diff --git a/.azuredevops/pipelines/official.yml b/.azuredevops/pipelines/official.yml index d7802ee..7c3ae73 100644 --- a/.azuredevops/pipelines/official.yml +++ b/.azuredevops/pipelines/official.yml @@ -4,6 +4,15 @@ resources: type: git name: 1ESPipelineTemplates/MicroBuildTemplate ref: refs/tags/release +parameters: +- name: NetworkIsolationMode + displayName: 'Network Isolation Mode' + type: string + default: Disabled + values: + - Disabled + - Audit + - Enforce variables: - template: /.azuredevops/pipelines/templates/variables.yml@self - name: SignType @@ -64,6 +73,9 @@ extends: targetPath: $(ArtifactsDirectory) artifactName: artifacts steps: + - template: templates\network-isolation.yml + parameters: + NetworkIsolationMode: ${{ parameters.NetworkIsolationMode }} - task: PowerShell@2 displayName: 'Update SignType, Build Number, and Add Build Tag for tagged commits' condition: and(succeeded(), startsWith(variables['Build.SourceBranch'], 'refs/tags/v')) diff --git a/.azuredevops/pipelines/pr-ci.yml b/.azuredevops/pipelines/pr-ci.yml index 057654d..1f3e0b7 100644 --- a/.azuredevops/pipelines/pr-ci.yml +++ b/.azuredevops/pipelines/pr-ci.yml @@ -1,6 +1,16 @@ variables: - template: templates\variables.yml +parameters: +- name: NetworkIsolationMode + displayName: 'Network Isolation Mode' + type: string + default: Disabled + values: + - Disabled + - Audit + - Enforce + schedules: - cron: '0 0 * * *' displayName: Daily midnight build @@ -33,6 +43,10 @@ jobs: - job: Build displayName: Build and Test steps: + - template: templates\network-isolation.yml + parameters: + NetworkIsolationMode: ${{ parameters.NetworkIsolationMode }} + - checkout: self # Fetch all history for versioning fetchDepth: 0 @@ -73,6 +87,10 @@ jobs: VsInstallDir: $(Build.ArtifactStagingDirectory)\vs MSBuildPath: $(VsInstallDir)\MSBuild\Current\Bin\amd64\MSBuild.exe steps: + - template: templates\network-isolation.yml + parameters: + NetworkIsolationMode: ${{ parameters.NetworkIsolationMode }} + - download: current displayName: 'Download Build Artifacts' artifact: artifacts @@ -126,6 +144,10 @@ jobs: VsInstallDir: $(Build.ArtifactStagingDirectory)\vs MSBuildPath: $(VsInstallDir)\MSBuild\Current\Bin\amd64\MSBuild.exe steps: + - template: templates\network-isolation.yml + parameters: + NetworkIsolationMode: ${{ parameters.NetworkIsolationMode }} + - download: current displayName: 'Download Build Artifacts' artifact: artifacts @@ -178,6 +200,10 @@ jobs: variables: MSBuildPath: $(Build.SourcesDirectory)\msbuild\artifacts\bin\bootstrap\net472\MSBuild\Current\Bin\amd64\MSBuild.exe steps: + - template: templates\network-isolation.yml + parameters: + NetworkIsolationMode: ${{ parameters.NetworkIsolationMode }} + - download: current displayName: 'Download Build Artifacts' artifact: artifacts diff --git a/.azuredevops/pipelines/templates/network-isolation.yml b/.azuredevops/pipelines/templates/network-isolation.yml new file mode 100644 index 0000000..16139f7 --- /dev/null +++ b/.azuredevops/pipelines/templates/network-isolation.yml @@ -0,0 +1,11 @@ +parameters: +- name: NetworkIsolationMode + type: string + default: Disabled + +steps: +- task: tse-cloudbuild.1es-networkisolation-tasks.661EE24A-9364-4A3B-A725-3CBEB6F35E4B.1ESNetworkIsolation@1 + displayName: Network Isolation + condition: ne('${{ parameters.NetworkIsolationMode }}', 'Disabled') + inputs: + networkIsolationMode: ${{ parameters.NetworkIsolationMode }} \ No newline at end of file