Pipeline improvements and cleanup (#109)

c-ryan-k · web-flow · commit 05318f2f1aa9 · 2022-02-17T10:14:10.000-08:00
* Pipeline improvements

Consolidate release stage logic and adjust conditions

SDL check consolidation / dedupe

Remove unused variables and templates
diff --git a/azure-pipelines/cd.yml b/azure-pipelines/cd.yml
@@ -25,7 +25,6 @@ parameters:
   default: false
 
 variables:
-- template: common/variables.yml
 - name: vmImage
   value: $[variables.${{ parameters.buildAgentVmImageVar }}]
 - name: buildPool
@@ -52,38 +51,17 @@ stages:
     steps:
       - template: common/setup_steps.yml
       - template: common/compile_steps.yml
-      - template: common/check_steps.yml
       - template: common/test_steps.yml
 
 - stage: build
   dependsOn: [test]
   jobs:
-  - job: CredScan
-    displayName: 'Credential Scan'
+  - job: SDLTools
+    displayName: 'SDL checks'
     pool:
       vmImage: windows-latest
     steps:
-    - task: CredScan@3
-      inputs:
-        outputFormat: 'pre'
-        scanFolder: '$(Build.SourcesDirectory)'
-
-    - task: PostAnalysis@1
-      inputs:
-        AllTools: false
-        APIScan: false
-        BinSkim: false
-        CodesignValidation: false
-        CredScan: true
-        FortifySCA: false
-        FxCop: false
-        ModernCop: false
-        PoliCheck: false
-        RoslynAnalyzers: false
-        SDLNativeRules: false
-        Semmle: false
-        TSLint: false
-        ToolLogsNotFoundAction: 'Standard'
+    - template: common/sdl_steps.yml
 
   - job: build_and_package
     displayName: 'Build and Publish Artifacts'
@@ -92,17 +70,15 @@ stages:
       vmImage: $(vmImage)
       demands:
         - ImageOverride -equals $(vmImage)
-    dependsOn: CredScan
+    dependsOn: SDLTools
     steps:
       - template: common/setup_steps.yml
       - template: common/compile_steps.yml
-      - template: common/check_steps.yml
-      - template: common/test_steps.yml
 
-      # modify application insights key for releases
+      # modify application insights key for releases only
       - script: |
           node scripts/modifyPackageJson.js aiKey $(aiKey)
-        displayName: Modify package.json for releases
+        displayName: 'Inject App Insights key'
         condition: and(succeeded(), ${{ parameters.publishExt }})
 
       - template: common/package_steps.yml
@@ -112,6 +88,7 @@ stages:
 - stage: release
   displayName: 'Release to VS Marketplace'
   dependsOn: [test, build]
+  condition: and(succeeded(), ${{ parameters.publishExt }})
   pool:
     name: $(buildPool)
     vmImage: $(vmImage)
@@ -135,26 +112,26 @@ stages:
       - task: NodeTool@0
         inputs:
           versionSpec: '14.x'
-        displayName: Install Node.js
+        displayName: 'Install Node.js'
 
       - script: |
           npm install -g vsce
-        displayName: Install vsce
+        displayName: 'Install VSCE tool'
 
       # publish pre-release vsix to marketplace
       - bash: |
           vsce publish -p $MARKETPLACE_TOKEN --packagePath *.vsix --pre-release
         workingDirectory: '$(System.ArtifactsDirectory)/vsix'
-        displayName: Deploy pre-release VSIX to marketplace
-        condition: and(succeeded(), ${{ parameters.publishExt }}, not(${{ parameters.productionRelease }}))
+        displayName: 'Deploy pre-release VSIX to marketplace'
+        condition: and(succeeded(), not(${{ parameters.productionRelease }}))
         env:
           MARKETPLACE_TOKEN: $(vsciot_marketplace_token)
 
       # publish vsix to marketplace
       - bash: |
           vsce publish -p $MARKETPLACE_TOKEN --packagePath *.vsix
         workingDirectory: '$(System.ArtifactsDirectory)/vsix'
-        displayName: Deploy release VSIX to marketplace
-        condition: and(succeeded(), ${{ parameters.publishExt }}, ${{ parameters.productionRelease }})
+        displayName: 'Deploy release VSIX to marketplace'
+        condition: and(succeeded(), ${{ parameters.productionRelease }})
         env:
           MARKETPLACE_TOKEN: $(vsciot_marketplace_token)
diff --git a/azure-pipelines/ci.yml b/azure-pipelines/ci.yml
@@ -1,28 +1,58 @@
-# now ci is just about pr validation, 
-# since we tend to make strict configurations for our repo, that is,
-# each pr is up to date before merging into develop and no other way
-# to modify develop except the pr flow.
 trigger: none
 
 pr:
 - main
-- develop
-- pre-release-v*
+- dev
 
-strategy:
-  matrix:
-    linux:
-      imageName: 'ubuntu-latest'
-    mac:
-      imageName: 'macos-latest'
-    windows:
-      imageName: 'windows-latest'
+stages:
+- stage: CredScan
+  jobs:
+    - job: run_credscan
+      displayName: 'Run CredScan'
+      pool:
+        vmImage: 'windows-latest'
+      steps:
+        # cred scan
+        - task: CredScan@3
+          displayName: 'Run CredScan'
+          inputs:
+            outputFormat: 'pre'
+            scanFolder: '$(Build.SourcesDirectory)'
 
-pool:
-  vmImage: $(imageName)
+        - task: PostAnalysis@1
+          inputs:
+            AllTools: false
+            APIScan: false
+            BinSkim: false
+            CodesignValidation: false
+            CredScan: true
+            FortifySCA: false
+            FxCop: false
+            ModernCop: false
+            PoliCheck: false
+            RoslynAnalyzers: false
+            SDLNativeRules: false
+            Semmle: false
+            TSLint: false
+            ToolLogsNotFoundAction: 'Standard'
 
-steps:
-  - template: common/setup_steps.yml
-  - template: common/compile_steps.yml
-  - template: common/check_steps.yml
-  - template: common/test_steps.yml
+- stage: Test
+  dependsOn: []
+  jobs:
+  - job: run_tests
+    displayName: 'Run tests'
+    strategy:
+      matrix:
+        linux:
+          imageName: 'ubuntu-latest'
+        mac:
+          imageName: 'macos-latest'
+        windows:
+          imageName: 'windows-latest'
+
+    pool:
+      vmImage: $(imageName)
+    steps:
+      - template: common/setup_steps.yml
+      - template: common/compile_steps.yml
+      - template: common/test_steps.yml
diff --git a/azure-pipelines/common/check_steps.yml b/azure-pipelines/common/check_steps.yml
diff --git a/azure-pipelines/common/compile_steps.yml b/azure-pipelines/common/compile_steps.yml
@@ -1,5 +1,5 @@
 steps:
-  # compiling
+  # Typescript Compile
   - script: |
       npm run compile
-    displayName: Compile Sources
+    displayName: 'Typescript compile'
diff --git a/azure-pipelines/common/package_steps.yml b/azure-pipelines/common/package_steps.yml
@@ -5,34 +5,34 @@ parameters:
   default: false
 
 steps:
-  # split the following two scripts
-  # because of not working issue on windows platform.
   - script: |
       npm install -g vsce
-    displayName: Install vsce
+    displayName: 'Install VSCE tool'
 
   - ${{ if eq(parameters.productionRelease, false) }}:
     - script: |
         vsce package --pre-release
-      displayName: Build pre-release VSIX Package
+      displayName: 'Build pre-release VSIX Package'
 
   - ${{ if eq(parameters.productionRelease, true) }}:
     - script: |
         vsce package
-      displayName: Build VSIX Package
+      displayName: 'Build VSIX Package'
 
   - task: CopyFiles@2
+    displayName: 'Copy VSIX to artifact staging'
     inputs:
       SourceFolder: '$(System.DefaultWorkingDirectory)'
       Contents: '**/*.vsix'
       TargetFolder: '$(Build.ArtifactStagingDirectory)'
   
   - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
-    displayName: 'Generate Software Manifest'
+    displayName: 'Generate software manifest'
     inputs:
       BuildDropPath: '$(Build.ArtifactStagingDirectory)'
 
   - task: PublishPipelineArtifact@1
+    displayName: 'Publish build artifacts'
     inputs:
       targetPath: '$(Build.ArtifactStagingDirectory)'
       artifactType: 'pipeline'
diff --git a/azure-pipelines/common/sdl_steps.yml b/azure-pipelines/common/sdl_steps.yml
@@ -0,0 +1,30 @@
+steps:
+  # cred scan
+  - task: CredScan@3
+    displayName: 'Run CredScan'
+    inputs:
+      outputFormat: 'pre'
+      scanFolder: '$(Build.SourcesDirectory)'
+
+  # poli check
+  - task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@1
+    displayName: 'Run PoliCheck'
+    inputs:
+      targetType: F
+
+  - task: PostAnalysis@1
+    inputs:
+      AllTools: false
+      APIScan: false
+      BinSkim: false
+      CodesignValidation: false
+      CredScan: true
+      FortifySCA: false
+      FxCop: false
+      ModernCop: false
+      PoliCheck: true
+      RoslynAnalyzers: false
+      SDLNativeRules: false
+      Semmle: false
+      TSLint: false
+      ToolLogsNotFoundAction: 'Standard'
diff --git a/azure-pipelines/common/set_release_flags_steps.yml b/azure-pipelines/common/set_release_flags_steps.yml
diff --git a/azure-pipelines/common/setup_steps.yml b/azure-pipelines/common/setup_steps.yml
@@ -3,15 +3,15 @@ steps:
   - task: NodeTool@0
     inputs:
       versionSpec: '14.x'
-    displayName: Install Node.js
+    displayName: 'Install Node.js'
 
   # run npm install
   - script: |
       npm ci
     displayName: 'Install dependencies'
 
-  # for what?
+  # X Virtual Frame Buffer (to run tests on headless linux distros)
   - bash: |
       /usr/bin/Xvfb :99 -screen 0 1024x768x24 > /dev/null 2>&1 &
-    displayName: Start xvfb
+    displayName: 'Start xvfb for headless linux'
     condition: and(succeeded(), eq(variables['Agent.OS'], 'Linux'))
diff --git a/azure-pipelines/common/test_steps.yml b/azure-pipelines/common/test_steps.yml
@@ -1,7 +1,11 @@
 steps:
-  # testing
+  # static checking
+  - script: |
+      npm run eslint
+    displayName: 'Run ESLint Checks'
+  # Run tests
   - script: |
       npm run test --silent
-    displayName: Run Tests
+    displayName: 'Run Tests'
     env:
       DISPLAY: ':99.0'
diff --git a/azure-pipelines/common/variables.yml b/azure-pipelines/common/variables.yml
diff --git a/azure-pipelines/nightly_build.yml b/azure-pipelines/nightly_build.yml
@@ -1,18 +1,29 @@
 schedules:
 - cron: '0 19 * * *'
-  displayName: Nightly build on 3:00 AM (GMT+8)
+  displayName: 'Nightly build and test'
   branches:
     include:
-    - develop
+    - dev
   always: false
 
 trigger: none
 pr: none
 
 stages:
-- stage: test
+- stage: SDL
   jobs:
-  - job: test
+    - job: sdl_checks
+      displayName: 'SDL checks'
+      pool:
+        vmImage: 'windows-latest'
+      steps:
+        - template: common/sdl_steps.yml
+
+- stage: Test
+  dependsOn: ['SDL']
+  jobs:
+  - job: run_tests
+    displayName: 'Run tests'
     strategy:
       matrix:
         linux:
@@ -26,5 +37,4 @@ stages:
     steps:
       - template: common/setup_steps.yml
       - template: common/compile_steps.yml
-      - template: common/check_steps.yml
       - template: common/test_steps.yml
