forked from microsoft/CCF
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.azure-pipelines.yml
77 lines (67 loc) · 2.22 KB
/
.azure-pipelines.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
trigger:
batch: true
branches:
include:
- main
- "refs/tags/ccf-*"
pr:
autoCancel: true
branches:
include:
- main
- "release/*"
paths:
include:
- "*"
schedules:
- cron: "0 3 * * Mon-Fri"
displayName: Daily morning build
branches:
include:
- main
- "release/*"
exclude:
- "release/[0-2].x"
always: true
resources:
containers:
- container: virtual
image: ccfmsrc.azurecr.io/ccf/ci:26-10-2023-virtual-clang15
options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro
- container: snp
image: ccfmsrc.azurecr.io/ccf/ci:26-10-2023-snp-clang15
options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro
- container: sgx
image: ccfmsrc.azurecr.io/ccf/ci:26-10-2023-sgx
options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx -v /lib/modules:/lib/modules:ro
variables:
${{ if startsWith(variables['Build.SourceBranch'], 'refs/tags/ccf-') }}:
perf_or_release: release
perf_tests: no_run
${{ if not(startsWith(variables['Build.SourceBranch'], 'refs/tags/ccf-')) }}:
perf_or_release: perf
perf_tests: run
jobs:
- template: .azure-pipelines-templates/configure.yml
- template: .azure-pipelines-templates/matrix.yml
parameters:
perf_or_release: ${{ variables['perf_or_release'] }}
perf_tests: ${{ variables['perf_tests'] }}
- job: CredScan
variables:
Codeql.SkipTaskAutoInjection: true
skipComponentGovernanceDetection: true
pool:
vmImage: "ubuntu-20.04"
steps:
# Scan for credentials in the repo
- task: CredScan@3
inputs:
suppressionsFile: .gdn/CredScanSuppressions.json
# To suppress folders, rather than individual files, we require both of the following options
debugMode: true
folderSuppression: true
# Break the build if any credentials (or other Guardian scans) find issues
- task: PostAnalysis@2
inputs:
GdnBreakAllTools: true