# Release pipeline # Variable 'prerelease' was defined in the Variables tab # Variable 'prereleaseTag' was defined in the Variables tab # Variable 'publishVersion' was defined in the Variables ta pr: none trigger: none variables: - group: "Github and NPM secrets" - group: InfoSec-SecurityResults - name: tags value: production,externalfacing jobs: # These steps have to run on a windows machine, # and therefore unfortunately can't be integrated in the regular steps - job: Compliance displayName: Compliance checks pool: uifabric-windows-2019-small workspace: clean: all steps: - task: UseDotNet@2 condition: succeededOrFailed() displayName: "Use .NET Core sdk 3.x" inputs: version: 3.x steps: - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3 condition: succeededOrFailed() displayName: "🧭 Run Credential Scanner" inputs: debugMode: false - task: securedevelopmentteam.vss-secure-development-tools.build-task-eslint.ESLint@1 condition: succeededOrFailed() displayName: "🧭 Run ESLint" - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@3 displayName: "🧭 Publish Guardian Artifacts - All Tools" inputs: ArtifactType: M365 condition: succeededOrFailed() - task: AssetRetention@3 displayName: 🧭 Arrow Retention inputs: ArrowServiceConnection: "Arrow_uifabric_uifabric_PROD" AssetGroupName: "$(System.TeamProject)_$(Build.DefinitionName)" AssetNumber: "$(Build.BuildId)" IsShipped: false DropsToRetain: "CodeAnalysisLogs" condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main')) - task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2 displayName: "🧭 Guardian Break" inputs: GdnBreakPolicyMinSev: Warning GdnBreakAllTools: true GdnBreakGdnToolESLint: true GdnBreakGdnToolESLintSeverity: Warning GdnBreakPolicy: M365 condition: succeededOrFailed() - job: Release dependsOn: Compliance pool: "1ES-Host-Ubuntu" workspace: clean: all steps: # For multiline scripts, we want the whole task to fail if any line of the script fails. # ADO doesn't have bash configured this way by default. To fix we override the SHELLOPTS built-in variable. # https://www.gnu.org/software/bash/manual/html_node/The-Set-Builtin.html # The options below include ADO defaults (braceexpand:hashall:interactive-comments) plus # errexit:errtrace for better error behavior. - script: | echo "##vso[task.setvariable variable=shellopts]braceexpand:hashall:interactive-comments:errexit:errtrace" displayName: Force exit on error (bash) - script: | git checkout --track "origin/${BUILD_SOURCEBRANCH//refs\/heads\/}" git pull displayName: Re-attach HEAD - task: NodeTool@0 inputs: versionSpec: "16.x" checkLatest: true displayName: "Install Node.js" - script: npm install displayName: Install dependencies - script: | git config user.name "Fluent UI Build" git config user.email "fluentui-internal@service.microsoft.com" git remote set-url origin https://$(githubUser):$(githubPAT)@github.com/microsoft/use-disposable.git displayName: Authenticate git for pushes - script: | echo '//registry.npmjs.org/:_authToken=${NPM_TOKEN}' > .npmrc displayName: Write .npmrc - script: | npm run release -- $(publishVersion) --ci displayName: Publish (official) condition: eq(variables.prerelease, false) env: NPM_TOKEN: $(npmToken) - script: | npm run release -- $(publishVersion) --preRelease $(prereleaseTag) --ci displayName: Publish (prerelease) condition: eq(variables.prerelease, true) env: NPM_TOKEN: $(npmToken)