1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
trigger: none
pr:
branches:
include:
- main
paths:
include:
- eng/pipelines/aggregate-reports.yml
pool:
name: azsdk-pool
demands: ImageOverride -equals windows-2022
variables:
- template: ./templates/variables/globals.yml
stages:
- stage: ValidateDependencies
displayName: Validate Dependencies
jobs:
- job: ValidateDependencies
timeoutInMinutes: 120
steps:
- task: UsePythonVersion@0
displayName: 'Use Python $(PythonVersion)'
condition: succeededOrFailed()
inputs:
versionSpec: '$(PythonVersion)'
- template: /eng/pipelines/templates/steps/use-venv.yml
- template: /eng/pipelines/templates/steps/analyze_dependency.yml
parameters:
ScanPath: $(Build.SourcesDirectory)/sdk
- task: AzureFileCopy@6
displayName: 'Upload Dependency Report'
condition: and(succeededOrFailed(), eq(variables['System.TeamProject'], 'internal'))
inputs:
sourcePath: '$(Build.ArtifactStagingDirectory)/reports/*'
azureSubscription: 'Azure SDK Artifacts'
destination: AzureBlob
storage: azuresdkartifacts
containerName: 'azure-sdk-for-python'
blobPrefix: dependencies
AdditionalArgumentsForBlobCopy: '--exclude-pattern=*data.js*'
- task: AzureFileCopy@6
displayName: 'Upload Dependency Graph'
condition: and(succeededOrFailed(), eq(variables['System.TeamProject'], 'internal'))
inputs:
sourcePath: '$(Build.ArtifactStagingDirectory)/reports/*'
azureSubscription: 'Azure SDK Artifacts'
destination: AzureBlob
storage: azuresdkartifacts
containerName: 'azure-sdk-for-python'
blobPrefix: dependencies/dependencyGraph
AdditionalArgumentsForBlobCopy: '--include-pattern=*data.js*'
- task: PowerShell@2
displayName: "Verify Repository Resource Refs"
inputs:
pwsh: true
workingDirectory: $(Build.SourcesDirectory)
filePath: eng/common/scripts/Verify-Resource-Ref.ps1
- task: UsePythonVersion@0
displayName: 'Use Python 3.11'
inputs:
versionSpec: '3.11'
- script: |
python -m pip install -r scripts/repo_health_status_report/dev_requirements.txt
displayName: 'Prep Environment'
- task: PythonScript@0
condition: succeededOrFailed()
env:
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
GH_TOKEN: $(azuresdk-github-pat)
inputs:
scriptPath: 'scripts/repo_health_status_report/output_health_report.py'
displayName: 'Generate Health Status Report'
- script: |
python -m pip install -r scripts/repo_type_completeness/dev_requirements.txt
displayName: 'Prep Environment'
- task: PythonScript@0
condition: succeededOrFailed()
env:
GH_TOKEN: $(azuresdk-github-pat)
inputs:
scriptPath: 'scripts/repo_type_completeness/generate_main_typescores.py'
displayName: 'Update Type Completeness Scores'
- template: ../common/pipelines/templates/steps/verify-links.yml
parameters:
Directory: ""
CheckLinkGuidance: $true
Condition: succeededOrFailed()
- stage: ComplianceTools
displayName: Compliance Tools
dependsOn: []
variables:
Codeql.SkipTaskAutoInjection: false
jobs:
- job: ComplianceTools
timeoutInMinutes: 120
steps:
- template: /eng/common/pipelines/templates/steps/policheck.yml
parameters:
PublishAnalysisLogs: false
ExclusionDataBaseFileName: PythonPoliCheckExclusion
- task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@3
displayName: 'Publish Security Analysis Logs'
continueOnError: true
condition: succeededOrFailed()
|
