@@ -23,10 +23,10 @@ parameters:
2323# As an entrypoint pipeline yml file, all parameters here show up in the Queue Run dialog.
2424# If any paramaters should NOT be queue-time options, they should be removed from here
2525# and references to them in this file replaced with hard-coded values.
26- - name : RealSign
27- displayName : Real sign?
26+ - name : ForceOfficialBuild
27+ displayName : Official build ( sign, compliance, etc.)
2828 type : boolean
29- default : false
29+ default : false # this should remain false so PR builds using this pipeline are unofficial
3030# - name: ShouldSkipOptimize # Uncomment this and references to it below when setting EnableOptProf to true in build.yml.
3131# displayName: Skip OptProf optimization
3232# type: boolean
@@ -39,12 +39,8 @@ parameters:
3939 displayName : Run tests
4040 type : boolean
4141 default : true
42- - name : EnableCompliance
43- displayName : Run Compliance Tools
44- type : boolean
45- default : true
4642- name : EnableAPIScan
47- displayName : Include APIScan with Compliance tools
43+ displayName : Include APIScan with compliance tools
4844 type : boolean
4945 default : false # enable in individual repos only AFTER updating TSAOptions.json with your own values
5046
@@ -59,18 +55,22 @@ variables:
5955- template : GlobalVariables.yml
6056
6157extends :
62- ${{ if parameters.EnableCompliance }} :
58+ ${{ if or( parameters.ForceOfficialBuild, eq(variables['Build.Reason'],'Schedule')) }} :
6359 template : azure-pipelines/MicroBuild.1ES.Official.yml@MicroBuildTemplate
6460 parameters :
6561 sdl :
6662 sourceAnalysisPool : VSEngSS-MicroBuild2022-1ES
63+ codeSignValidation :
64+ enabled : true
65+ break : true
66+ additionalTargetsGlobPattern : -|Variables-*\*.ps1;-|APIScanInputs-*\**;-|test_symbols-*\**;-|MicroBuild\**
6767 policheck :
6868 enabled : true
6969 exclusionsFile : $(System.DefaultWorkingDirectory)\azure-pipelines\PoliCheckExclusions.xml
7070 suppression :
7171 suppressionFile : $(System.DefaultWorkingDirectory)\azure-pipelines\falsepositives.gdnsuppress
7272 sbom :
73- enabled : ${{ or(parameters.RealSign, eq(variables['Build.Reason'],'Schedule')) }} # Disable the generation for SBOMs for artifacts in unsigned builds since it's slow
73+ enabled : true
7474 stages :
7575 - stage : Build
7676 variables :
@@ -79,9 +79,9 @@ extends:
7979 - template : /azure-pipelines/build.yml@self
8080 parameters :
8181 Is1ESPT : true
82- RealSign : ${{ or(parameters.RealSign, eq(variables['Build.Reason'],'Schedule')) }}
82+ RealSign : true
8383 # ShouldSkipOptimize: ${{ parameters.ShouldSkipOptimize }}
84- EnableAPIScan : ${{ and(parameters.EnableCompliance, parameters. EnableAPIScan, ne(variables['Build.Reason'], 'pullRequest')) }}
84+ EnableAPIScan : ${{ and(parameters.EnableAPIScan, ne(variables['Build.Reason'], 'pullRequest')) }}
8585 windowsPool : VSEngSS-MicroBuild2022-1ES
8686 linuxPool :
8787 name : AzurePipelines-EO
@@ -96,7 +96,7 @@ extends:
9696 RunTests : ${{ parameters.RunTests }}
9797 - template : /azure-pipelines/prepare-insertion-stages.yml@self
9898 parameters :
99- RealSign : ${{ or(parameters.RealSign, eq(variables['Build.Reason'],'Schedule')) }}
99+ RealSign : true
100100 ${{ else }} :
101101 template : azure-pipelines/MicroBuild.1ES.Unofficial.yml@MicroBuildTemplate
102102 parameters :
@@ -112,9 +112,9 @@ extends:
112112 - template : /azure-pipelines/build.yml@self
113113 parameters :
114114 Is1ESPT : true
115- RealSign : ${{ or(parameters.RealSign, eq(variables['Build.Reason'],'Schedule')) }}
115+ RealSign : false
116116 # ShouldSkipOptimize: ${{ parameters.ShouldSkipOptimize }}
117- EnableAPIScan : ${{ and(parameters.EnableCompliance, parameters.EnableAPIScan, ne(variables['Build.Reason'], 'pullRequest')) }}
117+ EnableAPIScan : false
118118 windowsPool : VSEngSS-MicroBuild2022-1ES
119119 linuxPool :
120120 name : AzurePipelines-EO
@@ -129,4 +129,4 @@ extends:
129129 RunTests : ${{ parameters.RunTests }}
130130 - template : /azure-pipelines/prepare-insertion-stages.yml@self
131131 parameters :
132- RealSign : ${{ or(parameters.RealSign, eq(variables['Build.Reason'],'Schedule')) }}
132+ RealSign : false
0 commit comments