From 0db186c75896a516b409274b45136714230d60ab Mon Sep 17 00:00:00 2001
From: Manuel de la Pena <mandel@microsoft.com>
Date: Tue, 8 Oct 2024 12:37:10 -0400
Subject: [PATCH] [CI] Move the release steps to a new pipeline. (#21383)

This new pipeline will only be executed when the CI build is completed
by any of the branches that have been listed to be included in the
trigger.

This pipeline because it does a release has to extend the 1ES template.

---------

Co-authored-by: Rolf Bjarne Kvinge <rolf@xamarin.com>
---
 .../run-post-ci-build-vs-insertion.yml        | 87 +++++++++++++++++++
 1 file changed, 87 insertions(+)
 create mode 100644 tools/devops/automation/run-post-ci-build-vs-insertion.yml

diff --git a/tools/devops/automation/run-post-ci-build-vs-insertion.yml b/tools/devops/automation/run-post-ci-build-vs-insertion.yml
new file mode 100644
index 00000000000..b11f9fda108
--- /dev/null
+++ b/tools/devops/automation/run-post-ci-build-vs-insertion.yml
@@ -0,0 +1,87 @@
+# YAML pipeline for post build operations. 
+# This pipeline will sign the nugets and will prepare them for a release.
+
+trigger: none
+pr: none
+
+parameters:
+
+  - name: stageDisplayNamePrefix
+    type: string
+    default: ''
+
+  - name: repositoryAlias
+    type: string
+    default: self
+
+  - name: commit
+    type: string
+    default: HEAD
+
+  - name: pushNugets
+    type: boolean
+    default: true # default to true until otherwhise
+
+  - name: pushNugetsToMaestro
+    type: boolean
+    default: true
+
+# we cannot use a template in a pipeline context
+resources:
+  pipelines:
+    - pipeline: macios
+      source: \Xamarin\Mac-iOS\ci pipelines\xamarin-macios-ci
+      trigger:
+        branches:
+          include:
+            - main
+            - release-test/*
+            - release/*
+            - net7.0
+            - net8.0
+            - net9.0
+            - net10.0
+            - xcode??
+        stages:
+          - build_packages
+
+extends:
+  template: azure-pipelines/MicroBuild.1ES.Official.yml@CustomPipelineTemplates
+  parameters:
+    pool:  # default pool to be used for validation jobs
+      name: AzurePipelines-EO
+      image: 1ESPT-Windows2022
+      os: windows
+    sdl:
+      baseline:
+        baselineFile: '$(System.DefaultWorkingDirectory)\\xamarin-macios\\tools\\devops\\governance\\baselines.gdnbaselines'
+      suppression:
+        suppressionFile: '$(System.DefaultWorkingDirectory)\\xamarin-macios\\tools\\devops\\governance\\suppress.gdnsuppress'
+      sourceAnalysisPool:
+        name: AzurePipelines-EO
+        image: 1ESPT-Windows2022
+        os: windows
+      tsa:
+        configFile: '$(System.DefaultWorkingDirectory)\\xamarin-macios\\tools\\devops\\governance\\tsa_config.gdntsa'
+      sbom:
+        enabled: false  # we run our on sbom generation
+      credscan:
+        suppressionsFile: '$(System.DefaultWorkingDirectory)\\xamarin-macios\\tools\\devops\\governance\\CredScanSuppressions.json'
+      policheck:
+        exclusionsFile: '$(System.DefaultWorkingDirectory)\\xamarin-macios\\tools\\devops\\governance\\PoliCheckExclusions.xml'
+      sourceRepositoriesToScan:
+        runInSingleJob: true  # run both maccore and macios in the same job
+        include:
+          - repository: maccore
+        exclude:
+          - repository: yaml-templates
+          - repository: sdk-insertions
+    stages:
+      - template: templates/release/vs-insertion-prep.yml
+        parameters:
+          stageDisplayNamePrefix: ${{ parameters.stageDisplayNamePrefix }}
+          isPR: false
+          repositoryAlias: ${{ parameters.repositoryAlias }}
+          commit: ${{ parameters.commit }}
+          pushNugets: ${{ parameters.pushNugets }}
+          pushNugetsToMaestro: ${{ parameters.pushNugetsToMaestro }}