-integration/guardian-wiki/microsoft-guardian/general/baselines",
+    "hydrationStatus": "This file does not contain identifying data. It is safe to check into your repo. To hydrate this file with identifying data, run `guardian hydrate --help` and follow the guidance."
+  },
+  "version": "1.0.0",
+  "baselines": {
+    "default": {
+      "name": "default",
+      "createdDate": "2024-02-12 09:43:39Z",
+      "lastUpdatedDate": "2024-02-12 09:43:39Z"
+    }
+  },
+  "results": {
+    "b69db68dbaeed34dc8e8a9d95f105cf988a082dd0b40df9b906012a9e9667d78": {
+      "signature": "b69db68dbaeed34dc8e8a9d95f105cf988a082dd0b40df9b906012a9e9667d78",
+      "alternativeSignatures": [
+        "867f1b2f02684cdad1fa698b1b1da6faea6379a658c7d12f35712aa7f19f82b1"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Needs to read user's input",
+      "createdDate": "2024-02-12 09:43:39Z",
+      "expirationDate": null
+    },
+    "2ee0cc2e621864121ae6c020602e5523286faca343e102e5f781a33acca01972": {
+      "signature": "2ee0cc2e621864121ae6c020602e5523286faca343e102e5f781a33acca01972",
+      "alternativeSignatures": [
+        "20b29bfc53a5caeadea6bc5f6c567cb18366e6b0c38ccda850550eec6d2d1c6d"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Needs to read user's input",
+      "createdDate": "2024-02-12 09:43:39Z",
+      "expirationDate": null
+    },
+    "45ad44eaa03776fe24b72384ae78ed4a319fefcabf04f4d90302da421bdb2425": {
+      "signature": "45ad44eaa03776fe24b72384ae78ed4a319fefcabf04f4d90302da421bdb2425",
+      "alternativeSignatures": [
+        "1ad54a7a814514c10f5323d007fca8a792f9836acef8822d23f44191f5fdb6df"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Needs to read user's input",
+      "createdDate": "2024-02-12 09:43:39Z",
+      "expirationDate": null
+    }
+  }
+}
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
@@ -1,3 +1,6 @@
+# This Yaml Document has been converted by ESAI Yaml Pipeline Conversion Tool.
+# This pipeline will be extended to the OneESPT template
+# The Task 'PublishPipelineArtifact@1' has been converted to an output named '' in the templateContext section.
 trigger:
 - master
 - features/*
@@ -8,60 +11,84 @@ variables:
   - name: nodeVersion
     value: '16.13.0'
 
-jobs:
-#################################################
-- job: windows
-#################################################
-  displayName: windows
-  pool:
-    vmImage: windows-2022
+resources:
+  repositories:
+  - repository: 1ESPipelineTemplates
+    type: git
+    name: 1ESPipelineTemplates/1ESPipelineTemplates
+    ref: refs/tags/release
+extends:
+  template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
+  parameters:
+    featureFlags:
+      autoBaseline: false
+    sdl:
+      baseline:
+        baselineSet: default
+        baselineFile: $(Build.SourcesDirectory)/.gdn/.gdnbaselines
+      sourceAnalysisPool:
+        name: 1ES-ABTT-Shared-Pool
+        image: abtt-windows-2022
+        os: windows
+    customBuildTags:
+    - ES365AIMigrationTooling
+    stages:
+    - stage: stage
+      jobs:
+      #################################################
+      - job: windows
+      #################################################
+        displayName: windows
+        pool:
+          name: 1ES-ABTT-Shared-Pool
+          image: abtt-windows-2022
+          os: windows
+        steps:
+        - template: /azure-pipelines-steps-node.yml@self
+          parameters:
+            nodeVersion: $(nodeVersion)
+        - template: /azure-pipelines-steps-test-build.yml@self
 
-  steps:
-    - template: azure-pipelines-steps-node.yml
-      parameters:
-        nodeVersion: $(nodeVersion)
+      #################################################
+      - job: linux
+      #################################################
+        displayName: Linux
+        pool:
+          name: 1ES-ABTT-Shared-Pool
+          image: abtt-ubuntu-2204
+          os: linux
+        templateContext:
+          outputs:
+          - output: pipelineArtifact
+            targetPath: 'node/_build'
+            artifactType: 'pipeline'
+            artifactName: 'npm-package'
+        steps:
+        - template: /azure-pipelines-steps-node.yml@self
+          parameters:
+            nodeVersion: $(nodeVersion)
+        - template: /azure-pipelines-steps-test-build.yml@self
+        # For CI runs on master, automatically publish packages
+        - bash: |
+            echo //registry.npmjs.org/:_authToken=\${NPM_TOKEN} > .npmrc
+            npm publish || true # Ignore publish failures, usually will happen because package already exists
+          displayName: npm publish
+          workingDirectory: node/_build
+          condition: and(succeeded(), in(variables['build.reason'], 'IndividualCI', 'BatchedCI', 'Manual'), in(variables['build.sourcebranch'], 'refs/heads/master'))
+          env:
+            NPM_TOKEN: $(npm-automation.token)
 
-    - template: azure-pipelines-steps-test-build.yml
+      #################################################
+      - job: macOS
+      #################################################
+        displayName: macOS
+        pool:
+          name: Azure Pipelines
+          image: macOS-latest
+          os: macOS
+        steps:
+        - template: /azure-pipelines-steps-node.yml@self
+          parameters:
+            nodeVersion: $(nodeVersion)
 
-#################################################
-- job: linux
-#################################################
-  displayName: Linux
-  pool:
-    vmImage: ubuntu-22.04
-
-  steps:
-  - template: azure-pipelines-steps-node.yml
-    parameters:
-      nodeVersion: $(nodeVersion)
-  - template: azure-pipelines-steps-test-build.yml
-
-  - task: PublishPipelineArtifact@1
-    inputs:
-      targetPath: 'node/_build'
-      artifactType: 'pipeline'
-      artifactName: 'npm-package'
-
-  # For CI runs on master, automatically publish packages
-  - bash: |
-        echo //registry.npmjs.org/:_authToken=\${NPM_TOKEN} > .npmrc
-        npm publish || true # Ignore publish failures, usually will happen because package already exists
-    displayName: npm publish
-    workingDirectory: node/_build
-    condition: and(succeeded(), in(variables['build.reason'], 'IndividualCI', 'BatchedCI', 'Manual'), in(variables['build.sourcebranch'], 'refs/heads/master'))
-    env:
-      NPM_TOKEN: $(npm-automation.token)
-
-#################################################
-- job: macOS
-#################################################
-  displayName: macOS
-  pool:
-    vmImage: macOS-12
-
-  steps:
-    - template: azure-pipelines-steps-node.yml
-      parameters:
-        nodeVersion: $(nodeVersion)
-
-    - template: azure-pipelines-steps-test-build.yml
+        - template: /azure-pipelines-steps-test-build.yml@self