dnup CI Pipeline (#51437)

Author: nagilson

.vsts-dnup-ci.yml

@@ -0,0 +1,130 @@
+# Pipeline: https://dev.azure.com/dnceng/internal/_build?definitionId=
+
+trigger:
+  batch: true
+  branches:
+    include:
+    - dnup
+    - release/dnup
+
+pr:
+  branches:
+    include:
+    - dnup
+    - release/dnup
+
+parameters:
+# When true, runs the pipeline in the same way as the PR pipeline.
+- name: runTestBuild
+  displayName: Run A Test Build
+  type: boolean
+  default: false
+- name: enableArm64Job
+  displayName: Enables the ARM64 job
+  type: boolean
+  default: false
+
+variables:
+- template: /eng/pipelines/templates/variables/sdk-defaults.yml
+# Variables used: DncEngInternalBuildPool
+- template: /eng/common/templates-official/variables/pool-providers.yml
+# Helix testing requires a token when internally run.
+# Variables used: HelixApiAccessToken
+- group: DotNet-HelixApi-Access
+- group: AzureDevOps-Artifact-Feeds-Pats
+# Allows Arcade to run a signed build by disabling post-build signing for release-branch builds or manual builds that are not running tests.
+- ${{ if and(eq(parameters.runTestBuild, false), or(startswith(variables['Build.SourceBranch'], 'refs/heads/release/'), startswith(variables['Build.SourceBranch'], 'refs/heads/internal/release/'), eq(variables['Build.Reason'], 'Manual'))) }}:
+  - name: PostBuildSign
+    value: false
+# Provides TSA variables for automatic bug reporting.
+- ${{ if ne(variables['Build.Reason'], 'PullRequest') }}:
+  - group: DotNet-CLI-SDLValidation-Params
+### LOCAL ONLY ###
+- name: _publishArgument
+  value: -publish
+- name: _signArgument
+  value: -sign /p:SignCoreSdk=true
+- name: _officialBuildProperties
+  # The OfficialBuilder property is set to Microsoft for the official build only.
+  # This property is checked in Directory.Build.props and adds the MICROSOFT_ENABLE_TELEMETRY constant.
+  # This constant is used in CompileOptions.cs to set both TelemetryOptOutDefault and TelemetryOptOutDefaultString.
+  value: /p:DotNetPublishUsingPipelines=true /p:OfficialBuilder=Microsoft /p:OfficialBuildId=$(Build.BuildNumber)
+
+resources:
+  repositories:
+  - repository: 1esPipelines
+    type: git
+    name: 1ESPipelineTemplates/1ESPipelineTemplates
+    ref: refs/tags/release
+
+extends:
+  ${{ if ne(variables['Build.Reason'], 'PullRequest') }}:
+    template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines
+  ${{ else }}:
+    template: v1/1ES.Unofficial.PipelineTemplate.yml@1esPipelines
+  parameters:
+    containers:
+      azureLinux30Amd64:
+        image: mcr.microsoft.com/dotnet-buildtools/prereqs:azurelinux-3.0-net10.0-build-amd64
+
+    sdl:
+      sourceAnalysisPool:
+        name: $(DncEngInternalBuildPool)
+        image: 1es-windows-2022
+        os: windows
+      policheck:
+        enabled: true
+      tsa:
+        enabled: true
+      binskim:
+        enabled: true
+      ${{ if or(eq(parameters.runTestBuild, true), eq(variables['Build.Reason'], 'PullRequest')) }}:
+        componentgovernance:
+          # Refdoc: https://docs.opensource.microsoft.com/tools/cg/component-detection/variables/
+          ignoreDirectories: artifacts, .packages
+
+    stages:
+    ############### BUILD STAGE ###############
+      ############### WINDOWS ###############
+      - template: /eng/pipelines/templates/jobs/dnup-tests.yml@self
+        parameters:
+          pool:
+            name: $($(DncEngInternalBuildPool))
+            image: windows.vs2022.amd64
+            os: windows
+            emoji: 🪟
+          helixTargetQueue: windows.amd64.vs2022.pre
+          oneESCompat:
+            templateFolderName: templates-official
+            publishTaskPrefix: 1ES.
+          runtimeSourceProperties: /p:DotNetRuntimeSourceFeed=https://ci.dot.net/internal /p:DotNetRuntimeSourceFeedKey=$(dotnetbuilds-internal-container-read-token-base64)
+          # WORKAROUND: BinSkim requires the folder exist prior to scanning.
+          preSteps:
+          - powershell: New-Item -ItemType Directory -Path $(Build.SourcesDirectory)/artifacts/bin -Force
+            displayName: Create artifacts/bin directory
+          ${{ if and(eq(parameters.runTestBuild, false), ne(variables['Build.Reason'], 'PullRequest')) }}:
+            timeoutInMinutes: 180
+            windowsJobParameterSets:
+            ### OFFICIAL ###
+            - categoryName: Official
+              publishArgument: $(_publishArgument)
+              signArgument: $(_signArgument)
+              officialBuildProperties: $(_officialBuildProperties) /p:BuildWorkloads=true
+              enableDefaultArtifacts: true
+              runTests: false
+              publishRetryConfig: true
+              variables:
+                _SignType: real
+
+    ############### PACKAGE STAGE ###############
+    - ${{ if ne(variables['Build.Reason'], 'PullRequest') }}:
+      - stage: publish
+        displayName: Publish
+        dependsOn: []
+        jobs:
+        - template: /eng/pipelines/templates/jobs/dnup-library-package.yml@self
+          parameters:
+            pool:
+              name: $(DncEngInternalBuildPool)
+              image: 1es-windows-2022
+              os: windows

eng/pipelines/templates/jobs/dnup-library-package.yml

@@ -8,11 +8,18 @@
 
     <!-- Strong naming not needed on .NET Core -->
     <NoWarn>$(NoWarn);CS8002</NoWarn>
+    <IsPackable>true</IsPackable>
+    <IncludeSymbols>true</IncludeSymbols>
+    <PackageId>Microsoft.Dotnet.Installation</PackageId>
+    <IsShipping>false</IsShipping>
+    <Title>.NET Installation Library</Title>
+    <Version>1.0.0-alpha</Version>
+    <PackageVersion Condition="'$(PackageVersion)'==''">$(Version)</PackageVersion>
   </PropertyGroup>
 
   <ItemGroup>
     <PackageReference Include="Microsoft.Deployment.DotNet.Releases" />
-    <!-- TODO: Create logging / progress abstraction and remove this dipendency from the library -->
+    <!-- TODO: Create logging / progress abstraction and remove this dependency from the library -->
     <PackageReference Include="Spectre.Console" />
   </ItemGroup>