Add DevOps pipelines files (#1)

2020-04-01 12:55:06 -07:00
parent 8e7bf52bbc
commit cea8860d58
3 changed files with 397 additions and 0 deletions
--- a/DevOpsPipelineDefinitions/validation-pipeline.yaml
+++ b/DevOpsPipelineDefinitions/validation-pipeline.yaml
@@ -0,0 +1,107 @@
+# Validation pipeline for manifest on pull requests.
+
+# Name of the run
+name: '$(Build.DefinitionName)-$(Build.DefinitionVersion)-$(System.PullRequest.PullRequestNumber)-$(Date:yyyyMMdd)-$(Rev:r)'
+
+trigger: none
+pr: none
+
+jobs:
+
+# Agent phase. Process pull request changes and validate manifests.
+- job: 'FileValidation'
+  displayName: 'Pull Request Validation'
+  pool:
+    vmImage: 'windows-latest'
+  steps:
+
+  # Downloads all the setup files and its dependencies.
+  - task: AzureCLI@1
+    displayName: 'Azure Setup'
+    inputs:
+      azureSubscription: '$(PackageManagerSubscription)'
+      scriptLocation: inlineScript
+      inlineScript: 'az storage blob download-batch -d . --pattern * -s servicewrapper --output none'
+    env:
+      AZURE_STORAGE_CONNECTION_STRING: $(ValidationStorageAccountConnectionString)
+
+  # PackageManager setup
+  - script: 'pkgmgr_validation_setup.cmd'
+    name: 'pkgmgrsetup'
+    displayName: 'PackageManager Setup'
+    workingDirectory: scripts
+    env:
+      HOST_KEY: $(AzureFunctionHostKey)
+      SMART_SCREEN_ENDPOINT: $(PackageManagerSmartScreenEndpoint)
+      SCAN_ENDPOINT: $(PackageManagerScanEndpoint)
+
+  # Validates integrity of pull request.
+  - task: CmdLine@2
+    displayName: 'Validate Pull Request'
+    inputs:
+      script: 'PackageManagerServiceWrapper.exe process-pr --operationId %BUILD_BUILDNUMBER%'
+      failOnStderr: true
+    condition: succeeded()
+    env:
+      AzureWebJobsStorage: $(ValidationStorageAccountConnectionString)
+      DIApplicationInsightKey: $(DIApplicationInsightKey)
+
+  # Validates manifest integrity.
+  - task: CmdLine@2
+    displayName: 'Validate Manifest'
+    inputs:
+      script: 'PackageManagerServiceWrapper.exe validate-manifests --operationId %BUILD_BUILDNUMBER%'
+      failOnStderr: true
+    condition: succeeded()
+    env:
+      AzureWebJobsStorage: $(ValidationStorageAccountConnectionString)
+      DIApplicationInsightKey: $(DIApplicationInsightKey)
+
+# Agentless phase. Depends on previous job.
+- job: 'ContentValidation'
+  pool: server
+  displayName: 'Manifest Content Validation'
+  timeoutInMinutes: 1500
+  dependsOn:
+    - 'FileValidation'
+  variables:
+    HostKeySecret: $[ dependencies.FileValidation.outputs['pkgmgrsetup.hostkey']]
+    SmartScreenEndpointSecret: $[ dependencies.FileValidation.outputs['pkgmgrsetup.smartScreenEndpoint']]
+    ScanEndpointSecret: $[ dependencies.FileValidation.outputs['pkgmgrsetup.scanEndpoint']]
+  steps:
+
+  # Scans all the urls from manifest contents.
+  - task: AzureFunction@1
+    displayName: 'Validation URLs in manifest files'
+    inputs:
+      function: '$(SmartScreenEndpointSecret)'
+      key: '$(HostKeySecret)'
+      body: |
+        {
+        "operationId": "$(Build.BuildNumber)",
+        "ProjectId": "$(system.TeamProjectId)",
+        "PlanId": "$(system.PlanId)", 
+        "JobId": "$(system.JobId)", 
+        "TimelineId": "$(system.TimelineId)", 
+        "TaskInstanceId": "$(system.TaskInstanceId)",
+        "AuthToken": "$(system.AccessToken)"
+        }
+      waitForCompletion: "true"
+
+  # Scan installers in manifests.
+  - task: AzureFunction@1
+    displayName: 'Installers Scan'
+    inputs:
+      function: '$(ScanEndpointSecret)'
+      key: '$(HostKeySecret)'
+      body: |
+        {
+        "operationId": "$(Build.BuildNumber)",
+        "ProjectId": "$(system.TeamProjectId)",
+        "PlanId": "$(system.PlanId)", 
+        "JobId": "$(system.JobId)", 
+        "TimelineId": "$(system.TimelineId)", 
+        "TaskInstanceId": "$(system.TaskInstanceId)",
+        "AuthToken": "$(system.AccessToken)"
+        }
+      waitForCompletion: "true"