parameters: - name: official type: boolean default: false - name: branding type: string default: Release values: - Release - Preview - Canary - Dev - name: buildTerminal type: boolean default: true - name: buildConPTY type: boolean default: false - name: buildWPF type: boolean default: false - name: pgoBuildMode type: string default: Optimize values: - Optimize - Instrument - None - name: buildConfigurations type: object default: - Release - name: buildPlatforms type: object default: - x64 - x86 - arm64 - name: codeSign type: boolean default: true - name: terminalInternalPackageVersion type: string default: '0.0.8' - name: publishSymbolsToPublic type: boolean default: true - name: symbolExpiryTime type: string default: 36530 # This is the default from PublishSymbols@2 - name: createVpack type: boolean default: false - name: publishVpackToWindows type: boolean default: false - name: symbolPublishingSubscription type: string - name: symbolPublishingProject type: string - name: extraPublishJobs type: object default: [] - name: signingIdentity type: object default: {} resources: repositories: - repository: templates type: git name: OneBranch.Pipelines/GovernedTemplates ref: refs/heads/main extends: ${{ if eq(parameters.official, true) }}: template: v2/Microsoft.Official.yml@templates # https://aka.ms/obpipelines/templates ${{ else }}: template: v2/Microsoft.NonOfficial.yml@templates parameters: featureFlags: WindowsHostVersion: Version: 2022 Network: R1 platform: name: 'windows_undocked' product: 'Windows Terminal' cloudvault: # https://aka.ms/obpipelines/cloudvault enabled: false globalSdl: # https://aka.ms/obpipelines/sdl enableCheckCFlags: false # CheckCFlags is broken and exploding our builds; to remove, :g/BAD-FLAGS/d isNativeCode: true prefast: enabled: true asyncSdl: enabled: true tsaOptionsFile: 'build/config/tsa.json' tsa: enabled: true configFile: '$(Build.SourcesDirectory)\build\config\tsa.json' binskim: break: false scanOutputDirectoryOnly: true policheck: break: false severity: Note baseline: baselineFile: '$(Build.SourcesDirectory)\build\config\release.gdnbaselines' suppressionSet: default stages: - stage: Build displayName: Build dependsOn: [] jobs: - template: ./build/pipelines/templates-v2/job-build-project.yml@self parameters: pool: { type: windows } variables: ob_sdl_checkcflags_enabled: false # BAD-FLAGS ob_sdl_xfgcheck_enabled: false # BAD-FLAGS ob_sdl_prefast_runDuring: Build ob_sdl_checkCompliantCompilerWarnings: true ob_git_checkout: false # This job checks itself out ob_git_skip_checkout_none: true ob_outputDirectory: $(JobOutputDirectory) ob_artifactBaseName: $(JobOutputArtifactName) publishArtifacts: false # Handled by OneBranch branding: ${{ parameters.branding }} buildTerminal: ${{ parameters.buildTerminal }} buildConPTY: ${{ parameters.buildConPTY }} buildWPF: ${{ parameters.buildWPF }} pgoBuildMode: ${{ parameters.pgoBuildMode }} buildConfigurations: ${{ parameters.buildConfigurations }} buildPlatforms: ${{ parameters.buildPlatforms }} generateSbom: false # this is handled by onebranch removeAllNonSignedFiles: true # appease the overlords codeSign: ${{ parameters.codeSign }} signingIdentity: ${{ parameters.signingIdentity }} beforeBuildSteps: # Right before we build, lay down the universal package and localizations - template: ./build/pipelines/templates-v2/steps-setup-versioning.yml@self - task: UniversalPackages@0 displayName: Download terminal-internal Universal Package inputs: feedListDownload: 2b3f8893-a6e8-411f-b197-a9e05576da48 packageListDownload: e82d490c-af86-4733-9dc4-07b772033204 versionListDownload: ${{ parameters.terminalInternalPackageVersion }} - ${{ if eq(parameters.buildWPF, true) }}: # Add an Any CPU build flavor for the WPF control bits - template: ./build/pipelines/templates-v2/job-build-project.yml@self parameters: pool: { type: windows } variables: ob_sdl_checkcflags_enabled: false # BAD-FLAGS ob_sdl_xfgcheck_enabled: false # BAD-FLAGS ob_sdl_prefast_enabled: false # This is a C# build job ob_git_checkout: false # This job checks itself out ob_git_skip_checkout_none: true ob_outputDirectory: $(JobOutputDirectory) ob_artifactBaseName: $(JobOutputArtifactName) publishArtifacts: false # Handled by OneBranch jobName: BuildWPF branding: ${{ parameters.branding }} buildTerminal: false buildWPFDotNetComponents: true buildConfigurations: ${{ parameters.buildConfigurations }} buildPlatforms: - Any CPU generateSbom: false # this is handled by onebranch removeAllNonSignedFiles: true # appease the overlords codeSign: ${{ parameters.codeSign }} signingIdentity: ${{ parameters.signingIdentity }} beforeBuildSteps: - template: ./build/pipelines/templates-v2/steps-setup-versioning.yml@self # WPF doesn't need the localizations or the universal package, but if it does... put them here. - stage: Package displayName: Package dependsOn: [Build] jobs: - ${{ if eq(parameters.buildTerminal, true) }}: - template: ./build/pipelines/templates-v2/job-merge-msix-into-bundle.yml@self parameters: pool: { type: windows } variables: ob_sdl_checkcflags_enabled: false # BAD-FLAGS ob_sdl_xfgcheck_enabled: false # BAD-FLAGS ob_sdl_prefast_enabled: false # This is a collection of powershell scripts ob_git_checkout: false # This job checks itself out ob_git_skip_checkout_none: true ob_outputDirectory: $(JobOutputDirectory) ob_artifactBaseName: $(JobOutputArtifactName) ### This job is also in charge of submitting the vpack to Windows if it's enabled ob_createvpack_enabled: ${{ and(parameters.buildTerminal, parameters.createVpack) }} ob_updateOSManifest_enabled: ${{ and(parameters.buildTerminal, parameters.createVpack, parameters.publishVpackToWindows) }} ### If enabled above, these options are in play. ob_createvpack_packagename: 'WindowsTerminal.app' ob_createvpack_owneralias: 'conhost@microsoft.com' ob_createvpack_description: 'VPack for the Windows Terminal Application' ob_createvpack_targetDestinationDirectory: '$(Destination)' ob_createvpack_propsFile: false ob_createvpack_provData: true ob_createvpack_metadata: '$(Build.SourceVersion)' ob_createvpack_topLevelRetries: 0 ob_createvpack_failOnStdErr: true ob_createvpack_taskLogVerbosity: Detailed ob_createvpack_verbose: true ob_createvpack_vpackdirectory: '$(JobOutputDirectory)\vpack' ob_createvpack_versionAs: string ob_createvpack_version: '$(XES_PACKAGEVERSIONNUMBER)' ob_updateOSManifest_gitcheckinConfigPath: '$(Build.SourcesDirectory)\build\config\GitCheckin.json' # We're skipping the 'fetch' part of the OneBranch rules, but that doesn't mean # that it doesn't expect to have downloaded a manifest directly to some 'destination' # folder that it can then update and upload. # Effectively: it says "destination" but it means "source" # DH: Don't ask why. ob_updateOSManifest_destination: $(XES_VPACKMANIFESTDIRECTORY) ob_updateOSManifest_skipFetch: true publishArtifacts: false # Handled by OneBranch jobName: Bundle branding: ${{ parameters.branding }} buildConfigurations: ${{ parameters.buildConfigurations }} buildPlatforms: ${{ parameters.buildPlatforms }} generateSbom: false # Handled by onebranch codeSign: ${{ parameters.codeSign }} signingIdentity: ${{ parameters.signingIdentity }} afterBuildSteps: # This directory has to exist, even if we aren't using createvpack, because the Guardian rules demand it. - pwsh: |- New-Item "$(JobOutputDirectory)/vpack" -Type Directory displayName: Make sure the vpack directory exists - ${{ if parameters.createVpack }}: - pwsh: |- Copy-Item -Verbose -Path "$(MsixBundlePath)" -Destination (Join-Path "$(JobOutputDirectory)/vpack" 'Microsoft.WindowsTerminal_8wekyb3d8bbwe.msixbundle') displayName: Stage msixbundle for vpack - ${{ if eq(parameters.buildConPTY, true) }}: - template: ./build/pipelines/templates-v2/job-package-conpty.yml@self parameters: pool: { type: windows } variables: ob_sdl_checkcflags_enabled: false # BAD-FLAGS ob_sdl_xfgcheck_enabled: false # BAD-FLAGS ob_sdl_prefast_enabled: false # This is a collection of powershell scripts ob_git_checkout: false # This job checks itself out ob_git_skip_checkout_none: true ob_outputDirectory: $(JobOutputDirectory) ob_artifactBaseName: $(JobOutputArtifactName) publishArtifacts: false # Handled by OneBranch buildConfigurations: ${{ parameters.buildConfigurations }} buildPlatforms: ${{ parameters.buildPlatforms }} generateSbom: false # this is handled by onebranch codeSign: ${{ parameters.codeSign }} signingIdentity: ${{ parameters.signingIdentity }} - ${{ if eq(parameters.buildWPF, true) }}: - template: ./build/pipelines/templates-v2/job-build-package-wpf.yml@self parameters: pool: { type: windows } variables: ob_sdl_checkcflags_enabled: false # BAD-FLAGS ob_sdl_xfgcheck_enabled: false # BAD-FLAGS ob_sdl_prefast_enabled: false # This is a collection of powershell scripts ob_git_checkout: false # This job checks itself out ob_git_skip_checkout_none: true ob_outputDirectory: $(JobOutputDirectory) ob_artifactBaseName: $(JobOutputArtifactName) publishArtifacts: false # Handled by OneBranch buildConfigurations: ${{ parameters.buildConfigurations }} buildPlatforms: ${{ parameters.buildPlatforms }} generateSbom: false # this is handled by onebranch codeSign: ${{ parameters.codeSign }} signingIdentity: ${{ parameters.signingIdentity }} - stage: Publish displayName: Publish dependsOn: [Build] jobs: - template: ./build/pipelines/templates-v2/job-publish-symbols-using-symbolrequestprod-api.yml@self parameters: pool: { type: windows } includePublicSymbolServer: ${{ parameters.publishSymbolsToPublic }} symbolExpiryTime: ${{ parameters.symbolExpiryTime }} subscription: ${{ parameters.symbolPublishingSubscription }} symbolProject: ${{ parameters.symbolPublishingProject }} variables: ob_sdl_checkcflags_enabled: false # BAD-FLAGS ob_sdl_xfgcheck_enabled: false # BAD-FLAGS ob_sdl_prefast_enabled: false # This is a collection of powershell scripts ob_git_checkout: false # This job checks itself out ob_git_skip_checkout_none: true ob_outputDirectory: $(Build.ArtifactStagingDirectory) # Without this, OneBranch will nerf our symbol tasks ob_symbolsPublishing_enabled: true - ${{ parameters.extraPublishJobs }}